Friday, December 15, 2017

After a full Quarter of Computer Security lectures, I’d like to believe that my students would have known to “LOCK THE DOOR!”
Homeless man steals $350,000 from Paris airport
A homeless man stole 300,000 euros ($353,000) from an unlocked room in Paris' Charles de Gaulle Airport on Friday.
The money was taken from an office belonging to cash-handling company Loomis in Terminal 2F of the airport at 5:30 p.m. local time, according to a spokesman at the courthouse in Bobigny, the capital of the region in which the airport is located.
He said that security camera footage shows the man, who is believed to be around 50 years old, rummaging through garbage cans near the Loomis office. The man then leans against the office door and seems surprised when it opens.
The footage shows the man putting down a suitcase and entering the office. He emerged a few minutes later with two bags full of bank notes, according to the spokesman. Leaving his own suitcase behind, he exited the airport and walked away.

For my Computer Security students.
Companies that want to help their employees become better stewards of cybersecurity need to go beyond regular trainings on password security and other basic protocols. The best way to train employees to defend against hackers is to teach them how to think like one.
… Encourage employees to attend hackathons — even if only perhaps to observe or learn. These events give people a chance to take a step back from their day-to-day work for a moment and think creatively to solve some kind of problem, which is what “hacking” is all about.
… When something major happens in your industry, encourage teams to share findings and analysis. That’s not to say everyone needs to be writing up ten page reports — a few quick thoughts will do. The idea is to condition your workforce to make it second nature to share information and insights.

Maybe that wasn’t as simple as the FCC thought.
The next front in the net neutrality war: Feds versus the states
The United States is about to go to war with itself over net neutrality.
In the hours after the Trump administration scrapped rules that required internet providers to treat all web traffic equally, a handful of states mobilized in a bid to reverse the decision by the Federal Communications Commission in court — or perhaps write their own new regulations as a replacement.
To start, a coalition of state attorneys general, led by New York, pledged on Thursday that they would sue the FCC to stop its rollback from taking place. Meanwhile, policymakers in at least two states — California and Washington — said they’d try on their own to prevent companies like AT&T, Charter, Comcast* and Verizon from blocking websites, slowing down web traffic or prioritizing their movies, music and other content above their rivals’ offerings.
Legislating is an especially fraught, difficult proposition. The order adopted by the FCC on Thursday doesn’t just kill the existing net neutrality rules — it explicitly seeks to override local policymakers from pursuing their own laws. And the FCC’s Republicans on Thursday signaled that they’d vigorously pursue any states that tried that anyway.

(Related). Another way to end-run the system?
Motherboard & VICE Are Building a Community Internet Network
… The good news is a better internet infrastructure is possible: Small communities, nonprofits, and startup companies around the United States have built networks that rival those built by big companies. Because these networks are built to serve their communities rather than their owners, they are privacy-focused and respect net neutrality ideals. These networks are proofs-of-concept around the country that a better internet is possible.
Today, Motherboard and VICE Media are committing to be part of the change we’d like to see. We will build a community network based at our Brooklyn headquarters that will provide internet connections for our neighborhood. We will also connect to the broader NYC Mesh network in order to strengthen a community network that has already decided the status quo isn’t good enough.
We are in the very early stages of this process and have begun considering dark fiber to light up, hardware to use, and organizations to work with, support, and learn from. To be clear and to answer a few questions I've gotten: This network will be connected to the real internet and will be backed by fiber from an internet exchange. It will not rely on a traditional ISP.
In hopes of making this replicable, we will document every step of this process, and will release regular updates and guides along the way. Next year, we’ll publish the Motherboard Guide to Building an ISP, a comprehensive guide to the technical, legal, and political aspects of getting a locally-owned internet network off the ground.

(Related) Perhaps do-it-yourselfers will save the day?
Daniel Oberhaus reports that Denver Gingerich, a programmer in NYC, has been developing a surveillance-free cell phone network.
Earlier this year, Gingerich published the code for Sopranica, a DIY, surveillance-free cell phone network. At the moment, it consists of a protocol that allows anyone to register for a phone number to make calls and send texts over the internet totally anonymously. In the future, this protocol will be paired with a network of small radio devices run by members of a community that will replace users’ reliance on cell phone towers run by telecommunications companies.
Read more on Motherboard.

For an organization that is supposed to deal in facts, they seem to have great difficulty determining what to say when something happens.
DOJ now says early release of FBI agents' private texts to reporters was 'not authorized' by the department
The Justice Department acknowledged in a statement on Thursday night that copies of private text messages exchanged between two former special counsel investigators were disclosed to certain members of the media before they were given to Congress, even though those disclosures "were not authorized."

DOJ says no wrongdoing in release of FBI agent's texts
… In a statement to CNN Thursday, Flores rejected the accusation that the DOJ did anything improper, explaining that members of Congress received the texts "before any member of the media was given access to view the same copy of the texts."

Explain this to a jury? I’m not sure the programmers get it.
Accountability of AI Under the Law: The Role of Explanation
“The ubiquity of systems using artificial intelligence or “AI” has brought increasing attention to how those systems should be regulated. The choice of how to regulate AI systems will require care. AI systems have the potential to synthesize large amounts of data, allowing for greater levels of personalization and precision than ever before|applications range from clinical decision support to autonomous driving and predictive policing. That said, common sense reasoning [McCarthy, 1960] remains one of the holy grails of AI, and there exist legitimate concerns about the intentional and unintentional negative consequences of AI systems [Bostrom, 2003, Amodei et al., 2016, Sculley et al., 2014]. There are many ways to hold AI systems accountable. In this work, we focus on one: explanation. Questions about a legal right to explanation from AI systems was recently debated in the EU General Data Protection Regulation [Goodman and Flaxman, 2016, Wachter et al., 2017], and thus thinking carefully about when and how explanation from AI systems might improve accountability is timely. Good choices about when to demand explanation can help prevent negative consequences from AI systems, while poor choices may not only fail to hold AI systems accountable but also hamper the development of much-needed beneficial AI systems. Below, we briefly review current societal, moral, and legal norms around explanation, and then focus on the different contexts under which explanation is currently required under the law. We find that there exists great variation around when explanation is demanded, but there also exists important consistencies: when demanding explanation from humans, what we typically want to know is how and whether certain input factors affected the final decision or outcome. These consistencies allow us to list the technical considerations that must be considered if we desired AI systems that could provide kinds of explanations that are currently required of humans under the law. Contrary to popular wisdom of AI systems as indecipherable black boxes, we find that this level of explanation should often be technically feasible but may sometimes be practically onerous|there are certain aspects of explanation that may be simple for humans to provide but challenging for AI systems, and vice versa. As an interdisciplinary team of legal scholars, computer scientists, and cognitive scientists, we recommend that for the present, AI systems can and should be held to a similar standard of explanation as humans currently are; in the future we may wish to hold an AI to a different standard.

A tool that might be useful…
Avast Open Sources Machine-Code Decompiler in Battle Against Malware
In an effort to boost the fight against malicious software, anti-malware company Avast this week announced the release of its retargetable machine-code decompiler as open source.
Dubbed RetDec, short for Retargetable Decompiler, the software utility is the result of seven years of development and was originally created as a joint project by the Faculty of Information Technology of the Brno University of Technology in the Czech Republic, and AVG Technologies. Avast acquired AVG Technologies in 2016.
The tool allows the security community to perform platform-independent analysis of executable files. With its source code published to GitHub under the MIT license, RetDec is now available for anyone to freely use it, study its source code, modify it, and redistribute it.

Useful for the high volume of “No, I won’t change your grade” emails that occur at Quarter end.

Another useful tool?

Finding a place for my students. (Preferably far, far away.)
Forbes – The World’s Biggest Public Companies
This resource is structured so that the reader may scroll through the list of companies, where you will find respective metadata on each organization that includes: Country, Industry, CEO, Market Cap. From the initial brief company overview, readers may choose to view additional data on each company that includes: Revenue, Number of Employees, Sales, Assets, Profits, and related Forbes articles.

No comments: