After
a full Quarter of Computer Security lectures, I’d like to believe
that my students would have known to “LOCK THE DOOR!”
Homeless
man steals $350,000 from Paris airport
A homeless man stole 300,000 euros ($353,000) from
an unlocked room in Paris' Charles de Gaulle Airport on Friday.
The money was taken from an office belonging to
cash-handling company Loomis in Terminal 2F of the airport at 5:30
p.m. local time, according to a spokesman at the courthouse in
Bobigny, the capital of the region in which the airport is located.
He said that security camera footage shows the
man, who is believed to be around 50 years old, rummaging through
garbage cans near the Loomis office. The
man then leans against the office door and seems surprised when it
opens.
The footage shows the man putting down a suitcase
and entering the office. He emerged a few minutes later with two
bags full of bank notes, according to the spokesman. Leaving his own
suitcase behind, he exited the airport and walked away.
For my Computer Security students.
Companies that want to help their employees become
better stewards of cybersecurity need to go beyond regular trainings
on password security and other basic protocols. The best way to
train employees to defend against hackers is to teach them how to
think like one.
… Encourage employees to attend hackathons
— even if only perhaps to observe or learn. These events give
people a chance to take a step back from their day-to-day work for a
moment and think creatively to solve some kind of problem, which is
what “hacking” is all about.
… When something major happens in your
industry, encourage teams to share findings and analysis. That’s
not to say everyone needs to be writing up ten page reports — a few
quick thoughts will do. The idea is to condition your workforce to
make it second nature to share information and insights.
Maybe that wasn’t as simple as the FCC thought.
The next
front in the net neutrality war: Feds versus the states
In the hours after the
Trump administration scrapped rules that required internet providers
to treat all web traffic equally, a handful of states mobilized
in a bid to reverse the decision by the Federal Communications
Commission in court — or perhaps write their own new regulations as
a replacement.
To start, a coalition of
state attorneys general, led by New York, pledged on Thursday that
they would sue the FCC to stop its rollback from taking place.
Meanwhile, policymakers in at least two states — California and
Washington — said they’d try on their own to prevent companies
like AT&T, Charter, Comcast* and Verizon from blocking websites,
slowing down web traffic or prioritizing their movies, music and
other content above their rivals’ offerings.
Legislating is an especially
fraught, difficult proposition. The order adopted by the FCC on
Thursday doesn’t just kill the existing net neutrality rules — it
explicitly seeks to override local policymakers from pursuing their
own laws. And the FCC’s Republicans on Thursday signaled that
they’d vigorously pursue any states that tried that anyway.
(Related). Another way to end-run the system?
Motherboard
& VICE Are Building a Community Internet Network
… The good news is a better internet
infrastructure is possible: Small communities, nonprofits, and
startup companies around the United States have built networks that
rival those built by big companies. Because these networks are built
to serve their communities rather than their owners, they are
privacy-focused and respect net neutrality ideals. These networks
are proofs-of-concept around the country that a better internet is
possible.
Today, Motherboard and VICE Media are committing
to be part of the change we’d like to see. We
will build a community network based at our Brooklyn headquarters
that will provide internet connections for our neighborhood. We will
also connect to the broader
NYC Mesh network in order to strengthen a community network that
has already decided the status quo isn’t good enough.
We are in the very early stages of this process
and have begun considering dark fiber to light up, hardware to use,
and organizations to work with, support, and learn from. To be clear
and to answer a few questions I've gotten: This network will be
connected to the real internet and will be backed by fiber from an
internet exchange. It will not rely on a traditional ISP.
In hopes of making this replicable, we will
document every step of this process, and will release regular updates
and guides along the way. Next year, we’ll publish the Motherboard
Guide to Building an ISP, a comprehensive guide to the technical,
legal, and political aspects of getting a locally-owned internet
network off the ground.
(Related) Perhaps do-it-yourselfers will save the
day?
Daniel Oberhaus reports that Denver Gingerich, a
programmer in NYC, has been developing a surveillance-free cell phone
network.
Earlier this year, Gingerich published the code for Sopranica, a DIY, surveillance-free cell phone network. At the moment, it consists of a protocol that allows anyone to register for a phone number to make calls and send texts over the internet totally anonymously. In the future, this protocol will be paired with a network of small radio devices run by members of a community that will replace users’ reliance on cell phone towers run by telecommunications companies.
Read more on Motherboard.
For an organization that is supposed to deal in
facts, they seem to have great difficulty determining what to say
when something happens.
http://www.businessinsider.com/doj-says-early-release-of-fbi-agents-texts-was-not-authorized-2017-12
DOJ now
says early release of FBI agents' private texts to reporters was 'not
authorized' by the department
The Justice Department acknowledged in a statement
on Thursday night that copies of private text messages exchanged
between two former special counsel investigators were
disclosed to certain members of the media before they were given to
Congress, even though those disclosures "were not
authorized."
(Related)
DOJ says no
wrongdoing in release of FBI agent's texts
… In a statement to CNN Thursday, Flores
rejected the accusation that the DOJ did anything improper,
explaining that members of
Congress received the texts "before any member of the media
was given access to view the same copy of the texts."
Explain this to a jury? I’m not sure the
programmers get it.
Accountability
of AI Under the Law: The Role of Explanation
Accountability
of AI Under the Law: The Role of Explanation, November 27, 2017.
“The ubiquity of systems using artificial
intelligence or “AI” has brought increasing attention to how
those systems should be regulated. The choice of how to regulate AI
systems will require care. AI systems have the potential to
synthesize large amounts of data, allowing for greater levels of
personalization and precision than ever before|applications range
from clinical decision support to autonomous driving and predictive
policing. That said, common sense reasoning [McCarthy, 1960] remains
one of the holy grails of AI, and there exist legitimate concerns
about the intentional and unintentional negative consequences of AI
systems [Bostrom, 2003, Amodei et al., 2016, Sculley et al., 2014].
There are many ways to hold
AI systems accountable. In this work, we focus on one: explanation.
Questions about a legal right to explanation from AI systems was
recently debated in the EU General Data Protection Regulation
[Goodman and Flaxman, 2016, Wachter et al., 2017], and thus thinking
carefully about when and how explanation from AI systems might
improve accountability is timely. Good choices about when to demand
explanation can help prevent negative consequences from AI systems,
while poor choices may not only fail to hold AI systems accountable
but also hamper the development of much-needed beneficial AI systems.
Below, we briefly review current societal, moral, and legal norms
around explanation, and then focus on the different contexts under
which explanation is currently required under the law. We find that
there exists great variation around when explanation is demanded, but
there also exists important consistencies: when demanding explanation
from humans, what we typically want to know is how and whether
certain input factors affected the final decision or outcome. These
consistencies allow us to list the technical considerations that must
be considered if we desired AI systems that could provide kinds of
explanations that are currently required of humans under the law.
Contrary to popular wisdom of AI systems as indecipherable black
boxes, we find that this level of explanation should often be
technically feasible but may sometimes be practically onerous|there
are certain aspects of explanation that may be simple for humans to
provide but challenging for AI systems, and vice versa. As an
interdisciplinary team of legal scholars, computer scientists, and
cognitive scientists, we
recommend that for the present, AI systems can and should be held to
a similar standard of explanation as humans currently are; in the
future we may wish to hold an AI to a different standard.”
A tool that might be useful…
Avast Open
Sources Machine-Code Decompiler in Battle Against Malware
In
an effort to boost the fight against malicious software, anti-malware
company Avast this week announced the release of its retargetable
machine-code decompiler as open source.
Dubbed
RetDec,
short for Retargetable
Decompiler,
the software utility is the result of seven years of development and
was originally created as a joint project by the Faculty of
Information Technology of the Brno University of Technology in the
Czech Republic, and AVG Technologies. Avast acquired AVG Technologies
in 2016.
The
tool allows the security community to perform platform-independent
analysis of executable files. With its source code published to
GitHub under the MIT
license, RetDec is now available
for anyone to freely use it, study its source code, modify it, and
redistribute it.
Useful
for the high volume of “No, I won’t change your grade” emails
that occur at Quarter end.
Another useful tool?
Finding a place for my students. (Preferably far,
far away.)
Forbes –
The World’s Biggest Public Companies
This
resource is structured so that the reader may scroll through the
list
of companies, where you will find respective metadata on each
organization that includes: Country, Industry, CEO, Market Cap. From
the initial brief company overview, readers may choose to view
additional data on each company that includes: Revenue, Number of
Employees, Sales, Assets, Profits, and related Forbes articles.
No comments:
Post a Comment