Friday, April 14, 2017

A tool for automotive “ransomware?” 
Flaws in Bosch Car Dongle Allow Hackers to Stop Engine
Vulnerabilities found by researchers in Bosch’s Drivelog Connect product can be exploited by hackers to inject malicious messages into a vehicle’s CAN bus.  The vendor has implemented some fixes and is working on adding more attack protections.
Bosch’s Drivelog Connect is a service that provides information about the condition of a vehicle, including potential defects, service deadlines, and data on fuel consumption and driving behavior.  The product includes a dongle called Drivelog Connector, which is connected to the car’s OBD2 diagnostics interface, and a mobile application that communicates with the dongle via Bluetooth.
Researchers at automotive cybersecurity firm Argus have identified some potentially serious vulnerabilities in the communications between the mobile app and the dongle.

“Why” might be an interesting question.  Has the risk doubled?  Has ISIS (et. al.) doubled in size? 
Microsoft says U.S. more than doubled its FISA requests
Microsoft said on Thursday it had received at least a thousand surveillance requests from the U.S. government that sought user content for foreign intelligence purposes during the first half of 2016.

(Related).  Do we assume schoolchildren are terrorists?  Do schools really want to assume the liability for missing something (like a suicide note) on the student’s phone? 
Nick Cahill reports:
Hampered by widespread resistance from civil rights groups, backers of a bill that would allow California teachers and principals to search students’ cellphones pulled their proposal Wednesday.
Brought by the Association of California School Administrators, Assembly Bill 165 seeks to exempt students from recently enacted digital privacy protections against warrantless cellphone and electronic device searches.  Critics warned the bill could “sledgehammer” the Fourth Amendment and open up millions of K-12 students to unfettered school and government searches.
“This bill has massive ramifications to the privacy of 6 million students and families,” said Nicole Ozer, of the American Civil Liberties Union of California.
Read more on Courthouse News.

Perspective on one industry?
Protenus has released their Breach Barometer report for March.  The report is based on 39 incidents that reportedly affected 1,519,521 patients’ records.
As noted in recent months, we’ve reached that unhappy stage where we are seeing an average of one or more breach disclosures every day.  If this just represented greater transparency, that would be great, but it may also represent an increase in the number of breaches.
On a positive note: almost all of the entities for whom we had date of breach or discovery and date of report reported their breaches within 60 days from date of discovery.  Protenus understandably wonders whether that could indicate that a recent $475,000 settlement between HHS and Presence Health over late notification might be getting entities more calendar-conscious.
Some breaches are still taking too long to discover, however, as three breaches that were first disclosed in March had gone undetected for more than one year.  Two of those three incidents involved insider-wrongdoing.
As in past months, insider breaches represented a significant percentage (44%) of all reported incidents, but did not account for the bulk of breached records.  As we have seen before, hacking accounted for a smaller percentage of incidents but a larger percentage of breached records.  This month, there were 11 reports to HHS submitted as “Hacking/IT incidents.”  Four of those entities specifically described their hacking incidents as ransomware incidents in their notifications.  A fifth entity declined to answer the question of whether their incident involved ransomware.  Several other entities reported “hacking” incidents, but did not respond to inquiries from this site requesting more information.

Who defines the targets?  Would the US, France, and Russia agree on what is fake?   
Facebook Is Cracking Down on Thousands of Fake Accounts in France
Facebook said on Thursday it is taking action against tens of thousands of fake accounts in France as the social network giant seeks to demonstrate it is doing more to halt the spread of spam as well as fake news, hoaxes and misinformation.
The Silicon Valley-based company is under intense pressure as governments across Europe threaten new laws unless Facebook moves quickly to remove extremist propaganda or other content illegal under existing regulation.
Social media sites including Twitter, Google's YouTube, and Facebook also are under scrutiny for their potential to be used to manipulate voters in national elections set to take place in France and Germany in coming months.
In a blog post, Facebook said it was taking action against 30,000 fake accounts in France, deleting them in some, but not all, cases.  It said its priority was to remove fake accounts with high volumes of posting activity and the biggest audiences.  [Fake accounts have real audiences?  Bob] 
   For example, the company said it is using automated detection to identify repeated posting of the same content or an increase in messages sent by such profiles.

Automating your protest?  What if this App is downloaded a million times? 
This Chrome extension blocks United Airlines from flight searches
United Airlines has been the topic of a pretty steady stream of bad press.  Following a viral video of a man forcibly removed from a United Airlines flight, somehow someone got stung by a scorpion on a United flight, and today DropUnited launched.
DropUnited is a Chrome extension that removes United Airlines flights from your flight searches.

Should I remove my doorbell?
Orin Kerr writes:
In Florida v. Jardines (2013), the U.S. Supreme Court held that a front porch is a Fourth Amendment protected area but that there is an “implied license” allowing the police to walk up to the front door and knock in at least some cases.  If the police are just coming to talk to the homeowner, the court concluded, that’s within the implied license and no Fourth Amendment search occurs.  Homeowners implicitly consent to people coming to knock on the door and talk to them; that’s why they have doorbells.  On the other hand, if the police are bringing a drug sniffing dog to smell for drugs, that is outside the implied license.  People don’t implicitly consent to people coming to search them, and bringing a drug-sniffing dog to the front porch is a clear objective sign that the officers intend to search them.  Coming to the front porch with a drug-sniffing dog is therefore a search, and the police ordinarily can’t do that without a warrant.
Now consider this question: How does Jardines apply when properties have “no trespassing” signs posted?
Read more on The Volokh Conspiracy.

Soon, everyone will have access to AI?
The Democratization of Machine Learning: What It Means for Tech Innovation
   The democratization of ML gives individuals and startups a chance to get their ideas off the ground and prove their concepts before raising the funds needed to scale.
But access to data is only one way in which ML is being democratized.  There is an effort underway to standardize and improve access across all layers of the machine learning stack, including specialized chipsets, scalable computing platforms, software frameworks, tools and ML algorithms.

(Related).  Something for my Computer Security students to ponder.
Cognitive computing and artificial intelligence (AI) are spawning what many are calling a new type of industrial revolution.  While both technologies refer to the same process, there is a slight nuance to each.  To be specific, cognitive uses a suite of many technologies that are designed to augment the cognitive capabilities of a human mind.  A cognitive system can perceive and infer, reason and learn.  We’re defining AI here as a broad term that loosely refers to computers that can perform tasks that once required human intelligence.  Because these systems can be trained to analyze and understand natural language, mimic human reasoning processes, and make decisions, businesses are increasingly deploying them to automate routine activities.  From self-driving cars to drones to automated business operations, this technology has the potential to enhance productivity, direct human talent on critical issues, accelerate innovation, and lower operating costs.
Yet, like any technology that is not properly managed and protected, cognitive systems that use humanoid robots and avatars — and less human labor — can also pose immense cybersecurity vulnerabilities for businesses, compromising their operations.  

Another billion dollar company none of my students have ever heard of…
Yext Joins $1B Club With Successful IPO, Continuing Software's Hot Market Run
Yext wasn't quite a unicorn as a private software company.  After its first day trading on the New York Stock Exchange, it's even better: a $1 billion public one instead.
   Yext is betting that it can become the leader in what its chief executive calls, somewhat grandly, "digital knowledge management."  With micro-services booming to help us find the answers to questions from where to eat, how to find the right expert for a problem or when a business opens, Yext wants to be the layer of common information that ensures a business's correct information is conveyed the same across Google, a phone app or over Siri and Alexa.

I find this interesting.
How Tight-knit and Individualistic Communities Adopt New Technologies Differently
   Sometimes tight-knit groups have an advantage; other times, they are actually at a disadvantage.  The difference comes down to the type of technology being spread.  Is it a “low threshold” technology that is valuable even without a large number of adopters, such as computers or agricultural innovations, or is it “high threshold,” like a messaging app, which needs lots of adopters at once?
   In Mexico, which consists of highly cohesive communities, 78 percent of the population used instant messaging apps in 2013 compared with just 23 percent of the U.S. population, which is ranked as one of the most individualistic societies.

Think this is boring?  Search for “Trump.”
DATO Capital – Database of private companies and directors
by Sabrina I. Pacifici on Apr 13, 2017

Something to get my students outside.
Explore National Parks for Free In Person or Online
Entry to national parks in the United States is free each of the next two weekends.  If there is a national park near you, go out and explore.  Bring your phone to take some pictures.  Otherwise put it down and take in the experience.  Better yet, skip the phone all together and use a good old camera to take some pictures.
If there aren't any national parks near you, you can still explore them through some nice online resources.  National Parks virtual tours are available in the Google Arts & Culture apps for Android and iOS.  If you have VR headsets available to you, take a look at Google Expeditions virtual tours of the "hidden treasures" of National Parks. 

Interesting!  Want to share new technology? $0.00  Want to complain about your grade?  $99.99 (and the answer will still be NO) 
   “We think money is a good proxy of saying ‘I really want to reach you’,” says Gupta.  Users set their own pricing for receiving messages (think something like $.50 or $1).  They also set what topics they’re interested in hearing about.  Messages about things you’re interested in are free for other users to send.  If someone wants to message you about something else, they’ll have to pay.  Money only exchanges hands when you respond.  You can take the cash for yourself, or choose to have it go directly to a charity like the ACLU or  You can also cap your inbox for the week, so you only receive 10 messages instead of 50.

No comments: