Tuesday, February 07, 2017

First thought, don’t tell my wife!  Second, what are these people thinking? 
Another reason to use a cafetiere to make coffee.
Simone Margaritelli writes:
After hearing so much discussion about IoT security risks, I was curious to see firsthand just how easy it is to hack into an internet-connected device.  As a whitehat hacker, I tested my hacking skills on my Smarter Coffee machine, which is connected to my home wifi network.
But why should you care about some guy who figured out how to hack his coffee machine?  Because it was too easy.  If I’m willing to spend a couple of hours automating my coffee intake, there are countless cyber criminals out there willing to put in the time for a much higher-stakes reward.
Read more on Quartz.

For my Computer Security students.
Your Browsing History Alone Can Give Away Your Identity
   Dozens of trackers embedded in nearly every website collect information about how you interact with the page, and cookies stored in your browser tell advertisers how often you’ve visited the site before.  But the holy grail is the ability to string all this information together to create profiles that corresponds to each individual user—that is, creating a complete picture of each person on the internet, beyond just scattered data points.
Companies that compile user profiles generally do so pseudonymously: They may know a lot of demographic details about you, but they don’t usually connect your behavior to your individual identity.  But a group of researchers at Stanford and Princeton developed a system that can connect your profile to your name and identity, just by examining your browsing history.

The Evolution of Ransomware: Part 1
Public understanding and concern about cybersecurity has historically been pretty low, the domain of experts and large organizations on the lookout for sophisticated, targeted attacks.  Ransomware is changing that, creating a rising tide of successful attacks that are forcing a re-examination of protection in organizations of all sizes.  Businesses, numbed by constant warnings about threats, breaches, and the hopelessness of protection, are getting a serious wake-up call.  A surge in ransomware, caused by the ease of staging widespread attacks, extending even to automated ransomware attack services, has made fast, broad, and anonymous attacks commonplace.  From humble roots in the AIDS Trojan of 1989 to its current myriad forms, ransomware growth is only accelerating.  These attacks have come a long way in the last 27 years, and for those looking to protect themselves in 2017, it is time to understand and address the modern ransomware threat.

(Ditto).  Would it be cruel to use this as a midterm exam? 
Can you spot the phish?
Cloud collaboration software provider Diligent recently conducted an online survey of 2,000 U.S. internet users to test their security savvy.  76% of survey respondents passed the phishing test, but that isn't the whole story.  Here are some of Diligent's other findings:
  • Over 68% of respondents were tricked by emails that looked like they were from a coworker.
  • Messages from social media companies with the phrase, “Did you see this pic of you? LOL” fooled nearly 61% of participants.
  • Fewer than 3% of respondents fell for an email claiming they won a big cash prize from a soft drink company.
Following are the emails Diligent used in its survey.  Can you spot the phish?

Perhaps not so spontaneous after all.  You have to keep up a constant stream of bamboozlement to convince the gullible to do your bidding.  Fortunately(?), the Internet makes it easy,
Not ‘Lone Wolves’ After All: How ISIS Guides World’s Terror Plots From Afar
   Until just moments before the arrest of the Indian cell, here last June, the Islamic State’s cyberplanners kept in near-constant touch with the men, according to the interrogation records of three of the eight suspects obtained by The New York Times.
As officials around the world have faced a confusing barrage of attacks dedicated to the Islamic State, cases like Mr. Yazdani’s offer troubling examples of what counterterrorism experts are calling enabled or remote-controlled attacks: violence conceived and guided by operatives in areas controlled by the Islamic State whose only connection to the would-be attacker is the internet.

The country we might become?  Or are we already there?
Papers, Please! has a wonderful recap of the work they’ve been doing for decades and how it relates to the current uproar over Trump’s executive order.  The issues and risks, they want you to know, are much bigger than you may realize.  Here’s a snippet of their piece:
Here are some key things we’ve learned from our work over the last 20 years that people — including those just now beginning to think about the right to fly, especially as it relates to immigrants, refugees, and asylum seekers — need to understand about what is happening, who is responsible, what will happen next, and what can be done:
It’s about government control of movement, not just surveillance of travelers.
“Watchlist” is a euphemism.  The list of countries whose citizens are barred from the US is a blacklist, not just a watchlist.
Extreme vetting” means not just searching and interrogating people before allowing them to enter the US, or surveilling them while they are in the US, but not allowing them to enter the US at all.  That’s one of the reasons we have never seen this as an issue that can be completely encompassed in a rubric of “privacy”.
Tools put in place and data collected by any government will be available for use and misuse by any future government.
Read more on Papers, Please!
Related to this, see Joe Cadillic’s new post, Passengers to be arrested for not showing their ID’s.  As one example, Joe writes:
Arizona’s House Bill 2305 would make it a crime for passengers to decline to provide a photo ID to police.  Passengers who fail to provide an ID could be sentenced to four months in jail and a $750.00 fine.

This would be a silly law.  If the government does a really poor job of anonymization, it would be illegal to prove it by re-identifying people?  Sounds like the Emperor wants to keep wearing those new clothes without anyone pointing out the obvious. 
Rohan Pearce reports:
Passage of a government bill that would criminalise the re-identification of public sector datasets released under open data policies looks uncertain.
The Senate Legal and Constitutional Affairs Legislation Committee tonight tabled its report on the government’s Privacy Amendment (Re-identification Offence) Bill 2016.  Although the committee’s majority recommends that the bill be passed, a dissenting report by its Labor and Greens members calls for parliament to reject the proposed legislation.
Read more on Computerworld.

Maybe Amazon has smarter lawyers?  
Amazon’s Antitrust Paradox
by on
Khan, Lina, Amazon’s Antitrust Paradox (January 31, 2017). Yale Law Journal, Vol. 126, 2017.  Available for download at SSRN: https://ssrn.com/abstract=2911742
“Amazon is the titan of twenty-first century commerce.  In addition to being a retailer, it is now a marketing platform, a delivery and logistics network, a payment service, a credit lender, an auction house, a major book publisher, a producer of television and films, a fashion designer, a hardware manufacturer, and a leading host of cloud server space.  Although Amazon has clocked staggering growth, it generates meager profits, choosing to price below-cost and expand widely instead.  Through this strategy, the company has positioned itself at the center of e-commerce and now serves as essential infrastructure for a host of other businesses that depend upon it.  Elements of the firm’s structure and conduct pose anticompetitive concerns—yet it has escaped antitrust scrutiny.  This Note argues that the current framework in antitrust—specifically its pegging competition to “consumer welfare,” defined as short-term price effects—is unequipped to capture the architecture of market power in the modern economy.  We cannot cognize the potential harms to competition posed by Amazon’s dominance if we measure competition primarily through price and output.  Specifically, current doctrine underappreciates the risk of predatory pricing and how integration across distinct business lines may prove anticompetitive.  These concerns are heightened in the context of online platforms for two reasons.  First, the economics of platform markets create incentives for a company to pursue growth over profits, a strategy that investors have rewarded.  Under these conditions, predatory pricing becomes highly rational—even as existing doctrine treats it as irrational and therefore implausible.  Second, because online platforms serve as critical intermediaries, integrating across business lines positions these platforms to control the essential infrastructure on which their rivals depend.  This dual role also enables a platform to exploit information collected on companies using its services to undermine them as competitors.  This Note maps out facets of Amazon’s dominance.  Doing so enables us to make sense of its business strategy, illuminates anticompetitive aspects of Amazon’s structure and conduct, and underscores deficiencies in current doctrine.  The Note closes by considering two potential regimes for addressing Amazon’s power: restoring traditional antitrust and competition policy principles or applying common carrier obligations and duties.”

The world my students will program.
Amazon's supermarket of the future could operate with just 3 staff — and lots of robots
Amazon's high-tech supermarkets of the future could be operated by just three humans, according to The New York Post.
The ecommerce giant is reportedly considering two-storey supermarkets that span between 10,000 square feet and 40,000 square feet and rely heavily on a fleet of robots, sources told The New York Post.
   In Amazon's planned supermarkets, robots would reportedly be based upstairs and used to find and pack items for customers on the floor below, which would be home to products up to 4,000 items that shoppers "like to touch," such as fresh meat, fruit, vegetables, and eggs.

And here I thought they only tried to cover it up!
Directory of Federal Historical Offices and Activities
by on
Society for History in the Federal Government – “The Directory of Federal Historical Offices and Activities provides information on offices in all branches of government that perform history-related work.”

For my Student researchers.

Don’t tell my students about this.  
6. Amazon

No comments: