Saturday, September 19, 2020

Something fishy here. Clearly a major hack if they needed to restore every computer but yet they can prevent it in future with a simple purchase?

https://www.kristv.com/news/local-news/school-district-reaches-out-to-fbi-following-cyberattack

School district reaches out to FBI following cyberattack

School administrators said they were victims of a cyberattack Tuesday afternoon. "(We have) given the FBI everything they need to investigate the incident," school officials said.

Administrators said they have to go through all Windows devices in the school system, including student’s devices. They have to be scanned, reimaged, wiped, and reinstalled. The process is very time and labor-intensive.

Administrators said they have purchased everything needed to keep this from happening again and they hope to get back to what they do best, teaching kids, on Monday.





Slicing up the law or adding to it?

https://oag.ca.gov/news/press-releases/attorney-general-becerra-announces-landmark-settlement-against-glow-inc-%E2%80%93?&web_view=true

Attorney General Becerra Announces Landmark Settlement Against Glow, Inc. – Fertility App Risked Exposing Millions of Women’s Personal and Medical Information

California Attorney General Xavier Becerra today announced a landmark settlement against Glow, Inc. (Glow), a technology company that operates a fertility-tracking mobile app that stores personal and medical information. The settlement, which is subject to court approval, resolves the Attorney General’s investigation of Glow's app for serious privacy and basic security failures that put women’s highly-sensitive personal and medical information at risk. In addition to a $250,000 civil penalty, the settlement includes injunctive terms that require Glow to comply with state consumer protection and privacy laws, and a first-ever injunctive term that requires Glow to consider how privacy or security lapses may uniquely impact women.





For my Ethical Hackers…

https://hackaday.com/2020/09/18/listening-to-an-iphone-with-am-radio/?web_view=true

LISTENING TO AN IPHONE WITH AM RADIO

Electronic devices can be surprisingly leaky, often spraying out information for anyone close by to receive. [Docter Cube] has found another such leak, this time with the speakers in iPhones. While repairing an old AM radio and listening to a podcast on his iPhone, he discovered that the radio was receiving audio the from his iPhone when tuned to 950-970kHz.

[Docter Cube] states that he was able to receive the audio signal up to 20 feet away. A number of people responded to the tweet with video and test results from different phones. It appears that iPhones 7 to 10 are affected, and there is at least one report for a Motorola Android phone. The amplifier circuit of the speaker appears to be the most likely culprit, with some reports saying that the volume setting had a big impact. With the short range the security risk should be minor, although we would be interested to see the results of testing with higher gain antennas. It is also likely that the emission levels still fall within FCC Part 15 limits.



(Ditto)

https://www.zdnet.com/article/spammers-use-hexadecimal-ip-addresses-to-evade-detection/?&web_view=true

Spammers use hexadecimal IP addresses to evade detection

IP addresses can also be written in three other formats:

    • Octal - 0300.0250.0000.0001 (by converting each decimal number to the octal base)

    • Hexadecimal - 0xc0a80001 (by convert each decimal number to hexadecimal)

    • Integer/DWORD - 3232235521 (by converting the hexadecimal IP to integer)

According to a report published yesterday by Trustwave, a spam group has adopted hexadecimal IP addresses for their campaigns since mid-July earlier this year.





Doom & gloom?

https://thenextweb.com/neural/2020/09/18/a-beginners-guide-to-the-ai-apocalypse-killer-robots/

A beginner’s guide to the AI apocalypse: Killer robots

Welcome to the fifth article in TNW’s guide to the AI apocalypse. In this series we examine some of the most popular doomsday scenarios prognosticated by modern AI experts. Previous articles in this series include: Misaligned Objectives, Artificial Stupidity, Wall-E Syndrome, and Humanity Joins the Hivemind.

We’ve danced around the subject of killer robots in the previous four editions in this series, but it’s time to look the machines in their beady red eyes and… speculate.





Still a hot topic.

https://theconversation.com/gpt-3-new-ai-can-write-like-a-human-but-dont-mistake-that-for-thinking-neuroscientist-146082

GPT-3: new AI can write like a human but don’t mistake that for thinking – neuroscientist

Since it was unveiled earlier this year, the new AI-based language generating software GPT-3 has attracted much attention for its ability to produce passages of writing that are convincingly human-like. Some have even suggested that the program, created by Elon Musk’s OpenAI, may be considered or appears to exhibit, something like artificial general intelligence (AGI), the ability to understand or perform any task a human can. This breathless coverage reveals a natural yet aberrant collusion in people’s minds between the appearance of language and the capacity to think.





Lots of introductory videos. MS Office, Computer Basics, Job Search, Social Media, etc.

https://edu.gcfglobal.org/en/topics/

GCFLearnFree.org



Friday, September 18, 2020

Training and constant reminders could help.

https://www.infosecurity-magazine.com/news/outbound-email-breaches/?&web_view=true

Outbound Email Errors Cause 93% Increase in Breaches

According to research by Egress, 93% of 538 IT leaders surveyed reported a breach in the past year due to an email error, with 70% of those believing remote working increases the risk of sensitive data being put at risk from outbound email data breaches.

The most common breach types were replying to spear-phishing emails (80%), emails sent to the wrong recipients (80%) and sending the incorrect file attachment (80%).





Similar possibilities here? Probably not.

https://www.insideprivacy.com/international/united-kingdom/english-high-court-awards-damages-for-quasi-defamation-data-claim/

English High Court Awards Damages for Quasi-Defamation Data Claim

The English High Court has recently awarded damages in a data privacy case, with two features of particular interest. First, the nature of the claim is more reminiscent of a claim in defamation than for data privacy breaches, which is a development in the use of data protection legislation. Secondly, the damages awarded (perhaps influenced by the nature of the case) were unusually high for a data privacy case.

The decision highlights an unusual use of data protection in English law, as a freestanding form of quasi-defamation claim, as the claimants sought damages for reputational harm (as well as distress) solely under the Data Protection Act 1998 (the “DPA”, since replaced by the Data Protection Act 2018, which implemented the General Data Protection Regulation ((EU) 2016/679) (GDPR) in the UK) rather than in a libel or defamation claim, or in parallel with such a claim. It also sets a potentially unhelpful precedent by awarding two of the claimants £18,000 each for inaccurate processing of their personal data, an amount that is significantly higher than has been awarded in other data protection cases brought under the DPA. If such awards were to be made in the context of a class action, the potential liability for data controllers could be significant.





No doubt this will enable block by block advertising.

Waze To Keep 7-Day Records Of Americans’ Driving Habits

Joe Cadillic writes:

Two weeks have passed since I warned everyone about Amazon drone deliveries being the biggest threat to our privacy that Americans have ever seen. But a recent news release revealed that Google is giving them a run for the money.

Waze’s latest feature ‘save your drive’ on Live Map will record Americans driving habits in real-time, effectively turning Waze into a national drivers surveillance program.

Read more on MassPrivateI.

[From the article:

Letting Waze know your favorite and frequent travel destinations is just asking for trouble. Not only do Americans have to worry about DHS tracking everyone's license plates but now Google knows where your friends and family live. And they will know the time you leave your house and when you arrive at your destination[s].





Will changes due to the pandemic ever be undone?

https://dilbert.com/strip/2020-09-18





You invented something that gave you an advantage. Now give it to your competitors?

https://www.bloomberg.com/news/articles/2020-09-17/apple-pay-tech-likely-to-be-open-to-rivals-in-rules-mulled-by-eu

Apple Would Have to Share Payment Tech Under Rules Mulled by EU

The European Union is considering new rules that would likely require Apple Inc. to give competitors access to payments technology inside its iPhones.

The new laws would prevent mobile device manufacturers from limiting access to near-field communication technology embedded in smartphones and other devices such as smartwatches, according to documents obtained by Bloomberg.

NFC technology handles wireless signals that allow users to pay via their devices at store terminals, rather than a credit or debit card. While the report did not mention Apple by name, at present iPhone and Apple Watch users can only make NFC payments using Apple Pay. Banks and other competitors have complained they want the same functionality for their own iPhone apps and that Apple won’t give them access to the chip.

The report is set to be unveiled next week by the European Commission as part of a package of policy proposals. It includes a footnote to a competition case launched by the European Commission’s antitrust arm in June, which is seeking to assess whether the iPhone giant unfairly blocks other providers from using the tap-and-go functionality on its smartphones.





Perspective. State sanctioned espionage.

https://www.scmagazine.com/home/security-news/fbi-opens-china-related-counterintelligence-case-every-10-hours/?web_view=true

FBI opens China-related counterintelligence case every 10 hours

FBI Director Christopher Wray today offered the House Homeland Security Committee some sobering news about China – the FBI opens a new China-related counterintelligence case roughly every 10 hours.

… “They are going after cost and pricing information, internal strategy documents, personally identifiable information – anything that can give them a competitive advantage,” Wray told House members this morning.





Perspective.

https://www.bespacific.com/political-divides-conspiracy-theories-and-divergent-news-sources-heading-into-2020-election/

Political Divides, Conspiracy Theories and Divergent News Sources Heading Into 2020 Election

As the nation heads toward Election Day in the midst of a persistent pandemic and simmering social unrest, a new Pew Research Center survey finds that Americans’ deep partisan divide, dueling information ecosystems, and divergent responses to conspiracy theories and misinformation are all fueling uncertainty and conflict surrounding the presidential election. While Americans across the political spectrum have been getting information about key election-related storylines, their knowledge and opinions about these issues – as well as the candidates themselves – differ strikingly based on their party affiliation and key news sources, according to the new survey, conducted Aug. 31-Sept. 7, 2020, as part of the Center’s American News Pathways project. One central issue creating confusion in this campaign is the reliability of voting by mail, which figures to be more widespread than ever this year as people try to avoid crowded polling places during the coronavirus outbreak. President Donald Trump has repeatedly promoted the unsupported idea that mail-in voting will lead to significant fraud and has put the U.S. Postal Service in the campaign spotlight.

While evidence indicates that mail-in voting is associated with only minuscule levels of fraud, 43% of Republicans and Republican-leaning independents identify voter fraud as a “major problem” associated with mail-in ballots. By contrast, only 11% of Democrats and Democratic-leaning independents say the same thing…”





Perspective (and a reminder)

https://www.bespacific.com/duckduckgo-is-growing-fast/

DuckDuckGo Is Growing Fast

BleepingComputer:DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform. While Google remains the most popular search engine, DuckDuckGo has gained a great deal of traction in recent months as more and more users have begun to value their privacy on the internet. DuckDuckGo saw over 2 billion searches and 4 million app/extension installations, and the company also said that they have over 65 million active users. DuckDuckGo could shatter its old traffic record if the same growth trend continues. Even though DuckDuckGo is growing rapidly, it still controls less than 2 percent of all search volume in the United States. However, DuckDuckGo’s growth trend has continued throughout the year, mainly due to Google and other companies’ privacy scandal…”





Interesting how much discussion the Guardian article generated.

https://theconversation.com/can-robots-write-machine-learning-produces-dazzling-results-but-some-assembly-is-still-required-146090

Can robots write? Machine learning produces dazzling results, but some assembly is still required



Thursday, September 17, 2020

Oops! We didn’t mean to kill you, sorry.

https://www.databreaches.net/did-ransomware-threat-actors-hit-a-german-medical-clinic-by-mistake-either-way-someone-died-as-a-result/

Did ransomware threat actors hit a German medical clinic by mistake? Either way, someone died as a result.

It was our nightmare realized: a medical center was completely paralyzed by a ransomware attack and someone died as a result.

As of last week, the University Clinic in Düsseldorf reported that it was in a state of emergency. Operations had been canceled, and ambulances had to be redirected to other clinics. On September 10, the clinic had posted an announcement:

A Google translation reads, in part:

There is currently an extensive IT failure at the University Hospital Düsseldorf (UKD). This means, among other things, that the clinic can only be reached to a limited extent – both by telephone and by email.

The UKD has deregistered from emergency care. Planned and outpatient treatments will also not take place and will be postponed. Patients are therefore asked not to visit the UKD – even if an appointment has been made.

Days later, the clinic remained paralyzed and unable to function normally, even as of yesterday.

And now we read that the threat actors’ attack has resulted in a death. Associated Press reports:

German authorities say a hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.

Did the threat actors intend to hit the hospital? They may not have. According to the AP, citing German authorities, the extortion note appeared intended for the affiliated university, not the hospital. And when “police told hackers the hospital was affected, they provided a decryption key. The hackers are no longer reachable, they said.”

Does it matter that the threat actors may not have intended to hit the hospital and just hit it in error? Their criminal actions resulted in the death of someone, and they should be held accountable for that.

So far, I can find no mention of what type of ransomware this was or who the threat actors were.





I’m sure that EU police would share this software with US police if they were asked. And I bet they will be asked if it can be tweaked to work on other phones.

https://www.vice.com/en_us/article/k7qjkn/encrochat-hack-gps-messages-passwords-data?&web_view=true

European Police Malware Could Harvest GPS, Messages, Passwords, More

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest "all data stored within the device," and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard.





Worth a listen?

https://www.insideprivacy.com/data-security/inside-privacy-audiocast-episode-4-a-look-into-the-aclu-of-californias-position-on-the-cpra/

Inside Privacy Audiocast: Episode 4 – A Look into the ACLU of California’s Position on the CPRA

On our fourth episode of our Inside Privacy Audiocast, we are aiming our looking glass at the California Privacy Rights Act, and are joined by guest speaker Jacob Snow, Technology and Civil Liberties Attorney with the American Civil Liberties Union of Northern California.





We’re willing to protect your privacy, except when it become inconvenient.

COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic

A snippet from the Executive Summary of a new report written by Robert Gellman and Pam Dixon:

This report offers an analysis of existing laws and practices regarding both types of HIPAA COVID-19 waivers. The report recommends that, when the current emergency subsides, the Secretary of HHS review in a systematic way the privacy, security, and legal questions about all HIPAA waivers. The report further recommends that HHS prepare for future health emergencies with advance planning for HIPAA waiver practices. The report recommends that the National Committee on Vital and Health Statistics be tasked with the fact-finding and policy work needed to develop legislative and administrative recommendations for HIPAA waivers. Discussions about HIPAA waivers should involve all relevant stakeholders. Finally, once the Secretary completes a review of waiver authority, the report recommends that the US Congress reform the statutory HIPAA waiver rules.

You can download their analysis and full report here.





For the pandemic and beyond.

https://www.cpomagazine.com/data-protection/adapting-data-governance-to-wfh-reality/

Adapting Data Governance to WFH Reality

Even if the pandemic subsides, the work from home movement is here to stay. Numerous companies have pushed out plans to return workers to offices and, even then, remote work will likely be more possible for more workers. Twitter, for one, has said WFH is a permanent option.

This all means that companies, many of whom shifted to remote workforces almost overnight earlier this year, should double check that data privacy and security policies are in place to enable a secure and efficient WFH workforce—while protecting consumer and corporate data.

This is no small task. Even before the pandemic and WFH rush, companies were having trouble complying with the European Union’s General Data Protection Regulation, passed in 2018, says consulting firm, McKinsey & Company.

Yet the goal for stepping up WFH data governance isn’t simply compliance. The ultimate aim is to go forward with policies and procedures that enable better results and build brand trust with consumers, business partners and others.

Here are four strategic steps to help enterprises update data governance and the WFH reality:





Could every company or industry do this?

https://www.bespacific.com/encyclopedia-of-ethical-failure/

Encyclopedia of Ethical Failure

U.S Department of Defense Standards of Conduct Office – Encyclopedia of Ethical Failure1Revised October 2019

The Standards of Conduct Office of the Department of Defense General Counsel’s Office has assembled the following selection of cases of ethical failure for use as a training tool. Our goal is to provide DoD personnel with real examples of Federal employees who have intentionally or unwittingly violated the standards of conduct. Some cases are humorous, some sad, and all are real. Some will anger you as a Federal employee and some will anger you as an American taxpayer…”



Wednesday, September 16, 2020

For my Ethical Hackers. Would you make more money keeping this hack to yourself?

https://hotforsecurity.bitdefender.com/blog/can-you-crack-monero-irs-offers-625000-bounty-for-anyone-who-can-break-privacy-of-cryptocurrency-24144.html

Can You Crack Monero? IRS Offers $625,000 Bounty for Anyone Who Can Break Privacy of Cryptocurrency

Monero (XMR) is a famously privacy-centric cryptocurrency, with features built into it from its inception that claim to make transactions untraceable and completely private, hiding the details of movements of digital cash from prying eyes. Completely private by default, Monero is a lot more private than many other cryptocurrencies such as Bitcoin.

And that, of course, has not only made it a popular digital currency for criminals operating on the darknet, it’s also made it a focus of interest for law enforcement agencies and tax-enforcement authorities such as the United States Internal Revenue Service (IRS).

According to the IRS’s call for contractors they are looking to share a total of $625,000 to “one or more contractors” who assist them in their goal to break Monero, other anonymity-enhanced cryptocurrency, or Lightning or other Layer 2 off-chain cryptocurrency protocols.

The first part of the payment (a mere $500,000) will be paid if a successful proof-of-concept is delivered, demonstrating how Monero transactions can have their privacy stripped away from them.

An additional $125,000 will apparently be given to whoever the lucky person is after the technique has passed a full examination and has been successfully launched.





You will need this, the only question is when…

https://securityaffairs.co/wordpress/108308/laws-and-regulations/vulnerability-disclosure-toolkit.html?web_view=true

UK NCSC releases the Vulnerability Disclosure Toolkit

The British National Cyber Security Centre (NCSC) released a guideline, dubbed The Vulnerability Disclosure Toolkit, for the implementation of a vulnerability disclosure process.

The international standard for vulnerability disclosure (ISO/IEC 29147:2018 ) defines the techniques and policies that can be used to receive vulnerability reports and publish remediation information. The NCSC designed this toolkit for organisations that currently don’t have a disclosure process but are looking to create one.” reads the guideline.





Still want to be famous?

https://www.theregister.com/2020/09/15/china_shenzhen_zhenhua_database/

Chinese database details 2.4 million influential people, their kids, addresses, and how to press their buttons

… The researcher alleges the purpose of the database is enabling influence operations to be conducted against prominent and influential people outside China.

Security researcher Robert Potter and Balding co-authored a paper [PDF] claiming the trove is known as the “Overseas Key Information Database” (OKIDB) and that while most of it could have been scraped from social media or other publicly-accessible sources, 10 to 20 per cent of it appears not to have come from any public source of information. The co-authors do not rule out hacking as the source of that data, but also say they can find no evidence of such activity.

A fundamental purpose appears to be information warfare,” the pair stated.

In a second post Balding said the database matters because “what cannot be underestimated is the breadth and depth of the Chinese surveillance state and its extension around the world.





You don’t have to follow this rule, but be sure to follow that one.

https://www.cpomagazine.com/data-privacy/fisa-court-approves-warrantless-surveillance-but-with-warning-to-fbi-about-following-privacy-rules/

FISA Court Approves Warrantless Surveillance but With Warning to FBI About Following Privacy Rules

The controversial warrantless surveillance program enacted under Section 702 of the FISA Amendments Act will go on for at least the remainder of this year, according to a recently-declassified Foreign Intelligence Surveillance Act (FISA) court ruling from December 2019. A judge signed off on another year of the program but did so while admonishing the FBI over numerous violations of privacy rules.

… Certain privacy rules do govern this eavesdropping, but the declassified report makes clear that the FBI and other agencies have a tendency to disregard them while applying their queries in an overbroad manner and have potentially accessed the communications of tens of thousands of Americans who are not under investigation.





Another tech first for the justice system.

https://restofworld.org/2020/death-decreed-over-zoom/

Death decreed over Zoom

On May 4, a Nigerian man became the first known person in the world to be sentenced to death via a virtual court on Zoom. The session was brief — it began at 11 a.m. and ended before 2 p.m. — and in the screenshots people posted online, Olalekan Hameed, 35, who joined the call from prison, appeared to be alone. He looked calm, and the ruling was later reported to have gone off without a hitch. Two days before the sentencing, a link to the proceedings was shared on Twitter, but it largely went unnoticed; most Nigerians were preoccupied with the easing of a five-week-long lockdown in response to the Covid-19 pandemic.

Open trials hold some significance for Nigerians, particularly those who lived through the decades of military dictatorships that followed independence and disrupted early attempts at democratic rule. Back then, court hearings for dissenters and political opponents were replaced with Special Military Tribunals (SMTs), and public access to proceedings was granted or withheld on the whim of a dictator.





If you can’t blame the AI, you blame the safety driver? What will happen when there is no safety driver?

https://www.nytimes.com/2020/09/15/technology/uber-autonomous-crash-driver-charged.html

Driver Charged in Uber’s Fatal 2018 Autonomous Car Crash

Investigators said the woman had been watching a video on her phone when the vehicle killed a pedestrian in Arizona.

A safety driver who was riding in an autonomous Uber vehicle when it struck and killed a pedestrian on a street in Tempe, Ariz., in 2018 has been charged with negligent homicide, the local authorities said on Tuesday.

The crash is believed to be the first pedestrian death caused by self-driving technology, and raised questions about who should be held responsible for such fatalities.

… A National Transportation Safety Board investigation attributed the crash mostly to human error, but also faulted an “inadequate safety culture” at Uber.





Don’t these “filters” also apply to individuals?

https://www.bespacific.com/jared-diamond-why-nations-fail-or-succeed-when-facing-a-crisis/

Jared Diamond: Why Nations Fail Or Succeed When Facing A Crisis

The following interview, between Noema Magazine Editor-in-Chief Nathan Gardels and author (previously of “Guns, Germs, and Steel”) Jared Diamond, has been edited for clarity and length.

Nathan Gardels: In assessing how nations manage crises and successfully negotiate turning points — or don’t — you pass their experience through several filters. Some key filters you use are realistic self-appraisal, selective adoption of best practices from elsewhere, a capacity to learn from others while still preserving core values and flexibility that allows for social and political compromise.

How do you see the way various nations addressed the coronavirus pandemic through this lens?

Jared Diamond: Nations and entities doing well by the criteria of those outcome predictors include Singapore and Taiwan. Doing poorly initially were the government of Italy and now, worst of all, the federal government of the U.S…”





Resource

https://www.infoworld.com/article/3574935/oracle-open-sources-java-machine-learning-library.html

Oracle open-sources Java machine learning library

Oracle is making its Tribuo Java machine learning library available free under an open source license.

With Tribuo, Oracle aims to make it easier to build and deploy machine learning models in Java, similar to what already has happened with Python. Released under an Apache 2.0 license and developed by Oracle Labs, Tribuo is accessible from GitHub and Maven Central.



Tuesday, September 15, 2020

Would this be the same as admitting liability for any security issues?

https://www.databreaches.net/west-mifflin-area-school-district-recalls-student-devices-for-urgent-security-updates/

West Mifflin Area School District recalls student devices for ‘urgent security updates’

I wonder how many districts are going through this same thing this month. Lacretia Wimbley reports:

The West Mifflin Area School District is recalling all district-issued student computers for “urgent security updates” beginning Monday.

In a letter sent home to parents last week, officials said the school district’s technology department is working with tech vendors to resolve issues some students experienced during the first week of remote classes. The security updates are required to ensure a “safe remote learning experience,” said Steven Fort, the district’s director of technology.

Read more on Pittsburgh Post-Gazette.





You can bet Russia, China, Iran and many others have copies of this App.

https://www.databreaches.net/a-bug-in-joe-bidens-campaign-app-gave-anyone-access-to-millions-of-voter-files/

A bug in Joe Biden’s campaign app gave anyone access to millions of voter files

Zack Whittaker reports:

A privacy bug in Democratic presidential candidate Joe Biden’s official campaign app allowed anyone to look up sensitive voter information on millions of Americans, a security researcher has found.

The campaign app, Vote Joe, allows Biden supporters to encourage friends and family members to vote in the upcoming U.S. presidential election by uploading their phone’s contact lists to see if their friends and family members are registered to vote.

Read more on TechCrunch.





Hacking wholesale. Adobe told the hackers what to look for last November!

https://www.databreaches.net/magento-online-stores-hacked-in-largest-campaign-to-date/

Magento online stores hacked in largest campaign to date

Catalin Cimpanu reports:

More than 2,000 Magento online stores have been hacked over the weekend in what security researchers have described as the “largest campaign ever.

The attacks were a typical Magecart scheme where hackers breached sites and then planted malicious scripts inside the stores’ source code, code that logged payment card details that shoppers entered inside checkout forms.

Read more on ZDNet.

[From the article:

Ironically, attacks against sites running the now-deprecated Magento 1.x software were anticipated since last year when Adobe — which owns Magento — issued the first alert in November 2019 about store owners needing to update to the 2.x branch.





Can your face be copyrighted? Would that solve this debate?

Professors Hartzog and Richards: Clearview AI Gets Privacy and First Amendment Wrong

From EPIC.org:

In a recent Boston Globe op-ed Professors Woody Hartzog, an EPIC Advisory Board member, and Neil Richards assert that Clearview AI’s claim of a First Amendment right to scrape, analyze, and disseminate publicly available photos is a threat to privacy that misunderstands the right to free speech. Clearview AI’s claim is a response to a lawsuit filed under Illinois’ Biometric Information Privacy Act (BIPA) challenging the company’s collection of photos and sale of facial recognition services. EPIC filed an amicus brief before the 9th Circuit defending an individual’s right to sue companies who violate BIPA and other privacy laws. Recently EPIC filed FOIA requests with several government agencies revealed as users of Clearview AI technology. Earlier this year, EPIC and over 40 organizations urged the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.

In related news, see EPIC Urges EU to Enact Comprehensive AI Legislation.





Moving lawyers into the machine?

https://news.bloomberglaw.com/tech-and-telecom-law/insight-legal-ai-2-0-is-now-appealing-to-the-masses

INSIGHT: Legal AI 2.0 Is Now Appealing to the Masses

… The first products developed in the legal tech space were tailored for law firms, given that’s where the high-volume, expensive legal work was taking place. However, the market is no longer chasing law firms that have been slow to adopt and is instead shifting to law firm clients—the ones who control the nearly $450 billion of annual spend that goes into law firms’ pockets. This is where we’ll see accelerating disruption.

Legal AI 2.0 doesn’t come without controversy, however. As we continue to see the shift away from law firms to corporate and consumer-focused products, this change has brought about legal battles such as the case between lawyers in Hamburg, Germany, and Wolters Kluwer, the parent company of a German contract platform that sold legal documents to the public without a lawyer engaged in the process.

The Hamburg Bar Association claimed that offering contract generation is a legal service, for which Wolters Kluwer has no license and that Wolters Kluwer engaged in unfair competition

While no one has a crystal ball, Legal 3.0 looks like it will be defined by legal chat bots that have unique user context and take dynamic actions on your behalf (i.e., the ability to link things back to an older contract, conversations you’ve previously had, etc.).

Gartner predicts that by 2023, virtual legal assistants (VLAs) will field 25% of internal requests to legal departments at large enterprises, increasing operational capacity for in-house corporate teams.





Sounds like they think people have no role...

https://www.fastcompany.com/90546743/ai-could-create-a-new-era-of-policing-reform-if-only-the-police-allowed-it

AI could help root out bad cops—if only the police allowed it





There must be more to this article than I suspected.

https://bdtechtalks.com/2020/09/14/guardian-gpt-3-article-ai-fake-news/

The Guardian’s GPT-3-written article misleads readers about AI. Here’s why.