Friday, March 23, 2018

Who attacks an entire city? Anyone who can write a phishing email!
Sean Gallagher reports:
The city of Atlanta government has apparently become the victim of a ransomware attack. The city’s official Twitter account announced that the city government “is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information.”
According to a report from Atlanta NBC affiliate WXIA, a city employee sent the station a screen shot of a ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees received emails from the city’s information technology department instructing them to unplug their computers if they noticed anything suspicious. An internal email shared with WXIA said that the internal systems affected include the city’s payroll application.
Read more on Ars Technica.

Maybe it was Uber’s fault.
Human Driver Could Have Avoided Fatal Uber Crash, Experts Say
… Forensic crash analysts who reviewed the video said a human driver could have responded more quickly to the situation, potentially saving the life of the victim, 49-year-old Elaine Herzberg. Other experts said Uber’s self-driving sensors should have detected the pedestrian as she walked a bicycle across the open road at 10 p.m., despite the dark conditions.
… Zachary Moore, a senior forensic engineer at Wexco International Corp. who has reconstructed vehicle accidents and other incidents for more than a decade, analyzed the video footage and concluded that a typical driver on a dry asphalt road would have perceived, reacted, and activated their brakes in time to stop about eight feet short of Herzberg.
Other experts questioned the technology. The Uber SUV’s "lidar and radar absolutely should have detected her and classified her as something other than a stationary object," Bryant Walker Smith, a University of South Carolina law professor who studies self-driving cars, wrote in an email.
Smith said the video doesn’t fully explain the incident but "strongly suggests a failure by Uber’s automated driving system and a lack of due care by Uber’s driver (as well as by the victim)."

Certainly not tools my students should be using.
You Can DDoS an Organization for Just $10 per Hour: Cybercrime Report
According to Armor’s The Black Market Report: A Look into the Dark Web (PDF), anyone can DDoS an organization for only $10 an hour or $200 per day. Remote Desktop Protocol (RDP) access for a system for three months costs only $35.

Tools for Privacy?
Vivaldi browser now uses DuckDuckGo as default search engine in private windows
Vivaldi, the desktop browser app that was launched in 2016 by Opera cofounder Jon von Tetzchner, has introduced a small but interesting new feature today.
As most other browsers do, Vivaldi offers a private browsing mode that offers a degree of privacy insofar as it doesn’t record the sites you visit or store cookies and temporary files. However, moving forward, Vivaldi will also make privacy-focused DuckDuckGo the default search engine within private browsing windows, irrespective of what your default search engine is in the normal browsing mode.
Founded in 2008, DuckDuckGo is pitched as the antithesis of Google, insofar as it doesn’t profile or track its users around the web. It also promises to serve the same results to all users.

Maybe there is a use for lawyers after all…
Kaleigh Rogers reports:
Nobody actually reads through the privacy policies of every website, which is why researchers recently used artificial intelligence to create a tool that reads them for you and flags anything you might not be psyched to agree to.
Launched earlier this year as a part of the Usable Privacy Project, the tool uses artificial intelligence to crawl through 7,000 of the web’s most popular sites, including Facebook, Reddit, and Twitter, and parse their privacy policies. That data is available on the project’s website, where you can search for a site and see a breakdown of some of the most pivotal information included in that site’s privacy policy, including whether the company that owns the site is collecting data on its users, and whether it’s sharing that data with any third parties.
Read more on Motherboard.

Interesting. No reason needed? Could they open my lawyer’s phone?
Yes, Cops Are Now Opening iPhones With Dead People's Fingerprints
… it was now relatively common for fingerprints of the deceased to be depressed on the scanner of Apple iPhones, devices which have been wrapped up in increasingly powerful encryption over recent years. For instance, the technique has been used in overdose cases, said one source. In such instances, the victim's phone could contain information leading directly to the dealer.
No privacy for the dead
And it's entirely legal for police to use the technique, even if there might be some ethical quandaries to consider. Marina Medvin, owner of Medvin Law, said that once a person is deceased, they no longer have a privacy interest in their dead body. That means they no longer have standing in court to assert privacy rights.
… "We do not need a search warrant to get into a victim's phone, unless it's shared owned," said Ohio police homicide detective Robert Cutshall
… Police are now looking at how they might use Apple's Face ID facial recognition technology, introduced on the iPhone X. And it could provide an easier path into iPhones than Touch ID.
… Whilst Face ID is supposed to use your attention in combination with natural eye movement, so fake or non-moving eyes can't unlock devices, Rogers found that the tech can be fooled simply using photos of open eyes. That was something also verified by Vietnamese researchers when they claimed to have bypassed Face ID with specially-created masks in November 2017, said Rogers.

Joe Cadillic writes:
A company called Dataworks Plus has developed a portable facial and fingerprint biometric scanner for law enforcement.
The ‘Evolution’ is a portable facial and fingerprint smartphone that police can use to identify everyone.
“It is multi-modal and can capture fingerprint and facial images and is compatible with our RAPID-ID fingeprint recognition and FACE Plus facial recognition applications.”
Dataworks claims police can identify anyone “regardless of factors such as hair color, glasses, and image background”.
Read more on MassPrivateI.

Why did no one care until it helped elect Trump?
Another day another revelation about Facebook giving researcher data on 57B users
The Guardian – “Before Facebook suspended Aleksandr Kogan from its platform for the data harvesting “scam” at the centre of the unfolding Cambridge Analytica scandal, the social media company enjoyed a close enough relationship with the researcher that it provided him with an anonymised, aggregate dataset of 57bn Facebook friendships. Facebook provided the dataset of “every friendship formed in 2011 in every country in the world at the national aggregate level” to Kogan’s University of Cambridge laboratory for a study on international friendships published in Personality and Individual Differences in 2015. Two Facebook employees were named as co-authors of the study, alongside researchers from Cambridge, Harvard and the University of California, Berkeley. Kogan was publishing under the name Aleksandr Spectre at the time. A University of Cambridge press release on the study’s publication noted that the paper was “the first output of ongoing research collaborations between Spectre’s lab in Cambridge and Facebook”. Facebook did not respond to queries about whether any other collaborations occurred. “The sheer volume of the 57bn friend pairs implies a pre-existing relationship,” said Jonathan Albright, research director at the Tow Center for Digital Journalism at Columbia University. “It’s not common for Facebook to share that kind of data. It suggests a trusted partnership between Aleksandr Kogan/Spectre and Facebook.” Facebook downplayed the significance of the dataset, which it said was shared with Kogan in 2013. “The data that was shared was literally numbers – numbers of how many friendships were made between pairs of countries – ie x number of friendships made between the US and UK,” Facebook spokeswoman Christine Chen said by email. “There was no personally identifiable information included in this data.”

(Related) Of course that’s only in Canada. It could never happen here.
The Canadian Press reports:
The fact that political parties are excluded from federal laws on handling personal information — such as social media data — amounts to “an important gap” that could jeopardize the integrity of the electoral process, Canada’s privacy czar says.
There should be a law governing the use of personal data by parties to prevent manipulation of the information to influence an election, privacy commissioner Daniel Therrien said Thursday in an interview.
Read more on Todayville.

Something for my Data Architecture students.
Health care teams depend on electronic health records (EHRs) to compile important medical data from innumerable lab tests and medical devices, observations, treatments, and diagnostic codes. We rely on it so much that we consider the EHR to be a team member.
But in fast-paced critical care units, where even small errors can have big consequences, this digital team member can overload physicians with information. The sheer volume of data in EHRs creates a staggering challenge in complex environments such as intensive care units (ICUs) and emergency medicine departments. Individual clinicians may have to sift through more than 50,000 data points to find key information. This proliferation of data (both meaningful and meaningless) and the workload created by EHR systems have been key drivers of clinician burnout and, paradoxically, introduced new threats to patient safety. What is more, relying only on EHR data greatly limits the insights derived from artificial intelligence algorithms or big data analytics.
Mayo Clinic, the nation’s second-largest critical-care provider in the United States, with nearly 350 beds in 15 intensive care units (ICUs) across its campuses in Minnesota, Arizona, and Florida, decided to combat the data deluge with ambient intelligence: a set of decision-making tools powered by data on and insights into clinicians’ goals, work environments, strengths, and performance constraints. When layered on top of existing information infrastructure, ambient-intelligence applications can cut through the clutter and deliver the right information in a digestible form that clinicians can use, quickly and effectively at the patient’s bedside.

Did Congress toss the baby with the bathwater?
Craigslist axes personal ads after sex trafficking bill passes
The popular online classified ads site Craigslist has stopped publishing personal ads after the Senate approved a controversial sex trafficking bill that makes website operators more accountable for their users' activities.
Craigslist's personal ads have for decades been a popular way for people to make romantic connections, but with the Senate's approval Wednesday of the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA), Craigslist said it couldn't afford risking its operations by running personal ads.
… The legislation -- approved by both branches of Congress – amends Section 230 of the Communications Decency Act from 1996, which many online platforms saw as a vital protection from liability for content posted by their users. The legislation makes it a crime to operate an internet platform with the intent of promoting prostitution.
Supporters say the legislation will help curb the growing epidemic of online sex trafficking that often involves children, while opponents argue it could expose tech companies to costly lawsuits and infringe on free speech.

For all my student researchers.
Using your phone to find and scan scholarly articles
Google Scholar Blog Quickly flip through papers on your phone. “Today, we are making it easier to use your phone to find and scan scholarly articles. Clicking a Scholar search result on your phone now opens a quick preview. You can swipe left and right to quickly flip through the list of results. Where available, you can read abstracts. Or explore related and citing articles, which appear at the bottom of the preview along with other familiar Scholar features…”

No comments: