Wednesday, November 25, 2015

Interesting. They are so concerned about security they looked into your device to make sure you were doing your part.
Amazon forces some customers to reset passwords
Amazon has forced an unknown number of account holders to change passwords that may have been compromised, just as it heads into one of the busied shopping days of the year.
… The e-mail sent to affected users said that the company had "recently discovered that your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party," according to ZDNet.

Which statement do we believe, they are investigating this article or they never comment on articles. Maybe this was leaked like the original data was leaked?
Andrea Shalal reports:
The U.S. Air Force is looking into how classified data about a competition for a next-generation U.S. bomber found its way into a report published by Forbes magazine, according to several sources familiar with the issue.
Boeing Co and Lockheed Martin Corp this month filed a formal protest against the Air Force’s contract with Northrop Grumman Corp to develop the new long-range strike bomber, a deal worth up to $80 billion.
Loren Thompson, chief operating officer of the Lexington Institute think tank, published a detailed column on the Forbes website the day the protest was filed, saying the estimate that it would cost $21.4 billion to develop the plane was roughly twice what the competing industry teams had bid.
The level of detail included in the column raised concerns given the classified nature of the bomber program, according to three of the sources.
Read more on Reuters.
[From Reuters:
"The Air Force does not comment on whether or not media articles might contain classified information," said Major Robert Leese, an Air Force spokesman.

Is this related to the Starwood breach I posted on Monday?
Hilton confirms malware accessed payment info at its hotels
If you've stayed at one of Hilton's hotels in the past year, you might want to check your credit card history. The chain has confirmed a report that malware compromised its payment systems, putting your data at risk. The intruders got in between November 18th and December 5th in 2014, and between April 21st and July 27th this year. The malware didn't expose home addresses or PIN codes, but it did get access to card numbers, security codes and names -- enough that hackers could potentially make purchases.
Hilton is quick to say that it eliminated the rogue code, and it's offering a year's worth of free credit monitoring if you're nervous. With that said, this is a story we've heard all too often: it's a belated warning (about two months after a third-party discovery) for data breaches that could have been devastating far earlier. While there's no guarantee that Hilton could have stopped the intrusions in the first place, it would have ideally notified travelers the moment it realized that something was wrong.

A conspiracy of juveniles? TalkTalk should be embarrassed.
From the Metropolitan Police:
A fifth person has been arrested in connection with the investigation into alleged data theft from TalkTalk.
On Tuesday, 24 November, detectives from the Metropolitan Police Service’s Cyber Crime Unit (MPCCU) and officers from Southern Wales Regional Organised Crime Unit executed a search warrant at an address in Llanelli, Wales.
The 18-year-old boy [E] was arrested at the address on suspicion of blackmail and taken into custody at a Dyfed Powys police station.
Detectives continue to investigative. Four other people have been arrested in connection with the investigation.

What logic?
Well, this is different. A jury actually found for a plaintiff who alleged snooping in her driver’s records – and awarded her damages that included penalizing the Marion County Sheriff’s Office for enabling the snooping. Nicki Gorny reports:
An Ocala woman did not suffer emotional distress when a former Marion County Sheriff’s Office deputy snooped on her driving record, an eight-person jury decided Thursday morning, but she is entitled to $10,100 in damages.
After approximately five hours of deliberation split between two days, the jury found that former deputy Clayton Thomas twice violated the federal Drivers Privacy Protection Act by pulling up Kellean Truesdell’s photograph on the Driver and Vehicle Information Database. The panel awarded her punitive and statutory damages:
• $100 in punitive damages against Thomas, punishing him for snooping
• $5,000 in punitive damages against MCSO, punishing the agency for enabling Thomas’ snooping through a “custom, policy or practice”
• $5,000 in statutory damages against Thomas and MCSO together, recognizing two violations of the federal statute in regard to Truesdell
So how did they manage to successfully hold the sheriff’s office responsible? It seems that Thomas had been caught misusing the DAVID database in 2012, resulting in a suspension of his access for two months. But:
When this suspension was lifted, Parmer emphasized, Thomas continued his DAVID searches with no oversight or repercussions.
The current sheriff is reportedly more proactive in auditing usage. [I'd call that managing. Bob]

Will Mattel notify anyone if the child talks about suicide or indicates she has been abused? If not, is there liability?
Joe Cadillic points out to a “Hell No Barbie” post from Campaign for a Commercial-Free Childhood (CCFC):
“Prepare your daughter for a lifetime of surveillance with Hello Barbie, the doll that records children’s private conversations and transmits them to cloud servers, where they are analyzed by algorithms and listened to by strangers. Girls will learn important lessons, like that a friend might really be a corporate spy, and that anything you say can and will be used for market research.
Read more on CCFC and then read Joe’s own post about this topic on MassPrivateI.

Clever. You give me all your personal information and I'll give you a word cloud.
Paul Bischoff writes:
Lately, you’ve probably seen a couple of your Facebook friends post the results of a quiz app that figures out your most-used words in statuses. Or maybe you posted it yourself.
The “quiz,” created by a company called, has risen to over 16 million shares in a matter of days. It’s been written about in the Independent, Cosmopolitan, and EliteDaily. Sounds fun, right?
Wrong. That’s over 16 million people who agreed to give up almost every private detail about themselves to a company they likely know nothing about.
Read more on Comparitech.
[From the article:
The app, like many Facebook quiz apps, is a privacy nightmare. Here’s a list of the info quiz players have to disclose to
  • Name, profile picture, age, sex, birthday, and other public info
  • Entire friend list
  • Everything you’ve ever posted on your timeline
  • All of your photos and photos you’re tagged in
  • Education history
  • Hometown and current city
  • Everything you’ve ever liked
  • IP address
  • Info about the device you’re using including browser and language

Gosh, I don't want anyone to know about that! I admit I don't know the most requested sites – except Facebook.
European privacy requests for search removals
Total URLs that Google has evaluated for removal: 1,234,092 URLs
Total requests Google has received: 348,085 requests
… Of total URLs requested for removal from search results, these top ten sites account for 9%

The new toys just keep coming!
IBM Turns Up Heat Under Competition in Artificial Intelligence
Programmers of artificial intelligence software got a new tool to work with Monday, when International Business Machines Corp. announced that a proprietary program known as SystemML would be freely available to share and modify through the Apache Software Foundation.
… IBM is one of the three companies this year to make available proprietary machine-learning technology under an open-source license. Facebook Inc. in February, released portions of its Torch software, while Alphabet Inc.’s Google division earlier this month open-sourced parts of its TensorFlow system.

When is free not good? When you competitor does it? Given enough time, it is likely governments would offer services like this. Probably within 200 years…
Facebook expands controversial service in India
A controversial Facebook service offering free Web services in some parts of India will now be available across the country, CEO Mark Zuckerberg said in a Monday post.
The Free Basics service, offered through the nonprofit, allows customers on some wireless networks around the world to use certain services, free of charge. That service is now available to customers of Facebook’s local wireless partner in India, Reliance Communications.
“As of today, everyone in India nationwide can access free internet services for health, education, jobs and communication through's Free Basics app on the Reliance network,” Zuckerberg said.
… Activists contend that the service, because it could drive users to Facebook-provided applications, violates the principle of net neutrality, which dictates that all traffic on the Internet should be treated in the same way. That criticism has cost the company: local partners on the project dropped out after the net neutrality concerns were raised earlier this year.
Zuckerberg fought that argument at the time, saying that these “two principles — universal connectivity and net neutrality — can and must coexist.”

Oops! Why do we continue to believe that governments know how to handle technologies?
Bangladesh: Government 'mistakenly' cuts off internet
Officials announced on Wednesday that access to Facebook, Viber and WhatsApp had all been blocked in the wake of a Supreme Court ruling upholding death sentences for two men convicted of war crimes. But the country's Telecommunication Regulatory Commission says it accidentally cut off access to the internet across the whole country.
The web blackout started at around 13:00 local time and lasted at least 75 minutes, according to the Bangladeshi newspaper The Daily Star. "We restored the internet as soon as we realised the mistake," says Shahjahan Mahmood, the commission's chairman. The messaging services were blocked as originally planned in order to maintain security, he says.

(Related) At least they are trying – if they listen to him.
Jonathan Mayer, Well-Known Online Security Expert, Joins F.C.C.
Among privacy groups in the United States, Jonathan Mayer is known as a vocal advocate who has defended the right of consumers to turn off online tracking of their browsing activities.
Among digital security experts, Mr. Mayer is known, among other things, as the Stanford computer scientist who reported in 2012 that Google was bypassing privacy settings in Apple’s Safari browser by placing bits of code in digital ads that tracked the sites users visited. Google subsequently agreed to pay a $22.5 million fine to settle charges by the Federal Trade Commission that the company had misrepresented its privacy practices.
Now Mr. Mayer, 28, has a new handle: federal regulator.
On Tuesday, the Federal Communications Commission said it had hired Mr. Mayer as chief technologist in the agency’s enforcement bureau.
… The F.C.C. declined to comment on whether its enforcement bureau had opened investigations into reports by Mr. Mayer before he was hired by the agency.

Just saying. This will give Apple the ability to put Porky Pig's face on Donald Trump in real time.
Confirmed: Apple Acquired Real-Time Motion Capture Firm Faceshift
Faceshift's real-time motion capture work in the gaming and chat arena could be used for things like real-time avatars for FaceTime video chats, but there are also more serious applications such as biometrics for unlocking devices or authorizing payments through facial recognition techniques.

Only 6 weeks late!
Kim Dotcom extradition hearing reaches conclusion
… If, on the face of it, he rules there is some merit in the US government's charges and a case to answer, on the face of it, the quartet will be sent overseas.
However, should that be the case, an appeal of the District Court's decision would not be a surprise since the last three years has been dominated by legal wrangling in all New Zealand's jurisdictions.
… Mr Mansfield said Megaupload was an internet service provider and as such was covered by safe harbour provisions in the Copyright Act.
That was not a defence to the allegations but a complete bar from prosecution, he said.
The defence argued "Mr Dotcom's dream idea" was created in response to large attachments being unable to be sent via email and was "copyright neutral".
"What the US is effectively saying to internet service providers is: 'you need to actively investigate copyright infringement and stop it, because if you don't you'll not only be civilly liable but criminally liable'," Mr Mansfield said.

For my next Statistics class. Students have to interpret results for themselves.
Not Even Scientists Can Easily Explain P-values
… To be clear, everyone I spoke with at METRICS could tell me the technical definition of a p-value — the probability of getting results at least as extreme as the ones you observed, given that the null hypothesis is correct — but almost no one could translate that into something easy to understand.
… We want to know if results are right, but a p-value doesn’t measure that. It can’t tell you the magnitude of an effect, the strength of the evidence or the probability that the finding was the result of chance.
So what information can you glean from a p-value? The most straightforward explanation I found came from Stuart Buck, vice president of research integrity at the Laura and John Arnold Foundation. Imagine, he said, that you have a coin that you suspect is weighted toward heads. (Your null hypothesis is then that the coin is fair.) You flip it 100 times and get more heads than tails. The p-value won’t tell you whether the coin is fair, but it will tell you the probability that you’d get at least as many heads as you did if the coin was fair. That’s it — nothing more.

No comments: