Saturday, August 12, 2017
Don’t stop at the “Oh good, it’s finally working” phase. Remember to check to see if it is working correctly.
Vera Bergengruen reports:
A veterans organization is suing the Pentagon for exposing private details about troops’ military service on “a truly massive scale” due to lax security on one of its websites.
The Servicemembers Civil Relief Act website, which according to the Pentagon receives more than 2.3 billion searches a year, is mean to be used (sic) by authorized institutions like banks to confirm the active duty status that entitles service members to certain protections.
Instead, the information is available to con artists and scammers who can use it to impersonate government or other officials and gain veterans’ trust by discussing details of their service that only authorized organizations would have.
Read more on Miami Herald.
It’s always useful to have bad examples.
Hacking in Hollywood: Why the Industry Needs to Shore Up Security
… Matwyshyn said the entertainment industry is a prime target for hackers because the stakes are high, and those who work in the industry may not be paying close attention to internet security practices. It’s relatively easy to send a “phishing” email to a studio executive, advising them to click on a link. And just like that, hackers are in.
Something for my Digital Forensics class to discuss. (As in a Research Paper.) Has that video been manipulated? Is that really Forrest Gump standing next to the president?
Facebook acquires German video modification and motion tracking technology startup fayteq
Fayteq, a small German startup that develops technologies for video manipulation, has shut down all sales of its products and services, according to its website. Deutsche Startups reported this morning that the company, based in central Germany's Erfurt, has in fact been acquired by Facebook. The social media giant later confirmed the acquisition with the news site Variety.
… According to Siegfried Vater, a business angel and partner of Fayteq, the startup offered "innovative technologies in the area of off-line and real-time video manipulation, removing the border between reality and fiction." He also writes that the company provides (or used to provide, at least) "sophisticated solutions for digital product placement, i.e. insertion and replacement of advertisements, seamless object insertion in and removal from video streams as well as logo removal from video sequences".
What is “appropriate drone behavior” under International law or perhaps the law of the sea?
Beijing is using underwater drones in the South China Sea to show off its might
Late last month, Beijing dropped a dozen underwater drones, also known as unmanned underwater vehicles, in an unspecified location in the international waterway to carry out "scientific observations," state-run media outlet Xinhua reported.
The torpedo-shaped vehicles — called Haiyi, or sea wings in Mandarin — will remain underwater for a month, according to reports. In March, one device hit a depth of 6,329 meters, breaking an earlier record held by a U.S. vessel, Xinhua said.
… The use of autonomous drones raises a number of questions as to whether Beijing is deploying the technology to support its aggressive expansion in the geopolitical hotspot.
Scientific purposes may be the official line from Chinese President Xi Jinping's administration, but political intentions can't be ignored. According to one theory, underwater drones are being utilized as a symbol of supremacy.
"It is a clear attempt to signal a capability associated with leading powers in terms of technology, which often translates to prestige," said Margaret Kosal, an associate professor at Georgia Tech who specializes in the role of emerging technologies for security.
I’ll wager that Walmart was “not amused.” I wonder if the monitor all social media for similar “pranks?”
Walmart says back-to-school gun display was a prank
The world's largest retailer said Friday an internal investigation determined without a doubt that the company was pranked when a photograph emerged on social media showing a sign reading "Own The School Year Like A Hero" atop a gun case in a store.
"We have definite proof it was a prank," Walmart spokesman Charles Crowson told The Associated Press on Friday evening.
The photograph on social media included Walmart's superhero-themed, back-to-school promotion with a gun rack in a sporting goods section. Initially, the company apologized and said the sign was being taken down but then began to question whether it had been there at all.
More on the future of Ads.
Check Your Inbox: Google Warns Publishers Serving Annoying Ads
Betty Crocker might want to check her inbox Thursday.
The iconic brand is one of roughly a thousand online publishers that are set to receive an email from Google warning them that they are showing "highly annoying, misleading or harmful" ads. Although there aren't many ads on Betty Crocker's website, it does have popups, especially on its mobile site.
And that's in violation of the Better Ads Standard, an industry effort born within the Coalition for Better Ads. Google is part of the Justice League-type group, as are Facebook, Procter & Gamble, Unilever, The Washington Post, the Interactive Advertising Bureau, ad-buying giant GroupM, the Association of National Advertisers and others.
But Google carries particular weight because it's the self-appointed hero that plans to block "annoying" ads in its popular Chrome browser starting early next year.
… In addition to Betty Crocker, publishers that Google will warn of Better Ads Standard violations include Forbes, the New York Daily News, the Los Angeles Times, The Independent, TV Guide, the Chicago Tribune, LifeHacker, ZDNet, PCMag, the Orlando Sun-Sentinel, the Washington Times, Eurogamer and the Chicago Sun-Times.
Another example of how slowly technology spreads.
Can We Live Without Air Conditioning?
Air conditioning is an extraordinary example of how technology changes practically everything. The first industrial air conditioning system was installed in a Brooklyn printing plant in 1902. This kind of “process” air conditioning was designed not to cool down the workers but to improve efficiency of production, specifically to reduce the humidity that kept ink from drying properly.
… As Jeff E. Biddle reveals, it was movie theaters, restaurants, and department stores that introduced “comfort” air conditioning in the late 1920s. This was for the benefit of consumers, a lure to get shoppers to step out of the heat. Notably, grocery stores, office buildings, and hotels (places people had to go to) lagged behind, only sporadically offering air conditioning well into the 1940s and 1950s.
Something for my students.
How to Win an Argument, According to Science (Infographic)
Research tools? Includes social media searches.
Friday, August 11, 2017
Perhaps I can get my Computer Security students to write an App to monitor state data handling?
Kieran Nicholson reported:
A lapse in security at the Colorado Judicial Department led to information about jurors in Colorado, including Social Security numbers, being exposed on the internet for about a year.
The state court administrator’s office was contacted July 27 by a person in Alaska who alerted state officials about the potential for massive identity theft, according to the Judicial Department.
Read more on The Denver Post.
Not much detail, but the government is not very well liked at the moment. Probably no need for outside involvement.
Cyberattack Leaves Millions Without Mobile Phone Service in Venezuela
A massive cyberattack that took down government websites in Venezuela earlier this week also has left seven million mobile phone users without service, the government said Thursday.
A group that calls itself The Binary Guardians claimed responsibility for attacks that targeted the websites of the government, the supreme court and the National Assembly.
… Roa said there also have been nine cuts in the country's fiber optic network, which has cut off already precarious internet service to seven states.
"The attacks were carried out with the help of foreign agents, trying once again to disrupt our country's connectivity," Roa said, adding that an investigation was underway.
They are not after those little bottles of shampoo?
Russian Cyberspies Target Hotels in Europe
A notorious Russia-linked hacker group specializing in cyber espionage is believed to be behind an ongoing campaign targeting hotels in several European countries.
FireEye has linked the attacks with moderate confidence to APT28, a threat actor also known as Pawn Storm, Fancy Bear, Sofacy, Sednit and Strontium. The group is believed to have launched numerous high-profile attacks, including a campaign targeting last year’s presidential election in the United States.
While the recent attacks have targeted the networks of hotels, the security firm says there is some indication that the hackers may actually be looking to access the devices of government and business travelers via the guest Wi-Fi provided by these hotels.
How to pay a ransom without admitting that you paid a ransom.
The HBO hackers apparently want us all to know that they weren’t bluffing when they said they would not play games or go along with delaying tactics.
In a letter to HBO, described previously on this site, the hackers had written, “As we witnessed in other cases, Fucking FBI or other police enforcements, teach you couple of outdated trick to play with us and buy time. It doesn’t work with us.”
Those tricks apparently include promising to pay a large bug bounty but not paying the demanded ransom amount by the actual deadline.
Today, the hackers contacted DataBreaches.net and a few other media/news outlets with a new link to the previously dumped files. But “Mr. Smith” also attached a file labeled as “HBO’s Response.”
The file, which DataBreaches.net is redacting to delete the HBO executive’s name and email address, is dated July 27, and acknowledges receiving the hackers’ letters. The letter is not from Richard Plepler, HBO’s CEO. In other communications, the hackers indicated that they would only correspond with him going forward.
Trying to frame – or re-frame – the situation as a bug bounty possibility, HBO asked the hackers to extend their deadline for payment and committed – “as a show of good faith” – to making a bug bounty payment of $250,000.00.
HBO was asked to confirm whether the email was authentic, but DataBreaches.net has received no statement as yet. This post will be updated if and when one is received.
That said, in light of data leaks we’ve seen and the fact that the hackers sought 6-months of their annual income (which they estimated at $12-15 million), it appears that the hackers did not find $250,000 acceptable at all.
Update: It’s been pointed out to me that the hackers may not have believed the offer was genuine and may have viewed it simply as a delaying trick. It would be nice to hear from the hackers with a statement as to how they interpreted the offer, so I’ve sent an email inquiry and hope they’ll respond.
Somehow, I doubt I’ll get behind this one.
Governor Says Trump Interested in His Plan to Prop Up Coal Mining
West Virginia Governor Jim Justice said Donald Trump is “really interested” in his plan to prop up Appalachian mining by giving federal money to power plants that burn the region’s coal.
… The plan calls for the Department of Homeland Security to send $15 to eastern U.S. utilities for every ton of Appalachia coal they burn.
… Justice rejects the notion that his plan amounts to a "bailout" or "subsidy" for Appalachian coal. Rather, it’s a matter of national security, he said, because terrorists could easily blow up important gas pipelines or derail freight trains shipping coal to the east, leaving large swaths of the country lacking power-plant fuel.
“Can you imagine what would happen if we lost the power in the east for a month, or two months, or three months?” Justice said. “It would be like a nuclear blast went off. You would lose hundreds of thousands of people. It would be just absolute chaos beyond belief.’’
Perspective. Imagine what good public transportation would mean.
Study: Consumers may buy fewer cars when Uber, Lyft available
The availability of ride-hailing services such as Uber and Lyft may cause fewer people to buy their own vehicles, according to a new study. To assess the impact of transportation app companies on personal car ownership, researchers polled residents in Austin, Texas — where Uber and Lyft stopped operating for about a year due to a local ordinance.
The researchers found that 41 percent of respondents began using their own vehicle in instances where they would have normally used a ride-hailing app, while 9 percent actually purchased a new car in the wake of Uber and Lyft pulling their services.
… The study also found that people in Austin reported taking fewer trips, generally, after Uber and Lyft left the market: The average number of trips decreased from 5.65 to 2.01 per month.
Even older than I am!
Internet Archive – 78rpm Records Digitized by George Blood, L.P.
Internet Archive post: “Through the Great 78 Project the Internet Archive has begun to digitize 78rpm discs for preservation, research, and discovery with the help of George Blood, L.P.. 78s were mostly made from shellac, i.e., beetle resin, and were the brittle predecessors to the LP (microgroove) era. @great78project for uploads as they happen. The digitization project currently focuses on discs that are less likely to be commercially available–or available at all in digital form–particularly focusing on underrepresented artists and genres. Digitization will make this less commonly available music accessible to researchers in a format where it can be manipulated and studied without harming the physical artifacts. We have preserved the often very prominent surface noise and imperfections and included files generated by different sizes and shapes of stylus to facilitate different kinds of analysis. There’s no way to predict if the digital versions of these 78s will outlast the physical items, so we are preserving both to ensure the survival of these cultural materials for future generations to study and enjoy.”
Should I be using Evernote? I will at least read the manual…
Thursday, August 10, 2017
“We’ve noticed that you seem unhappy…”
“Yes, I was. My attorney told me I couldn’t sue you for just watching me with your many surveillance video cameras, I would have to wait until you disturbed my privacy by using that surveillance in an inappropriate way. Thank you for cheering me up!”
Walmart will scan for unhappy shoppers using facial recognition (cue the apocalypse)
Walmart is about to use artificial intelligence in the worst way possible. According to a patent filing, the largest brick-and-mortar retailer in the world (likely looking for ways to compete with Amazon) is developing a technology that can identify whether customers are unhappy or frustrated. It will likely use existing security and checkout cameras to read the faces.
… In real life, I could see Walmart employees appearing out of nowhere every time a teenager gets a text from his girlfriend or a dad running on fumes with four kids in tow has to buy diapers. It’s invasive, annoying, prone to errors, not that helpful, and a bit too much like Big Brother with a new toy.
… And yet — it’s also inevitable. When we can use facial recognition to assist in the sales process we will, even if it might seem heavy-handed or creepy. As one writer pointed out, the technology is one way to combat customer churn. One bad experience at Walmart means a customer might spend the rest of their days shopping at Costco instead.
Is someone at the Wall Street Journal a little bit ticked at Facebook?
The New Copycats: How Facebook Squashes Competition From Startups
Tech startups live by the rule that speed is paramount. Houseparty, creator of a hot video app, has an extra reason for urgency.
Facebook Inc., a dominant force in Silicon Valley, is stalking the company, part of the social network’s aggressive mimicking of smaller rivals. Facebook is being aided by an internal “early bird” warning system that identifies potential threats, according to people familiar with the technology.
… Silicon Valley is dominated by a few titans, a development that’s fundamentally altering the nature of America’s startup culture. While it’s as easy as ever to start a company, it is getting harder to grow fast enough and big enough to avoid getting either acquired or squashed by one of the behemoths.
Perhaps I should develop one for my student researchers?
Ad Week – Most and Least Trusted Brands in News
People have a lot of faith in Reuters, but not as much in Breitbart:”… A study of close to 9,000 people found that the most trusted source of news is The Economist, while the Occupy Democrats organization was the least trusted source. The University of Missouri recently ran a questionnaire distributed by 28 newsrooms across the country. Those newsrooms asked their audiences to answer questions about the types of content they consume and how much they’re willing to pay for that content. About 67 percent of people who replied consider themselves likely or very likely to trust the news, which means nearly 33 percent of them are unlikely or very unlikely to trust the news…”
This could be useful. I admit I have trouble keeping all the characters straight.
IBM Watson counted more than 2,000 characters in the Game of Thrones book series. Now imagine trying to track them all and their bios in your head. Tough.
This is where The Fictionary can be a huge help:
“A free look-up capable custom e-book dictionary of fictitious terms, places, and people in literature. Created by author provided content or community wikis.”
… Each book has a devoted custom fictionary for it. You can download a fictionary to your Kindle or the Kindle iOS app for the book you are reading. Android users can use the ColorDict app as a platform for the dictionaries.
… The Fictionary is free and easy to install. Thanks to the passion of wiki communities and self-published authors, the dictionaries can give you more context for the book you are reading.
Wednesday, August 09, 2017
Automating data leaks?
From the this-can’t-be-good dept., Catalin Cimpanu reports:
Sensitive corporate data from customers protected by Carbon Black endpoint detection and response (EDR) solutions has been found on multiscanner services, according to an investigation by DirectDefense, a provider of managed security strategies.
The shocking data leak has been tied to an API key which DirectDefense claims it belongs to Carbon Black Cb Response, a next-gen anti-malware EDR product.
Read more on Bleeping Computer.
[From the article:
EDR solutions work by managing lists of whitelisted files and applications. When EDR products find a new file not included in its database, they upload it to their cloud service, which it would then upload it to a multiscanner service (think VirusTotal).
The EDR cloud would use the aggregated scan result from this multiscanner service to decide if to whitelist or blacklist the file. The problem is that even if the EDR and multiscanner rename the files using hashes, copies of those files are still saved on the multiscanner service.
Most of these multiscanners work on a pay-for-access model, allowing anyone to access threat intelligence data on past scanned files, and even download copies for further analysis. This is exactly how DirectDefense found the Carbon Black leak.
This is possible only in countries where more advanced technology has been implemented nation-wide.
Kenya president takes strong lead in elections but opposition says results hacked
NAIROBI — Kenya’s president, Uhura Kenyatta took what appears to be an unassailable lead in elections, according to preliminary results from Kenya’s election commission, but his opponent on Wednesday called the results fraudulent, raising fears of political violence.
… But the morning after Tuesday’s elections, Odinga called the outcome “a complete fraud,” outlining an elaborate hacking scheme that he said dramatically manipulated the results. According to Odinga, a hacker used the login information of a top election official, Chris Msando, who was mysteriously murdered last month, to enter the country’s electoral database.
… The hacker, Odinga claimed, “took control of the entire network” and dramatically altered the results.
The electoral commission said it was not prepared to dismiss Odinga’s claim outright.
For my Ethical Hacking students. …or perhaps a picture of a picture of the accountholder’s eye?
Bank of America, Samsung pilot iris-scan logins
American Banker – “This month, Bank of America will begin piloting technology from Samsung that lets customers log in to mobile banking by taking a picture of their eye. The pilot is part of a broader effort to gauge customers’ affinity for various forms of biometric authentication, says Michelle Moore, head of digital banking at Bank of America. “One thing we know we need to work on with our customers is, even in today’s day and age of digital natives, there are questions about safety and security,” she said. Biometric solutions are part of the answer. The bank is studying what other companies are doing, inside and outside the financial industry, and it’s learning what customers want. Moore says it is not about chasing the next thing. Introducing new biometrics tools helps to advance the bank in building a digital identity for its customers that will make authentication easy…”
Almost what I tell my students. “Your job is to make your organization work better.”
‘Every Business Is a Digital Business’
When Social Media turns anti-social?
ACLU sues Maine's governor for deleting Facebook comments and blocking users
The American Civil Liberties Union of Maine today announced that it is suing Maine Gov. Paul LePage for deleting comments from his official Facebook page that disagree with his viewpoints. The lawsuit, filed on behalf of two women who say they’ve had their accounts blocked from further commenting on Gov. LePage’s profile, claim the act is a form of censorship and violates the country’s free speech protections.
… Today’s lawsuit mirrors one filed against President Donald Trump last month, which claims blocking users based on difference of opinion is unconstitutional. The ACLU also filed a similar lawsuit against Maryland Gov. Larry Hogan and Kentucky Gov. Matt Bevin last week for the same reason as the case against Gov. LePage.
Huge companies and no one knows how to calculate sales tax? The world continues to provide me with more truly bad examples than I could ever use.
McDonald's, Walgreens hit with lawsuits over Cook County soda pop tax
Two of the Chicago area's biggest corporate names are being sued over allegedly bungling the rollout of Cook County's new penny-per-ounce sweetened beverage tax, with Walgreens accused of taxing unsweetened beverages and McDonald's accused of essentially taxing the tax.
McDonald's is allegedly adding the beverage tax to the subtotal of orders before calculating other sales taxes, which, in turn, results in overcharging of taxes, according to a lawsuit filed Tuesday in Cook County Circuit Court. Meanwhile, a Schaumburg resident alleges in a lawsuit filed Friday in Cook County that Walgreens improperly charged the tax on unsweetened sparkling water.
Pew – State of the News Media 2017
“Since 2004, Pew Research Center has issued an annual report on key audience and economic indicators for a variety of sectors within the U.S. news media industry. These data speak to the shifting ways in which Americans seek out news and information, how news organizations get their revenue, and the resources available to American journalists as they seek to inform the public about important events of the day. The press is sometimes called the fourth branch of government, but in the U.S., it’s also very much a business – one whose ability to serve the public is dependent on its ability to attract eyeballs and dollars. Over the years, the Center’s approach to these indicators has evolved along with the industry, carefully considering the metrics, sectors and format in which the data appear. This year, instead of a single summary report, a series of fact sheets showcasing the most important current and historical data points for each sector – in an easy-to-digest format – will be rolled out a few at a time over the coming months. Listed here are the 2017 fact sheets released so far, along with links to related reports that provide other angles of analysis about the news media industry. (State of the News Media reports from 2004-2016 are archived as PDFs and available here.) Check back in the coming months as the collection below grows – and in the years to come as these fact sheets continue to be updated with the latest data…”
Isn’t it faster to read these?
(Related). Not sure this is useful. If I want to read it, I probably don’t care how long it takes me. If I don’t want to read it, I don’t need this excuse.
… If you’re a slow reader, a short book that you finish quickly might help you feel more motivated than a long book that slows you down. Likewise, bringing a short book with you on a long trip could leave you with nothing to do.
That’s where How Long to Read comes in. Search for any book, and you’ll see some basic information about it including the title, cover, author, and Amazon price. The site uses an average reading speed of 300 words per minute (WPM) for its estimates.
But you can make this more personal. On the right side, you’ll see a brief sample of the book. Click the Start Reading Speed Timer button below it, then read the sample as you would a book. … After finishing the selection at your normal pace, click the Stop button to get your customized reading time.
My students don’t use handwriting to take notes. If they want to record anything (which they rarely do) they take a picture of the whiteboard or computer screen, or they start their thumbs dancing on their smartphone “keyboards.”
Tuesday, August 08, 2017
Rethinking what everyone thought was wisdom?
Everything You Know About 'Secure' Passwords Is Wrong
Bill Burr, formerly of the National Institute of Standards and Technology, now says that his 2003 guide on creating strong, secure passwords could actually make you more vulnerable to hacking.
The document, "NIST Special Publication 800-63. Appendix A," was an 8-page guide to creating passwords, though the suggestions were easy to guess and ultimately led to lazy security practices. The advice led users to insert obvious special characters in place of letters (like using a dollar sign instead of an "s"), tossing in a few numerals and potentially unexpected capital letters. (The original recommendations are pages 46-54 on this archived document.)
Following this guidance, one might create a password like "P@sswrD1!" that looks complex but is easy to guess, thanks to such common substitutions.
… You can find our own guide to creating safe, strong passwords here. We recommend using at least 15 characters in your passwords, as stronger computers can crack shorter passcodes quickly, as well as using upper-case and lower-case letters, special characters and numbers. Don't use the same password in two places (especially with the same user name or email address) and store them all in a password manager.
Something for my Ethical Hacking students.
Think about this. If I can’t deanonymize data myself, I’ll just buy data that is not anonymized. That may be the same data purchased by someone who never mentions what happens in his “backroom.”
Natasha Lomas reports:
A major update to the UK’s data protection rules will place new requirements and responsibilities on companies that process users’ personal data, including by making it easier for consumers to withdraw consent their data to be processed; view what data is held on them for free; ask for their data to be deleted; and move their data between service providers.
The government published a statement of intent yesterday for the forthcoming data protection bill, setting out its aims and thinking, and confirming it will repeal the existing Data Protection Act to avoid creating any legal conflicts or confusion.
Read more on TechCrunch.
[Editor’s note: In governments around the world, intelligence agencies produce “leadership profiles” of foreign heads of state and other key figures. These assessments are provided to senior policymakers to inform their interactions with foreign counterparts and their decision-making involving the other country. In this piece, Ned Price, a former CIA and NSC official, provides a simulation of how a foreign intelligence service might assess President Donald Trump.]
Yeah, and grandpa wouldn’t ride in them horseless carriage things either.
1 in 2 People Say They Won’t Fly In a Fully Automated Aircraft
The pilotless plane could save airlines as much as $35 billion per year, according to a new survey from UBS, reducing the cost of highly skilled employees ($31 billion), related training ($3 billion), and fuel ($1 billion).
The deployment of autonomous technology could result in significant fare cuts, an estimated one-tenth of the total in the U.S.
And yet 54% of passengers refuse to board a remote-controlled plane, according to the survey of 8,000 air passengers.
The End of Typing: The Next Billion Mobile Users Will Rely on Video and Voice
Instead of typing searches and emails, a wave of newcomers — “the next billion,” the tech industry calls them—is avoiding text, using voice activation and communicating with images. They are a swath of the world’s less-educated, online for the first time thanks to low-end smartphones, cheap data plans and intuitive apps that let them navigate despite poor literacy.
Incumbent tech companies are finding they must rethink their products for these newcomers and face local competitors that have been quicker to figure them out.
… “The way the journey seems to start today is with social messaging, YouTube and entertainment apps,” not email or social media, said Sandeep Kataria, chief commercial officer at Vodafone India. “Five years ago it was the other way around.”
In the year through June, use of YouTube in India has more than doubled, while Gmail use fell 15%, according to App Annie. In the U.S., YouTube growth was 48% over the same period, while Gmail use was up 13%.
Facebook’s WhatsApp messenger service says its top two markets are India and Brazil. It has become the first stop on the internet for many who have been using it instead of email or social media.
…and those are the good points?
Have Smartphones Destroyed a Generation?
The generation growing up with smartphones and social media really is different. They’re doing less driving, having less sex, and drinking less. They’re also lonelier and more prone to depression.
Survey – more than 3 billions users of social media and growing
TheNextWeb: “The latest Global Digital Statshot from We Are Social and Hootsuite reveals that the number of people using social media around the world has just passed the momentous three billion mark..”
Inspiration! Let’s create an algorithm that tells when you’re being Presidential!
Are you being sarcastic in your Tweets – new algorithm can discern your intent
“We use millions of texts on Twitter containing emojis for training a deep learning model that understands many nuances of how language is used to express emotions. For instance, it does well at capturing sarcasm and slang. We beat state-of-the-art algorithms across many benchmarks datasets. See our paper, blog post or FAQ for more details.
… Disclaimer: Note that the model has learned about language from the raw, uncurated expressions of individuals on social media. We do not endorse in any way the emotional interpretation that the model has of any particular content…”
Dilbert, on the value of backups!
Monday, August 07, 2017
Ah Mickey, we warned you not to let Goofy program that App.
Ashley Cullins reports:
A San Francisco mom says her child was illegally tracked while using the Disney Princess Palace Pets app.
Amanda Rushing, on behalf of her child referred to as “L.L.,” is suing The Walt Disney Company, Disney Electronic Content and others in a proposed class action filed Thursday in California federal court.
Rushing claims an advertising-specific software development kit is surreptitiously embedded in the code for the app, and that’s how Disney is collecting personal information and tracking online behavior.
Read more on The Hollywood Reporter.
Familiar words before elections. Any real change? NOTE: What they have added reflects what they had failed to do earlier.
States ramping up defenses against election hacks
… “We’ve upgraded all of our security,” said Michele Reagan, the Arizona secretary of state. “Some of the things I can’t talk about because, of course, we don’t want to give the bad guys a road map.”
Arizona was one of several states whose election systems Russian hackers are believed to have targeted ahead of the presidential election. The state was forced to shut down its voter registration system for several days last summer, after a hacker gained access to a computer connected to the database.
The hacker never gained access to the actual voter database, but the incident spurred fears that data could have been stolen or, worse, altered.
… Since then, Arizona has focused on implementing multi-factor authentication for its systems, ensuring employees have strong passwords, and adapting other “best practices” recommended by the federal government.
… Security experts are still divided over the extent of hacking risks to actual voting machines. Some say that because many different voting machines are used across the country and because they are not connected to the internet, that would make any large scale attack hard to carry out.
… “Some election functions are actually quite centralized,” Alex Halderman, a University of Michigan computer science professor, told the Senate Intelligence Committee in June. “A small number of election technology vendors and support contractors service the systems used by many local governments. Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters.”
Further highlighting the issue, at the DEF CON cybersecurity conference in Las Vegas last weekend, security experts successfully hacked into 30 different voting machines brought in for participants to experiment.
Corman, who was at the conference, noted that the hackers required physical access to actually infiltrate the machines and, once hacked, the machines showed signs they were hacked. [But is anyone looking? Bob]
This guy is probably on my next batch of Ethical Hacking trading cards.
Meet Alex, the Russian Casino Hacker Who Makes Millions Targeting Slot Machines
… But Alex couldn’t just cash out as if he owned an ordinary startup because his business operates in murky legal terrain. The venture is built on Alex’s talent for reverse engineering the algorithms—known as pseudorandom number generators, or PRNGs—that govern how slot machine games behave. Armed with this knowledge, he can predict when certain games are likeliest to spit out money—insight that he shares with a legion of field agents who do the organization’s grunt work.
These agents roam casinos from Poland to Macau to Peru in search of slots whose PRNGs have been deciphered by Alex. They use phones to record video of a vulnerable machine in action, then transmit the footage to an office in St. Petersburg. There, Alex and his assistants analyze the video to determine when the games’ odds will briefly tilt against the house. They then send timing data to a custom app on an agent’s phone; this data causes the phones to vibrate a split second before the agent should press the “Spin” button. By using these cues to beat slots in multiple casinos, a four-person team can earn more than $250,000 a week.
A bit too forgiving of basic design errors? Note too that testing with live data (data that has already passed all regular edit) does not exercise new software.
Blood Service escapes penalties in data breach investigation
The Australian Red Cross Blood Service and its website contractor have escaped penalties from the country's privacy watchdog over a 2016 data breach that exposed the data of 550,000 donors.
In late October last year the Blood Service revealed its website partner Precedent had inadvertently exposed a 1.74GB database backup containing 1.28 million records entered by donors as part of the appointment booking process.
… The contents of the exposed file contained people's names, genders, physical and email addresses, phone numbers, date and country of birth, as well as sensitive medical information like blood type and instances of high-risk sexual behaviour.
… The OAIC today announced the results of its 10-month investigation [pdf], finding that the Blood Service was not directly responsible for the breach but did contribute to it.
It said the processes the Blood Service had in place to protect personal information were mostly adequate, but it breached Australian privacy principles by storing the Donate Blood website data indefinitely and by not ensuring information held by third parties was properly protected.
… The OAIC conducted a related review [pdf] into Precedent's role in the breach, finding that the firm had somewhat more seriously contravened Australia's privacy legislation.
… Additionally, the OAIC said there was no need for Precedent to use live data for the testing site, or to locate the UAT environment on a server that was partially accessible to the public.
Are all of these people Russians? Is this “fake news” or merely ‘highly selective news excerpts?”
Political Donors Put Their Money Where the Memes Are
Imagine you’re a millionaire or billionaire with strong political views and a desire to spread those views to the masses. Do you start a think tank in Washington? Funnel millions to a shadowy “super PAC”? Bankroll the campaign of an up-and-coming politician?
For a growing number of deep-pocketed political donors, the answer is much more contemporary: Invest in internet virality.
McMaster: Russia Is Trying To ‘Break Apart Europe’ With Disinformation And Propaganda
… McMaster characterized it as a “sophisticated campaign of subversion and disinformation and propaganda that is going every day in an effort to break apart Europe and that pit political groups against each other … to sow dissension and conspiracy theories.”
Alliance for Securing Democracy – Hamilton 68: A New Tool to Track Russian Disinformation on Twitter
“The Alliance for Securing Democracy, a bipartisan, transatlantic initiative housed at The German Marshall Fund of the United States (GMF), will develop comprehensive strategies to defend against, deter, and raise the costs on Russian and other state actors’ efforts to undermine democracy and democratic institutions. The Alliance will work to publicly document and expose Vladimir Putin’s ongoing efforts to subvert democracy in the United States and Europe…”
Since Russia’s interference in the 2016 U.S. election, many have warned that Putin will be back in 2018 and 2020. But the reality is that Russian influence operations never left. As former Director of National Intelligence James Clapper recently stated, the Kremlin is already beginning to “prep the battlefield” for the 2018 elections. But what does this mean? Russia’s activities continue on multiple fronts. One happening right under our nose and in plain sight is its continued information operations aimed at spreading propaganda and disinformation online. Indeed, Russia’s information operations in 2016 did not happen overnight — they were enabled by a foundation built over several years of operations in U.S. information space. Since the election, Russia’s efforts to shape what Americans think has continued. Americans deserve to know what messages Russian disinformation networks are pushing.
“In the Federalist Papers No. 68, Alexander Hamilton wrote of protecting America’s electoral process from foreign meddling. Today, we face foreign interference of a type Hamilton could scarcely have imagined.”
The Hamilton 68 dashboard, launching today as part of the Alliance for Securing Democracy, provides a near real-time look at Russian propaganda and disinformation efforts online. The top of the page shows tweets from official Russian propaganda outlets in English, and a short post discussing the themes of the day. This is Russia’s overt messaging. But these disinformation networks also include bots and trolls that synchronize to promote Russian messaging themes, including attack campaigns and the spreading of disinformation. Some of these accounts are directly controlled by Russia, others are users who on their own initiative reliably repeat and amplify Russian themes. Our analysis is based on linked 600 Twitter accounts to Russian influence activities online, and the lower section of the dashboard features charts that display topics, hashtags, and links currently promoted by this network. The content this network tweets reflects Russian messaging priorities, but that does not mean every name or link you see on the dashboard is pro-Russian. The network sometimes amplifies stories that Russia likes, or people with like-minded views but no formal connection to Russia. Importantly, the network also tweets about stories and people that Russia seeks to discredit or attack…”
Lawyer tech? Just like real people, “automating manual tasks is the technology concept
with the greatest upside.”
LawSites – The 10 Technologies That Most Drive Law Firm Effectiveness
Robert Ambrogi: “A survey released yesterday on the business of law and legal technology finds that competition for legal services remains high, demand remains relatively flat, and law firms are feeling pressure to lower prices and enhance operational efficiency. But what caught my eye in the survey was the question, “Which technologies provide law firms with the greatest overall effectiveness?” The 2017 Aderant Business of Law and Legal Technology Survey, conducted by Aderant, a provider of business management software for lawyers, surveyed 112 respondents in U.S. firms, most of whom are in financial, accounting or C-suite roles. Most of the respondents said that the performance of their firm this year is about the same as last year, and that the top challenges they face are:
- Pricing pressure.
- Improving operational efficiency.
- Winning new business.
- Growing more business from existing customers.
- Improving law firm agility and adaptability…”
Myth of one internet has morphed into reality of the ‘splinternet’
August 4, 2017, Terry Flew: “Both The Economist and WIRED are worried about the “splinternet”. The UK research organisation NESTA thinks it could “break up” the world wide web as we know it. What is this awkwardly named idea? It’s the concept that someone’s experience of the internet in Turkey, for example, is increasingly different from their experience of the internet in Australia. Travellers to China, in particular, will be familiar with this phenomenon. Thanks to the government’s tight control, they have to use Baidu rather than Google as their search engine, and are unable to access Facebook or news sites like The Economist and the New York Times. We have a growing splinternet because of regional content blocking and the need for companies to comply with diverse, often conflicting national policies, regulations and court decisions. This tension is particularly apparent when it comes to the likes of Google, Facebook and Twitter. These platform companies have users in almost every country, and governments are increasingly insisting that they comply with local laws and cultural norms when it comes to access and content… the splinternet refers to a broader tendency to use laws and regulatory powers within territorial jurisdictions to set limits on digital activities…”
They’re not just for dropping bombs. But this probably started with bomb damage assessment drones.
Your insurance adjuster may soon be a drone or an app
… As per the 2017 Future of Claims Study survey by LexisNexis Risk Solutions, these companies are looking to “virtual” or “touchless” methods of handling claims. In fact, a solid 38 percent of insurers are said to no longer send human employees for physical inspections. Instead, they’re using drones and apps.
Faster and more efficient than their human counterparts, drones (and the photos they take), apps, and artificial intelligence are revolutionizing the insurance industry. As the Wall Street Journal noted, filing a claim has traditionally involved a long and rather arduous process, taking weeks and many a phone call to resolve. But now, drones and other technology could be injecting the industry with some much-needed efficiency.
New technology requires new skills. I better start boning up…
Companies Can Put Shareholders on a Blockchain Starting Today
Blockchain got a big boost on Tuesday when a Delaware law went into effect that lets corporations maintain shareholder lists, along with other corporate records, using the technology. Already, several companies, including the retailer Overstock, say they intend to use it.
Delaware's decision to bless blockchain—which is a type of software that creates indelible records across multiple computers—is significant because the state is America's de facto corporate law capital, and more than two-thirds of Fortune 500 companies are incorporated there.
According to lawyers and state officials, the new law ensures companies will not face legal trouble if they choose to keep a list of shareholder names, which they must do by law, on a blockchain instead of conventional methods like an Excel spreadsheet or a SQL database.
An innovative product that every employee will want. (and everyone in the White House should wear!)