Saturday, January 12, 2019

I should poll my students.
Most People Expect a Serious Cyberattack Against Their Country
People across the world are expecting major cyber-attacks against their own country. A Pew Research survey of more than 27,000 respondents across 26 countries shows that the majority of people expect that sensitive national security information will be accessed (74%), the public infrastructure will be damaged (69%), and elections will be targeted (61%).
In all these areas, American concerns are higher than average. Eighty-three percent are worried about attacks on the infrastructure, 82% fear that national security information will be accessed, and 78% expect election tampering. The breakdown within each area follows political party associations. For example, Democrats (87%) in the U.S. are more concerned about election tampering than Republicans (66%).

I think the “Tell us now and then tell us when the number changes” bit could be interesting.
David M. Brown of Baker Hostetler writes:
On Jan. 10, 2019, Massachusetts Gov. Charlie Baker signed legislation that will significantly amend the state’s data breach notification law. The amendments become effective on April 11, 2019.
One of the significant changes includes a new requirement to provide an offer of complimentary credit monitoring for “a period of not less than 18 months” when the data security incident involves a Massachusetts resident’s Social Security number. With this new obligation, Massachusetts joins Connecticut and Delaware as states that require an offer of complimentary credit monitoring when the incident involves a resident’s Social Security number. There was no update to the timing of any required individual notice obligations, which remains “as soon as practicable and without unreasonable delay”; but the new amendments require a rolling notification to individuals under certain circumstances: “A notice provided pursuant to this section shall not be delayed on grounds that the total number of residents affected is not yet ascertained. In such case, and where otherwise necessary to update or correct the information required, a person or agency shall provide additional notice as soon as practicable and without unreasonable delay upon learning such additional information.” Additionally, the notice to individuals must now identify the name of the parent or affiliated corporation if the organization that experienced a breach of security is owned by another person or corporation.
Read more on Data Privacy Monitor.

Is it private if I make it public? Is that how I should read this?
hn Wesley Hall notes a court opinion on that some readers may wish to note — particularly if they are confessing to criminal conduct in their “private” communications:
There is no Fourth Amendment issue in a police officer posing as a false friend on social media accounts to see defendant’s private pages he shares with others. Here, defendant was seen wearing a gold chain taken from his robbery victim, and it was admissible in evidence. People v. Pride, 2019 Cal. App. LEXIS 34 (4th Dist. Jan. 11, 2019).

Not sure all that ducking and weaving is good in the long term, but if their goal is to avoid negative headlines it seems to be working.
The “original gangster of big tech” has managed to dodge the bad headlines and congressional grilling that have ensnared its rivals by working with regulators and advocating its own solutions.

I don’t understand why people believe that the government is capable of keeping something like this a secret. They can’t even keep real secrets secret.
Alex Jones, Infowars Must Hand Over Documents to Sandy Hook Families Suing Conspiracy-Minded Host
Alex Jones and Infowars must provide a wide array of documents to plaintiffs in a Connecticut defamation lawsuit. The suit was brought by six families of victims of the 2012 Sandy Hook Elementary School shooting and an FBI agent swept up in conspiracy theories that the shooting was staged.
Judge Barbara Bellis responded Jan. 10 to objections by Jones and several affiliated companies about the types of documents they needed to turn over during the discovery phase of the trial.
… The lawsuit arises from Jones’s extensive popularizing of a theory that the Sandy Hook shooting was staged by the federal government, and that no adults nor children were injured or killed. Rather, he put forward, so-called “crisis actors” portrayed the various parents and relatives of murdered students and educators in the media or appeared in video and photos as victims.
Conspiracy theorists have harassed victims’ families, first responders, and some entirely unconnected individuals starting within minutes of the reports coming out about the shooting. Many affected parents, relatives, and others have had to move, often repeatedly, to avoid letters, phone calls, and sometimes in-person confrontations.
… Jones has been banned from nearly every social-media network, payment system, and media-distribution platform.

Infowars Makes a Stealth Return to YouTube
… the site’s conspiracy videos are still making their way online. Some of the videos are uploaded by Infowars fans. Others videos come from spam accounts, apparently trying to leech views off Infowars fans. And a large subset come from smaller Infowars-owned accounts that were unaffected by the ban.

The Arthur C Clarke quote goes, "Any sufficiently advanced technology is indistinguishable from magic." I guess that goes for antiquated tech too.
Hilarious video: Teens struggle to figure out how to use rotary phone
Kevin Bumstead, of Chicago, decided to challenge younger family members on Christmas after seeing a similar YouTube video.
The hilarious video of his son Jake and nephew Kyle has now been viewed on Facebook more than 16 million times as of Friday.
“My money was on them not figuring it out,” Kevin Bumstead said.
In the video, they can been seen struggling to figure out how dialing the phone works. Neither teen had ever seen or used a rotary phone before.

Friday, January 11, 2019

Good to know Sorry to see that the Chinese can make the same mistakes we can. Or was this the result of a test of the App used to scrape LinkedIn?
CVs containing sensitive info of over 202 million Chinese users left exposed online
A security researcher has stumbled over an unsecured MongoDB database server that contained highly detailed CVs for over 202 million Chinese users.
… The MongoDB instance contained 854GB of data, with 202,730,434 records in total, most of which were CVs for Chinese users.
… Tracking down its owner has been near impossible.
One of the researcher's followers came to the rescue last year, when he pointed Diachenko to a now-deleted GitHub repository that contained the source code of a web app.
The app, most likely created to scrape CVs from legitimate job-finding portals, contained identical data structures to the ones found in the leaky database, a clear sign it was the one that scraped and collected the CVs.
… This is not the first time that Diachenko finds a leaky server containing data from resume site scrappers. Last month, he also found a similar server exposing over 66 million records that appeared to have been scraped from LinkedIn, and later leaked via another MongoDB database.

How do Actuaries calculate the risk?
NotPetya victim sues its insurance company
Zurich Insurance has cited a "nation-state action" exclusion
A US food distributor that was hit by the NotPetya cyber attack is taking legal action against its insurance company for refusing to pay out on a $100m claim for damages caused by the hack.
Mondelez, which owns popular brands Oreo and Cadbury, was hit by NotPetya twice in 2017, suffering significant damage to its IT infrastructure including hardware.
According to court papers filed in Illinois, seen by the Financial Times, 1,700 of Mondelez servers and 24,000 of its laptops were rendered "permanently dysfunctional".
… Both the US and UK governments have attributed NotPetya to Russian hackers attacking the Ukrainian government – claims that have been denied by the Kremlin.
… Igor Baikalov, chief scientist at Securonix, believes that there's another reason to not pay out.
"Instead of a war exclusion clause, Zurich should have invoked a gross negligence clause, which is much easier to prove in this case than attribution to a nation-state, particularly considering Mondelez was hit twice by the same ransomware," he said.

I may never leave the US again because I couldn’t get back in! When they demand I hand over the password to my phone, will they believe I don’t own one? I don’t use social media either… I have such a low e-profile I must be a Russian/Chinese/North Korean agent!
Joe Cadillic writes:
The U.S. Border Patrol (CBP) and the TSA claim they need to secretly spy on everyone’s social media accounts so they can understand a person’s relationship with their friends, family and the government.
According to a DHS report published last month, nothing can stop the Border Patrol or the TSA from secretly spying on everyone’s social media accounts.
“In order to conduct a complete investigation, it is necessary for DHS/CBP to collect and review large amounts of data in order to identify and understand relationships between individuals, entities, threats and events, and to monitor patterns of activity over extended periods of time that may be indicative of criminal, terrorist, or other threat.”
Read more on MassPrivate I.

We don’t have global laws, yet. No matter what the French want.
EU Advocate General: right to be forgotten is limited to EU
On January 10, 2019, Advocate General Szpunar of the Court of Justice of the European Union (CJEU) released his opinion regarding a 2016 enforcement action carried out by the French Supervisory Authority (CNIL) against Google. In that case, the CNIL ordered Google to de-reference links to webpages containing personal data. According to the CNIL, the de-referencing had to be effective worldwide. Google challenged the CNIL’s decision before the French administrative court, which then referred this matter to the CJEU.
In his opinion, Advocate General Szpunar disagrees with the CNIL’s view on a worldwide application of the “right to be forgotten.”

For the lawyers who read my blog?
GDPR: A Year On – IEEE calls for articles
Do you have an interesting perspective on Europe’s General Data Protection Regulation or insightful information about GDPR to share? IEEE Security and Privacy seeks articles from scholars and practitioners from various disciplines and countries to examine GDPR: A Year On. Successful submissions will address (among other topics) the GDPR’s:
• position at the intersection of law and technology;
• global impact;
• implications for global multinationals and for small and medium size enterprises;
• implementation by engineers, economists, and lawyers;
• potential macroeconomic and competitive impact; and
• effect on debates about ethics beyond the law.
Submissions are due by March 1, 2019, with publication in November/December, 2019.

AI Ethics from Dubai.
AI’s rapid advancement and innovation potential across a range of fields is incredibly exciting. Yet a thorough and open discussion around AI ethics, and the principles organisations using this technology must consider, is urgently needed.

Americans want to regulate AI but don’t trust anyone to do it
… Americans have mixed support for the continued development of AI and overwhelmingly agree that it should be regulated, according to a new study from the Center for the Governance of AI and Oxford University’s Future of Humanity Institute.
Americans place the most trust in the US military and universities to build AI
Americans trust tech companies and non-government organizations more than the government to manage AI

The Quiet Ways Automation Is Remaking Service Work
Workers may not be replaced by robots anytime soon, but they’ll likely face shorter hours, lower pay, and stolen time.
When blue-collar workers go on strike, demands such as wage increases and better hours are usually the objective. But when nearly 8,000 Marriott International employees marched outside hotels for two months in late 2018, one request stood out among the rest: protection against the automated technology that’s remaking the hotel industry.

Resources for my students.

Free is good!
IMDB has launched a free streaming service called Freedive that features dozens of movies and TV shows. And while it doesn’t have new releases, the selection isn’t half bad, with movies like Drive, Adaptation, Gattaca, True Romance, Last Action Hero, Legends of the Fall, and Panic Room as well as TV shows like Fringe, Quantum Leap, Gilligan’s Island, Heroes, and The Bachelor.
… The service also seems to be a vehicle for providing more exposure to IMDB’s a number of original video series that you’ve probably never heard of. Thankfully the service doesn’t require a subscription.
One cool thing about the service that sets it apart from others is that it each category displays the top-rated movies first.

Something I did on Tuesday or Wednesday caught Canada’s attention. I have no idea what that might be, but I hope they’re not angry!

Thursday, January 10, 2019

Those who don’t have the resources (time & treasure) to do it right must find the resources to do it over. If I was a cruel professor, I’d have my students read and summarize the report (no more than 50 pages, please)
Eileen Yu reports:
A culmination of bad system management and undertrained IT staff, amongst other gaps, had resulted in Singapore’s most severe cybersecurity breach last July, according to the committee formed to review the events leading up to the SingHealth incident.
The 454-page report published today outlined 16 recommendations the committee said were made in light of its findings, testimonies from witnesses and Singapore’s Cyber Security Agency (CSA), and public submission, as well as feedback from the Solicitor-General and key organisations including Ministry of Health, SingHealth, and the IT agency responsible for the local healthcare sector, Integrated Health Information System (IHIS).
Read more on ZDNet.

Beware “professional reporting” on Computer Crime. Some strange claims here. A procedure for my Computer Security students to revise. Note that they did not report a “summer” scam until December. Maybe that’s Okay under Napoleonic law?
Caddo Schools scammed out of nearly $1 million
The Caddo Parish School System is scammed out of nearly $1 million in tax payer money.
… Caddo Schools makes monthly payments to the charter school. Over the summer, a bank out of Nigeria hacked into Charter Schools USA's account and changed the banking information on file with Caddo Schools. $988,000 was deposited into the wrong account.

(On the other hand)
Some of $1M scammed from Caddo schools has been found
… Law enforcement authorities have found much of the nearly $1 million stolen in an international phishing scheme against Caddo Public Schools but have not recovered the money, a detective said Tuesday.
Nearly $714,000 has been found and frozen in U.S. bank accounts, said Capt. Bobby Herring, a detective with the Caddo Parish Sheriff's Office.
Authorities continue to look for an additional $275,000
… Caddo Schools employees reported the theft to law enforcement authorities on Dec. 12, Herring said. They disclosed the theft to the public only Tuesday, in a news release.
School district spokeswoman Mary Nash-Wood said in an interview that the delay in the notification occurred because information regarding the scope and nature of the scam was still being gathered.
… The school district news release said the theft occurred when an unknown individual fraudulently posed as an employee with Charter Schools USA, which operates the Magnolia school. The individual spoofed an official Charter Schools USA email account to change banking information on file with Caddo Schools, which then sent money to the wrong bank account.
… "There was a time in the summer where our charter school parent company's email system was hacked into," Goree said.
The email account from which the communication originated was based in a country in Africa. Sheriff's deputies declined to disclose which country.
… A similar phishing scam targeted the Independence Bowl in November, but the organization had safeguards that protected it, Herring said.

Intelligence and Big Data. An interesting article.
Weapons of Mass Consumerism: Why China Wants Your Personal Information
… This is our new reality: cyber powers, including China, are collecting and compiling data on private citizens, including Americans and other nationals, not just potentially to make a quick buck but also (and more consequentially) to pursue national security objectives through tactics known and still unknown—because they haven’t been deployed or developed yet.
… But most intriguing is the possibility that Beijing doesn’t even know why or how it might be able to use this data set, yet nonetheless figures that it’s worth acquiring it now, with an anticipation of putting it to use later.

Perspective. Only old folks believe that if you see it on the Internet it must be true? Maybe we just find the fake stuff humorous?
People older than 65 share the most fake news, a new study finds
Older Americans are disproportionately more likely to share fake news on Facebook, according to a new analysis by researchers at New York and Princeton Universities. Older users shared more fake news than younger ones regardless of education, sex, race, income, or how many links they shared. In fact, age predicted their behavior better than any other characteristic — including party affiliation.
… Today’s study, published in Science Advances, examined user behavior in the months before and after the 2016 US presidential election.
… Across all age categories, sharing fake news was a relatively rare category. Only 8.5 percent of users in the study shared at least one link from a fake news site.
… But older users skewed the findings: 11 percent of users older than 65 shared a hoax, while just 3 percent of users 18 to 29 did.

Time waster alert.
Google Chrome Labs experiment is Etch A Sketch for your browser
Google allowing its developers to do their own thing for Chrome Labs can lead to cool experiments the rest of us can play with. One of those developers, for instance, has created a virtual Etch A Sketch for your browser. And, yes, it works even on browsers other than Chrome, including Firefox and Opera. Aptly called Web A Skeb, the experiment works just like the drawing toy and is even as tough to draw on
… The only way to draw on Web A Skeb is to twist its dials using your mouse or trackpad, because its developer's original purpose was to create an experiment that uses knobs for input.

Wednesday, January 09, 2019

Vietnam says Facebook violated controversial cybersecurity law
Facebook has violated Vietnam’s new cybersecurity law by allowing users to post anti-government comments on the platform, state media said on Wednesday, days after the controversial legislation took effect in the communist-ruled country.
… In a statement, a Facebook spokeswoman said, “We have a clear process for governments to report illegal content to us, and we review all these requests against our terms of service and local law.”
She did not elaborate.

I can’t get a warrant, so I go another route.
I Gave a Bounty Hunter $300. Then He Located Our Phone
… The bounty hunter sent the number to his own contact, who would track the phone. The contact responded with a screenshot of Google Maps, containing a blue circle indicating the phone’s current location, approximate to a few hundred metres.
… The bounty hunter did this all without deploying a hacking tool or having any previous knowledge of the phone’s whereabouts. Instead, the tracking tool relies on real-time location data sold to bounty hunters that ultimately originated from the telcos themselves, including T-Mobile, AT&T, and Sprint, a Motherboard investigation has found. These surveillance capabilities are sometimes sold through word-of-mouth networks.
Whereas it’s common knowledge that law enforcement agencies can track phones with a warrant to service providers, IMSI catchers, or until recently via other companies that sell location data such as one called Securus, at least one company, called Microbilt, is selling phone geolocation services with little oversight to a spread of different private industries, ranging from car salesmen and property managers to bail bondsmen and bounty hunters, according to sources familiar with the company’s products and company documents obtained by Motherboard.

This makes no sense to me.
Samsung Phone Users Perturbed to Find They Can't Delete Facebook
… On certain Samsung Electronics Co. smartphones, users aren’t allowed to delete the Facebook app.
Winke bought his Samsung Galaxy S8, an Android-based device that comes with Facebook’s social network already installed, when it was introduced in 2017. He has used the Facebook app to connect with old friends and to share pictures of natural landscapes and his Siamese cat – but he didn’t want to be stuck with it. He tried to remove the program from his phone, but the chatter proved true – it was undeletable. He found only an option to "disable," and he wasn’t sure what that meant.
… which brings up more questions,” Winke said in an interview. “Can they still track your information, your location, or whatever else they do?

...and we don’t even get a discount?
Yves Smith writes:
Matt Stoller warned back in 2012 that insurers would increasingly induce, then force, customers to agree to surveillance. But a Wall Street Journal story describes how insurers and medical providers, meaning your doctor’s employers, are actively cooperating, so as among other things, to help Big Pharma peddle more drugs to you.
Stoller warned that over time, insurance companies would make it prohibitive and eventually impossible to refuse to agree to intensive monitoring:
Profit-driven surveillance does not start and stop with young adults. It is, in fact, becoming pervasive. The main theme of a recent IBM consulting document on the future of the insurance industry is how much more money an insurance company can make if it tracks and tags its customers. This is particularly true for auto insurance companies, some of whom like Allstate and Progressive are experimenting on new technologies. For instance, IBM suggests that “A “pay-as-you-live” product would trade some location and time-of-day privacy data for lower insurance bills overall.”
IBM is recommending these companies stick a sensor in your car, measure where you go and when, your speed, acceleration and deceleration, etc. The progression over time could be to withdraw traditional insurance products, so that you won’t be able to get an insurance product without sensors attached. As this presentation offers, “The aforementioned rising tide of technology also empowers insurance underwriters to bring their products closer to realtime interaction via sensor networks and enlightened privacy regulations.”…

The other side of a cashless society?
California Would Become First State to Discourage Paper Receipts Under Newly Proposed Bill
… But he said a law is needed because many consumers don't realize most paper receipts are coated with chemicals prohibited in baby bottles, can't be recycled and can contaminate other recycled paper because of the chemicals known as Bisphenol-A (BPA) and Bisphenol-S (BPS). [Wow! Really? Bob]
… Republican Assemblyman Brian Dahle of Bieber said he's concerned the receipt proposal could be burdensome for small businesses, won't save that much paper and may not be practical in rural areas without internet connections.
In addition, "then they have your email, then they'll be marketing to you or selling your information or it can get into privacy issues," he said.

Perspective. The e-version of your friendly neighborhood market…
Amazon's new ad strategy: Free samples based on what it knows about you
Amazon is quietly piloting a program to let brands like Maybelline and Folgers pay to send free samples to consumers — all based on what the retail giant already knows they're likely to buy.

A student research challenge: How will self-driving vans get the package onto my porch?
China's national AI champion Baidu to test driverless delivery vans in US heartland with Udelv for Walmart

We’ll get it figured out in a few years.
Scooters, get off the sidewalk: Denver approves first big dockless change
The Denver City Council on Monday unanimously approved revisions to the city’s regulations for dockless scooters, which many had dismissed as archaic and confusing.
Previously, the zippy two-wheel vehicles were supposed to stay on sidewalks in Denver, even though they can hit 15 mph. The new law says that commuter scooters should travel in bike lanes and on low-speed roads when available.

I must assume this is a deliberate reversal of normal procedure. What message does it send? “We don’t need no stinking EU!”
Trump administration snubs European diplomats in U.S.: officials
U.S. President Donald Trump’s administration has lowered the status of the European Union’s diplomats in Washington without notifying Brussels, EU officials said on Tuesday.
… Two other EU diplomats confirmed the downgrade, with one saying it was unlikely the bloc would retaliate given its desire for good relations.

Tuesday, January 08, 2019

By design, it does not rise to the level of cyberwar as we define it. An attack on three “fronts.”
The United States and China - A Different Kind of Cyberwar
China is Conducting a Low and Slow Cyberwar, Attempting to Stay Under the Radar and Maneuver the Global Economy
The battle for economic supremacy is primarily if not entirely being fought in cyber. Given the West’s promise of retaliation for anything that meets its definition of cyberwarfare, China is largely avoiding the sort of destructive activity more usually ascribed to Russia (such as the attack on France’s TV5Monde and Ukrainian power companies), and North Korea (such as the attack on Sony, and WannaCry).
China does not wish to provoke open conflict with the U.S.; either cyber or kinetic. But in order to be stronger than the U.S. economically, it must first close the gap in both business technology and military technology. This means that its cyber operations must be sophisticated, targeted and non-destructive.
There are three primary targets: people, military, and critical infrastructure.


People are often defined as the weakest link in security. While this has traction at a local level, it is peoples’ data that is important at an international level. Direct access to credentials that don’t get changed allows easy access to networks. If credentials are not available, then personal details will often be sufficient to frame compelling and potentially irresistible spear-phishing attacks.


Military and associated technology secrets are a traditional target for international espionage of all categories.
Critical infrastructure
China Inc is unlikely to do anything too overt or dramatic with U.S. critical infrastructure – that would interfere with its long-term strategy. But it would be na├»ve to think it is doing nothing. “At a minimum, we must expect that China is seeking to map, model, and understand how to attack U.S. critical infrastructure. Doing so requires some level of reconnaissance,” comments TruSTAR’s Kurtz.

U.S. Companies Urged to Protect Against Foreign Government Hackers
The National Counterintelligence and Security Center began sending out detailed advisories, in brochure and video forms, to companies around the country to show them how to guard against cyber-incursions.

How to handle hecklers?
Politicians cannot block social media foes: U.S. appeals court
A federal appeals court said on Monday a Virginia politician violated the Constitution by temporarily blocking a critic from her Facebook page, a decision that could affect President Donald Trump’s appeal from a similar ruling in New York.
In a 3-0 decision, the 4th U.S. Circuit Court of Appeals said Phyllis Randall, chair of the Loudoun County Board of Supervisors, violated the First Amendment free speech rights of Brian Davison by banning him for 12 hours from her “Chair Phyllis J. Randall” page.
The ban came after Davison had attended a 2016 town hall meeting, and then under his Facebook profile “Virginia SGP” accused school board members and their relatives of corruption and conflicts of interest.
… Circuit Judge James Wynn rejected Randall’s argument that her Facebook page was a private website, saying the “interactive component” was a public forum and that she engaged in illegal viewpoint discrimination.

Giving passengers a choice takes time and effort. Claiming that “the government made me do it” is much simpler.
Edward Hasbrouck writes:
Buried in the final 500-page PDF file of redacted and munged e-mail messages released by Amtrak in December 2018 in response to a FOIA request we made in 2014, we got the first hint at an answer to one of the questions that originally prompted our request:
What did Amtrak think was its legal basis for requiring passengers to show ID and provide other information, and for handing this data over to DHS components and other police agencies for general law enforcement purposes?
When US Customs and Border Protection (CBP) asked Amtrak to start transmitting passenger data electronically, it described this as a request for “voluntary” cooperation, noting that while the law requires airlines to collect and transmit this data to CBP, “these mandates do not currently extend to land modes of transportation” (as they still don’t today).
Read how Amtrak took “voluntary” cooperation and somehow morphed it into a federal mandate that was never mandated – on Papers, Please!

Should we worry about Jeff Bezos wandering through our homes? Will their employees/robots look in our refrigerators to suggest purchases?
Key By Amazon adds garage and business delivery, new locks and Ring compatibility
… Key is getting a whole bunch of new features this week. In addition to the standard home and car delivery, the company is adding Key for Garage into the mix. Using the Key app, customers can remotely monitor the door and accept deliveries while they’re out.
It’s a nice addition to the existing offerings, for those looking to thwart package thieves or missed deliveries.

Kroger sees this as the future. Microsoft provides the IT Architecture, Kroger supplies the expertise.
Microsoft and Kroger to create data-driven connected grocery stores
Microsoft and Kroger are taking a leaf out of Amazon’s book by building futuristic “connected” grocery stores.
… What all of this helps generate, of course, is vast swathes of information — data on products and customer data. Microsoft’s Azure will take care of all the backend data storage and processing, but this wealth of data can be used by Kroger to target ads at the customer as they waltz around the supermarket. In addition to creating a more sophisticated shopping experience, the initiative is all about creating additional revenue streams.
… But what is perhaps most interesting about Kroger’s plans is that it’s packaging this as a “retail-as-a-service” (RaaS) offering for use by other retailers — yet another potentially gargantuan revenue stream.

Ford sees this as the future… The near future.
Ford wants its cars to 'talk' with traffic lights and pedestrians
Ford is building cars that "talk" with traffic lights, road signs and pedestrians.
At CES 2019 in Las Vegas on Monday, the automaker announced plans to start selling cars that feature this type of technology in 2022.
The technology, called cellular vehicle-to-everything (or C-V2X for short), uses wireless signals to share road data, such as a car's location or the color of a traffic light, with other vehicles.
… But critics says the cost of installing the technology will be burdensome for cash-strapped governments. Corinne Kisner, deputy director of the National Association of City Transportation Officials, called the expense of installing and maintaining vehicle-to-everything technology a major concern. Many municipalities struggle to fill their potholes, let alone install smart city technology. She also described any effort to require a pedestrian to carry a smartphone to guarantee safety as a dangerous paradigm shift.

Monday, January 07, 2019

“Legally” must be assumed… Right?
Phil Fairbanks reports:
When the FBI uncovered a scammer targeting Wegmans two years ago, agents hacked into the suspect’s computer in an effort to learn his identity.
The hacking, approved by a judge, involved an email and attachment that, when opened, connected the suspect’s computer to an FBI server.
A new lawsuit in Buffalo federal court says the Wegmans case is just one example of how the government is now using hacking in ordinary, day-to-day investigations, and not just in national security and foreign intelligence probes.
Read more on The Buffalo News. They don’t seem to give the case information, but I’m embedding the complaint, filed in federal court for the Western District of New York, below so you can read it all for yourself.
[From the article:
... the suit seeks evidence of what the groups call a "remarkable expansion of the government's surveillance powers."
This new tool, they argue in court papers, is so powerful and intrusive that it carries with it great risk to the privacy and security of both the individuals being investigated and the people around them.
"It's never before been the case that the government can accumulate so much important and sensitive personal information by accessing just one device," said Jonathan Manes, director of the UB Law School's Civil Liberties and Transparency Clinic.

I’m betting it’s not high on the “must have’ lists yet, but at least it is being mentioned.
Privacy becomes a selling point at tech show
"What happens on your iPhone stays on your iPhone," Apple says in the message to be seen by tens of thousands attending the Las Vegas tech show.
… The data scandals "are like Christmas presents for us," by prompting more consumers to look for better security, said Winston founder Richard Stokes.
"As we see more things being connected I think that you'll definitely hear people talk about security more and really looking at how would you secure the data," said analyst Carolina Milanesi of Creative Strategies.
"More companies are going to take kind of a cue from the marketing that Apple has been doing."

I don’t think he likes it.
Ethan Huff writes:
Millions of unwitting “sheeple” have willingly outfitted their homes and offices with so-called “smart” speakers like Amazon’s Alexa device, which is marketed as a convenience assistant for getting things done simply using only your voice. But as revealed by Justus Knight in a recent video update to his YouTube channel, Alexa is, practically speaking, an always-listening demon device that can monitor, track, and record people’s conversations for blackmail purposes.
The epitome of Orwellian, Big Brother privacy invasion, Alexa is hardly the innocuous technological “advancement” that its proponents claim it is. Alexa is a far-Left purveyor of “progressive” ideologies such as those perpetuated by Black Lives Matter (BLM). It’s also a potential snitch device that authoritarian overlords can use to control the populations of the world.

For my Architecture students: another perspective.
Paper – Agile Research
In this paper we ask: “how might we take the ideas, the methods and the underlying philosophy behind agile software development and explore applying them in the context of doing research — even research that does not involve software development?” We look at some examples of agile research methods and think about how they might inspire the design of even better methods. We also try to address some potential criticisms of an approach that aims to minimize a need for Big Design Up Front by developing tighter iteration cycles, coupled with reflection and learning as part of a process for doing research.”

Perspective. When you can do “anything you can imagine” with technology, you sometimes run into things you never imagined.
Petcube 2 lets you use Alexa to fling treats at your pets
Petcube announced the second generation of its Petcube Bites and Play cameras today, which keep your pets entertained at home via flinging treats and laser pointers while you’re away at work.
… Both cameras in the Bites and Play have 1080p HD video, 4x digital zoom, and night vision. Pets can also initiate two-way “video calls,” which are triggered when a pet sits in front of the camera. Owners will then receive a push notification asking if they want to accept a video call from their pet (always, of course).
… The $10 plan comes with Smart alerts, which uses AI to distinguish between cats, dogs, and people, and offers audio recognition of barking and meowing to notify owners of potentially dangerous events.

(Related) ...and sometimes a headline makes your imagination run wild.
Kohler’s smart toilet promises a ‘fully-immersive experience’

For the toolkit.
7 Free Web Annotation and Markup Tools You Should Know
Hongkiat: “Contextual feedback is crucial for remote teams working online to have fast and efficient feedback system. Asking and taking feedback is tedious and usually happens off-context using email and text message. There are some tools, however, that allow teams to discuss things and collaborate online in much better way. Web Annotation and Markup tools help you to comment, discuss and collaborate right on web pages or screenshots or PDFs. Such tools add context to the content and make use of highlights, sticky notes, comments, etc. for making discussions with context. In this post, we’re showcasing the best yet freely available tools for contextual feedback. These tools let you annotate, comment and discuss on the web quickly and easily…”

Sometimes I think this is true.

Sunday, January 06, 2019

Once again I managed to stay off this list! Several of these threats are worth discussing in my Computer Security class. I list a few.
These Are the Top 26 National Security Threats Facing America
The Government Accountability Office polled four government agencies on what they saw as the biggest threats to American security. The result was 26 threats identified by the Department of Defense, Department of State, Department of Homeland Security and the Office of the Director of National Intelligence.
New adversaries and private corporations. New states could arise that threaten the U.S. Interestingly, the GAO report worries about “private corporations obtaining resources that could grant them more influence than states.”
Information operations. Adversaries such as Russia, China and Iran will take advantage of social media, artificial intelligence and data crunching to wage information warfare.
Cyber weapons. In addition to Russia and China, Iran and North Korea are developing cyberattack capabilities that could target a variety of systems, such as air traffic control or health care.

If you had control of all of your personal data and all data about your activities, would that identify GDPR violations? As raw data, that might be overwhelming. A system to manage the data is going to be very complex. Might be fun for my Software Architects to consider.
Microsoft is privately testing 'Bali,' a way to give users control of data collected about them
… The "About" page for Bali describes it as a "new personal data bank which puts users in control of all data collected about them.... The bank will enable users to store all data (raw and inferred) generated by them. It will allow the user to visualize, manage, control, share and monetize the data."
According to the About page, Bali is based on the concept of "Inverse Privacy," the subject of a paper authored in 2014 by Yuri Gurevich, Efim Hudis and Jeannette Wing, who all worked for Microsoft Research at that time. An item of personal information is inversely private if some party has access to it, but the creator/user of it does not. Health providers, police, toll-road operators, grocery chains and employers all create inversely private data, which, in many cases, users could benefit from owning, the authors noted.

Opinions vary.
Stop scaremongering about kids spending time on their phones
How much should we worry about our children using screens? It’s hard, as a parent, not to worry. Not least because we’re constantly surrounded by doom-laden warnings about how smartphones have “destroyed a generation”.
… With all that in mind, it’s an enormous relief that the Royal College of Paediatrics and Child Health (RCPCH) has issued new screen time guidelines that are entirely sensible and acknowledge the weakness of the evidence. It says there is “essentially no evidence” to support the idea that screen time is directly toxic to health, despite wild claims in the media. It says there is some evidence that it can displace other activities such as exercise. But its main recommendations are simply to ask yourselves, as a family, whether your screen time is controlled, or whether it gets in the way of things you want to do – family time, eating together – and to try to control your use if it does.

Those who do not study history… (and a graphic worth framing?)
The 20 Internet Giants That Rule the Web
With each passing year, an increasingly large segment of the population no longer remembers images loading a single pixel row at a time, the earsplitting sound of a 56k modem, or the domination of web portals.
Many of the top websites in 1998 were basically news aggregators or search portals, which are easy concepts to understand. Today, brand touch-points are often spread out between devices (e.g. mobile apps vs. desktop site) and a myriad of services and sub-brands (e.g. Facebook’s constellation of apps). As a result, the world’s biggest websites are complex, interconnected web properties.
Today’s visualization, inspired by an earlier work published by WaPo, looks at which of the internet giants have evolved to stay on top, and which have faded into internet lore.