Centennial Man: 2020-08-02

Saturday, August 08, 2020

In order to secure you we first must violate your privacy?

https://www.darkreading.com/endpoint/researchers-create-new-framework-to-evaluate-user-security-awareness/d/d-id/1338603?&web_view=true

Researchers Create New Framework to Evaluate User Security Awareness

… Unlike other security awareness evaluation techniques that rely heavily on questionnaires and the self-reported behavior of users, the new approach is based on actual data gathered from end user smartphones, PCs, network traffic to and from devices, and attack simulation.

Something for my students to play with…

https://www.securityweek.com/us-government-launches-cyber-career-path-tool?&web_view=true

U.S. Government Launches Cyber Career Path Tool

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week announced the availability of a free tool designed to help users identify and navigate a potential career path in cyber.

The new Cyber Career Pathways Tool focuses on five workforce categories: IT, cybersecurity, cyber effects (i.e. defensive and offensive cyber capabilities), cyber intelligence, and cross functional (i.e. management and law enforcement). There are a total of 52 work roles across these categories.

Users can select a work role and the tool will provide a description of that job, the tasks they perform, as well as the knowledge, skills and abilities one needs for the job.

I thought I was missing something. Turns out there was no something. Is it all ‘political theater?’

https://www.nytimes.com/2020/08/07/us/politics/tiktok-security-threat.html

Is TikTok More of a Parenting Problem Than a Security Threat?

TikTok has long presented a parenting problem, as millions of Americans raising preteens and teenagers distracted by its viral videos can attest. But when the C.I.A. was asked recently to assess whether it was also a national security problem, the answer that came back was highly equivocal.

Yes, the agency’s analysts told the White House, it is possible that the Chinese intelligence authorities could intercept data or use the app to bore into smartphones. But there is no evidence they have done so, despite the calls from President Trump and Secretary of State Mike Pompeo to neutralize a threat from the app’s presence on millions of American devices.

Perspective.

https://www.foreignaffairs.com/articles/united-states/2020-08-07/us-has-ai-competition-all-wrong

The U.S. Has AI Competition All Wrong

Computing Power, Not Data, Is the Secret to Tech Dominance

… Computing power in AI has undergone a radical transformation in the last decade. According to the research lab OpenAI, the amount of compute used to train top AI projects increased by a factor of 300,000 between 2012 and 2018. To put that number into context, if a cell phone battery lasted one day in 2012 and its lifespan increased at the same rate as AI compute, the 2018 version of that battery would last more than 800 years.

Politically correct, antitrust edition? In “The gang that couldn’t shoot straight,” crooks are trying to hide from police wiretaps by referring to guns as shirts. Then they ask, “did you get bullets for the shirts?”

https://themarkup.org/google-the-giant/2020/08/07/google-documents-show-taboo-words-antitrust

To Head Off Regulators, Google Makes Certain Words Taboo

As Google faces at least four major antitrust investigations on two continents, internal documents obtained by The Markup show its parent company, Alphabet, has been preparing for this moment for years, telling employees across the massive enterprise that certain language is off limits in all written communications, no matter how casual.

The taboo words include “market,” “barriers to entry,” and “network effects,” which is when products such as social networks become more valuable as more people use them.

“Words matter. Especially in antitrust law,” reads one document titled “Five Rules of Thumb for Written Communications.”

The technology of war?

https://news.usni.org/2020/08/07/report-to-congress-on-emerging-military-technologies-2

Report to Congress on Emerging Military Technologies

The following is the Aug. 4, 2020, Congressional Research Service report, Emerging Military Technologies: Background and Issues for Congress.

… This report provides an overview of selected emerging military technologies in the United States, China, and Russia:

artificial intelligence,
lethal autonomous weapons,
hypersonic weapons,
directed energy weapons,
biotechnology, and
quantum technology.

A tool for Python programmers?

https://www.zdnet.com/article/facebook-open-sources-one-of-instagrams-security-tools/?&web_view=true

Facebook open-sources one of Instagram's security tools

… Named Pysa, the tool is a so-called static analyzer. It works by scanning code in a "static" form, before the code is run/compiled, looking for known patterns that may indicate a bug, and then flagging potential issues with the developer.

… This concept isn't new and is something that Facebook has already perfected with Zoncolan, a static analyzer that Facebook released in August 2019 for Hack -- the PHP-like language variation that Facebook uses for the main Facebook app's codebase.

Both Pysa and Zoncolan look for "sources" (where data enters a codebase) and "sinks" (where data ends up). Both tools track how data moves across a codebase, and find dangerous "sinks," such as functions that can execute code or retrieve sensitive user data.

When a connection is found between a source and a dangerous sink, Pysa (and Zoncolan) warn developers to investigate.

… Facebook has formally open-sourced Pysa on GitHub today, along with several bug definitions required to help it find security issues.

Entertainment for shut-ins. Other groups, other decades?

https://www.stltoday.com/entertainment/movies/the-best-films-of-1970-coming-to-an-internet-near-you/article_4adb8e2b-5cf2-5b23-a478-d02d4c189bd9.html

The best films of 1970 coming to an internet near you

How good a year for movies was 1970?

It was good enough that when Cinema St. Louis wanted to have a retrospective of movies from 50 years ago, they came up with 14 movies of note to show.

The series, Golden Anniversaries, begins Monday at 7:30 p.m. and will stream online every Monday at the same time through Oct. 26. Each film will be introduced by a film critic, scholar or enthusiast, who will also lead a discussion after the screening.

The events are free, but participants must register at the Cinema St. Louis website.

Friday, August 07, 2020

Compare to the Security budget… 2015-2019, and no one noticed?

https://www.nytimes.com/2020/08/06/business/capital-one-hack-settlement.html?&web_view=true

Capital One will pay $80 million over hack.

Capital One has agreed to pay $80 million to settle federal bank regulators’ claims that it lacked proper cybersecurity protocols, more than a year after a Seattle-based software engineer hacked into a cloud server and stole customers’ social security numbers, bank account information and credit card applications, regulators said Thursday.

The Office of the Comptroller of the Currency, which oversees large U.S. banks, said in a regulatory filing that the bank had failed to establish proper risk assessment procedures in 2015 after it began using cloud storage technology. Later, its board failed to hold the managers in charge of the area accountable for their neglect. [Did the bank? Bob]

Security tools.

https://www.helpnetsecurity.com/2020/08/07/open-source-tool-infection-monkey/?web_view=true

Open source tool Infection Monkey allows security pros to test their network like never before

Guardicore unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation (BAS) tool that maps to the MITRE ATT&CK knowledge base and tests network adherence to the Forrester Zero Trust framework.

Somewhat expected.

https://www.cnn.com/2020/08/06/politics/trump-executive-order-tiktok/index.html

Trump issues orders banning TikTok and WeChat from operating in 45 days if they are not sold by Chinese parent companies

President Donald Trump on Thursday issued executive orders that would ban the social media app TikTok and WeChat from operating in the US in 45 days if they are not sold by their Chinese-owned parent companies.

The orders, which use similar language, do not state that a certain amount of money from the sale needs to be sent to the US Treasury Department, which the President has been insisting on for several days.

https://www.whitehouse.gov/presidential-actions/

Mark Zuckerberg Says A Ban On TikTok Would Set “A Really Bad Long-Term Precedent”

Tencent stock, which had a market capitalization of $687B on Thursday, plunged 10%+ after Trump's ban on WeChat

(Related) When you have oodles of cash...

https://www.ft.com/content/45d739f5-37cc-4957-874d-a310c2ac8e07

Microsoft expands TikTok takeover ambitions to entire global business

Microsoft is chasing a deal to buy all of TikTok’s global business, including the viral video app’s operations in India and Europe, according to five people with knowledge of the talks.

The US software company said on Sunday it was in negotiations with ByteDance, the Chinese owner of TikTok, to explore “a purchase of the TikTok service in the United States, Canada, Australia, and New Zealand”.

But Microsoft has since also pursued a plan that would include all countries where TikTok operates. TikTok does not operate in China, and such a deal would not extend to its China-facing sister app Douyin.

A different perspective on facial recognition?

https://www.theverge.com/2020/8/6/21355999/twitter-cyber-harassment-felony-charges-police-protests-retweet?scrolla=5eb6d68b7fedc32c19ef33b4

ONE TWEET TRIED TO IDENTIFY A COP — THEN FIVE PEOPLE WERE CHARGED WITH FELONY HARASSMENT

A New Jersey police department is pursuing cyber harassment charges against five people in connection with a protest photo uploaded to Twitter in June. Complaints were served against the original tweeter and four other people who retweeted the message, alleging that they caused the officer to fear for the safety of his family.

… The original poster and the retweeters are charged with cyber harassment, a fourth-degree felony punishable by up to 18 months in jail.

… The department charged Sziszak and others on behalf of Detective Peter Sandomenico, who the complaint identifies as the officer in the tweet.

AI is a tool. Eventually it will create other (better?) tools. Perhaps even a lawyer AI to argue its case?

https://www.whitehouse.gov/presidential-actions/

Inventorship, Patenting and AI: The Public Comments on Patenting Artificial Intelligence Inventions

… Indeed, interest in AI has become so keen that questions previously found only in works of science fiction have begun to receive more serious consideration. One such question is the possibility of according rights in intellectual property—formerly accorded only to natural persons—to AI software, if the AI software indeed generated the IP in question.

… the USPTO had previously solicited input on these very questions. In August 2019, the USPTO issued a request for comment on the patenting of AI inventions.

… Several months later, in October 2019, the USPTO additionally issued a request for comment on non-patent IP issues for AI, such as copyright, trade secret and trademark. This article will focus solely on the patent issues, however.

Cheap law? What a concept! Will this go out for bids? Google might be interested.

https://www.bespacific.com/court-says-federal-judiciary-is-overcharging-for-access-to-public-records-online/

Court says federal judiciary is overcharging for access to public records online

Washington Post: “The federal judiciary is overcharging for public access to online court records, an appeals court ruled Thursday in a decision that could result in lower fees to search and download case documents. In a unanimous decision, the U.S. Court of Appeals for the Federal Circuit said affordable access to public records is critical for oversight and transparency in the nation’s court system. “If large swaths of the public cannot afford the fees required to access court records, it will diminish the public’s ability ‘to participate in and serve as a check upon the judicial process — an essential component in our structure of self-government,’ ” wrote Judge Todd M. Hughes, who was joined by Judges Alan D. Lourie and Raymond C. Clevenger III. The ruling does not eliminate the paywall for the service known as PACER, an acronym for Public Access to Court Electronic Records. But the decision upholds a District Court finding that the current 10 cents per page charge is “higher than necessary to operate” the system. The court limited fees to the amount needed to cover the cost of providing access to docket information online…”

For those interested in antitrust.

https://www.cnbc.com/2020/08/06/amazon-apple-google-and-amazon-emails-most-revealing-antitrust-finds.html

We read hundreds of pages of emails that Congress collected from the biggest tech companies in the world — here are the most revealing things we found

Perspective.

https://www.axios.com/report-how-the-high-tech-economy-is-expanding-755ca6aa-726a-4b9f-9cb6-aea1e83d8b49.html

Exclusive: How the high-tech economy is expanding

… Why it matters: A new district-by-district report out today from the Information Technology Industry Council makes the case that an economy infused with high-tech workers, startups and exports is a more resilient one, with higher wages and productivity.

The average congressional district now has about 400 high-tech startups employing around 3,400 workers.

Every little bit helps. (Creative Commons license)

https://www.zdnet.com/article/explainable-ai-artificial-intelligence-a-guide-for-making-black-box-machine-learning-models-explainable/

Explainable AI: A guide for making black box machine learning models explainable

… machine learning (ML), which many people conflate with the broader discipline of artificial intelligence (AI), is not without its issues. ML works by feeding historical real world data to algorithms used to train models. ML models can then be fed new data and produce results of interest, based on the historical data used to train the model.

A typical example is diagnosing medical conditions. ML models can be produced using data such as X-rays and CT scans, and then be fed with new data and asked to identify whether a medical condition is present or not. In situations like these, however, getting an outcome is not enough: we need to know the explanation behind it, and this is where it gets tricky.

Christoph Molnar is a data scientist and PhD candidate in interpretable machine learning. Molnar has written the book "Interpretable Machine Learning: A Guide for Making Black Box Models Explainable", in which he elaborates on the issue and examines methods for achieving explainability.

Molnar uses the terms interpretable and explainable interchangeably. Notwithstanding the AI/ML conflation, this is a good introduction to explainable AI and how to get there.

Free access to research.

https://syncedreview.com/2020/08/06/arxivs-1-7m-research-papers-now-available-on-kaggle/

ArXiv’s 1.7M+ Research Papers Now Available on Kaggle

To help make world’s largest free scientific paper repository even more accessible, arXiv announced yesterday that all of its research papers are now available on Kaggle.

… The arXiv dataset is now available on Kaggle and will be updated weekly.

Tools for shut-ins.

https://www.bespacific.com/how-to-use-microsoft-teams-with-your-friends-and-family/

How to use Microsoft Teams with your friends and family

The Verge: “It’s taken a while, especially considering the number of people who are looking for convenient ways to chat and videoconference these days, but Microsoft has finally created a version of its business Teams app for personal use. The app, which is considered to be in preview, is currently only available for mobile devices (iOS and Android). You get 10GB of file storage for your “team” and 2GB of personal file storage per person. What follows is a quick how-to on using Teams for communicating with friends and family. It is available for both iOS and Android; the two apps are extremely similar. The only difference may be in the placement of, say, the “Start new chat” button. The app offers a variety of ways to communicate: chat, audio-only, and video. Everybody participating has to have the app on their device, and you also need a Microsoft account (which is relatively simple to sign up for)…”

The 7 Best Annotation Tools for Google Chrome

Capturing and annotating webpages, images, or portions of articles can be useful for work, school, or even personal research. With tools that allow you to mark up items quickly and easily, Chrome offers a nice selection of extensions.

Thursday, August 06, 2020

Oops?

https://www.securityweek.com/colorado-city-pays-45000-ransom-after-cyber-attack?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Colorado City Pays $45,000 Ransom After Cyber-Attack

Lafayette, Colorado, officials announced Tuesday the city’s computer systems were hacked and they were forced to pay a ransom to regain access.

Lafayette officials said hackers disabled the city’s network services and blocked its access until the city paid a $45,000 fee, the Daily Camera reported.

The attack caused city emails, phones, online payments and reservation systems to temporarily shut down.

The city’s system servers and computers are still in the process of being cleaned and rebuilt. Once finished, the relevant data will be restored into the system and operations will resume. In the meantime, the city is using temporary phone numbers and emails.

… To combat future attacks, the city said it is installing crypto-safe backups, deploying additional cybersecurity systems and implementing regular vulnerability assessments. [Closing the barn door after the horse has bolted. Bob]

Something to worry about after the pandemic…

https://www.zdnet.com/article/evil-ai-these-are-the-20-most-dangerous-crimes-that-artificial-intelligence-will-create/

Evil AI: These are the 20 most dangerous crimes that artificial intelligence will create

… The ranking was put together after scientists from University College London (UCL) compiled a list of 20 AI-enabled crimes based on academic papers, news and popular culture, and got a few dozen experts to discuss the severity of each threat during a two-day seminar.

Research paper in Crime Science

Is it really a bargain?

https://www.cnbc.com/2020/08/05/microsoft-has-one-year-to-transfer-tiktoks-code-to-the-us.html

Microsoft could buy TikTok for as much as $30 billion

Microsoft plans to finish its acquisition talks with TikTok within the next three weeks, ahead of the Sept. 15 deadline, CNBC’s David Faber reported Wednesday. The deal could be worth up to $30 billion.

If the deal goes through, Microsoft has already agreed with the U.S. government to bring TikTok’s code from China to the U.S. within one year. Faber also reported that the two sides haven’t landed on a price for TikTok yet, but it could be between $10 billion and $30 billion.

(Related) $30 Billion is only the US part...

https://www.scmp.com/tech/start-ups/article/3096226/tiktok-spend-us500-million-first-eu-data-centre-ireland

TikTok to spend US$500 million on first EU data centre in Ireland

TikTok, the embattled video-sharing app that has found itself at the centre of Washington-Beijing tensions, is setting up its first data centre in Europe with a 420 million euros (US$500 million) investment in Ireland, the company announced.

Promising to create hundreds of jobs, improve “the safeguarding and protection of TikTok user data” and shorten loading times for users in Europe, the new data centre is expected to be operational by early 2022.

Once it goes online, European user data will be stored at that location, TikTok said

Microsoft could use data culled from TikTok content, such as video of people of different ethnicities engaged in a variety of activities, to train its AI

Perspective. How profitable are genealogy sites?

https://www.bespacific.com/worlds-biggest-landlord-buys-worlds-biggest-genealogy-website/

World’s Biggest Landlord Buys World’s Biggest Genealogy Website

Gizmodo: “The Blackstone Group will buy a majority stake in the genealogy website Ancestry.com in a deal worth $4.7 billion, according to a press release published Wednesday. Blackstone Group, a private equity firm, is the world’s largest landlord and Ancestry is the world’s largest genealogy website, with over 6 billion records on family history in the U.S. alone. Ancestry also provides DNA testing and has over 18 million DNA test results in its databases. Ancestry officially operates in over 34 countries around the world, though it’s accessible from pretty much anywhere on the planet. The genealogy website was founded in Utah in 1996 and has over three million paying subscribers with revenue of roughly $1 billion a year. The company has expanded into DNA testing in recent years and has partnered with drug companies to share data, raising plenty of eyebrows among privacy activists. The Pentagon has even warned U.S. military personnel against using DNA test kits available from companies like Ancestry and 23andMe. Blackstone is buying a 75% stake in Ancestry, according to the Financial Times, and owns hundreds of thousands of properties around the world. Blackstone owns both commercial and residential real estate in the U.S., Europe, Asia, and South America, including high-profile hotels like the Bellagio in Las Vegas and the biggest apartment complex in Manhattan. The properties are often owned under countless subsidiary names…”

Wednesday, August 05, 2020

Hacking the macro economy?

https://www.wired.com/story/hackers-iot-botnets-manipulate-energy-markets/?&web_view=true

Hackers Could Use IoT Botnets to Manipulate Energy Markets

ON A FRIDAY morning in the fall of 2016, the Mirai botnet wrecked havoc on internet infrastructure, causing major website outages across the United States. It was a wake-up call, revealing the true damage that zombie armies of malware-infected gadgets could cause. Now, researchers at the Georgia Institute of Technology are thinking even farther afield about targets that botnets could someday disrupt—such as energy markets.

At the Black Hat security conference on Wednesday, the researchers will present their findings, which suggest that high-wattage IoT botnets—made up of power-guzzling devices like air conditioners, car chargers, and smart thermostats—could be deployed strategically to increase demand at certain times in any of the nine private energy markets around the US. A savvy attacker, they say, would be able to stealthily force price fluctuations in the service of profit, chaos, or both.

If so, he’s not thinking globally – or perhaps I should stop at ‘not thinking.’

https://www.bloomberg.com/news/articles/2020-08-04/bytedance-ceo-says-trump-s-real-goal-is-to-kill-off-tiktok

ByteDance CEO Says Trump’s Real Goal Is to Kill Off TikTok

A U.S. investigation into ByteDance Ltd.’s TikTok is really intended to smother a Chinese-owned app that’s become a sensation with Americans, founder Zhang Yiming told employees in China Tuesday.

In his second missive to the troops in as many days, the billionaire entrepreneur said a government probe into the company’s 2017 purchase of Musical.ly, -- TikTok’s progenitor -- was intended to spur a complete shutout. Escalating U.S.-China tensions had prompted American politicians to warn that the app posed a potential national security threat and call for an investigation into whether U.S. user data was being shared with Beijing, accusations that ByteDance has repeatedly rejected.

(Related) Does this make TikTok significantly less valuable?

https://techcrunch.com/2020/08/05/instagram-reels-launches-globally-in-over-50-countries-including-u-s/

Instagram Reels launches globally in over 50 countries, including US

Instagram Reels, the company’s significant effort in challenging TikTok on short-form creative content, is launching globally, starting today. The feature is being made available across 50 countries, including the U.S., as TechCrunch had previously reported.

Another tool to automate lawyering?

https://www.theindianalawyer.com/articles/a-brave-new-chapter-ai-tackles-legal-writing

A brave new chapter: AI tackles legal writing

A well-written opinion or brief can change the course of legal thought, but while other parts of the practice of law have been upended by technology, the physical act of writing remains pretty much a job done by humans.

However, new artificial intelligence software being rolled out by Keesal Propulsion Labs, a tech startup hatched at the California law firm of Keesal, Young & Logan, appears poised to rewrite the definition of writing. The GPT-3 program draws upon 175 billion parameters to craft an array of written works from songs and poetry to court filings that the tech world is praising as being equal in quality to that produced by human beings.

… The technology available today helps with the fundamentals of drafting a sentence. A 2019 blog post from the litigation support services company OneLegal underscored this trend by highlighting the Top 10 legal writing tools that, it said, “will simplify your life (and improve your writing).”

Grammarly, the online tool that spots grammatical errors, topped the list. Other computer programs included BriefCatch, specifically designed for legal editing; Hemingway Editor, touted as making “your writing bold and clear”; and PerfectIt paired with the American Legal Style function, which uses “13,000 legal-specific checks” to proofread transactional and litigation documents.

However, GPT-3 goes beyond highlighting a problem in the text and suggesting a correction. This program actually writes the document.

Perspective. Cloud businesses need an anchor in real estate.

https://www.nytimes.com/2020/08/03/nyregion/facebook-nyc-office-farley-building.html

Facebook Bets Big on Future of N.Y.C., and Offices, With New Lease

Facebook on Monday agreed to lease all the office space in the mammoth 107-year-old James A. Farley Building in Midtown Manhattan, cementing New York City as a growing global technology hub and reaffirming a major corporation’s commitment to an office-centric urban culture despite the pandemic.

With the 730,000-square-foot lease, Facebook has acquired more than 2.2 million square feet of office space in the city for thousands of employees in less than a year, all of it on Manhattan’s West Side between Pennsylvania Station and the Hudson River.

Tuesday, August 04, 2020

Another encryption that doesn’t need a backdoor?

https://www.schneier.com/blog/archives/2020/08/blackberry_phon.html

BlackBerry Phone Cracked

Australia is reporting that a BlackBerry device has been cracked after five years:

An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one of the state's longest-running drug importation investigations.

In April, new technology "capabilities" allowed authorities to probe the encrypted device....

No details about those capabilities.

The law plays catch-up.

Protester Surveillance May Test Constitutional Privacy in Courts

Julia Weng reports:

Protests over racial inequality are exposing tensions between law enforcement access to digital data and citizen rights against unwarranted searches, which may force courts to grapple with how to protect people’s privacy.

Law enforcement use of social media posts, drones, cameras, and cell location data catchers called “dirtboxes” during the civil unrest related to the George Floyd protests may push federal courts to expand Fourth Amendment protections to digital data, like geolocation and real-time mobile information. As police surveillance tactics change, constitutional privacy protections are likely to evolve as well.

Centennial Man

Saturday, August 08, 2020

Friday, August 07, 2020

Thursday, August 06, 2020

Wednesday, August 05, 2020

Tuesday, August 04, 2020

Search This Blog

Followers

Blog Archive

Links

About Me