Tuesday, July 10, 2018

What actually happened? The article raises some interesting questions.
Thieves hack Marathon gas station, steal $1,800 of gas
An hour past high noon, hackers allegedly used a “remote device” to control a prepaid gas pump at a Marathon gas station in Detroit, allowing 10 vehicles to steal $1,800 of gas over a 90-minute period.
How many gallons of gas can your vehicle hold? Surely not 60? Yet the Detroit gas “hack” reportedly included a “convoy” of 10 vehicles, pulling in and pumping one after another for an hour and a half, managing to steal 600 gallons of gas. That implies each vehicle stole 60 gallons. There is no mention of people in those vehicles also filling up gas cans, barrels or other storage, so the total of 10 vehicles filling up for free to make off with 600 gallons doesn’t seem quite right.
… The police aren’t quite sure what happened. It is also unclear if all the vehicles that filled up for free were in on it or if they just took advantage of the free gas. Detroit Police have the surveillance video and are still investigating.


(Related)
Hackers Have a New Favorite Target: Gas Stations
… What sounds like an isolated incident is actually happening more than you might think. One week ago, police just north of Austin, Texas arrested a man for using an “elaborate” device to steal at least $800 worth of gas from a station that was closed at the time. And in June, a BP employee in New Jersey was arrested for allegedly manipulating gas pump computers to steal over $300,000.




They (the researchers) keep giving away our (social media) secrets!
This does not surprise me at all. Chris Stokel-Walker reports:
Metadata is everywhere. Everything you tweet, every picture you take, and every status update you post on Facebook. It’s used by police and security forces to identify people who try to hide their identities and locations, while associated metadata in selfies can inadvertently ensnare criminals unaware that the data can destroy their alibi.
And metadata on Twitter can also be used in extremely precise identification each and every one of us – according to a new paper by researchers at University College London and the Alan Turing Institute. Your tweets, it turns out, no matter how anonymous you might think they are, can be traced back to you with unerring accuracy. All someone needs to do is look at the metadata.
The scientists used tweets and the associated metadata to identify any user in a group of 10,000 Twitter users with 96.7 per cent accuracy.
Read more on Wired (UK).




This could be amusing. “Psst! Want a good deal on dis laptop that fell off dat truck?”
Patrick Marshall writes:
You’re about to cross a downtown street and your smartphone beeps to tell you that a text message has arrived. As you pull out your phone to check the message as you walk, the phone receives an alert from your local police — you’re about to step into the path of a rapidly approaching SUV!
Such a scenario may become possible with a technology called PHADE that allows public surveillance cameras to send personalized messages to people without knowing the address of the phone.
Developed by researchers at Purdue University, PHADE digitally associates people in the camera’s view with their smartphones by using the subjects’ behavioral address, or the identifiers extracted from their movements in the video.
Read more on GCN.




A call to arms? Is our government willing to respond?
Information Operations are a Cybersecurity Problem: Toward a New Strategic Paradigm to Combat Disinformation
Disinformation, misinformation, and social media hoaxes have evolved from a nuisance into high-stakes information war. State actors with geopolitical motivations, ideological true believers, non-state violent extremists, and economically-motivated enterprises are able to manipulate narratives on social media with ease, and it’s happening each and every day. Traditional analysis of propaganda and disinformation has focused fairly narrowly on understanding the perpetrators and trying to fact-check the narratives (fight narratives with counter-narratives, fight speech with more speech). Today’s information operations, however, are materially different – they’re computational. They’re driven by algorithms and are conducted with unprecedented scale and efficiency. To push a narrative today, content is quickly assembled, posted to platforms with large standing audiences, targeted at those most likely to be receptive to it, and then the platform’s algorithms are manipulated to make the content go viral (or at least, to make it easily discoverable). These operations are exploiting weakness in our information ecosystem. To combat this evolving threat, we have to address those structural weaknesses… but as platform features change and determined adversaries find new tactics, it often feels like whack-a-mole. It’s time to change our way of thinking about propaganda and disinformation: it’s not a truth-in-narrative issue, it’s an adversarial attack in the information space. Info ops are a cybersecurity issue.




Perhaps it has no merit, but it is amusing. Here’s a discovery question: Did they detect this malware anywhere else?
Catalin Cimpanu reports:
Two insurance companies are suing a cyber-security firm to recover insurance fees paid to a customer after the security firm failed to detect malware on the client’s network for months, an issue that led to one of the biggest security breaches of the 2000s.
Read more on Bleeping Computer about how Lexington Insurance Company and Beazley Insurance Company are suing TrustWave over the massive 2009 Heartland Payment Systems breach. TrustWave says the suit is meritless.
[From the article:
The two insurance firms claim that Chicago-based Trustwave Holdings, Inc. —the security firm— had failed to detect that an attacker used an SQL injection attack to breach Heartland's systems on July 24, 2007.
Furthermore, the two say Trustwave also failed to detect that attackers installed malware on the payments processor's servers on May 14, 2008, and did not raise a sign of alarm about the event.
The lawsuit points out that Trustwave did not detect any signs of suspicious activity during its security audits it provided Heartland for almost two years as part of its contracts, which also included testing for PCI DSS compliance and attestation.




Can you redefine yourself contractually?
Several publishers are pushing back on demands by agency giant Publicis that are meant to get the agency in compliance with the General Data Protection Regulation. The concerns center around Publicis’ shifting liability for the new European privacy law to publishers.
The GDPR requires companies to justify collecting people’s data for the purpose of targeting them with ads and other business objectives. Confusion and controversy have followed as players in the ad supply chain dispute who’s responsible for what. In the Publicis case, publishers say the holding company is asking the publishers to collect users’ consent to be ad-targeted and to assume all liability for collecting that consent, per its new terms and conditions. The publishers’ concern is that agreeing to this demand would leave the publisher responsible if the agency retargets users who haven’t consented to be targeted.
“The ask before was, ‘Add us to your consent form.’ Now they just reworded it to say, ‘You’re responsible for getting consent, and we aren’t,” groused one publisher that’s been presented with the demands and who, like all publishing execs in this article, spoke on condition of anonymity since they were still in talks with the holding company.
… Under GDPR, publishers are classed as data controllers because they are regarded as the source of the first-party audience data, which other businesses will marry advertiser data to for the purpose of targeting ads. Advertisers are also classed as data controllers, given their own customer data is sourced from them and not third parties. Agencies and vendors are typically defined as data processors, because they work with data that’s sourced either from the publisher or the client. Agencies therefore process data on behalf of their clients, but publishers don’t believe they should share accountability for whatever is done with that data on the clients’ sites, when that is controlled by the agency.




How would this work? Divide them geographically? The Balkanization of a global user community?
Coalition to breakup Facebook gains momentum
Bloomberg: “The top U.S. communications union is joining a coalition calling for the Federal Trade Commission to break up Facebook Inc., as the social media company faces growing government scrutiny and public pressure. “We should all be deeply concerned by Facebook’s power over our lives and democracy,” said Brian Thorn, a researcher for the 700,000-member Communications Workers of America, the newest member of the Freedom From Facebook coalition. For the FTC not to end Facebook’s monopoly and impose stronger rules on privacy “would be unfair to the American people, our privacy, and our democracy,” Thorn said in an email. Facebook disclosed July 2 that it’s cooperating with probes by the U.S. Securities and Exchange Commission and the Federal Bureau of Investigation on how political consulting firm Cambridge Analytica obtained personal information from as many as 87 million of the site’s users without their consent. The FTC, the Department of Justice and some state regulators were already probing the matter, which prompted Facebook Chief Executive Officer Mark Zuckerberg to testify before Congress in April. Facebook also faces calls for regulation from many lawmakers and the public over the privacy issue, Russian efforts to manipulate the 2016 presidential election and the spread of false information on the platform. Facebook declined to comment on the union’s move. The CWA doesn’t represent Facebook employees, but it does represent more than 100,000 workers at AT&T Inc., which has clashed with Facebook on public policy before. And although Facebook’s workers don’t belong to unions, the contracted shuttle drivers and cafeteria workers are unionized…”




Perspective.
The Best Influencers Are Babies
Welcome to the lucrative world of spawn con.
… influencer marketing has exploded, And more recently, one area has proven to be particularly lucrative: sponsored content that involves kids, or spawn con, if you will.




What a surprise!
How Brett Kavanaugh Would Change The Supreme Court




Create your own Karaoke?


No comments: