Ignorance is bliss, and it’s often the most ignorant who make the surest decisions, not being encumbered by the knowledge that they could be wrong. In many situations, this is all fine and good, but at the current level of self-driving car development having a Tesla confidently crash into a fire truck or white van (both of which happened) can be rather dangerous. The issue is that self-driving cars are just smart enough to drive cars, but not to know when they are entering a situation outside their level of confidence and capability. Microsoft Research has worked with MIT to help cars know exactly when situations are ambiguous. As MIT news notes, a single situation can receive many different signals, because the system perceives many situations as identical. For example, an autonomous car may have cruised alongside a large car many times without slowing down and pulling over. But, in only one instance, an ambulance, which appears exactly the same to the system, cruises by. The autonomous car doesn’t pull over and receives a feedback signal that the system took an unacceptable action. Because the unusual circumstance is rare cars may learn to ignore them when they are still important despite being rare. The new system, to which Microsoft contributed, will recognize these rare systems with conflicted training and can learn in a situation where it may have, for instance, performed acceptably 90 percent of the time, the situation is still ambiguous enough to merit a “blind spot.” Read much more on OUR FORUM.

Disclosure of proof-of-exploit code for security bugs in Cisco routers for small businesses prompted hackers to scan for vulnerable devices in an attempt to take full control of them. Cisco this week announced updates for router models RV320 and RV325 that fix a command injection (CVE-2019-1652) and an information disclosure (CVE-2019-1653) vulnerability; both of them are in the routers' web management interface. Exploiting the former requires authentication and admin privileges to allow a remote attacker to execute arbitrary commands on the system. The latter security issue is also remotely exploitable, but it does not need authentication to get sensitive information from the router. A hacker chaining the two bugs could target RV320 and RV325 routers available online to obtain hashed access credentials for a privileged account and thus be able to run arbitrary commands as root. Germany company RedTeam Pentesting found the issues in Cisco RV320 and reported them privately to Cisco. The researchers also found that RV320 exposes diagnostic data. A superficial search on Shodan shows that there are about 20,000 Cisco RV320/RV325 routers reachable over the internet. Not all of them may be vulnerable, though. According to information today from Troy Mursch, chief research officer at Bad Packets, more than 9,500 of them were found to be affected by the information disclosure glitch, most of them in the United States. Learn more on OUR FORUM.