Saturday, March 10, 2018

Nothing changes on this ‘front.’ Makes me wonder what might have cause North Korea to ask for a ‘time out’ on the nuclear front. Perhaps an accident in one of the research facilities that will take a year or more to recover from? Just saying…
New North Korea-linked Cyberattacks Target Financial Institutions
Hidden Cobra, also known as the Lazarus Group from North Korea, is now targeting the Turkish financial system with a new and 'aggressive' operation that resembles earlier attacks against the global SWIFT financial network.
McAfee's report on the campaign says that one government-controlled financial organization, a government organization involved in finance and trade, and three large financial organizations are victims of the attack -- which occurred on March 2 and 3.


(Related)
Sophisticated Cyberspies Target Middle East, Africa via Routers
A cyber espionage group whose members apparently speak English has been targeting entities in the Middle East and Africa by hacking into their routers.
Researchers at Kaspersky Lab have analyzed this threat actor’s operations and determined that it has likely been active since at least 2012, its most recent attacks being observed in February.
Roughly 100 Slingshot victims have been identified, a majority located in Kenya and Yemen, but targets have also been spotted in Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania. While the campaign seems to focus on individuals, the security firm has also observed attacks aimed at government organizations and, strangely, some internet cafés.




Research will enable us to perfect fake news! (Or has someone already done that research?)
Why It’s Okay to Call It ‘Fake News’
This week, more than a dozen high-profile social scientists and legal scholars charged their profession to help fix democracy by studying the crisis of fake news.
Their call to action, published in Science, was notable for listing all that researchers still do not know about the phenomenon. How common is fake news, how does it work, and what can online platforms do to defang it? “There are surprisingly few scientific answers to these basic questions,” the authors write.




Why didn’t I think of this? I think the answer is obvious.
Bird is raising $100 million to become the Uber of electric scooters
“It feels like investing in Uber when it first launched.”
That’s what one investor said of the hot new Santa Monica, Calif.-based startup, Bird — an electric scooter company that’s now in the process of raising as much as $100 million on a $300 million valuation, according to several people with knowledge of the company’s plans.
… Like Uber, Bird has also rolled out its services with little regard for the regulations imposed by the neighborhoods in which it operates. When TechCrunch first reported on the company’s $15 million raise less than a month ago, we noted that the company had surreptitiously put 1,000 of its electric scooters on the streets — to the delight of the 50,000 people who have taken 250,000 rides on them, and disregarding many laws put in place by the city of Santa Monica.
As a Washington Post article notes, the Santa Monica Police Department has made 281 traffic stops and issued 97 tickets since the beginning of the year and late February — and the coastal, Los Angeles-adjacent city’s fire department has responded to 8 accidents involving Bird’s scooters — seeing injuries to both minors and adults.
Under California law, riders of motorized scooters must be at least 16 years old, licensed drivers, wearing a helmet and not riding the scooters on sidewalks — all things that Bird has no control over.
… Then there’s the nuisance factor for businesses — Bird picks up its scooters by 8PM to get them off the streets and only offers them in front of storefronts that have agreed to host the scooters. And as for injuries — Bird will pay out if its scooter breaks, but not if a rider is putting the scooter through its paces for a bid at a new extreme sport.




What barriers?
What Breaking the 4-Minute Mile Taught Us About the Limits of Conventional Thinking
The sad news of the passing of Roger Bannister, the first human being to run a four-minute mile, got me thinking about his legacy—not just as one of the great athletes of the past century, but as an innovator, a change agent, and an icon of success
… Bannister was an outlier and iconoclast—a full-time student who had little use for coaches and devised his own system for preparing to race. The British press “constantly ran stories criticizing his ‘lone wolf’ approach,” Bryant notes, and urged him to adopt a more conventional regimen of training and coaching.
So the four-minute barrier stood for decades—and when it fell, the circumstances defied the confident predictions of the best minds in the sport. The experts believed they knew the precise conditions under which the mark would fall. It would have to be in perfect weather—68 degrees and no wind. On a particular kind of track—hard, dry clay—and in front of a huge, boisterous crowd urging the runner on to his best-ever performance. But Bannister did it on a cold day, on a wet track, at a small meet in Oxford, England, before a crowd of just a few thousand people.




Helping my students get jobs.




Why children learn to read?
Harry Potter: A History of Magic


Friday, March 09, 2018

Why you can’t just nuke the ‘obvious guilty party.’
Sophisticated False Flags Planted in Olympic Destroyer Malware
The Olympic Winter Games in Pyeongchang, South Korea, was hit by a cyberattack that caused temporary disruption to IT systems, including the official Olympics website, display monitors, and Wi-Fi connections. The attack involved Olympic Destroyer, a piece of malware designed to wipe files and make systems inoperable, and steal passwords from browsers and Windows. Compromised credentials are used to spread to other machines on the network.
Kaspersky has also spotted infections at several ski resorts in South Korea. The malware, which leverages a leaked NSA exploit known as EternalRomance to spread via the SMB protocol, temporarily disrupted ski gates and lifts at the affected resorts.
Several cybersecurity firms launched investigations into the Olympic Destroyer attack shortly after the news broke, and while they mostly agreed on the malware’s functionality, they could not agree on who was behind the operation. Some pointed the finger at North Korea, while others blamed China or Russia, leading some industry professionals to warn against this type of knee-jerk attribution.
Kaspersky researchers also analyzed the Olympic Destroyer worm in an effort to determine who was behind the attack. While they have’t been able to identify the culprit, experts have found some interesting clues.
The security firm has found a unique “fingerprint” associated with the notorious Lazarus Group, which has been linked to North Korea and blamed for high profile attacks such as the one on Sony, the WannaCry campaign, and various operations targeting financial organizations.
This fingerprint was a 100% match to known Lazarus malware components and it did not appear in any other files from Kaspersky’s database. While this piece of evidence and the type of attack suggested that Olympic Destroyer could be the work of North Korea, other data gathered by researchers as a result of an on-site investigation at a South Korean target revealed inconsistencies.
Experts determined that the unique fingerprint was likely a sophisticated false flag planted by the attackers to throw investigators off track.
One possible scenario is that the Russian hackers attempted to frame Lazarus for the attack after the North Korean group tried to pin one of its campaigns on Russian actors. It’s also possible that the false flag used in the Olympics attack is part of the hackers’ efforts to improve their deception techniques.




Less than I would have expected in the most populous nation on earth.
For comparison purposes:
“As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), a total number of 49,455, 50,362 and 53,081 cyber security incidents were observed during the year 2015, 2016 and 2017, respectively,” IT Minister Ravi Shankar Prasad said in a written reply to Rajya Sabha today.
Read more on India.com.




This is depressing, but maybe the National Enquirer is on to something.
Paper – The spread of true and false news online
The spread of true and false news online. Soroush Vosoughi, Deb Roy, Sinan Aral. Science 09 Mar 2018: Vol. 359, Issue 6380, pp. 1146-1151 DOI: 10.1126/science.aap9559
“Lies spread faster than the truth – “There is worldwide concern over false news and the possibility that it can influence political, economic, and social well-being. To understand how false news spreads, Vosoughi et al. used a data set of rumor cascades on Twitter from 2006 to 2017. About 126,000 rumors were spread by ∼3 million people. False news reached more people than the truth; the top 1% of false news cascades diffused to between 1000 and 100,000 people, whereas the truth rarely diffused to more than 1000 people. Falsehood also diffused faster than the truth. The degree of novelty and the emotional reactions of recipients may be responsible for the differences observed. Science, this issue p. 1146.”
“Abstract – We investigated the differential diffusion of all of the verified true and false news stories distributed on Twitter from 2006 to 2017. The data comprise ~126,000 stories tweeted by ~3 million people more than 4.5 million times. We classified news as true or false using information from six independent fact-checking organizations that exhibited 95 to 98% agreement on the classifications. Falsehood diffused significantly farther, faster, deeper, and more broadly than the truth in all categories of information, and the effects were more pronounced for false political news than for false news about terrorism, natural disasters, science, urban legends, or financial information. We found that false news was more novel than true news, which suggests that people were more likely to share novel information. Whereas false stories inspired fear, disgust, and surprise in replies, true stories inspired anticipation, sadness, joy, and trust. Contrary to conventional wisdom, robots accelerated the spread of true and false news at the same rate, implying that false news spreads more than the truth because humans, not robots, are more likely to spread it.”


(Related?)
Taming the Data for Better BI
“In 2015, the University of Washington began work on its own repository called the Knowledge Navigator, which is designed to give context to the enterprise data warehouse and allow business users to see relationships between concepts, terms, tables, columns and reports. “Someone who is exploring a business question such as how many women graduated with STEM degrees last year can find agreed-upon definitions of terms like STEM and then navigate to the database,” explained Matt Portwood, a UW metadata analyst. Most such repositories are designed for metadata management by data architects, noted Pieter Visser, a UW solutions architect. “They are not created for the end-user at all,” he said. In contrast, Knowledge Navigator was intended to be a tool for everybody. Visser described it as being like Google for your metadata: “We try to make it as easy as possible to find how everything is related to everything else. You can start with your business terms and go all the way to the Tableau visualization or web service, and we give you the context right away.” In their metadata repository work, both UW and Notre Dame use graph database technology from Neo4j to represent entities and their relationships. Visser explained that within the metadata world, everything is related to everything else. “A resource in a web service or a label on a report can relate to a business term or a concept,” he said. “In a graph database you can easily connect any node to another node. Trying to do it in a relational database is almost impossible.”




Where you might run into a self-driving vehicle.
Same driver, different vehicle: Bringing Waymo self-driving technology to trucks
last fall we put the world’s first fleet of fully self-driving cars on public roads in the Phoenix area.
Now we’re turning our attention to things as well. Starting next week, Waymo will launch a pilot in Atlanta where our self-driving trucks will carry cargo bound for Google’s data centers.


Thursday, March 08, 2018

It seems more important to sell new technologies than to secure them.
Tristan Greene reports:
A pair of independent researchers yesterday uncovered a particularly worrisome security vulnerability in Microsoft’s Windows 10. If your PC’s OS was installed with default settings this could affect you.
The simple “hack” involves activating Cortana via voice command to open websites on a PC that’s been locked.
Read more on TNW.




Democratizing crime? At least making it easier to get untraceable payments.
Cryptocurrencies and the Revolution in Cybercrime Economics
Over the past year, Bitcoin and other Cryptocurrencies have increasingly gained publicity and media attention. The focus of the reporting has been primarily on cryptocurrencies as a financially speculative medium, with the value of Bitcoin rising over 2000% in 2017 alone. Although there has been some reporting on the importance of cryptocurrencies as the payment medium of choice on the Darknet, less attention has been given to the fact that they have revolutionized the economics of cybercrime, with a noticeable impact on threat actors’ Tactics, Techniques and Procedures (TTP’s).
Cryptocurrencies possess some characteristics that solve the complexity and risk challenges for monetizing hacking:
1. They are anonymous
2. They are unregulated
3. They represent a direct store of purchasing value, even if they need to be converted from one cryptocurrency into another
4. They can be stolen themselves, or resources can be stolen to mine them

It is these characteristics that make Cryptocurrencies so attractive and especially useful to cybercriminals.
The problem that cybercriminals have always had, was how to turn data into currency. Now data is currency.




For my Ethical Hacking students: Always learn from the pros. If a less sophisticated hacker is stumbling around in the machine, they may attract attention you want to avoid. Do you exit or lock them out?
When the mysterious entity known as the “Shadow Brokers” released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material homed in on the most potent tools, so-called zero-day exploits that could be used to install malware and take over machines. But a group of Hungarian security researchers spotted something else in the data, a collection of scripts and scanning tools that the National Security Agency uses to detect other nation-state hackers on the machines it infects.




My students immediately saw how this could be monetized, but also recognized the problems failing to disclose could cause.
Earlier this week, Mitch Lowe, CEO of the popular all-you-can-eat movie subscription service MoviePass, made headlines for bragging about how the app can track the location of its users. Shortly after that comment, MoviePass issued a statement clarifying its actions, and now the iOS app has been updated to remove the features…




“The ghost in the machine?” A rogue AI has taken over your machine and finds your doom laughable?
Alexa Spooks Users As Deranged Amazon Echos Randomly Break Out In Creepy Laughter
After being temporarily knocked offline last week due to an Amazon Web Services (AWS) outage, Amazon is dealing with another Alexa incident. While losing access to Alexa Voice Services for a few hours is annoying, what is currently happening to Amazon Echo users (and other devices that take advantage of Alexa) was downright puzzling and to some people, a little freaky.
Amazon Echo devices have reportedly been laughing for absolutely no particular reason at all, which as you can imagine is unsettling to unsuspecting ears. This isn't a fluke that was relegated to just one person. Multiple people have confirmed that their Echos have "gone rogue" with fits of laughter as if they somehow had their funny bone tickled.




If this keeps happening, people might stop blindly trusting the government.
IG Audit finds continues flaws in OPM security of federal employee data
NextGov: “The Office of Personnel Management inspector general again found flaws in the agency’s contracting for the credit monitoring and ID theft services it provides to the more than 21.5 million current, former and prospective federal employees affected by the 2015 data breaches. OPM has gone through two different contracts for post-breach protections. The IG found “significant deficiencies” in the contracting process of the first one, a $20 million contract to Winvale Group and subcontractor CSID. When that contract expired, OPM opted for a contract with ID Experts to provide services for three years with a potential value of $330 million. In a report released Tuesday, auditors found the agency’s Office of Procurement Operations bypassed some of the Federal Acquisition Regulation and the agencies’ purchasing rules for the ID Experts contract. The IG found 15 areas of noncompliance, such as designating the contracting officer representative after the award, failing to check the System for Award Management and data-entry errors. Auditors also found incomplete or unapproved contractual documents, including the acquisition plan, market research plan and technical evaluation plan. “Without a complete and accurate history of the actions taken to award the contract, it is impossible to know whether following all of the FAR requirements would have resulted in an award of the credit monitoring and identity theft services contract to someone other than ID Experts,” the report states…”


(Related) I bet some of their systems are older than the Department itself.
Homeland Security's own IT security is a hot mess, watchdog finds
An inspector general audit found dozens of systems across the agency's networks were running old and outdated software, and in some cases, computers hadn't received security patches for five years.
… A newly released report by the department's Office of Inspector General found many of the agency's systems, including both unclassified and national security systems containing the highest "top secret" information, were running outdated, unsupported operating systems that in some cases hadn't been patched with security updates for years.




Perspective. Perhaps not all of the questions have been answered.
UK kicks off driverless car law review to get tech on the road by 2021
… Among the questions to be reviewed and — says the government — answered are:
  • who is the ‘driver’ or responsible person, as appropriate
  • how to allocate civil and criminal responsibility where there is some shared control in a human-machine interface
  • the role of automated vehicles within public transport networks and emerging platforms for on-demand passenger transport, car sharing and new business models providing mobility as a service
  • whether there is a need for new criminal offences to deal with novel types of conduct and interference
  • what is the impact on other road users and how they can be protected from risk




A tool for our AI class (if we had one)
Windows 10’s next major update will include Windows ML, a new AI platform
Microsoft is planning to include more artificial intelligence capabilities inside Windows 10 soon. The software giant is unveiling a new AI platform, Windows ML, for developers today, that will be available in the next major Windows 10 update available this spring. Microsoft’s new platform will enable all developers that create apps on Windows 10 to leverage existing pre-trained machine learning models in apps.
… Microsoft has already been using AI throughout Office 365, inside the Windows 10 Photos app, and even with its Windows Hello facial recognition to allow Windows 10 users to sign into PCs and laptops with their faces.




A little insider trading?
Peyton Manning sold 31 local Papa John’s stores 2 days before NFL cut ties with the chain




I went the other way (Japan)
History of the US Army Security Agency
Interesting history of the US Army Security Agency in the early years of Cold War Germany.


Wednesday, March 07, 2018

Early in the computer age, there were incidents where individuals crashed cars, shot, and fire-bombed mainframe computers. They were Luddites. What is going on here?
Self-driving cars are here. But shouting Californians are attacking them, DMV says
… So far in 2018, there have been only six reported traffic incidents involving self-driving vehicles in California, according to the state’s Department of Motor Vehicles. But of those six incidents, two involved angry, violent Californians going up to the futuristic cars on San Francisco streets and attacking.
The first incident started on Jan. 2 around 9:30 p.m., when a pedestrian saw a self-driving Chevrolet Bolt at 16th and Valencia Streets in the city’s Mission District. The vehicle was stopped at a green light as it waited for other pedestrians to cross the street.
But then the onlooker “ran across Valencia Street, against the ‘do not walk’ symbol, shouting, and struck the left side of the ... rear bumper and hatch with his entire body,” according to a California DMV incident report.
The vehicle was slightly damaged, but no one was injured, according to the incident report. Police weren’t called. The vehicle was being operated by GMC Cruise, the self-driving vehicle arm of the giant automaker.
About a month later, on Jan. 28, came the second attack. This time, just before 11 p.m., a taxi driver near Duboce Avenue and Guerrero Street got out of his car when he spotted an autonomous GMC Cruise. The taxi driver went up to the vehicle and “slapped the front passenger window, causing a scratch,” according to the incident report.
No one was injured. And from the sound of it, the self-driving car took the high road — choosing not to call police after the attack, according to the incident report.


(Related) How fast will this spread? Faster than my students seem to believe.
Uber’s self-driving trucks are now delivering freight in Arizona


(Related) I think my students will be shocked to see how many companies are investing in self-driving technology.
Self Driving Car Stock Directory added to Investor Ideas; Self-Driving Car Market expected to reach $20 billion by 2024




Probably not the last word on this breach.
Judy Greenwald reports:
An $80 million settlement has been proposed in a securities class litigation filed in connection with Yahoo Inc. data breaches in 2013 and 2014.
The proposed settlement in In re Yahoo Inc. securities litigation, filed in U.S. District Court in San Francisco on Friday, was publicized Monday.
In December 2016, Yahoo announced a 2013 breach affecting 1 billion accounts. And in March 2017, the United States charged two Russian intelligence agents and two hackers with masterminding a separate 2014 theft of 500 million Yahoo accounts.
Read more on Business Insurance.




For my Computer Security and Data Management students: How would you detect bogus reservations?
An OpenTable Employee Was Fired After Making Hundreds Of Fake Restaurant Reservations To Hurt A Rival Company
… The OpenTable employee used Reserve to make around 300 fake reservations at 45 restaurants that led to hundreds of no-shows for those restaurants over a three-month period, Reserve's CEO Greg Hong and COO Michael Wesner told BuzzFeed News on Monday.
The no-shows were equivalent to 1,200 to 1,300 diners.
… According to Eater Chicago, which first reported the story, the employee intended to use the no-shows in their sales pitches to show OpenTable was a better product than Reserve.
... Reserve said it began an investigation after the company noticed anomalies in their data and after getting feedback from restaurant partners about several no-shows, Hong said.
During the investigation, Reserve discovered that an OpenTable employee was using different email addresses from a few different locations to make hundreds of fake reservations through Reserve. Many of these were bookings for large parties, Hong said.
The number of fake reservations peaked on Valentine's Day, hurting restaurants with no-shows on one of the busiest days of the year.




Did the EU do something smart? Or are companies running scared?
GDPR prompts companies worldwide to plan for stronger security, study shows
… The Versasec study found Europe’s General Data Protection Regulation (GDPR) is beginning to seriously affect companies’ approach to cybersecurity, although many still rely on inadequate defenses.
More than half of respondents say the GDPR, which takes effect in May, weighs heavily on their current security strategy decisions. 60% plan to spend up to 24% of their technology budgets on security this year; while 18% will spend 49%; and almost 25% will spend more than half of their budget on cyber defenses. Last year, only 15% of respondents said they planned to invest this much in cyber resilience.




Sound increasingly like Facebook has not built in the Control Monitors that management is now finding that it needs. It may not even have the Controls!
Facebook's Political Nightmare Is Getting Worse Ahead Of The 2018 Midterms
If the 2016 election was proof-of-concept [Someone reads my blog! Bob] for platform-enabled election meddling, the 2018 midterms, just months away, are shaping up to be more of a large-scale clinical trial — and an absolute nightmare for Facebook.
… Despite Facebook's repeated reassurances, some on Capitol Hill fear the company — and country — may be sucker punched again come November. And a dysfunctional federal government waffling on plans to thwart future attacks on elections isn’t helping matters.




Is this good business?
New documents reveal FBI paid Geek Squad repair staff as informants
… Records posted Tuesday by the Electronic Frontier Foundation following a freedom of information lawsuit filed last year reveal that federal agents would pay Geek Squad managers who pass on information about illegal materials on devices sent in by customers for repairs.
The relationship goes back at least ten years, according to documents released as a result of the lawsuit.
… According to the EFF's analysis of the documents, FBI agents would "show up, review the images or video and determine whether they believe they are illegal content" and seize the device so an additional analysis could be carried out at a local FBI field office.
That's when, in some cases, agents would try to obtain a search warrant to justify the access.
… But that relationship and data handover could violate Americans' constitutional rights to protections from unwarranted searches and seizures, the privacy group charges.
Because the FBI uses Geek Squad as informants, the EFF says that any search should be seen as a warrantless search carried out by proxy, "and thus any evidence obtained as a result of the illegal searches should be thrown out of court."




Is Alphabet opting out of this market? No work for the military?
Eric Schmidt Keynote Address at the Center for a New American Security Artificial Intelligence and Global Security Summit


(Related) Maybe not openly…
Google has partnered with the United States Department of Defense to help the agency develop artificial intelligence for analyzing drone footage, a move that set off a firestorm among employees of the technology giant when they learned of Google’s involvement.
Google’s pilot project with the Defense Department’s Project Maven, an effort to identify objects in drone footage, has not been previously reported, but it was discussed widely within the company last week when information about the project was shared on an internal mailing list, according to sources who asked not to be named because they were not authorized to speak publicly about the project.




Perspective.
11% of Americans don’t use the internet. Who are they?
“For many Americans, going online is an important way to connect with friends and family, shop, get news and search for information. Yet today, 11% of U.S. adults do not use the internet, according to a new Pew Research Center analysis of survey data. The size of this group has changed little over the past three years, despite ongoing government and social service programs to encourage internet adoption in underserved areas. But that 11% figure is substantially lower than in 2000, when the Center first began to study the social impact of technology. That year, nearly half (48%) of American adults did not use the internet . A 2013 Pew Research Center survey found some key reasons that some people do not use the internet. A third of non-internet users (34%) did not go online because they had no interest in doing so or did not think the internet was relevant to their lives. Another 32% of non-users said the internet was too difficult to use, including 8% of this group who said they were “too old to learn.” Cost was also a barrier for some adults who were offline – 19% cited the expense of internet service or owning a computer. The Center’s latest analysis also shows that internet non-adoption is correlated to a number of demographic variables, including age, educational attainment, household income and community type…”




On the Internet, nobody knows you’re a dog.
Use Digital Platforms to Cultivate Diversity
When one thinks of a successful digital transformation, employee diversity doesn’t immediately come to mind as an essential component. Yet, to compete in an increasingly digital environment, a diverse employee base can not only help provide new ideas but can also help reveal key decision-making errors that may otherwise go unnoticed.
Diversity is particularly important for collaboration, a critical factor associated with digital business maturity. Our research shows that while only about 30% of employees from companies at an early stage of digital development say that their company is collaborative, more than 70% of employees from digitally mature companies do. Nevertheless, collaboration simply for the sake of collaboration is not necessarily valuable.




Ah, the power of social media!
Blogger held after luring 3,000 men to her hotel room with offer of free sex
A 19-YEAR-OLD blogger was arrested by police after she lured around 3,000 men to her hotel room with a promise of free sex. The woman, identified only as Ye, has been arrested by Hainan police in Sunya on suspicion of advertising about prostitution.


Tuesday, March 06, 2018

Not a happy trend for my Computer Security students. Could victims sue the organizations who installed Mamcached without security?
World record broken again! DDoS attack exceeds 1.7 terabits per second
Just days after it was revealed that a distributed denial-of-service (DDoS) attack on GitHub had been measured at a record-breaking peak of 1.35 terabits per second than another attack has raced past, claimed the record-breaking crown at a mind-blowing 1.7 Tbps.
… The attacks against GitHub, and the most recently announced world-record-breaking attack on an unnamed customer of a US-based service provider, are reflection/amplification attacks exploiting the many publicly accessible servers running memcached, an open-source distributed caching utility.
Memcached (pronounced “Mem-cache-dee”) is not supposed to be installed on servers that are exposed to the internet – because it simply doesn’t have security features to protect itself from malicious attackers in the first place.




Russia is expert at propaganda, why aren’t other states? And don’t tell me that ‘they can not tell a lie!’
Fighting fake news: Caught between a rock and a hard place
European Council on Foreign Relations: “Government regulation on fake news is unlikely to prevent malicious actors from meddling in our elections or polarising our societies. With many worried about a Russian information offensive in the West, European states are in the process of developing defence mechanisms. Unfortunately, several seem to be reacting with a legalistic approach that will likely do more harm than good. France, Germany, Italy and the UK are among those setting up measures to identify, block or remove ‘fake news’ from the internet. All these proposals suffer from the same problem: an inability to objectively and usefully define fake news without veering into political censorship. As many experts are warning, ‘fake news’ is becoming a weaponised, politicised term, applied to everything from genuine hoaxes to merely disputed opinions. To further confuse things, hate speech, propaganda, and even satire seem to be falling under this umbrella…”




Why? A question for my Data Management students.

MoviePass CEO proudly says the app tracks your location before and after movies

Everyone knew the MoviePass deal is too good to be true — and as is so often the case these days, it turns out you’re not the customer, you’re the product. And in this case they’re not even attempting to camouflage that. Mitch Lowe, the company’s CEO, told an audience at a Hollywood event that “we know all about you.”
Lowe was giving the keynote at the Entertainment Finance Forum; his talk was entitled “Data is the New Oil: How will MoviePass Monetize It?” Media Play News first reported his remarks.
“We get an enormous amount of information,” Lowe continued. “We watch how you drive from home to the movies. We watch where you go afterwards.”




For my Data Architecture class. Can you architect your customers?
Rise Science came to IDEO with a challenge. The young startup had built a robust data platform for college and professional athletes to track their sleep and adjust their behavior so that they played at peak performance. But for the players, the experience was challenging. Rise expected athletes to look at data-driven charts and graphs to determine what decisions to make next, but players struggled to find those insights. Rise was convinced they just needed easier-to-read charts and graphs.
As IDEO designers and Rise’s data scientists spent time with players and coaches, they discovered that Rise didn’t have a data visualization problem, they had a user experience problem.


(Related) As usual, Dilbert gets it!




Perspective. It’s hard to conquer the world. (Interesting video on Jeff Bezos)
After Losing China, Jeff Bezos Really Wants to Win in India
Having forfeited China to Alibaba and JD.com, Jeff Bezos is determined to win in India, a market of 1.3 billion people who at long last are discovering the pleasures of shopping.
Amazon.com Inc.’s chief has committed $5.5 billion to India and selected Amit Agarwal to spend it wisely.




“It’s where the juicy data are?”
ABA Journal – Cyberthreats 101: The biggest computer crime risks lawyers face
“Cyberattacks are on the rise, both in the number of incidents and the costs associated with the attacks. According to the ABA’s 2017 Legal Technology Survey Report, 22 percent of responding firms had been breached—an increase of 8 percentage points from the previous year’s survey. According to the ABA report, about 27 percent of firms with two to nine attorneys reported experiencing some sort of security breach, while 35 percent of firms with 10 to 49 lawyers and about one-quarter with 500 or more lawyers had suffered such an incident. In 2016, the FBI estimated that cybercrimes were on pace to be a $1 billion source of income to criminals for that year. Law firms of all sizes are attractive targets, given the type and the amount of data they collect. “Law firms are the crown jewels,” says John Reed Stark, a former chief of the Securities and Exchange Commission’s Office of Internet Enforcement. “They have valuable confidential information on things like mergers and acquisitions and intellectual property,” he says. In 2016, Cravath, Swaine & Moore and Weil Gotshal & Manges were hacked by foreign nationals who used the stolen data for insider trading schemes that netted them more than $4 million. Regardless of the size of the firm or the type of data they collect, cyber hackers use the same modus operandi for gaining access to firms…”




Toward an ‘automated lawyer?’
An AI just beat top lawyers at their own game
Mashable: “The nation’s top lawyers recently battled artificial intelligence in a competition to interpret contracts — and they lost. A new study, conducted by legal AI platform LawGeex in consultation with law professors from Stanford University, Duke University School of Law, and University of Southern California, pitted twenty experienced lawyers against an AI trained to evaluate legal contracts. Competitors were given four hours to review five non-disclosure agreements (NDAs) and identify 30 legal issues, including arbitration, confidentiality of relationship, and indemnification. They were scored by how accurately they identified each issue. Unfortunately for humanity, we lost the competition — badly. The human lawyers achieved, on average, an 85 percent accuracy rate, while the AI achieved 95 percent accuracy. The AI also completed the task in 26 seconds, while the human lawyers took 92 minutes on average. The AI also achieved 100 percent accuracy in one contract, on which the highest-scoring human lawyer scored only 97 percent. In short, the human lawyers were trounced. Intellectual property attorney Grant Gulovsen, one of the lawyers who competed against the AI in the study, said the task was very similar to what many lawyers do every day. “The majority of documents, whether it’s wills, operating agreements for corporations, or things like NDAs…they’re very similar,” Gulovsen told Mashable in a phone interview. So does this spell the end of humanity? Not at all. On the contrary, the use of AI can actually help lawyers expedite their work, and free them up to focus on tasks that still require a human brain. [Suggesting that contracts do not require a human brain? Bob] “Having the AI do a first review of an NDA, much like having a paralegal issue spot, would free up valuable time for lawyers to focus on client counseling and other higher-value work,” said Erika Buell, clinical professor at Duke University School of Law, who LawGeex consulted for the study….”




For the movie club.
Hulu sadly ditched its free plan back in 2016, but not all hope is lost for people wanting to watch Hulu without paying. Here’s something a lot of people don’t realize: there’s a legitimate way to watch Hulu Plus for free, month to month, and it doesn’t require much effort.


Monday, March 05, 2018

No Colorado locations. Looks like the RMH system, used at the cash register(?) was hacked but not another system used at tables and online.
David Bisson reports:
It’s confirmed that some locations of the Applebee’s restaurant chain suffered a point-of-sale (POS) breach involving customers’ payment card data.
On 2 March, RMH Franchise Holdings (RMH) issued a notice of data incident on its website.
The statement explains how RMH, a franchisee of Applebee’s which operates more than 150 restaurant locations, discovered that something was amiss on 13 February.
Read more on TripWire.
[From the article:
The breach didn’t affect customers who paid online or used tabletop self-pay terminals during that period, RMH revealed.
[From the RMH notice:
RMH operates its point-of-sale systems isolated from the broader Applebee’s network, and this notice applies only to RMH-owned Applebee’s restaurants.




An attack on Privacy?
Signal and Telegram are down for many users [Update: they’re coming back]
for the time being: it appears popular encrypted messenger Signal is currently down globally, according to numerous reports from users.
The company behind the private messaging platform, Open Whisper Systems, has yet to inform its users what is causing the server downtime. At the time of writing, the Twitter accounts of both Open Whisper Systems and Signal remain silent.




This could be a serious problem for Facebook.
Facebook Doesn't Know How Many People Followed Russians on Instagram
For more than a year, Jonathan Albright has served as something of a one-man General Accounting Office for the tech industry. The researcher at Columbia University's Tow Center for Digital Journalism has dug into the details on how political Twitter trolls manipulate the media, and unearthed an intricate web of conspiracy theory videos on YouTube.
Last weekend, while digging through Facebook’s testimony to the Senate Judiciary Committee from last fall, something else caught his eye. In written responses provided to the committee, Facebook’s general counsel Colin Stretch told senator Dianne Feinstein that 1.8 million people had followed at least one Facebook page associated with the Russian propaganda group Internet Research Agency—but the answer made no mention of how many followers these trolls gained on Instagram.
… Facebook told Congress last fall that it had deleted 170 Instagram accounts linked to the IRA. Albright found 27 of the accounts, confirming they were Agency accounts by cross-referencing against Congressional exhibits or media mentions. He downloaded data on those sites in October using a social media analytics site called SocialBlade and found they had nearly 2.2 million followers combined. If such a small fraction of the total Instagram accounts had 2.2 million followers, how many followers did the Russian trolls have on Instagram altogether?


(Related)
Facebook Lets Ads Bare a Man’s Chest. A Woman’s Back Is Another Matter.
Advertisers, especially smaller ones, complain of inconsistency and gender bias in the process that determines whether images are rejected for being sexually suggestive.




Again talks about insider trading risk… Also, “The board’s role in overseeing cybersecurity risk management should be disclosed.”
Laura E. Goldsmith of Proskauer writes:
On February 21, 2018, the Securities and Exchange Commission (SEC) issued an interpretive Commission Statement and Guidance on Public Company Cybersecurity Disclosures (the “Guidance”) to assist public companies in meeting their cybersecurity disclosure requirements under the federal securities laws. The Guidance notes that, as reliance on networked systems and the Internet have increased, so too have the risks and frequency of cybersecurity incidents, and companies have no choice but to incur the considerable costs of addressing information security risks, particularly in the wake of a cybersecurity incident. Examples of such costs include IT costs, employee training, remediation expenses, litigation, agency investigations and enforcement actions, reputational harm and damage to long-term shareholder value.
Read more on Proskauer Privacy Law Blog.


(Related)
Due Diligence on Cybersecurity Becomes Bigger Factor in M&A
Automatic Data Processing Inc. deployed a team of cybersecurity, risk management and financial-crime specialists to WorkMarket before acquiring it in January.
The ADP team combed the software maker’s technology, practices and internal policies. It also interviewed staff about monitoring for intrusions, training employees and performing other security tasks. The payroll processor also hired a cybersecurity firm to do its own evaluation.




Here we go again?
TSA Tests See-Through Scanners on Public in New York’s Penn Station
ACLU: “The TSA and Amtrak Police are trying out new see-through body scanners in New York City’s Penn Station that raise serious constitutional questions. And as is so often the case, the government is not being sufficiently transparent about the devices, how they will be used, on whom, and where they will eventually be deployed. We also don’t know who will have access to the information they collect or for how long. There is also reason to believe the technology may not work as well as the TSA says it does. This “passive millimeter wave” technology works by detecting the heat radiating from the human body and analyzing ways in which those emanations may be being blocked by objects hidden on a person’s body. The machines do not emit x-rays or other radiation. The theory is that the operator of the technology will be able to tell if large object such as a suicide vest device is present underneath a person’s clothing. The technology uses an algorithm to determine whether there is an anomaly. The two devices in use are the Stand Off Explosive Detection Technology created by QinetiQ, and Digital Barriers from Thruvis…”




Perspective. Perhaps an indication that we will not be able to counter Russia in the Midterms and possibly not in 2020.
Since December 2016, Congress has given the State Department $120 million to counter foreign attempts to hijack U.S. elections and sow distrust in American democracy, and Secretary of State Rex Tillerson has spent none of that money, The New York Times reports. "As a result, not one of the 23 analysts working in the department's Global Engagement Center — which has been tasked with countering Moscow's disinformation campaign — speaks Russian, and a department hiring freeze has hindered efforts to recruit the computer experts needed to track the Russian efforts."




Perspective.
Smartphone users are spending more money each time they visit a website
… The amount of money people spent per visit to online retailers has increased 27 percent since the beginning of 2015, according to new data from Adobe Analytics. Meanwhile, the length of smartphone website visits has actually declined 10 percent.
That means people are getting more comfortable spending on mobile — as long as the experience is quick and easy.




Could be a useful tool.
How to Add Voice Comments to PDFs and Word Documents
Kaizena, originally just a tool for voice commenting on Google Docs, can also be used to add voice comments to PDFs and Word documents. The process of using Kaizena for voice commenting on PDFs and Word documents isn't quite as streamlined as it is for Google Docs, but it's still fairly easy to do. Watch my video that is embedded below to learn how to add voice comments to PDFs and Word documents.




Worth listening to!
Quit Social Media – Do Deep Work
Last night I watched Dr. Cal Newport's TEDx Talk titled Quit Social Media. In this thought-provoking talk Dr. Newport presents the case for quitting social media. He presents the case from the standpoint that social media fragments our attention and prevents us from doing deep work. To help people come to grips with the idea of quitting social media Dr. Newport gives rebuttals to the three most common reasons for not quitting social media.


Sunday, March 04, 2018

Apparently, very little happens on weekends.




Would doctors be grateful if you passed this along? (Shouldn’t they already know about it?)
This free webinar, recorded in September, 2017, might be very helpful to small practices or solo practitioners who are feeling overwhelmed about how to start hardening their security to comply with HIPAA and to prevent attacks or breaches. From the AMA:
A staggering 83 percent of physicians recently told AMA researchers that their practices have experienced a cyberattack of some type. The 1,300 physicians surveyed also said not enough cybersecurity support is coming from the government that will hold them accountable for a patient information breach.
But concise, actionable advice is available to help medical practices uncertain how to proceed with a task fundamental to protecting patient confidentiality and meeting government requirements—a security risk analysis.
An hour-long AMA webinar provides insights into why the analysis has become an important practice requirement, along with tips for turning the often-dreaded review into a manageable exercise.
Read more on the AMA Wire.