Monday, June 11, 2018

Can’t imagine the scams we could run with more advanced AI? You won’t have to wait long to find out.
It Is Mind-Bogglingly Easy to Rope Apple’s Siri into Phishing Scams
A month ago I was milling about a hotel room in New Orleans, procrastinating my prep for on-stage sessions at a tech conference, when I received a startling iMessage. “It’s Alan Murray,” the note said, referring to my boss’ boss’ boss.
Not in the habit of having Mr. Murray text my phone, I sat up straighter. “Please post your latest story here,” he wrote, including a link to a site purporting to be related to Microsoft 365, replete with Microsoft’s official corporate logo and everything. In the header of the iMessage thread, Apple’s virtual assistant Siri offered a suggestion: “Maybe: Alan Murray.”
The sight made me stagger, if momentarily. Then I remembered: A week or so earlier I had granted a cybersecurity startup, Wandera, permission to demonstrate a phishing attack on me. They called it, “Call Me Maybe.”
… Wandera reported the problem as a security issue to Apple on April 25th. Apple sent a preliminary response a week later, and a few days after that said it did not consider the issue to be a “security vulnerability,” and that it had reclassified the bug as a software issue “to help get it resolved.”
What’s alarming about the ploy is how little effort it takes to pull off. “We didn’t do anything crazy here like jailbreak a phone or a Hollywood style attack—we’re not hacking into cell towers,” said Dan Cuddeford, Wandera’s director of engineering. “But it’s something that your layman hacker or social engineer might be able to do.

For my Software Architecture students.
What We've Got Here is Failure to Communicate!
Many enterprises have been taking stock of their security architecture as well as assessing gaps and redundancies (see last month’s article Wading Through Tool Overload and Redundancy?). Sometimes it is the result of a post breach investigation, and the post investigation finger pointing. Sometimes it is due to new management taking stock of the company’s risk exposure. Sometimes it is a financially driven exercise to better understand budgets and bang for the buck. Regardless of the motivation, what many are finding is that they don’t really have an architecture so much as a bunch of disparate parts sitting in silos across the environment. Looking back at it all, CISOs may wonder how they got there, but hindsight is always 20/20.

Another Architecture article. I assigned a project (due this week) to develop the architecture for a banking (ATM) App. I wonder if any of my students even considered some of these features?
Monzo's big smart bank move links your money to Alexa, Twitter and pretty much anything else
Want your Amazon Echo to play Money, Money, Money every time you get paid? Or for your debit card to automatically record every purchase you make on a budgeting spreadsheet? Well, challenger bank Monzo is making a move to become the UK's first smart bank and is using If This Then That (IFTTT) to connect your account to a host of other services.
Monzo's integration with IFTTT lets people build mini ‘applets’ by setting a series of personalised rules automatically triggered by actions in the real world. This is the first time that a bank has linked-up with IFTTT to connect their bank account with a range of other apps and devices.

(Related) Another consideration for the ATM App.
Could Venmo Hurt Your Relationships? Yup, Says Expert On Social Status. Here's Why
When you calculate what you owe for your portion of lunch, drinks or cab rides down to the penny and share it with your friends, does that boost or harm your standing in a group?
It’s a good question, and a familiar one for anyone who’s made Venmo, a hugely popular app owned by PayPal that allows you to quickly transfer money to other people’s accounts to pay for anything from a cup of coffee to your share of the dinner bill.
As The New York Times pointed out recently, while you can keep account information and payments private, many users do not, essentially broadcasting their financial activity in the same way they show off their happy vacation photos on Facebook or Instagram.

Sounds like “Pre-Crime.” Do the police have the expertise to see (in a brief records review) what teachers don’t see with daily contact?
NBC10 reports:
In Bensalem, Bucks County, the school district has spent hundreds of thousands of dollars on some 500 surveillance cameras in and around its facilities.
But the township police director, Fred Harran, doesn’t think they are enough.
He is pushing for preventative measures on another front. Harran wants Pennsylvania lawmakers to give greater access to police for information about students: grades, medical records, attendance history.
Read more on NBC10.
[From the article:
"The key is making sure that person gets identified before they grab that gun, before they get into the building," Harran said.

...and yet, we do.
Why Do We Care So Much About Privacy?
Big Tech wants to exploit our personal data, and the government wants to keep tabs on us. But “privacy” isn’t what’s really at stake.
… as it has become apparent in the past year, we don’t really know who is seeing our data or how they’re using it. Even the people whose business it is to know don’t know.

Do we gain enough as a society for the individual privacy lost?
I missed this one, but thankfully, Joe Cadillic caught it. Maria Dinzeo reports:
A federal judge indicated Friday he will uphold a California law allowing police to collect and store DNA samples from people arrested but not yet charged with crimes.
The government has a high interest in accurately identifying arrestees, U.S. District Judge Charles Breyer said, perhaps even greater than an arrestee’s expectation of privacy under the Fourth Amendment. Breyer suggested scenarios in which the arrestee is an ex-con who has a gun on him, but he gives the cops a phony I.D. during booking, or one in which someone is arrested on a case of mistaken identity.
Read more on Courthouse News.

Big Brother has invited all the neighbors?
In Newark, Police Cameras, and the Internet, Watch You
The camera perched above the bus stop sends back a continuous feed from the corner of 16th Avenue and South 18th Street in Newark’s West Ward. Regular customers come and go from Max’s, a convenience store, and a man without a shirt paces aimlessly on the same slice of pavement. Anyone with a fast internet connection and a desire to watch could also see Fernando Demarzino stepping out of his cousin’s barbershop.
“My girlfriend called and told me what I had in my hand,” Mr. Demarzino said on a recent evening as he stood within the camera’s line of sight. His girlfriend had heard about official camera feeds that had recently been made available online, and she was checking out the spot where she knew she was likely to find Mr. Demarzino. He had change in his hand, and she jokingly told him the image was sharp enough for her to count out three quarters. She also spotted his Jeep parked on the street.
… in Newark, the police have taken an extraordinary step that few, if any, other departments in the country have pursued: They have opened up feeds from dozens of closed-circuit cameras to the public, asking viewers to assist the force by watching over the city and reporting anything suspicious.
The Citizen Virtual Patrol, as the program is called, has been hailed by officials as a move toward transparency in a city where a mistrust of the police runs deep, rooted in long-running claims of aggressive enforcement and racial animosity. The cameras, officials said, provide a way to recruit residents as Newark tries to shake a dogged reputation for violence and crime. “This is part of building a partnership,” said Anthony F. Ambrose, who, as public safety director, oversees the city’s police and fire operations. Since the program started about a month ago, he said, 1,600 users have signed into the website, and residents have been lobbying the department to add more cameras in their neighborhoods.

Helping my students select their next class.
The What, Why, and How of Digital Forensics
Digital forensics is a branch of forensic science focused on recovery and investigation of artifacts found on digital devices. Any devices that store data (e.g. computers, laptops, smartphones, thumb drives, memory cards or external hard drives) are within the ambit of digital forensics. Given the proliferation of digital devices, there has been a ramp-up in use of digital forensics in legal cases and investigations.

I want to use Mickey Mouse as a political analyst…
Lessig – Congress’ Latest Move to Extend Copyright Protection Is Misguide
Lawrence Lessig – Wired [Lawrence Lessig (@lessig) is the Roy L. Furman professor of law and leadership at Harvard University and founder of Equal Citizens. He was lead counsel in Eldred v. Ashcroft (2002)]: “Almost exactly 20 years ago, Congress passed the Sonny Bono Copyright Term Extension Act, which extended the term of existing copyrights by 20 years. The Act was the 11th extension in the prior 40 years, timed perfectly to assure that certain famous works, including Mickey Mouse, would not pass into the public domain. Immediately after the law came into force, a digital publisher of public domain works, Eric Eldred, filed a lawsuit challenging the act. The Constitution gives Congress the power to secure copyrights “for limited times,” for the express purpose of “promot[ing] Progress.” Extending the copyright of an existing work, Eldred argued, could not promote anything — the work already exists. And repeated extensions of existing terms cannot be what the framers meant by “limited times.” The Supreme Court agreed to hear the challenge. I was lead counsel for the plaintiff. And in addition to our brief, a scad of creators who build upon the public domain, along with librarians, archivists, and economists, filed briefs in support of Eldred; Nobel Prize winner Milton Friedman agreed to sign the economists’ brief only if the words “no brainer” were included. Yet the court rejected our challenge to the law… Twenty years later, the fight for term extension has begun anew. Buried in an otherwise harmless act, passed by the House and now being considered in the Senate, this new bill purports to create a new digital performance right—basically the right to control copies of recordings on any digital platform (ever hear of the internet?)—for musical recordings made before 1972…”

Perspective. All that data about consumers can become addictive.
Four years ago, when Rich Fulop founded Brooklinen, the direct-to-consumer luxury bedding startup, the customer acquisition strategy was straightforward for DTC brands: pour money into Facebook ads.
Soon, Brooklinen was spending up to 75 percent of its overall ad budget on Facebook. But Brooklinen and other DTC companies, and marketers of all stripes, were pouring money into Facebook’s giant ad machine, lured by micro-targeting segments. Simple economics took over: Facebook ads became very expensive for DTC brands like Brooklinen, Thinx, Roman and Quip — all of which are now diversifying their spending to new channels, including fuddy-duddy outlets like out-of-home, terrestrial radio and even — heavens — print.
We’re trying to move away from Facebook as fast as we can,” said Fulop, who said CPMs on the platform are double what they were a year ago. “We’re fighting in this little slip of real estate with everyone else out there and it’s hard to cut through. You’re paying an impression-based auction so you are essentially bidding against anybody and everybody that wants to compete for that space, so it’s become a hyper-competitive environment.”

Perspective. Even copy paper is going paperless.
Copy Machines in Libraries Are ‘Going the Way of the Dodo’—Slowly
EdSurge: “The printed book just won’t die. But another print-based technology—the copy machine—is disappearing from many academic libraries, as librarians swap the old dime-eating machines for multi-function devices that scan texts and send copies to students via email. “Copiers seem to be going the way of the dodo, slowly,” says Stephanie Walker, dean of libraries and information resources at the University of North Dakota. The switch from copiers to scanners makes sense in the hybrid digital/print environment students and faculty operate in now. There’s also a financial incentive for academic libraries looking to economize and streamline operations and provide patrons with the services they most need. And in at least one case, the rise of the scanner has created an opportunity for an academic library to engage in a little community-minded entrepreneurship, providing fellow libraries with a customized computer/scanner/software bundle that won’t break the bank… Budget pressures have hastened the switch from copiers to scanners…”

Just because it seems illustrative. (Also interesting: The picture accompanying the article shows the President signing a bill with a Sharpie. And where does he buy his 4$ shirts?)
Meet the guys who tape Trump's papers back together
Solomon Lartey spent the first five months of the Trump administration working in the Old Executive Office Building, standing over a desk with scraps of paper spread out in front of him.
Lartey, who earned an annual salary of $65,969 as a records management analyst, was a career government official with close to 30 years under his belt. But he had never seen anything like this in any previous administration he had worked for. He had never had to tape the president’s papers back together again.
Armed with rolls of clear Scotch tape, Lartey and his colleagues would sift through large piles of shredded paper and put them back together, he said, “like a jigsaw puzzle.” Sometimes the papers would just be split down the middle, but other times they would be torn into pieces so small they looked like confetti.
It was a painstaking process that was the result of a clash between legal requirements to preserve White House records and President Donald Trump’s odd and enduring habit of ripping up papers when he’s done with them — what some people described as his unofficial “filing system.”
Under the Presidential Records Act, the White House must preserve all memos, letters, emails and papers that the president touches, sending them to the National Archives for safekeeping as historical records.

I feel like I had a deprived childhood, I never had a scooter.
How Skip wants to win the scooter wars by following the rules
Skip hasn't yet dumped its e-scooters onto the streets of hometown San Francisco, instead quietly testing its service in Washington, D.C. while waiting for San Francisco to put a regulatory regime in place.
Bottom line: Skip is betting that its friendlier, play-by-the-rules approach will help put it ahead of competitors like Bird, Lime and Spin.
San Francisco is only giving e-scooter permits to five companies, [Why? Bob] but a dozen companies applied. Skip not only will compete against established e-scooter rivals, but also against ride-share giants Uber and Lyft.

Interesting offering by my local pizza joint in honor of the summit.
The Summit: a little Korean Kimchi and a lot of American Bologna.

No comments: