|
Methanar posted:1) Leaked photos embarrassing the united states around war crimes in the middle east appear in the news. eh it makes no difference, remember that NYT deliberately buried Abu Ghraib
|
# ? Aug 18, 2021 13:31 |
|
|
# ? Apr 28, 2024 17:27 |
|
Can you tell the difference between these two pictures? Because Apple's Neural Network can't $ python3 nnhash.py NeuralHash/model.onnx neuralhash_128x96_seed1.dat beagle360.png 59a34eabe31910abfb06f308 $ python3 nnhash.py NeuralHash/model.onnx neuralhash_128x96_seed1.dat collision.png 59a34eabe31910abfb06f308 https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX/issues/1
|
# ? Aug 18, 2021 13:57 |
|
I would blow Dane Cook posted:Can you tell the difference between these two pictures? Because Apple's Neural Network can't well, i guess we found the one-in-a-trillion chance. there can't be too many more of those, surely
|
# ? Aug 18, 2021 14:28 |
|
Pile Of Garbage posted:lol perfect cause people are morons and need the disclaimer, how else would you do it?
|
# ? Aug 18, 2021 14:35 |
|
infernal machines posted:well, i guess we found the one-in-a-trillion chance. there can't be too many more of those, surely this is a deliberate collision though, I assume the one in a trillion or whatever refers to collisions between random unrelated pictures the tech in how apple is scanning for images and trying to ensure user privacy is pretty interesting, but of course, like with bitcoin, the tech might be interesting but its use in practice is horrible
|
# ? Aug 18, 2021 14:37 |
|
Nitr0 posted:cause people are morons and need the disclaimer, how else would you do it? send them quarterly emails from external sources with links in them, and anyone who clicks the link has to do their work with a pencil from now on
|
# ? Aug 18, 2021 14:39 |
|
flakeloaf posted:send them quarterly emails from external sources with links in them, and anyone who clicks the link has to do their work with a pencil from now on The russians used a typewriter
|
# ? Aug 18, 2021 14:40 |
|
Methanar posted:1) Leaked photos embarrassing the united states around war crimes in the middle east appear in the news. or just, you know, force apple to block/detect it thats even if they needed to
|
# ? Aug 18, 2021 14:41 |
ymgve posted:this is a deliberate collision though, I assume the one in a trillion or whatever refers to collisions between random unrelated pictures the fact of the matter is that they're using a hash that's supposed to do one thing but in practice can be (ab)used for many other things
|
|
# ? Aug 18, 2021 14:44 |
|
Nitr0 posted:cause people are morons and need the disclaimer, how else would you do it? put it somewhere other than the top
|
# ? Aug 18, 2021 14:48 |
|
duz posted:or just, you know, force apple to block/detect it The difference is the possibility of apple having the power to detect arbitrary content on local devices and then there is having taken the possibility and having made it a reality with an established software suite and a pipeline built and released to production for the explicit purpose of identifying the 'wrong' material. Microsoft has the possibility of scanning every device in the world for the wrong material during windows update, but they haven't actually done it, maybe.
|
# ? Aug 18, 2021 14:59 |
|
Shame Boy posted:put it somewhere other than the top in my experience people don't read anything at all past the first few sentences of an email, so nobody will see it if it isn't at the top. plus it would have to compete with every other pointless disclaimer people attach to emails now, about how it's private and intended for the recipient and a crime to read it or whatever, it's all white noise down there.
|
# ? Aug 18, 2021 15:05 |
|
Nitr0 posted:cause people are morons and need the disclaimer, how else would you do it? oh yeah don't get me wrong i'm not saying that it isn't important. just having a whinge really edit: this is what the e-mails look like, they get the "[EXTERNAL]" prefix in the subject and a styled HTML div added at the start of the body: also yeah, im getting e-mails about oracle, it sucks Pile Of Garbage fucked around with this message at 15:15 on Aug 18, 2021 |
# ? Aug 18, 2021 15:11 |
|
BlankSystemDaemon posted:you put your finger on what makes a hash cryptographically secure and why sha1 is deprecated for that very purpose it is not a cryptographically secure hash and it was never meant to be, since its purpose is to allow small differences like cropping, color changing etc to not affect the hash
|
# ? Aug 18, 2021 15:20 |
|
Pile Of Garbage posted:oh yeah don't get me wrong i'm not saying that it isn't important. just having a whinge really can’t stand companies that dick with the subject, i understand the annoying banner but adding [EXTERNAL] to all emails is a pleb move
|
# ? Aug 18, 2021 15:32 |
|
i work for an MSP so often my colleagues will e-mail me from their customer e-mail address which ofc gets the whole "[EXTERNAL]" treatment lol. in fact that screenshot i posted was of an e-mail from a colleague sent from their state gov dept email address...
|
# ? Aug 18, 2021 15:36 |
|
Crust First posted:
I've thought about writing a script delete all messages and make them accept some crazy terms and conditions before resending it. quote:This is an automated response. Your message has not been delivered. By emailing this address you waive all rights of confidentiality and agree to the terms described below.
|
# ? Aug 18, 2021 15:47 |
|
put the disclaimer in your MTA's HELO response CAN'T BLAME ME YOU ACCEPTED THE TERMS BY CONNECTING!!!
|
# ? Aug 18, 2021 15:51 |
|
Soylent Pudding posted:I've thought about writing a script delete all messages and make them accept some crazy terms and conditions before resending it. lol big "attention facebook" vibes here
|
# ? Aug 18, 2021 16:03 |
|
30 TO 50 FERAL HOG posted:lol big "attention facebook" vibes here Oh I know it's stupid and legally useless. The point is to troll the people who send me email messages with all the white noise disclaimers. Also
|
# ? Aug 18, 2021 16:06 |
|
Nitr0 posted:can’t stand companies that dick with the subject, i understand the annoying banner but adding [EXTERNAL] to all emails is a pleb move there was no way to tag external emails in the UI in Gmail Enterprise without adding it to the subject line until like 2 months ago lmao
|
# ? Aug 18, 2021 17:15 |
|
Ansible Adams posted:Gmail Enterprise that's the real lmao
|
# ? Aug 18, 2021 17:17 |
|
Ansible Adams posted:there was no way to tag external emails in the UI in Gmail Enterprise without adding it to the subject line until like 2 months ago lmao that's been a feature in exchange and every single other MTA since the last decade at least so yeah: Powerful Two-Hander posted:that's the real lmao
|
# ? Aug 18, 2021 17:21 |
|
ymgve posted:it is not a cryptographically secure hash and it was never meant to be, since its purpose is to allow small differences like cropping, color changing etc to not affect the hash i swear i read a name for this sort of thing a long-rear end time ago but i've never been able to find it since. it's like a hash, but instead of a small change producing the largest difference possible, a small change produces the smallest change possible, so comparing "hashes" directly compares similarity of contents. i implemented something like that waaay back when i needed to organize a huge database of millions of pictures, so i could store these "closeness hashes" in the database and sort everything by that so duplicates are easy to spot (they either have the same value or sort right next to each other) and it's easy to check a new image being inserted to see if it's a duplicate. wish i could remember the name i found for it though because "hash" really doesn't describe it very well... e: oh and then years later my exact solution (including the exact algorithm i came up with for calculating it) showed up in a commercial product and then in a stack overflow answer, which sucks (i never got anything out of it and now they're making money off it) but still it's kinda neat that i came up with it in like highschool and now it's A Thing Shame Boy fucked around with this message at 18:43 on Aug 18, 2021 |
# ? Aug 18, 2021 18:41 |
|
Shame Boy posted:i swear i read a name for this sort of thing a long-rear end time ago but i've never been able to find it since. it's like a hash, but instead of a small change producing the largest difference possible, a small change produces the smallest change possible, so comparing "hashes" directly compares similarity of contents. i implemented something like that waaay back when i needed to organize a huge database of millions of pictures, so i could store these "closeness hashes" in the database and sort everything by that so duplicates are easy to spot (they either have the same value or sort right next to each other) and it's easy to check a new image being inserted to see if it's a duplicate. wish i could remember the name i found for it though because "hash" really doesn't describe it very well... perceptual hash
|
# ? Aug 18, 2021 19:02 |
|
the attack scenario where someone creates an image that has the same hash as child porn is a bit narrow, because the hash database is in "salted" form on the devices so you can't just extract the hashes to target the major problem as I see it is that the CSAM database is unaudited so you have no clue what is in there, or what will be in there in the future
|
# ? Aug 18, 2021 19:22 |
|
Powerful Two-Hander posted:that's the real lmao a powerful curse
|
# ? Aug 18, 2021 19:33 |
|
ymgve posted:the attack scenario where someone creates an image that has the same hash as child porn is a bit narrow, because the hash database is in "salted" form on the devices so you can't just extract the hashes to target
|
# ? Aug 18, 2021 20:21 |
|
mystes posted:This sounds convincing until you think about it for two seconds and realize that all someone has to do is extract the algorithm from the firmware and point it at 8chan or whatever for 5 minutes until they get hits. the way it's designed, the client does not ever know if it gets a hit, so you can't do that from the client's perspective, the encryption, encapsulation and uploading of metadata is the exact same no matter if the image is a hit or not ymgve fucked around with this message at 20:25 on Aug 18, 2021 |
# ? Aug 18, 2021 20:23 |
|
of course someone at 8chan could pick some "classic" child porn images that are very likely to be in the database, but handling the raw explicit material is a threshold most normal trolls wouldn't dare to do
|
# ? Aug 18, 2021 20:29 |
|
ymgve posted:the way it's designed, the client does not ever know if it gets a hit, so you can't do that It's all really clever but it's still a terrible idea.
|
# ? Aug 18, 2021 20:35 |
|
ymgve posted:the way it's designed, the client does not ever know if it gets a hit, so you can't do that
|
# ? Aug 18, 2021 20:36 |
|
toiletbrush posted:and even the server at the other end doesn't and can't know anything about the matches or even how many matches you've had until you've crossed a threshold. it's actually a bit more complicated - the client generates "tickets" for every image it handles and uploads them - the server instantly knows if it's a match (but won't know what picture was matched) - this would be a devastating info leak on its own, so to combat this, the clients are able to create "fake" tickets that look like matches that are not based on any image, but will be seen by the server as a match. when the number of real + fake matches crosses a certain threshold, the outer encryption layer can be removed, and if the number of real matches also crosses a threshold, the inner encryption layer can be removed and it's flagged for review ymgve fucked around with this message at 20:43 on Aug 18, 2021 |
# ? Aug 18, 2021 20:41 |
|
Powerful Two-Hander posted:e: lmao the "report phishing" tool actually forwards the mail to an external address and that got rejected because I'd forwarded an email marked for internal distribution only
|
# ? Aug 18, 2021 20:55 |
|
Powerful Two-Hander posted:just got an internal email from IT security saying "as part of our cyber security awareness month, please go to this external site to test your cyber security knowledge!" So of course I reported it as phishing. the system works
|
# ? Aug 18, 2021 20:56 |
|
Methanar posted:perceptual hash it didn't include the word hash at all, it was a completely different word the author was proposing. also while they used image comparison as an example they were meaning for it to apply more generically about anything that worked like I described, where the value of the algorithm represented "closeness" rather than "uniqueness". i think it was an academic paper? well regardless it apparently never caught on so it'd be useless to use it as a word these days but it's always bothered me that i forgot what it was
|
# ? Aug 18, 2021 23:56 |
|
Shame Boy posted:it didn't include the word hash at all, it was a completely different word the author was proposing. also while they used image comparison as an example they were meaning for it to apply more generically about anything that worked like I described, where the value of the algorithm represented "closeness" rather than "uniqueness". i think it was an academic paper? You aren't thinking about Microsoft's PhotoDNA are you? There used to be a post or 2 about it online but it seems to have been scrubbed because I swear there was a semi-academic paper on this a few years ago as well. From what I recall it'd break the image up into blocks, then apply a few filters to each - such as blurring it and scaling it up etc to account for modifications or cropping - then hash each modified block into a single hash? he result of this was that it was able to produce hashes near enough to an upscaled/downscaled/cropped/whatever image and then determine if it matched something in CSAM or some other hash database.
|
# ? Aug 19, 2021 05:08 |
|
ATM Machine posted:You aren't thinking about Microsoft's PhotoDNA are you? There used to be a post or 2 about it online but it seems to have been scrubbed because I swear there was a semi-academic paper on this a few years ago as well. nah it wasn't that, though it worked kinda similarly, just not with blocks. it's not actually that complicated an idea so i'm sure it's been re-discovered many times by many different people and i probably wasn't the first or anything. basically you'd apply various filters to normalize an image to a standard size 8-bit averaged-color square greyscale base image, then resize that down to one pixel by one pixel, and that's the first byte of the hash. then go back to the base, resize it to 2 pixels by 2 pixels, that's the next 4 bytes, and so on for as long as you wanna make it. put each one in a database and sort based on the hash column, then pick out ones that are within a certain distance of each other. this worked surprisingly well for how simple it was, like i used it on millions of images and it had an amazingly low false positive (and false negative, as far as I could measure that) rate. it could deal with moderate amounts of cropping, basically any amount of re-scaling, jpeg artifacting, etc. like i'm sure it would be trivial to defeat if you were actually trying to, but it took care of my use case of "here's a bunch of images and a constant stream of new ones coming in, find the duplicates" real well. i actually tried variations of the "split it into blocks and calculate it separately for each block" like that microsoft thing sounds like it does but I always had trouble with being able to re-combine the blocks in a way that sorts by "similarness" in the database so ultimately i just stuck with this. e: though to be clear the paper i'm thinking of wasn't about this or anything, it was a more generic proposal of kinds of "similarness-values" and what to call them
|
# ? Aug 19, 2021 05:27 |
|
somebody on reddit discovered that their 3d printer printed this out while they were sleeping https://www.thespaghettidetective.com/blog/2021/08/19/what-happened-last-night/
|
# ? Aug 20, 2021 03:23 |
|
|
# ? Apr 28, 2024 17:27 |
|
Samuel L. ACKSYN posted:somebody on reddit discovered that their 3d printer printed this out while they were sleeping i guess that's better than weev sending white power poo poo to your laserjet.
|
# ? Aug 20, 2021 04:15 |