Monday, August 07, 2017

Ah Mickey, we warned you not to let Goofy program that App.
Ashley Cullins reports:
A San Francisco mom says her child was illegally tracked while using the Disney Princess Palace Pets app.
Amanda Rushing, on behalf of her child referred to as “L.L.,” is suing The Walt Disney Company, Disney Electronic Content and others in a proposed class action filed Thursday in California federal court.
Rushing claims an advertising-specific software development kit is surreptitiously embedded in the code for the app, and that’s how Disney is collecting personal information and tracking online behavior.


Familiar words before elections.  Any real change?  NOTE: What they have added reflects what they had failed to do earlier. 
States ramping up defenses against election hacks
   We’ve upgraded all of our security,” said Michele Reagan, the Arizona secretary of state.  “Some of the things I can’t talk about because, of course, we don’t want to give the bad guys a road map.”
Arizona was one of several states whose election systems Russian hackers are believed to have targeted ahead of the presidential election.  The state was forced to shut down its voter registration system for several days last summer, after a hacker gained access to a computer connected to the database.
The hacker never gained access to the actual voter database, but the incident spurred fears that data could have been stolen or, worse, altered.
   Since then, Arizona has focused on implementing multi-factor authentication for its systems, ensuring employees have strong passwords, and adapting other “best practices” recommended by the federal government.
   Security experts are still divided over the extent of hacking risks to actual voting machines.  Some say that because many different voting machines are used across the country and because they are not connected to the internet, that would make any large scale attack hard to carry out.
   “Some election functions are actually quite centralized,” Alex Halderman, a University of Michigan computer science professor, told the Senate Intelligence Committee in June.  “A small number of election technology vendors and support contractors service the systems used by many local governments.  Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters.”
Further highlighting the issue, at the DEF CON cybersecurity conference in Las Vegas last weekend, security experts successfully hacked into 30 different voting machines brought in for participants to experiment.
Corman, who was at the conference, noted that the hackers required physical access to actually infiltrate the machines and, once hacked, the machines showed signs they were hacked. [But is anyone looking?  Bob]


This guy is probably on my next batch of Ethical Hacking trading cards.
Meet Alex, the Russian Casino Hacker Who Makes Millions Targeting Slot Machines
   But Alex couldn’t just cash out as if he owned an ordinary startup because his business operates in murky legal terrain.  The venture is built on Alex’s talent for reverse engineering the algorithms—known as pseudorandom number generators, or PRNGs—that govern how slot machine games behave.  Armed with this knowledge, he can predict when certain games are likeliest to spit out money—insight that he shares with a legion of field agents who do the organization’s grunt work.
These agents roam casinos from Poland to Macau to Peru in search of slots whose PRNGs have been deciphered by Alex.  They use phones to record video of a vulnerable machine in action, then transmit the footage to an office in St. Petersburg.  There, Alex and his assistants analyze the video to determine when the games’ odds will briefly tilt against the house.  They then send timing data to a custom app on an agent’s phone; this data causes the phones to vibrate a split second before the agent should press the “Spin” button.  By using these cues to beat slots in multiple casinos, a four-person team can earn more than $250,000 a week.


A bit too forgiving of basic design errors?  Note too that testing with live data (data that has already passed all regular edit) does not exercise new software. 
Blood Service escapes penalties in data breach investigation
The Australian Red Cross Blood Service and its website contractor have escaped penalties from the country's privacy watchdog over a 2016 data breach that exposed the data of 550,000 donors.
In late October last year the Blood Service revealed its website partner Precedent had inadvertently exposed a 1.74GB database backup containing 1.28 million records entered by donors as part of the appointment booking process.
   The contents of the exposed file contained people's names, genders, physical and email addresses, phone numbers, date and country of birth, as well as sensitive medical information like blood type and instances of high-risk sexual behaviour.
   The OAIC today announced the results of its 10-month investigation [pdf], finding that the Blood Service was not directly responsible for the breach but did contribute to it.
It said the processes the Blood Service had in place to protect personal information were mostly adequate, but it breached Australian privacy principles by storing the Donate Blood website data indefinitely and by not ensuring information held by third parties was properly protected.
   The OAIC conducted a related review [pdf] into Precedent's role in the breach, finding that the firm had somewhat more seriously contravened Australia's privacy legislation.
   Additionally, the OAIC said there was no need for Precedent to use live data for the testing site, or to locate the UAT environment on a server that was partially accessible to the public.


Are all of these people Russians?  Is this “fake news” or merely ‘highly selective news excerpts?”
Political Donors Put Their Money Where the Memes Are
Imagine you’re a millionaire or billionaire with strong political views and a desire to spread those views to the masses.  Do you start a think tank in Washington?  Funnel millions to a shadowy “super PAC”?  Bankroll the campaign of an up-and-coming politician?
For a growing number of deep-pocketed political donors, the answer is much more contemporary: Invest in internet virality.

(Related)
McMaster: Russia Is Trying To ‘Break Apart Europe’ With Disinformation And Propaganda
   McMaster characterized it as a “sophisticated campaign of subversion and disinformation and propaganda that is going every day in an effort to break apart Europe and that pit political groups against each other … to sow dissension and conspiracy theories.”

(Related)
Alliance for Securing Democracy – Hamilton 68: A New Tool to Track Russian Disinformation on Twitter
by on
“The Alliance for Securing Democracy, a bipartisan, transatlantic initiative housed at The German Marshall Fund of the United States (GMF), will develop comprehensive strategies to defend against, deter, and raise the costs on Russian and other state actors’ efforts to undermine democracy and democratic institutions.  The Alliance will work to publicly document and expose Vladimir Putin’s ongoing efforts to subvert democracy in the United States and Europe…”
Since Russia’s interference in the 2016 U.S. election, many have warned that Putin will be back in 2018 and 2020.  But the reality is that Russian influence operations never left.  As former Director of National Intelligence James Clapper recently stated, the Kremlin is already beginning to “prep the battlefield” for the 2018 elections.  But what does this mean?  Russia’s activities continue on multiple fronts.  One happening right under our nose and in plain sight is its continued information operations aimed at spreading propaganda and disinformation online.  Indeed, Russia’s information operations in 2016 did not happen overnight — they were enabled by a foundation built over several years of operations in U.S. information space.  Since the election, Russia’s efforts to shape what Americans think has continued.  Americans deserve to know what messages Russian disinformation networks are pushing.
“In the Federalist Papers No. 68, Alexander Hamilton wrote of protecting America’s electoral process from foreign meddling.  Today, we face foreign interference of a type Hamilton could scarcely have imagined.”
The Hamilton 68 dashboard, launching today as part of the Alliance for Securing Democracy, provides a near real-time look at Russian propaganda and disinformation efforts online.  The top of the page shows tweets from official Russian propaganda outlets in English, and a short post discussing the themes of the day.  This is Russia’s overt messaging.  But these disinformation networks also include bots and trolls that synchronize to promote Russian messaging themes, including attack campaigns and the spreading of disinformation.  Some of these accounts are directly controlled by Russia, others are users who on their own initiative reliably repeat and amplify Russian themes.  Our analysis is based on linked 600 Twitter accounts to Russian influence activities online, and the lower section of the dashboard features charts that display topics, hashtags, and links currently promoted by this network.  The content this network tweets reflects Russian messaging priorities, but that does not mean every name or link you see on the dashboard is pro-Russian.  The network sometimes amplifies stories that Russia likes, or people with like-minded views but no formal connection to Russia.  Importantly, the network also tweets about stories and people that Russia seeks to discredit or attack…”


Lawyer tech?  Just like real people, “automating manual tasks is the technology concept
with the greatest upside.”
LawSites – The 10 Technologies That Most Drive Law Firm Effectiveness
by on
Robert Ambrogi: “A survey released yesterday on the business of law and legal technology finds that competition for legal services remains high, demand remains relatively flat, and law firms are feeling pressure to lower prices and enhance operational efficiency.  But what caught my eye in the survey was the question, “Which technologies provide law firms with the greatest overall effectiveness?”  The 2017 Aderant Business of Law and Legal Technology Survey, conducted by Aderant, a provider of business management software for lawyers, surveyed 112 respondents in U.S. firms, most of whom are in financial, accounting or C-suite roles.  Most of the respondents said that the performance of their firm this year is about the same as last year, and that the top challenges they face are:
  1. Pricing pressure.
  2. Improving operational efficiency.
  3. Winning new business.
  4. Growing more business from existing customers.
  5. Improving law firm agility and adaptability…”


Perspective.
Myth of one internet has morphed into reality of the ‘splinternet’
by on
August 4, 2017, Terry Flew: “Both The Economist and WIRED are worried about the “splinternet”.  The UK research organisation NESTA thinks it could “break up” the world wide web as we know it.  What is this awkwardly named idea?  It’s the concept that someone’s experience of the internet in Turkey, for example, is increasingly different from their experience of the internet in Australia.  Travellers to China, in particular, will be familiar with this phenomenon.  Thanks to the government’s tight control, they have to use Baidu rather than Google as their search engine, and are unable to access Facebook or news sites like The Economist and the New York Times.  We have a growing splinternet because of regional content blocking and the need for companies to comply with diverse, often conflicting national policies, regulations and court decisions.  This tension is particularly apparent when it comes to the likes of Google, Facebook and Twitter.  These platform companies have users in almost every country, and governments are increasingly insisting that they comply with local laws and cultural norms when it comes to access and content… the splinternet refers to a broader tendency to use laws and regulatory powers within territorial jurisdictions to set limits on digital activities…”


They’re not just for dropping bombs.  But this probably started with bomb damage assessment drones.
Your insurance adjuster may soon be a drone or an app
   As per the 2017 Future of Claims Study survey by LexisNexis Risk Solutions, these companies are looking to “virtual” or “touchless” methods of handling claims.  In fact, a solid 38 percent of insurers are said to no longer send human employees for physical inspections.  Instead, they’re using drones and apps.
Faster and more efficient than their human counterparts, drones (and the photos they take), apps, and artificial intelligence are revolutionizing the insurance industry.  As the Wall Street Journal noted, filing a claim has traditionally involved a long and rather arduous process, taking weeks and many a phone call to resolve.  But now, drones and other technology could be injecting the industry with some much-needed efficiency.


New technology requires new skills.  I better start boning up…
Companies Can Put Shareholders on a Blockchain Starting Today
Blockchain got a big boost on Tuesday when a Delaware law went into effect that lets corporations maintain shareholder lists, along with other corporate records, using the technology.  Already, several companies, including the retailer Overstock, say they intend to use it.
Delaware's decision to bless blockchain—which is a type of software that creates indelible records across multiple computers—is significant because the state is America's de facto corporate law capital, and more than two-thirds of Fortune 500 companies are incorporated there.
According to lawyers and state officials, the new law ensures companies will not face legal trouble if they choose to keep a list of shareholder names, which they must do by law, on a blockchain instead of conventional methods like an Excel spreadsheet or a SQL database.


An innovative product that every employee will want.  (and everyone in the White House should wear!) 

No comments: