So many fail to protect their data that Amazon is
now checking how they set up security. Still not making “best
practices” the default. I wonder why?
New tools
help could help prevent Amazon S3 data leaks
If you do a search
for Amazon S3 breaches due to customer error of leaving the data
unencrypted, you’ll see a long list that includes a DoD
contractor, Verizon
(the owner of this publication) and Accenture,
among the more high profile examples. Today, AWS
announced a new set of five tools designed to protect customers
from themselves and ensure (to the extent possible) that the data in
S3 is encrypted and safe.
For starters, the company is giving the
option of default encryption. [But
not encryption by default? Forcing the client to override “best
practice” Bob]
… Amazon is putting a signal front and center
on the administrative console that warns admins with a prominent
indicator next to each S3 bucket that
has been left open to the public. [But
not private by default? Bob]
… Finally, should all else fail, there is a
report, which includes the encryption status of each object in S3.
Of course, you have to read
it, but it’s there as an additional tool in the battle
against human error. [No
doubt the Auditors will want a copy. Bob]
My Computer Security students have been discussing
how to hack an election.
The
Computer Scientist Who Prefers Paper
Barbara Simons
believes there is only one safe voting technology.
This can’t be right. There are a few hundred
questions I might ask before I would consider recommending this. Why
not have the “hash” created on the victim’s computer? Will
they accept video from children? Won’t a man-in-the-middle attack
siphon off every photo or video?
Facebook’s
unorthodox new revenge porn defense is to upload nudes to Facebook
Facebook is testing a new
preemptive revenge porn
defense in Australia that may, at first blush, feel
counterproductive: uploading your nude photos or videos directly to
Messenger. According
to the Australia Broadcasting Corporation, Facebook has
partnered with the office of the Australian government’s e-Safety
Commissioner, which works primarily to prevent the online abuse
of minors, to develop the new system for combating the nonconsensual
sharing of explicit media.
By uploading the images or
videos you fear may be shared in the future in an attempt to shame or
harass you online, Facebook can digitally “hash” the media,
effectively giving it a digital footprint. This allows the social
network to track the media using the same artificial
intelligence-based technologies it uses in its photo and face
matching algorithms, and then prevent it from being uploaded and
shared in the future. This
works only if you’re in possession of the original file,
but it would seem to bypass any attempts from a malicious third party
to alter the metadata by analyzing and tagging the actual content of
the image or video.
Facebook first implemented a
similar, although less preemptive, mechanism for preventing the
proliferation of revenge porn back
in April, with the implementation of a photo-matching system to
prevent the spread of images that have already been reported and
taken down. The company has also liberally
banned accounts for revenge porn activities. But now Facebook
seems to be asking users to think ahead and play it safe if they feel
particularly vulnerable, which could be the case in a relationship
that becomes abusive over time or only after it’s ended.
(Related)
Facebook doesn’t just know too much about you —
it allows other people to know too much about you! The
social network’s privacy settings are so complicated that we
managed to write a
4,500-word guide about them and still didn’t manage to cover
everything.
Did you
know you can use a secret URL to see the entire Facebook history of
any two people on the network? (For people you aren’t friends
with, it’ll only show their publicly-available interactions.)
(Related) Maybe this social media stuff is really
hard? How would you do it?
Facebook's
fake news experiment backfires
A Facebook test that promoted comments containing
the word fake to the top of news feeds has been criticised by users.
The trial, which Facebook says has now concluded,
aimed to prioritise "comments that indicate disbelief".
It meant feeds from the BBC, the Economist, the
New York Times and the Guardian all began with a comment mentioning
the word fake.
The test, which was visible only to some users,
left many frustrated.
The comments appeared on a wide range of stories,
from ones that could be fake to ones that were clearly legitimate.
The remarks, which would appear at the top of the comments section,
came from a variety of people but the one thing that they had in
common was the word fake.
"Clearly Facebook is under enormous pressure
to tackle the problem of fake news, but to question the veracity of
every single story is preposterous," said Jen Roberts, a
freelance PR consultant.
"Quite the reverse of combating
misinformation online, it is compounding the issue by blurring the
lines between what is real and what isn't. My Facebook feed has
become like some awful Orwellian doublethink experiment."
Finding “acceptable” reasons for intensive
surveillance?
Mobile
phone tracking data 'could replace census questions'
Thousands of people have had their movements
tracked by the Office for National Statistics to see if they can find
out where they live and work.
The ONS is trying to build up a picture of
people's daily commute - something it normally asks about in the
census.
Mobile phones create a record of every location
visited by the user if the phone is switched on.
… The
experiment ... tracked where phones were overnight, to work out
where users lived, and where they travelled during the day, which was
assumed to be their place of work.
… The census has been carried out every 10
years since 1801, with the exception of 1941, to provide a snapshot
of the size of the country's population and details about how people
live and work.
But the
government wants the next census, in 2021, to be the final one to be
carried out using the traditional paper-based questionnaire method.
If it is really needed, I’m sure the FBI can
hire the same firm that cracked the phone used in the San Bernardino
attack. They should already know who he called or received calls
from.
Moving
too quickly into unfamiliar tech areas could also be dangerous. I
like the idea of shared security though.
Deutsche
Bank's CEO Hints at Thousands of Job Cuts
Deutsche Bank CEO John Cryan dropped his clearest
hint about the scale of his planned slash-and-burn exercise at
Germany’s biggest lender.
“We employ 97,000 people,” Cryan told the
Financial
Times. “Most big peers have more like half that number.”
Cryan has warned repeatedly that technology will
allow big savings across his sprawling empire, and recent media
reports suggest he’s under increasing pressure from shareholders to
deliver, having also suspended the bank’s regular dividend.
… “We’re too manual, which can make you
error-prone and it makes you inefficient. There’s a lot of machine
learning and mechanisation that we can do,” Cryan said.
… Cryan told the FT that further
branch closures and cooperation
with rivals in the area of crime prevention and detection
were also areas where savings can be made. “Every bank at the
moment has a huge and burgeoning department of people who are doing
the same stuff,” he said. “It’s
not a source of competitive advantage and you’re exposed to making
your own mistakes.”
No comments:
Post a Comment