Wednesday, July 11, 2018

Something I warn my Computer Security students about almost every class.
A dumb security flaw let a hacker download US drone secrets
A hacker used a basic security vulnerability to access highly sensitive files relating to the US military's spy drones and tanks, new research claims. Security firm Recorded Future says it discovered a criminal attempting to sell the secret information for only a few hundred dollars on a dark web forum last month.
… The information was exposed after two members of the US military connected to the internet through Netgear routers that still used the default log-in settings for file sharing. The bypass for the routers was first discovered two years ago and devices still vulnerable haven't had their firmware updated.

One simple tool in the battle? Hey, it can’t hurt.
WhatsApp’s label for forwarded messages won’t be enough to battle fake news
Basically, if a message wasn’t composed by the sender in your conversation, it’ll have a ‘forwarded’ label at the top.
… While it’s good to see WhatsApp acting quickly, the new feature likely won’t help much. The fact that a message about kidnappers in one’s area is a forward (and not originally composed by whoever sent it) may not influence recipients to immediately assume it’s false. It could even have the opposite effect, and encourage them to believe that if it’s been shared from elsewhere, it might be information that should be taken seriously.
In case you’re wondering why WhatsApp can’t simply scan the contents of messages, look for misinformation, and censor those on its own, the reason is that your correspondence is encrypted from end to end; the company can’t intercept messages when it’s passing through WhatsApp servers to read them.

Facebook Is Testing a Feature to Tell You If That DM Came from Russia
How do you really know that Facebook message came from who you think it came from? Perhaps it’s a sockpuppet account designed to stir up political division, or simply someone impersonating a friend to try and entice you to send over some cash.
Now, Facebook is testing a feature that provides additional information about direct messages from unknown contacts, including whether an account was recently created and what sort of phone number it used to log in.
Erin Gallagher, a multimedia artist, provided Motherboard with a screenshot of the new messenger warning. It says that the person sending a direct message logged into Messenger using a phone number from Russia; that the account was recently created; and that the unsolicited user is different from a Facebook friend with the same name. The last point would presumably be helpful for identifying accounts that may be trying to impersonate other users.

Countries seem much more willing (able?) to go after technology companies.
Britain to Fine Facebook Over Data Breach
Britain's data regulator said Wednesday it will fine Facebook half a million pounds for failing to protect user data, as part of its investigation into whether personal information was misused ahead of the Brexit referendum.
"In 2014 and 2015, the Facebook platform allowed an app... that ended up harvesting 87 million profiles of users around the world that was then used by Cambridge Analytica in the 2016 presidential campaign and in the referendum," Elizabeth Denham, the information commissioner, told BBC radio.
Wednesday's ICO report said: "The ICO's investigation concluded that Facebook contravened the law by failing to safeguard people's information."
The ICO added that it plans to issue Facebook with the maximum available fine for breaches of the Data Protection Act – an equivalent of $660,000 or 566,000 euros.
Because of the timing of the breaches, the ICO said it was unable to impose penalties that have since been introduced by the European General Data Protection, which would cap fines at 4.0 percent of Facebook's global turnover.
In Facebook's case this would amount to around $1.6 billion (1.4 billion euros).

Facebook Faces Australia Data Breach Compensation Claim
Facebook could face a hefty compensation bill in Australia after a leading litigation funder lodged a complaint with the country's privacy regulator over users' personal data shared with a British political consultancy.
The social networking giant admitted in April the data of up to 87 million people worldwide – including more than 300,000 in Australia – was harvested by Cambridge Analytica.
Under Australian law, all organisations must take "reasonable steps" to ensure personal information is held securely and IMF Bentham has teamed up with a major law firm to lodge a complaint with the Office of the Australian Information Commissioner (OAIO).
The OAIO launched an investigation into the alleged breaches in April and depending on its outcome, a class action could follow.
In its statement, IMF Bentham said it appeared Facebook learned of the breach in late 2015, but failed to tell users about it until this year.
IMF investment manager Nathan Landis told The Australian newspaper most awards for privacy breaches ranged between Aus$1,000 and Aus$10,000 (US$750-US$7,500).
This implies a potential compensation bill of between Aus$300 million and Aus$3 billion.

Because we’ll be watching him like a hawk. (No pun intended.)
SCOTUS Watch and Yale blog annotated list of Kavanaugh dissents and concurrences
“This site is brought to you by Jay Pinho and Victoria Kwan, the co-creators of SCOTUS Map. What is this? SCOTUS Watch tracks the public statements made by United States senators about how they plan to vote on the Supreme Court nominee, Brett Kavanaugh, and tallies them into a likely vote count. This tally is based solely on their statements: we do not make estimates or guesses based on a senator’s party affiliation or ideology. Note that this only includes statements made by senators after the identity of the nominee was announced. (So, for example, Senator Doug Jones’ statement to CNN on Sunday, July 8th would not count, as Brett Kavanaugh had not yet been announced.)”

3D printers are cheap. Just saying…
DIY Guns: A Landmark Ruling Opens the Door for Homemade Firearms
Cody Wilson makes digital files that let anyone 3-D print untraceable guns. The government tried to stop him. He sued—and won.
Five years ago, 25-year-old radical libertarian Cody Wilson stood on a remote central Texas gun range and pulled the trigger on the world’s first fully 3-D-printed gun. When, to his relief, his plastic invention fired a .380-caliber bullet into a berm of dirt without jamming or exploding in his hands, he drove back to Austin and uploaded the blueprints for the pistol to his website,
He'd launched the site months earlier along with an anarchist video manifesto, declaring that gun control would never be the same in an era when anyone can download and print their own firearm with a few clicks. In the days after that first test-firing, his gun was downloaded more than 100,000 times.
… Less than a week later, Wilson received a letter from the US State Department demanding that he take down his printable-gun blueprints or face prosecution for violating federal export controls. Under an obscure set of US regulations known as the International Trade in Arms Regulations (ITAR), Wilson was accused of exporting weapons without a license, just as if he'd shipped his plastic gun to Mexico rather than put a digital version of it on the internet.
… Two months ago, the Department of Justice quietly offered Wilson a settlement to end a lawsuit he and a group of co-plaintiffs have pursued since 2015 against the United States government. Wilson and his team of lawyers focused their legal argument on a free speech claim: They pointed out that by forbidding Wilson from posting his 3-D-printable data, the State Department was not only violating his right to bear arms but his right to freely share information. By blurring the line between a gun and a digital file, Wilson had also successfully blurred the lines between the Second Amendment and the First.

Howard Yu, Lego Professor of Management and Innovation at IMD Business School in Switzerland, discusses how the industrial cluster in the Swiss city of Basel is a unique example of enduring competitive advantage. He explains how early dye makers were able to continually jump to new capabilities and thrive for generations. He says the story of those companies offers a counter-narrative to the pessimistic view that unless your company is Google or Apple, you can’t stay ahead of the competition for long. Yu is the author of LEAP: How to Thrive in a World Where Everything Can Be Copied.

China Internet Report 2018
“China has twice as many internet users as the total population of the United States — and it’s growing fast. This unique collaboration between Abacus, 500 Startups, the South China Morning Post, will break down everything you need to know about China’s thriving tech industry, the big players in each field, and lay out the four overarching trends that have emerged.”
[From the top ten report:
1) China has nearly 3 times the number of internet users as the United States, and the gap will only widen.
4) Government policy continue to actively shape China’s tech industry.
10) China is now the world’s biggest gaming market.

Perspective. Not India?
China is owning the future of cars. German automakers want in
Top German carmakers including BMW and Volkswagen have inked a series of deals this week to continue developing electric and self-driving cars in China.
The flurry of commitments coincides with a trip to Berlin by Chinese Prime Minister Li Keqiang, but it also reflects a growing recognition that China holds the key to the auto industry's future.
Factories in China produced about 25 million passenger cars last year, according to the International Organization of Motor Vehicle Manufacturers. China is already the top market for many global car brands, and its drivers purchase more electric vehicles than any other country.
… "The fact that the [electric vehicle program] is mandatory creates a virtually certain market for plug-in vehicles in China. Elsewhere the consumer has been left to decide and so progress has been, and will be, slower," said Al Bedwell, a director at LMC Automotive.

Looks like a useful tool.
Kami - Annotate and Collaborate on PDFs
Kami is a neat service that makes it easy to annotate and comment on PDFs. The folks at Kami describe their service as a digital pen and paper. That is an accurate description of what the core of the service provides. The core function of Kami provides you with a place to draw, highlight, and type on a PDF. You can share your PDFs in Kami and write notes in the margins for others to see and they can do the same.
Create a free account to start using Kami. Once you have created your account you can import PDFs into Kami from your Google Drive or you can import them from your desktop. Kami can be integrated with Google Classroom to make it easy to share annotated PDFs with your students and for them to share with you.
Kami's core service for drawing, commenting, and annotating PDFs is free for all users. Kami does offer the option to upgrade to a premium account. The premium version includes options for adding voice comments and video comments to your PDFs. The premium version also supports conversion and use of Word documents.

For my starving students.
7-Eleven convenience stores are handing out free Slurpees this Wednesday, July 11, from 11 to 7, for the chain’s annual 7-Eleven Day.

No comments: