This time they took your free donut. Next time it could be your bank account and they’ll take everything.

https://www.zdnet.com/article/dunkin-donuts-accounts-compromised-in-second-credential-stuffing-attack-in-three-months/

Dunkin' Donuts accounts compromised in second credential stuffing attack in three months

Dunkin' Donuts announced today that it was the victim of a credential stuffing attack during which hackers gained access to customer accounts.

This marks the second time in three months that the coffee shop chain notifies users of account breaches following credential stuffing attacks.

Credentials stuffing is a cyber-security term that describes a type of cyber-attack where hackers take combinations of usernames and passwords leaked at other sites and use them to gain (illegal) access on accounts on new sites.

Dunkin' Donuts reported a first credential stuffing attack at the end of November (the actual attack occurred on October 31). Today, the company reported a second credential stuffing attack (attack happened on January 10).

Just like in the first, hackers used user credentials leaked at other sites to gain entry to DD Perks rewards accounts, which provide repeat customers with a way to earn points and use them to get free beverages or discounts for other Dunkin' Donuts products.

… Once hackers break into accounts, they either exploit them by extracting personal information from accounts and reselling the personal data to financial fraud operators, or they sell access to the hacked accounts themselves.

This latter case is what's happening with Dunkin' Donuts accounts, as hackers put up the hacked accounts for sale, which are later bought by other persons that use the reward points found in these accounts at Dunkin' Donuts shops to receive unearned discounts and free beverages.

Compare to the 59,000 reported under the GDPR rules.

https://www.securityweek.com/6500-publicly-disclosed-data-breaches-2018-report

6,500 Publicly Disclosed Data Breaches in 2018: Report

Both the number of reported breaches and that of the compromised records have decreased compared to the previous year (from 6,728 and 7.94 billion, respectively), but incidents continue to be disclosed and the number of reported events might end up being higher than in 2017, although the impacted records should remain under 6 billion.

… According to Risk Based Security’s latest Data Breach QuickView Report (PDF), the Business sector was impacted the most last year, accounting for 66.2% of all the reported breaches and 65.8% of the exposed records.

Are we already fighting an undeclared Cyberwar? Should we go ahead and admit it? What is the definition of a “Just” Cyberwar?

https://www.securityweek.com/germany-let-nato-use-its-cyber-skills

Germany to Let NATO Use its Cyber Skills

Germany is to join the ranks of NATO countries making its cyber warfare skills available to the alliance to help fight hacking and electronic warfare, officials said on Thursday.

NATO has designated cyberspace as a conflict domain alongside land, sea and air and says electronic attacks by the likes of Russia and China – but also criminals and so-called "hacktivists" – are becoming more frequent and more destructive.

German officials used a meeting of defence ministers in Brussels on Thursday to tell allies that Berlin would make its cyber capabilities available, including offensive elements.

… The US, Britain, Denmark, the Netherlands and Estonia have all made their offensive cyber weapons available to the alliance -- and announced it publicly -- in the expectation that the threat of counterattack may deter would-be aggressors.

How should this work?

Facebook screens posts for suicide risk, and health experts have concerns

Jacqueline Howard reports:

A pair of public health experts has called for Facebook to be more transparent in the way it screens posts for suicide risk and to follow certain ethical guidelines, including informed consent among users.

The social media giant details its suicide prevention efforts online and says it has helped first responders conduct thousands of wellness checks globally, based on reports received through its efforts. The authors said Facebook’s trial to reduce death by suicide is “innovative” and that it deserves “commendation for its ambitious goal of using data science to advance public health.”

But the question remains: Should Facebook change the way it monitors users for suicide risk?

Read more on CNN.

GDPR for the rest of the world? Can California learn how to do it?

New Zealand Privacy Bill Would Add Authorization and Data Breach Notification Requirements

Naomi Seddon and Merille Raagas of Littler write:

As a proposed Privacy Bill works its way through the New Zealand Parliament, key changes aim to strengthen the protection of confidential and personal information. The Bill is intended to replace prior law on the topic, modernizing privacy regulations and partially adopting provisions included in the European General Data Protection Regulation (GDPR).¹

Among other amendments to the Bill, the Privacy Commissioner² will have increased enforcement powers, including the ability to issue compliance notices to organizations—including private employers—to take specific steps to comply with privacy law, and the ability to approve or deny requests for access to personal information.

One of the most significant changes that the Bill proposes to introduce is a mandatory requirement to notify both the New Zealand Privacy Commissioner and the affected individual of a privacy breach.

Read more on Littler.

An idea that would work in the US too?

https://www.cpomagazine.com/data-privacy/how-to-navigate-the-privacy-minefield-in-2019/

How to Navigate the Privacy Minefield in 2019

Dr. Maurice Coyle, Chief Data Scientist at Trūata, explains both the necessity and benefits of outsourcing anonymization to an independent third party in a post GDPR world.

What AI should do for the US?

https://www.insideprivacy.com/artificial-intelligence/defense-department-releases-artificial-intelligence-strategy/

Defense Department Releases Artificial Intelligence Strategy

On February 12, 2019 the Department of Defense released a summary and supplementary fact sheet of its artificial intelligence strategy (“AI Strategy”). The AI Strategy has been a couple of years in the making as the Trump administration has scrutinized the relative investments and advancements in artificial intelligence by the United States, its allies and partners, and potential strategic competitors such as China and Russia.

On the other hand, perhaps all the news is fake and this AI produces truth?

https://www.theguardian.com/technology/2019/feb/14/elon-musk-backed-ai-writes-convincing-news-fiction

New AI fake text generator may be too dangerous to release, say creators

The creators of a revolutionary AI system that can write news stories and works of fiction – dubbed “deepfakes for text” – have taken the unusual step of not releasing their research publicly, for fear of potential misuse.

OpenAI, an nonprofit research company backed by Elon Musk, Reid Hoffman, Sam Altman, and others, says its new AI model, called GPT2 is so good and the risk of malicious use so high that it is breaking from its normal practice of releasing the full research to the public in order to allow more time to discuss the ramifications of the technological breakthrough.

… From a research standpoint, GPT2 is groundbreaking in two ways. One is its size, says Dario Amodei, OpenAI’s research director. The models “were 12 times bigger, and the dataset was 15 times bigger and much broader” than the previous state-of-the-art AI model. It was trained on a dataset containing about 10m articles, selected by trawling the social news site Reddit for links with more than three votes. The vast collection of text weighed in at 40 GB, enough to store about 35,000 copies of Moby Dick.

Perspective. A harsh way to look at it? A response the National Enquirer would recognize.

https://www.washingtonexaminer.com/opinion/amazon-calls-the-socialists-bluff

Amazon calls the socialists' bluff

Following months of complaints from the progressive politicos who control local politics in New York City, Amazon CEO Jeff Bezos abruptly canceled plans to open the online retailer's new corporate headquarters branch in Queens.

… Ocasio-Cortez, on the other hand, was arguing against the economic development of a region of Queens that abuts her congressional district. Along with fellow naysayers such as state Sen. Mike Gianaris, D-Queens, she attacked Amazon for bringing in too many jobs, potentially creating higher standards of living in the area and perhaps also inflating housing costs.

… Naturally, Ocasio-Cortez and friends have taken a celebratory lap on Twitter and with the press to gloat. But they are mostly revealing the financial fallacies behind their thinking. Ocasio-Cortez, for example, told the press that if New York was willing to "give away $3 billion for this deal," then those investments could be used to hire teachers or fix the subway.

Except that isn't how refundable tax credits work. The loss of Amazon only saves New York about $325 million in cash grants that had been destined for Amazon. The rest of the incentive package comprised of tax savings that Amazon will not realize, money it would not have had to pay, had it set up shop and paid roughly $10 billion in taxes over the next two decades.

Perspective. Open a virtual bank account, get a real toaster?

https://techcrunch.com/2019/02/14/amazon-moments-lets-developers-reward-customers-with-actual-gifts-not-just-virtual-ones/

Amazon Moments lets developers reward customers with actual gifts, not just virtual ones

Amazon Moments — as it is called — will let developers create actions — “moments” — that it wants users to perform — such as watching several episodes of a series if its a streaming service; or taking out a subscription if its a news site — and giving users actual physical gifts in exchange for doing so.

The service is going live in 100 countries today, Amazon said. Items that are eligible to be gifted as part of the Moments scheme will come in a catalogue — Amazon said that there are “millions” of products in it already, both from Amazon and select third-party vendors — and will sit alongside other kinds of products that incentivize users to be more engaged in apps, games and other digital services such as virtual currencies and gift cards.

Noble, but threatening? How is a scan “unlawful?”

https://www.bespacific.com/internet-archives-ebook-loans-face-uk-copyright-challenge/

Internet Archive’s ebook loans face UK copyright challenge

The Guardian UK – “The Society of Authors (SoA) is threatening legal action against the Internet Archive unless it stops what the writers’ body claimed is the unauthorised lending of books unlawfully scanned for its Open Library. Set up in San Francisco 1996 to preserve pages published on the internet, the Internet Archive also collects digital books, offering borrowers access to hundreds of thousands of titles through its Open Library arm. Some are out of copyright, but the collection includes books from authors including AS Byatt, Kate Atkinson, Hilary Mantel, William Boyd, Philip Pullman and Iain Banks that are still in copyright and currently available to be borrowed in the UK. According to its website, the organisation began digitising books in 2005, because “not everyone has access to a public or academic library with a good collection, so to provide universal access we need to provide digital versions of books”. Today the archive scans 1,000 books a day in 28 locations around the world, through its book scanning and book drive programmes – with the “ultimate goal of [making] all the published works of humankind available to everyone in the world”. Users can borrow up to five books at a time, with each loan expiring after two weeks.

The SoA, which represents more than 10,000 writers in the UK, called on the Internet Archive to “cease making available to UK users the unauthorised lending of scanned books” via Open Library. In an open letter, the SoA said that in the UK, all scanning and lending must be authorised by the copyright owner. Despite this, users in the UK are currently able to borrow scanned copies of physical books from Open Library. “That is a direct and actionable infringement of copyright,” said the SoA. “Authors are not sked for permission before their work appears on Open Library, and they do not receive ny royalties … We are calling on you to cease this practice, which … is unquestionably nlawful in the UK.”

Practice writing for the 21^st Century! (I’ll have to start one for Undergraduate and Graduate students.)

https://www.freetech4teachers.com/2019/02/the-next-student-blogging-challenge.html

The Next Student Blogging Challenge Starts Soon

Blogging can be a great way to get students interested in writing and publishing their work for an audience. The challenges of classroom blogging have always been coming up with things for kids to write about and building an audience for your students' work. The Edublogs Student Blogging Challenge addresses both of those challenges. The next Edublogs Student Blogging Challenge begins on March 3rd.

The Edublogs Student Blogging Challenge provides weekly blogging suggestions suitable for K-12 students. Every week students complete the challenge then you can submit the URL of your students' posts to be included in a larger Student Blogging Challenge form that other participating classes can see. By submitting the URLs of your students' work, you're providing them with an opportunity to get feedback from other students and teachers who are participating the challenge.

The Edublogs Student Blogging Challenge is open to all K-12 classrooms. You do not have to use Edublogs in order to participate in the challenge. Click here to read the complete details of the challenge including how to register.

(Related)

https://www.freetech4teachers.com/2019/02/a-guide-to-blogging-terminology.html

A Guide to Blogging Terminology