Thursday, May 17, 2018

If a hacker hacks another hacker, is that like “the enemy of my enemy is my friend?”
Joseph Cox reports:
Last week, Motherboard reported that a vigilante hacker had stolen data from a hacking group that researchers say is a government-linked cyberespionage unit. The data included GPS locations, text messages, and phone calls that the group had taken from their own victims. Now, that hacker has seemingly published the stolen data online for anyone to download.
Read more on Motherboard.

Could make for an interesting discussion in my Software Architecture class.

A global interpretation of US v Microsoft? “If you want access to our data, we want access to your data.” Whose laws must I obey?
Digital Free for All Part Deux: European Commission Proposal on E-Evidence
The European Commission has released a proposal to enable EU-member states’ law enforcement authorities to access digital information regardless of where that data is stored. It shares several of the practical and human rights problems as the similar piece of U.S. legislation known as the CLOUD Act, as well raising fresh concerns of its own.
The proposal, labelled “E-evidence – cross-border access to electronic evidence” is now heading to the European Parliament and Council for debate. The EU institutions should review this measure closely before amplifying the errors of the CLOUD Act and raising new problems for cross-border access to electronic evidence. Left unchanged, the Commission proposal will make a difficult situation worse.
What Does the Proposal Mean for Digital Rights?
There will be a lot to debate in the Commission’s proposal as it winds through the EU legislative process. However, two initial areas of concern should be addressed swiftly by EU institutions. First is the fact that this proposal could usher in paradigm shift in the system cross-border access to data in criminal investigations, risking a digital free for all and eliminating critical junctures for judicial review of law enforcement requests for data. The second concern centers around the proposal’s failure to adequately safeguard human rights. We at EPIC pointed to precisely these risks in our amicus brief in the now mooted United States v. Microsoft case concerning U.S. law enforcement access to data stored in Ireland.

Not quite tossing the baby with the bathwater, but then this is only one example.
Deleted WHOIS Data: An Unintended Consequence of GDPR
As security professionals, next week we can expect to see another example of an unintended consequence when the General Data Protection Regulations (GDPR) goes into effect. There are actually a few unintended consequences from these new regulations, but one of the most concerning is the upcoming response that domain registrars are discussing through the global body the Internet Corporation for Assigned Names and Numbers (ICANN). As the name suggests, ICANN is responsible for maintaining the rules for WHOIS data – essentially, a telephone directory-like structure that contains detailed information on who signed up for a specific Internet domain, including their name, address, email address and telephone number. Such data is subject to the GDPR’s privacy requirements for protection. As a result, under current proposals, many of the businesses that register domains will remove key elements of information from the system. In effect, on May 25 the system will “go dark” until alternative preparations are made, which ICANN representatives expect won’t start being implemented until December 2018.
Without access to this critical resource, combatting criminal behavior on the Internet becomes much more difficult. To make matters worse, during the intervening months before an alternative solution for GDPR-compliant access is available, attackers will be able to exploit this new-found anonymity to their advantage. We may see an uptick in spam and, more generally, in criminal activity. As we alter our methods for data handling, we could be exposing the very individuals we are striving to protect, to additional risk.

I wonder what information Google gathers from this?
Google Offers Free DDoS Protection for U.S. Political Organizations
Jigsaw, an incubator run by Google parent Alphabet, this week announced the availability of Project Shield – which offers free distributed denial of service (DDoS) protections – for the U.S. political community.
Opened in February 2016 to independent, under-resourced news sites, Project Shield helps protect free speech by fending off crippling DDoS assaults.
In March last year, Google and Jigsaw announced a partnership to offer Protect Your Election, tools that would help news organizations, human rights groups, and election monitoring sites fend off not only DDoS assaults, but also phishing and account takeover attempts.
This week, Jigsaw revealed that Project Shield is now available for free to “U.S. political organizations registered with the appropriate electoral authorities, including candidates, campaigns, section 527 organizations, and political action committees.”

Is the system smart enough to recognize that the plate does not match the car?
Law enforcement can identify your vehicle by make, model, year, color, features via new software
News release: “Leonardo’s ELSAG ALPR solutions are used by nearly 4,000 customers in over 25 countries by local, state, and federal law enforcement agencies. Leonardo will introduce two new Automatic License Plate Recognition (ALPR) solutions at the 2018 IACP Technology Conference on May 21-23 in Providence, Rhode Island. The ELSAG MTC and ECSS will be on display during the conference… After years of research and development, Leonardo is proud to introduce Make, Type and Color Recognition feature called ELSAG MTC to their ELSAG Enterprise Operation Center (EOC). Using advanced computer vision software, ELSAG ALPR data can now be processed to include the vehicle’s make, type – sedan, SUV, hatchback, pickup, minivan, van, box truck – and general colour – red, blue, green, white and yellow. The solution actively recognizes the 34 most common vehicle brands on U.S. roads.” [emphasis added]

Virtual digital assistants to overtake world population by 2021
Ovum: “Globally, the native digital assistant installed base is set to exceed 7.5 billion active devices by 2021, which is more than the world population according to the US Census Bureau on May 1, 2017. But fear not – Skynet, from the popular Terminator movies, does not feature among the leading digital assistants. Instead, Google Assistant will dominate the voice AI–capable device market with 23.3% market share, followed by Samsung’s Bixby (14.5%), Apple’s Siri (13.1%), Amazon’s Alexa (3.9%), and Microsoft’s Cortana (2.3%). Ovum’s Digital Assistant and Voice AI–Capable Device Forecast: 2016–21 found that smartphones and tablets clearly lead the voice AI–capable device market, with 3.5 billion active devices in 2016, most of which use Google Now and Apple Siri. However, the use of AI in conjunction with other devices greatly increases consumer engagement and is set to unlock new opportunities, particularly in the home. Ovum expects an exponential uptake of voice AI capabilities among new devices, including wearable, smart home, and TV devices, with a combined installed base of 1.63 billion active devices in 2021, a tenfold increase on 2016. Despite all the hype that surrounds AI-capable connected speakers, TV devices (i.e. smart TVs, set-top boxes, and media streamers) offer a larger opportunity, accounting for 57% of that installed base in 2021…”

(Related). If Alexa starts talking to itself in eight voices, can it order itself to ‘kill the humans?’
Alexa developers get 8 free voices to use in skills, courtesy of Amazon Polly
Now Alexa’s voice apps don’t have to sound like Alexa. Amazon today is offering a way for developers to give their voice apps a unique character with the launch of eight free voices to use in skills, courtesy of the Amazon Polly service. The voices are only available in U.S. English, and include a mix of both male and female, according to Amazon Polly’s website.
… To use an Amazon Polly voice instead, developers would use Structured Speech Markup Language (SSML) and then specify which voice they want with the “voice name” tag. This makes it easier to adjust what is said, as developers could just change the text instead of having to re-record an mp3.

Different cultures. Contrast with the NY subway system.
Japanese train firm apologises for leaving 25 seconds early
A Japanese rail company has apologised for one of its trains leaving a station 25 seconds early, terming the incident as a great inconvenience placed upon customers which was truly inexcusable. What is more concerning to the Japanese, is that, in the past months, this is not the first time this has happened with West Japan Railways, also known as JR West. In November, a train left 20 seconds early. The train pulled away from the Notogawa Station platform at the 35th second of 7:11a.m. instead of the scheduled 7:12a.m. after the conductor allegedly saw nobody on the platform and figured that nobody would be affected by the 25 second difference. However, one of the stranded passengers escalated their complaint to the HeadQuarters.

My students seem eager to get rid of their textbooks…
BookScouter helps you sell textbooks and used books for the most money by comparing offers from over 35 book buyback vendors with a single search.

No comments: