Categories
3D

Activists created a 12.5 million block digital library in ‘Minecraft’ to bypass censorship laws (MSFT) [ARTICLE] – Pulse Ghana

Activists created a digital library in Minecraft. There are some criticisms about the practicality of this movement, but you cannot deny that the library building is very impressive – the designers have put a lot of thought into each “wing”.

Reporters Without Borders created “The Uncensored Library” within “Minecraft” as what it calls a “loophole to overcome censorship.” The digital library in an open “Minecraft” server has articles and information that has been censored in many countries, but is accessible through the game.

Source: Activists created a 12.5 million block digital library in ‘Minecraft’ to bypass censorship laws (MSFT) [ARTICLE] – Pulse Ghana

Categories
network security

Microsoft accidentally reveals Wormable Win SMBv3 CVE-2020-0796 FlawSecurity Affairs

A severe vulnerability is discovered in one of the core components of Windows. Microsoft has since released an urgent out-of-band patch to all affected machines.

“Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.” reads the advisory published by Microsoft.

Source: Microsoft accidentally reveals Wormable Win SMBv3 CVE-2020-0796 FlawSecurity Affairs

Categories
3D gis

Comparing Google Maps 3D with Singapore’s OneMap3D

OneMap3D is envisioned to be “Asia’s first, open-source 3D nationwide map”.

OneMap 3D (sic) will enable users to orient themselves in a three-dimensional representation of the real world, empowering them to navigate around identifiable landmarks, walkways and even void deck spaces. OneMap 3D will first be launched to developers by the end of 2020.

Source

  1. Full disclosure: we are enrolled in OneMap3D Developer Programme and are bounded by the NDA. The following content does not reveal anything that is forbidden by the NDA.
  2. It appears that earlier articles use the term “OneMap 3D” and recent ones “OneMap3D”. For consistency we will use the term “OneMap3D”.

Background

In 2014, Singapore announced the launch of the Smart Nation Initiative, of which Virtual Singapore is a key feature. One of the products of Virtual Singapore is the island-wide 3D map of Singapore. Today, the custodian of this 3D map is the Singapore Land Authority (SLA), and the platform in which this data will be available is called OneMap3D.

This article primarily focuses on the comparison of 3D model available on Google Maps and OneMap3D. Other aspects such as API capabilities etc are not explored.

Google Maps 3D

When Google Maps was launched, the world of digital mapping was introduced to the masses. It began with making tile-based maps accessible through the browser. Then Google acquired a company called KeyHole and took over the product to be launched as Google Earth, a desktop application. Google Earth was its foray into interactive 3D mapping – fulling Neal Stephenson’s vision in a round-about way since the original KeyHole application was said to be inspired by the author’s novel.

Nowadays, the line is blurring between Google Maps and Google Earth since the former is capable of showing 3D content as well. On your modern desktop browser, just turn on Satellite mode and if the area happens to have 3D content it will be shown. Singapore is lucky enough to have this feature enabled for a large part of the main island. Our comparison will be based on the 3D content available through Google Maps.

OneMap3D

OneMap3D is envisioned to be the upgrade from the existing OneMap service provided by SLA. By enrolling in the OneMap3D Developer Programme, we are given access to 1) 3D building models, and 2) API to access 3D models.

The 3D building models are provided in CityGML version 2 format. For those who are unfamiliar, “CityGML is an open data model and XML-based format for the storage and exchange of virtual 3D city models.”. It is both an OGC as well as an ISO standard.

The tools for processing CityGML are quite lacking unfortunately, as commercial support is not high. For the purpose of this comparison, we will import CityGML files into 3DCityDB, and export it out as a COLLADA file.

First Look

Google Maps
OneMap 3D

At this zoom distance, both models in Google Maps and OneMap3D look quite good. It may not be apparent, but the water tanks on the rooftops for OneMap3D are modelled separately.

Another Example

Google Maps
OneMap 3D

For a more articulated building, OneMap3D clearly shines. One can see small features such as the cross on the rooftop and words on the facade can be read.

Model Representation

Google doesn’t reveal how its 3D mapping content is constructed but one can try to guess. One FAQ for Google Earth – which probably shares the same data sources as Google Maps – says that imagery collected includes “satellite, aerial, 3D, and Street View images” from “providers and platforms”. The fusion of all these data into a model should be largely automated and powered by their proprietary algorithms.

Based on how 3D contents are streamed in Google Maps, they should be using some form of progressive mesh techniques.

OneMap3D models are based on buildings and each building is provided as a CityGML file. The likely data sources include LiDAR, aerial photography, site survey, official building footprint, etc. It is apparent that the models are handcrafted through some modelling software and converted to the designated format.

OneMap 3D building mesh

Comparison

As with most things, there are pros and cons to either modelling approaches. Here is a non-exhaustive comparison:

OneMap3D

Pros Cons
Clean modelColors/textures can be inconsistent
OptimizedTextures can look repetitive
Sharp even when zoomed inSubject to human errors
Small features can be seenLabour intensive
Ground-level details can be seen
Inconsistent texture quality between roof and facade
Ground level details can be seen

Google Maps

Pros Cons
Consistent look and feel“Melted building” syndrome when close-up
Scalable to large areasEdges are not straight
Occasional artifacts
Building not separated from terrain mesh
Shadows are not removed
Visual artifacts

More OneMap3D Examples

Summary

OneMap3D represents the herculean effort of creating and maintaining an up-to-date database of 3D building models for the whole of Singapore.

Google Maps approach on the other hand, allows it to scale to potentially any city in the world. And it will only get better with newer data acquisition techniques and algorithms.

Beyond 3D representation, however, OneMap3D’s models also contain rich semantic information that allows it to be used in different types of applications, eg. computing roof surface area. And since buildings are standard 3D assets, they can be used in various types of 3D applications such as VR, gaming, rendering etc. There are clearly pros and cons of either approach and we are excited to see the types of applications that OneMap3D will bring when it officially launches end of the year.

Edit: Contact me if you would like to know more about converting OneMap3D data to other commonly used 3D formats.

Categories
privacy security

Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access

This vulnerability affects WhatsApp desktop – which I didn’t know exists – for Mac and Windows. It does so by exploiting unpatched bugs in the older version of Electron that WhatsApp desktop uses.

Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access

Source: Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access

Categories
internet programming

Troy Hunt: Promiscuous Cookies and Their Impending Death via the SameSite Policy

Yet another potentially breaking change on the web. This time round it involves cookie handling (in the upcoming Chrome 80). The objective is to close off a class of attacks known as CSRF (cross-site request forgery). Expect other browsers to follow suit.

… any websites you’re responsible for that are passing cookies around cross domain by POST request and don’t already have a SameSite policy are going to start misbehaving pretty quickly

Source: Troy Hunt: Promiscuous Cookies and Their Impending Death via the SameSite Policy

Categories
security

Inside ‘Evil Corp,’ a $100M Cybercrime Menace — Krebs on Security

An inside look into the workings of a cybercrime organization. For an organization that purportedly develops sophisticated malware to steal banking credentials, the lack of basic cyber hygiene led to much info being extracted about their dealings. The irony.

The $5 million reward is being offered for 32 year-old Maksim V. Yakubets, who the government says went by the nicknames “aqua,” and “aquamo,” among others. The feds allege Aqua led an elite cybercrime ring with at least 16 others who used advanced, custom-made strains of malware known as “JabberZeus” and “Bugat” (a.k.a. “Dridex“) to steal banking credentials from employees at hundreds of small- to mid-sized companies in the United States and Europe.

Source: Inside ‘Evil Corp,’ a $100M Cybercrime Menace — Krebs on Security

Categories
security

How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC

This is a simple but brilliantly executed heist. Pretend to be the sender by sending from a similar looking domain.

One of the domains was a look-alike of the Chinese investment company’s domain; the other was a spoof of the Israeli firm’s domain. In both instances, the threat actors simply added an “s” to the end of the original domain name.

The next phase of the scam involved the attackers sending two emails with the same subject header as the original email thread about the planned seed funding.

Money meant to fund an Israeli startup wound up directly deposited to the scammers.

Source: How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC

Categories
internet

The Magical Science of Wi-Fi on Airplanes – OneZero

If you ever wondered how you can get Wifi on airplanes – massive objects flying at nearly 600mph at altitudes of more than 35000 feet – it is a feat of engineering explained by this article.

How we browse the internet at 35,000 feet

Source: The Magical Science of Wi-Fi on Airplanes – OneZero

Categories
privacy security

1.2 billion people exposed in data leak includes personal info, LinkedIN, Facebook

Another data leak, this time involving, let’s see, 1.2 billion people. This was found by security researchers in an unsecured ElasticSearch server – the server is now down. According to analysis, the data most likely comes from data enrichment companies.

A total count of unique people across all data sets reached more than 1.2 billion people, making this one of the largest data leaks from a single source organization in history. The leaked data contained names, email addresses, phone numbers, LinkedIN and Facebook profile information.

For a very low price, data enrichment companies allow you to take a single piece of information on a person (such as a name or email address), and expand (or enrich) that user profile to include hundreds of additional new data points of information.

Source: 1.2 billion people exposed in data leak includes personal info, LinkedIN, Facebook

Categories
internet

Breaking: Private Equity company acquires .Org registry – Domain Name Wire | Domain Name News

ICANN lifts price caps on .org registry. PE firm acquires .org registry. PE firm appoints former ICANN executives to top positions. Does something seem fishy here? How much does companies like Wikipedia have to pay to keep their .org domain from now on?

Ethos Capital is a new private equity firm lead by Erik Brooks. Brooks was at Abry Partners until earlier this year. Abry Partners acquired Donuts and installed former ICANN President of Global Domains Akram Atallah in the top spot there.

Source: Breaking: Private Equity company acquires .Org registry – Domain Name Wire | Domain Name News

(Edit) 2019-11-23: You can sign up to reject the sale.