Thursday, July 20, 2017

This is either a very strange hacker or some really poor reporting.  Somehow, much of the detail seems to be missing from this story.  For instance, what was a “Homeland Security Agent” doing here? 
Montco man tells feds he stole $40M in bitcoin
Police on the trail of two missing laptops and a gold necklace followed it to the Montgomery County home of a self-described computer hacker who claims responsibility for what could be one of the largest virtual currency heists of all time, court documents say.
Theodore Price of Hatfield told a local detective and a Homeland Security agent investigating a burglary at the Holland Township, Bucks County, home of his girlfriend’s parents that he wrote software to steal between $40 million and $50 million in the online currency bitcoin, the documents say.
When the officers arrived at his door last week, he told them he had been preparing to flee to London on a chartered jet using a fake passport in the name of “Avengers” movie star Jeremy Renner, a complaint filed in federal court Wednesday says.
   A court document filed last week that charged Price with unauthorized access to a computer to commit a federal crime for personal financial gain listed the value of the stolen bitcoin at between $40 million and $50 million.
Assistant U.S. Attorney Lesley Bonney said the unauthorized access charge has since been withdrawn, but would not say why Price was not charged with the bitcoin theft he admitted to the agent.

Imagine overriding a self-driving car…  This is like that.
Segway miniPRO Flaws Put Riders at Risk of Injury
   IOActive researchers analyzed the miniPRO application and determined that an attacker could have intercepted unencrypted Bluetooth communications between the scooter and the mobile app.
While the app did require a PIN when launched, experts determined that the Bluetooth interface was unprotected at the protocol level, allowing an attacker to access it and remotely conduct various actions.

A warning for my students.
   LeakerLocker … locks your home screen but doesn’t encrypt everything you’ve got on your device.  It’s still ransomware, however, because it warns that it’s gathering your browser data, text messages, call history, location information, emails, social media messages, and photos.  It states that, without paying up, it will leak all this private data to your contacts.

“If it costs money or takes time, we’re against it!”  The DHS report is a “must read” for my Ethical Hacking students.
Telecom Lobbyists Downplayed ‘Theoretical’ Security Flaws in Mobile Data Backbone
   In May, the DHS published an in-depth, 125-page report on government mobile device security, which noted that SS7 "vulnerabilities can be exploited by criminals, terrorists, and nation-state actors/foreign intelligence organizations."  DHS noted that it currently doesn't have the authority to require carriers to perform security audits on their network infrastructure, or the authority to compel mobile carrier network owners to provide information to assess the security of these communication networks.
CTIA took several issues with the report.  In its own white paper responding to the DHS, CTIA told US politicians in May that focusing on some SS7 attacks is "unhelpful," said the report "focuses on perceived shortcomings" in the protocol, and claimed that talking about the issues may help hackers, according to the white paper obtained by Motherboard.  Specifics from the paper were discussed by Motherboard with CTIA officials.  

I’ve been discussing this with my students.  Does your organization know what CPU is in each machine?  Will security suffer if some of your computers can’t be updated? 
Confirmed: Windows 10 will cut off devices with older CPUs
After stories arose of failed attempts to upgrade such hardware to the Creators Update, Microsoft confirmed late Wednesday that any hardware device that falls out of the manufacturer’s support cycle may be ineligible for future Windows 10 updates.
   “Recognizing that a combination of hardware, driver and firmware support is required to have a good Windows 10 experience, we updated our support lifecycle policy to align with the hardware support period for a given device,” Microsoft said in a statement.  “If a hardware partner stops supporting a given device or one of its key components and stops providing driver updates, firmware updates, or fixes, it may mean that device will not be able to properly run a future Windows 10 feature update.”

Perhaps we do have a problem of “reading for comprehension.”  I assume the managers in this company could have read the law, or their lawyers warning about the law?  By the way, that fine is way too small.  Shouldn’t they get hit for at least 10 cents per email?  (£80,000 is $103,757.60 according to Google, which works out to .015 cents per email.) 
Price comparison website Ltd has been fined £80,000 by the Information Commissioner’s Office (ICO) for sending millions of emails to customers who had made it clear they didn’t want to be contacted in that way.
The company sent 7.1 million emails over 10 days updating customers with its Terms and Conditions. But all the recipients had previously opted out of direct marketing.
Moneysupermarket’s email included a section entitled ‘Preference Centre Update’ which read:
“We hold an e-mail address for you which means we could be sending you personalised news, products and promot¡ons.  You’ve told us in the past you prefer not to receive these.  If you’d like to reconsider, simply click the following link to start receiving our e-mails.”
Asking people to consent to future marketing messages when they have already opted out is against the law.

Legal exceptions to constitutional rights? 
From the ACLU:
Records obtained by the ACLU of Massachusetts reveal extensive, warrantless surveillance of Massachusetts residents’ communications records.  Under a law passed in 2008, prosecutors in Massachusetts may demand IP address logs, subscriber information, banking and credit card records, and call records revealing sensitive details about a person’s life—all without any judicial oversight or external accountability.  The Boston Globe reports:
“It’s a sanctioned fishing expedition tool,” said Kade Crockford, director of the Technology for Liberty Program at the ACLU of Massachusetts.  “It shouldn’t be easy for law enforcement to dig around in our communications records, and find out who we’re talking to, and for how long, and be able to strip us of our anonymity online, simply by signing a piece of paper.” …
Read more on The ACLU.

Would you cut of the President?  Imagine the downside! 
Twitter Crackdown on Abuse Raises Question: Do the Rules Apply to Trump?
Twitter Inc. said it has clamped down on harassment on its service, a campaign that is forcing the company to confront tricky questions about how it applies its standards.

A nightmare: Think of a Big Brother-like world where all devices switch to any appearance of President Trump to ensure that we never miss a second of his brilliance.  (I bet we could sell it to Kim Jung Un.)
Internet Archive Blogs: “Working with Matroid, a California-based start up specializing in identifying people and objects in images and video, the Internet Archive’s TV News Archive today releases Face-O-Matic, an experimental public service that alerts users via a Slack app whenever the faces of President Donald Trump and congressional leaders appear on major TV news cable channels: CNN, Fox News, MSNBC, and the BBC.  The alerts include hyperlinks to the actual TV news footage on the TV News Archive website, where the viewer can see the appearances in context of the entire broadcast, what comes before and what after.  The new public Slack app, which can be installed on any Slack account by the team’s administrator, marks a milestone in our experiments using machine learning to create prototypes of ways to turn our public, free, searchable library of 1.3 million+ TV news broadcasts into data that will be useful for journalists, researchers, and the public in understanding the messages that bombard all of us day-to-day and even minute-to-minute on TV news broadcasts.  This information could provide a way to quantify “face time”–literally–on TV news broadcasts.  Researchers could use it to show how TV material is recycled online and on social media, and how editorial decisions by networks help set the terms of public debate…”

Colorado will give only “data not shielded by law.”
States bristled but at least 30 will give personal voter data to Trump
Despite criticism from most states about the Trump administration’s request for voters’ personal information, half have said they will deliver some or all of that data to the White House election commission.
   According to the Brennan Center for Justice, which has collected public statements from all 50 states, 17 stateshave agreed to provide the commission with data allowable by state law —that includes Florida, North Carolina and Washington.  Another eight states have indicated they would release the information, if certain conditions are met, primarily paying a fee.
Most, if not all, will withhold Social Security numbers.

An interesting article.  How do we keep AI from repeating the flaws of our biased “intelligence?”
Technology Is Biased Too. How Do We Fix It?
Whether it’s done consciously or subconsciously, racial discrimination continues to have a serious, measurable impact on the choices our society makes about criminal justice, law enforcement, hiring and financial lending.  It might be tempting, then, to feel encouraged as more and more companies and government agencies turn to seemingly dispassionate technologies for help with some of these complicated decisions, which are often influenced by bias.  Rather than relying on human judgment alone, organizations are increasingly asking algorithms to weigh in on questions that have profound social ramifications, like whether to recruit someone for a job, give them a loan, identify them as a suspect in a crime, send them to prison or grant them parole.
But an increasing body of research and criticism suggests that algorithms and artificial intelligence aren’t necessarily a panacea for ending prejudice, and they can have disproportionate impacts on groups that are already socially disadvantaged, particularly people of color.  Instead of offering a workaround for human biases, the tools we designed to help us predict the future may be dooming us to repeat the past by replicating and even amplifying societal inequalities that already exist.

We do this to ourselves, and never correct our mistake.
The Myth and the Cost of Drug Expiration Dates
by on
Investigative research and report by PrpPublica and NPR’s Shots Blog: “Hospitals and pharmacies are required to toss expired drugs, no matter how expensive or vital.  Meanwhile the FDA has long known that many remain safe and potent for years longer…  The dates on drug labels are simply the point up to which the Food and Drug Administration and pharmaceutical companies guarantee their effectiveness, typically at two or three years.  But the dates don’t necessarily mean they’re ineffective immediately after they “expire” — just that there’s no incentive for drugmakers to study whether they could still be usable.  ProPublica has been researching why the U.S. health care system is the most expensive in the world.  One answer, broadly, is waste — some of it buried in practices that the medical establishment and the rest of us take for granted.  We’ve documented how hospitals often discard pricey new supplies, how nursing homes trash valuable medications after patients pass away or move out, and how drug companies create expensive combinations of cheap drugs.  Experts estimate such squandering eats up about $765 billion a year — as much as a quarter of all the country’s health care spending…”

Helping students pick a major/specialization?
In the simplest of terms, computer science is the study of information (“data”) and how it can be manipulated (“algorithms”) to solve problems, mostly in theory but also in practice.
Computer science is not the study of computers, nor does it strictly require the use of computers.  Data and algorithms are possible to compute using pen and paper, which makes “computer science” a misnomer.  Computer science is more akin to mathematics, which is why some now prefer to use the term “informatics” instead.
   Here’s a non-exhaustive list of the most common “types” of computer science you may encounter and what each one specializes in.  As you’ll see, computer science is one of the broadest fields today:
  • Artificial Intelligence — The development of machines that can display cognitive functions like thinking, speaking, reasoning, and solving problems. Incorporates other fields, including linguistics, psychology, and neuroscience. Machine learning is a subset that explores the ability of machines to learn, evolve, and recognize patterns in data on their own.
  • Bioinformatics — The use of computer science to measure, analyze, model, and understand the complexities of biology. Involves the large-scale analysis of data, high-performance computations, data simulations, molecular models, and more.
  • Computational Theory — The study of algorithms and mathematical proofs. Not only concerned with the creation of new algorithms or the improvement of existing algorithms, but also the methods and provability of theorems.
  • Computer Graphics — The study of how data can be manipulated and transformed in a way that’s intuitive for humans to view. Includes topics like photorealistic images, dynamic image generation, 3D modeling and animations, and data visualizations.
  • Game Development — The creation of PC, mobile, and web games for entertainment. Game engines are designed differently from business and research applications, and often involve unique algorithms and data structures optimized for real-time interaction.
  • Networking — The study of distributed computer systems and how communications can be improved within and between networks.
  • Robotics — The creation and development of algorithms used by robotic machines. Includes improvements to robotic kinematics, the interface between robots and humans, environmental interactions, robot-to-robot interactions, virtual agents, etc.
  • Security — The development of algorithms, methods, and software to protect computer systems against intruders, malware, and abuse. Includes cloud and network security, PC security, mobile security, email security, anti-virus software, and cryptography (the study of encryption and decryption).

Might become useful.
Apple launches machine learning research site
Apple just launched a blog focused on machine learning research papers and sharing the company’s findings.  The Apple Machine Learning Journal is a bit empty right now as the company only shared one post about turning synthetic images into realistic ones in order to train neural networks.

Helping my students find current articles?
Google’s new Feed will offer content Google thinks you want to see.  This will be based on your interactions with Google, as well as what’s trending in your area and beyond.  While Google will do most of the heavy lifting, you’ll be able to customize your feed by following certain topics after you’ve searched for them.
Google outlines the thinking behind the Feed in a blog post on The Keyword.  The company states that the Feed is designed to make it “easier than ever to discover, explore and stay connected to what matters to you, even when you don’t have a query in mind”.  And that last part of the sentence is key.
   U.S. readers should be able to access the Feed from today (July 19) just by updating the Google app on Android or on iOS.  It will then roll out internationally over the next couple of weeks.

Our bookstore will hate this.
For books that you have no desire to buy and keep forever, these sites can help.  They offer great rental prices and flexible terms, making them ideal for college students on a budget.

Is there a market for free, ad-sponsored apps?  How about birds, flowers, fish, etc.?
Tree Identification Field Guide
by on
Tree Identification Field Guide (this app has a small fee): “Our illustrated, step-by-step process makes it easy to identify a tree simply by the kinds of leaves it produces.  Begin identifying your tree by choosing the appropriate region…”

No comments: