TM;DB (Too many; didn’t blog)

https://www.databreaches.net/and-the-ransomware-attacks-just-keep-on-coming/

And the ransomware attacks just keep on coming….

Marieville in Canada

Dassault Falcon Jet in France (attacked by RagnarLocker who exploited Shitrix vulnerability in March and reportedly enjoyed a lengthy stay inside their systems)

Amg Energia in Italy

TSYS in Georgia

Netgain in Minnesota

The Socorro Independent School District in Texas

The city of Independence in Missouri

And there are many more…. as @Chum1ng0 keeps helpfully pointing out to us all.

(Related) ...and it gets worser and worser!

https://www.databreaches.net/most-victim-organizations-suffer-second-intrusion-within-a-year/

Most Victim Organizations Suffer Second Intrusion Within a Year

Phil Muncaster reports:

Security experts have warned victims of sophisticated cyber-attacks not to think of intrusions as a one-off event, as a majority of organizations end up getting hit again within the year.

CrowdStrike compiled an analysis of its own incident response and managed services engagements in 2020, to produce the CrowdStrike Services Cyber Front Lines Report,

It warned that in 68% of cases where an organization had experienced an intrusion, it is targeted again within 12 months.

Read more on InfoSecurity.

Some interesting twists.

https://thenextweb.com/neural/2020/12/11/privacy-advocates-poop-on-uk-supermarkets-facial-recognition-system/

Privacy advocates poop on UK supermarket’s facial recognition system

… The software, which is supplied by UK startup Facewatch, alerts staff when someone with a record of “theft or anti-social behavior” enters the shop.

… “We are concerned that such a deployment at Southern Co-op stores –even at trial level — could mean that, in order to purchase essential goods, people might be in effect left with no choice but to submit themselves to facial recognition scans,” said Privacy International.

“We are also deeply concerned about the potential sharing of captured data with police, with or without Co-op’s knowledge.”

Civil liberties group Big Brother Watch has also warned that the tech puts customers’ data and privacy rights at major risk. It also fears that the system could incorrectly flag innocent people as criminals.

A tool for Privacy geeks?

https://gizmodo.com/brave-releases-privacy-focused-news-reader-1845862802

Brave Releases Privacy-Focused News Reader

Brave is continuing its war against data-collection giants like Google with the introduction of a privacy-centered news reader to its privacy-centered web browser.

The company announced the launch of the Brave Today news reader on Thursday, and people who already use its browser don’t need to do anything to check out the new feature. It’s right there on the home page when a new window is opened. Outside of the privacy protections, Brave Today should be a fairly familiar experience. Scrolling down the page displays a running feed of stories pulled from hundreds of news outlets that are sortable by category. Clicking “customize” allows you to disable any outlet of your choosing. It’s like Google News but less cluttered on the visual level.

Perspective.

https://www.pogowasright.org/new-report-shows-google-tracks-80-of-the-web-with-amazon-likely-to-overtake-facebook-as-second-worst-privacy-threat/

New report shows Google tracks 80% of the Web, with Amazon likely to overtake Facebook as second-worst privacy threat

Glyn Moody writes:

It’s no secret that practically every Web page we visit is infested with trackers. On its own, that would be bad enough. But most trackers are used in order to aggregate enormous quantities of data. Taken together, these create extremely detailed profiles that reveal many things about us, include some pretty private and intimate ones. This massive assault on privacy is carried out supposedly so that advertisers can target us more accurately when they place ads – usually in real time – on the Web pages we view. That’s a terrible deal, but just how terrible is sometimes difficult to grasp. A new report provides some hard figures on how bad things really are.

It comes from the company Ghostery, founded in 2009, and best known for its Ghostery browser extension, which allows users to choose which – if any – trackers to allow. The company claims to have over seven million active users, and by drawing on their online experiences Ghostery has put together a report called “Tracking the Trackers”. This is the company’s second report on tracking.

Read more on PrivateInternetAccess.com

Do we still have ‘beginners?’

https://thenextweb.com/neural/2020/12/11/a-beginners-guide-to-ai-the-difference-between-human-and-machine-intelligence/

A beginner’s guide to AI: The difference between human and machine intelligence

Welcome to Neural’s beginner’s guide to AI. This multi-part feature should provide you with a very basic understanding of what AI is, what it can do, and how it works. The guide contains articles on (in order published) neural networks, computer vision, natural language processing, algorithms, artificial general intelligence, and the difference between video game AI and real AI.

Toward algorithmic attorneys.

https://www.coe.int/en/web/portal/-/cepej-artificial-intelligence-and-cyberjustice-at-the-heart-of-discussions

CEPEJ: Artificial intelligence and cyberjustice at the heart of discussions

The European Commission for the Efficiency of Justice (CEPEJ ) has adopted a feasibility study on the possible establishment of a certification mechanism for artificial intelligence tools and services. The study is based on the CEPEJ Charter on the use of artificial intelligence in judicial systems and their environment, adopted in December 2018. The Council of Europe, if it decides to create such a mechanism, could be a pioneer in this field. After consultation with all member and observer states, this feasibility study will be followed by an action plan that the CEPEJ will prepare and send to the Committee of Ministers for examination in 2021.

The CEPEJ also adopted the roadmap of its Working Group on Cyberjustice and Artificial Intelligence. The work carried out in the field of the digitalisation of justice aims to provide new concrete tools in this area to European courts, which has become even more necessary during times of sanitary crisis and closures of courts, while ensuring respect for the fundamental principles of the European Convention on Human Rights and in particular those of its Article 6.

A nice book for my nice niece?

https://www.makeuseof.com/websites-to-find-beautifully-bound-books/

7 Websites to Find Beautifully Bound Books You Would Love to Own

Games for shut-ins. “Chess Vision” looks like cheating.

https://www.makeuseof.com/learn-how-to-play-chess-online-improve-your-skills/

5 Free Ways to Learn How to Play Chess Online and Improve Your Skills

From AI-powered apps to YouTube lessons from grandmasters, you can learn how to play chess online for free, whether you're a beginner or a seasoned player.

I worry that Dilbert sums up the feelings of my readers…

https://dilbert.com/strip/2020-12-12

This summary is not available. Please click here to view the post.

Perspective.

https://www.databreaches.net/cyberattack-cost-uvm-medical-center-1-5-million-a-day/

Cyberattack cost UVM Medical Center $1.5 million a day

Kate Jickling reports:

The October cyberattack cost the University of Vermont Medical Center $1.5 million a day in increased expenses and lost revenue, hospital president Stephen Leffler said Tuesday.

That “back of the envelope” calculation doesn’t include the cost of getting the system back up and running, he told reporters.

Forty-two days have elapsed since the attack occurred on Oct. 28. The total cost, including lost revenue and expenses, could exceed $63 million.

Read more on VTDigger.

You just know that some threat actors will use that report and those figures to tell future victims that that’s why they should pay the ransom demand (assuming it’s less than $63 million…)

Don’t duck your cookies in my milk!

https://techcrunch.com/2020/12/10/france-fines-google-120m-and-amazon-42m-for-dropping-tracking-cookies-without-consent/

France fines Google $120M and Amazon $42M for dropping tracking cookies without consent

France’s data protection agency, the CNIL, has slapped Google and Amazon with fines for dropping tracking cookies without consent.

Google has been hit with a total of €100 million ($120M) for dropping cookies on Google.fr and Amazon €35M (~42M) for doing so on the Amazon.fr domain under the penalty notices issued today.

An approach...

https://thenextweb.com/neural/2020/12/09/why-ibms-ai-fact-sheets-should-be-the-industry-standard/

Why IBM’s AI Fact Sheets should be the industry standard

Every once in awhile an idea comes along that’s so good it makes you wonder why it took so long for someone to think of it. IBM’s AI Fact Sheets is one of those ideas.

AI Fact Sheets are a lot like packaged food nutrition labels, They contain information about an AI model’s development, capabilities, benchmark performance, and more.

Big Blue today announced its plans to “commercialize key automated documentation capabilities from IBM Research’s AI Factsheets methodology into Watson Studio in Cloud Pak for Data throughout 2021.”

In other words: businesses and developers using Watson Studio in Cloud Pak for Data will soon have access to an automated AI Fact Sheets tool to create transparency and info reports. The tool would generate most, if not all, of the AI Fact Sheet’s information automatically.

… While it’s a bit more complex than we can get into in this article (research paper here ), the bottom line is that anything that standardizes transparency in machine learning models is a good thing.

I read this as a model to prepare for change (not just new privacy laws). After all, change is the only constant.

https://www.cpomagazine.com/data-protection/6-engineering-principles-to-prepare-you-for-any-privacy-regulation/

6 Engineering Principles to Prepare You for Any Privacy Regulation

Despite the recent wave of new regulations and shifting consumer expectations, it’s still common for businesses to treat privacy as a bolt-on to appease a collection of ever-changing compliance checklists. However, as CPOs and their teams await the next installation of regulation from governments around the world, it’s already clear that most regulators are interested in far more than ensuring consent and transparency.

They’re looking at the results of abusive or exploitative data practices such as discrimination, deception, and inequality. And although a lot has been written about the anxiety and uncertainty inside even well-intentioned companies attempting to comply with a seemingly moving target, there isn’t enough discussion about the engineering practices CPOs can champion to minimize thrashing for their teams as new protections become law.

A bakers dozen AI articles.

https://www.jdsupra.com/legalnews/the-year-in-artificial-intelligence-68190/

The Year in Artificial Intelligence — 2020 Popular Reads on JD Supra

Written by humans, read by humans, and curated by humans: here's a look at some of the most well-read artificial intelligence posts published on JD Supra during 2020:

And so one long awaited drama begins.

https://www.makeuseof.com/facebook-forced-to-sell-instagram-whatsapp/

Facebook May Be Forced to Sell Instagram and WhatsApp

… The FTC announced that it is suing Facebook in a press release on the official FTC site. 47 state attorneys general are also suing the social media giant.

… In the court documents on the FTC's website, the FTC points out the alleged anticompetitive behavior that motivated Facebook to buy Instagram, saying:

Mr. Zuckerberg recognized that by acquiring and controlling Instagram, Facebook would not only squelch the direct threat that Instagram posed, but also significantly hinder another firm from using photo-sharing on mobile phones to gain popularity as a provider of personal social networking.

… Facebook quickly responded to the lawsuits in a post on the About Facebook blog. Jennifer Newstead, the general counsel at Facebook, denounced the lawsuits, saying that they are "revisionist history."

… She also notes that both purchases were, in fact, reviewed by antitrust regulators and were approved. Newstead goes on to criticize the FTC for wanting a "do-over" on its initial approval, and that the lawsuit "risks sowing doubt and uncertainty about the US government's own merger review process."

(Related)

https://techcrunch.com/2020/12/10/facebook-hit-with-antitrust-probe-for-tying-oculus-use-to-facebook-accounts/

Facebook hit with antitrust probe for tying Oculus use to Facebook accounts

Facebook’s bad week just got worse: It’s being investigated in Germany for linking usage of its VR product, Oculus, to having a Facebook account.

The tech giant raised the hackles of the VR community this summer when it announced it would be merging users of the latest Oculus kit onto a single Facebook account — and would end support for existing Oculus account users by 2023.

I thought we had eliminated such stupidity…

https://www.databreaches.net/ge-puts-default-password-in-radiology-devices-leaving-healthcare-networks-exposed/

GE puts default password in radiology devices, leaving healthcare networks exposed

Dan Goodin reports:

Dozens of radiology products from GE Healthcare contain a critical vulnerability that threatens the networks of hospitals and other health providers that use the devices, officials from the US government and a private security firm said on Tuesday.

The devices—used for CT scans, MRIs, X-Rays, mammograms, ultrasounds, and positron emission tomography—use a default password to receive regular maintenance. The passwords are available to anyone who knows where on the Internet to look.

Read more on Ars Technica.

(Ditto) Court orders the impossible.

https://www.theregister.com/2020/12/08/tutanota_backdoor_court_order/

Court orders encrypted email biz Tutanota to build a backdoor in user's mailbox, founder says 'this is absurd'

Tutanota has been served with a court order to backdoor its encrypted email service – a situation founder Matthias Pfau described to The Register as "absurd."

Our friends at Heise reported auf Deutsch that a court in Germany last month ordered Tutanota to help investigators monitor the contents of a user's encrypted mailbox. The site has until the end of the year to add functionality to perform this surveillance.

Such a peephole would destroy the unique selling point of Tutanota: it encrypts all data stored in people's mailboxes in such a way that it can't retrieve the contents beyond some metadata. It also allows people to wrap their outgoing and incoming messages in end-to-end encryption that, again, Tutanota can't break.

The site can, say, provide the cops access to new incoming non-encrypted emails for a particular inbox, though it can't hand over its encrypted contents. We imagine Tutanota could alter its code to capture a copy of the user's password during login so that someone else can unlock it later, though it's not clear if the court order goes this far. In any case, if the user never logs in again, the mailbox contents will remain enciphered, and the court order can't be fulfilled.

I agree!

https://www.technologyreview.com/2020/12/08/1013440/web-scraping-van-buren-case-supreme-court-opinion/

Web scraping is a tool, not a crime

As a reporter who can code, I can easily collect information from websites and social media accounts to find stories. All I need to do is write a few lines of code that go into the ether, open up websites, and download the data that is already publicly available on them. This process is called scraping.

But there’s a calculus I make in my head whenever I begin pursuing a story that requires scraping: “Is this story worth going to prison for?”

The devil is in the details.

https://www.pogowasright.org/the-untold-story-of-how-the-golden-state-killer-was-found-a-covert-operation-and-private-dna/

The untold story of how the Golden State Killer was found: A covert operation and private DNA

Paige St. John reports:

The dramatic arrest in 2018 of Joseph James DeAngelo Jr. was all the more astounding because of how detectives said they caught the elusive Golden State Killer— by harnessing genetic technology already in use by millions of consumers to trace their family trees.

But the DNA-matching effort that caught one of America’s most notorious serial killers was more extensive than previously disclosed and involved covert searches of private DNA housed by two for-profit companies despite privacy policies, according to interviews and court discovery records accessed by The Times.

Read more on the Los Angeles Times.

A tool that might help.

https://fpf.org/2020/12/08/legislative-findings-brookings-builds-on-u-s-privacy-legislation-report/

Legislative Findings: Brookings Builds on U.S. Privacy Legislation Report

Today, the Brookings Institution released model legislative findings for federal privacy legislation, intended to accompany the model privacy legislation they published in June, 2020. The findings are designed to motivate discussion and to reconcile differences between two of the leading proposals: Sen. Maria Cantwell’s (D-WA) Consumer Online Privacy Rights Act and Sen. Roger Wicker’s (R-MS) SAFE DATA Act. The legislative findings also provide useful framing for the recommendations and options outlined in Brookings’ Report, “Bridging the gaps: A path forward to federal privacy legislation.”

Tighten your grip on customers?

https://www.techrepublic.com/article/pwc-5-tactics-that-increase-your-chance-of-winning-with-ai/

PwC: 5 tactics that increase your chance of winning with AI

A new report finds that the uncertainty of the pandemic forced executives to rely on artificial intelligence to map out multiple scenarios to find a way forward.

Artificial intelligence is now mainstream and the companies making it work are building a competitive edge that may be insurmountable, according to a new report from PwC. Successful early adopters are building a virtuous cycle [??? Bob] that starts with better customer experiences, which encourages customers to share more data, which in turn powers smarter AI algorithms.

Anand Rao, global artificial intelligence lead at PwC, said the new report explains how companies are using AI successfully and what changes they are making to support that success. The new report, "How to navigate the top 5 AI trends facing your business," includes data from 1,032 executives at US companies, including more than 200 CEOs.

Eliminating lawyers?

https://www.scmp.com/tech/innovation/article/3113058/analyse-ai-faster-evaluating-contracts-human-lawyers-alibaba

Analyse this: AI faster at evaluating contracts than human lawyers in Alibaba contest

… In the first competition of its kind in China, humans were pitted against AI on Friday in reviewing contracts, one of the most common tasks conducted at law firms. The AI program passed with flying colours, sending its results within a minute after the competition started, state-owned newspaper China Daily reported. The program recorded an accuracy rate of 96 per cent, beating the lawyers.

Still, the best results came from a team consisting of both lawyers and AI, which found the highest number of risks. The contestants, who were divided into groups either working with the program or working independently, went through five contracts totaling nearly 20,000 lines of text in 30 minutes.

Want to scare the kids?

https://www.theguardian.com/film/2020/dec/08/ihuman-review-doom-laden-documentary-about-the-future-of-ai

iHuman review – doom-laden documentary about the future of AI

What will happen when robots become smarter than humans – will they want to kill us? No, according to the computer scientist in charge of Elon Musk’s artificial intelligence research company OpenAI. His name is Ilya Sutskever and he believes that super intelligent machines won’t hate us, but they will prioritise their own survival. Think about the way we treat animals. We’re fond of them but we don’t ask their permission to build a road; it’ll be like that. His analogy is an extraordinary moment in this doom-laden documentary about the future of AI from Norwegian film-maker Tonje Hessen Schei – an eye-opening film if your anxiety levels are up to it.

Another interviewee jokes that AI is being developed by a few companies and a handful of governments for three purposes – “killing, spying and brainwashing” and the film then briskly rattles through the worst-case scenarios facing human civilisation.

[Trailer: https://www.youtube.com/watch?v=XeSTYN75aic

Released on 10 December in cinemas and in virtual cinemas online.

Hacking Youtube to make it a teaching tool.

https://www.bespacific.com/7-youtube-secrets-how-to-make-a-gif-get-a-transcript-and-more/

7 YouTube secrets: How to make a GIF, get a transcript, and more

Fast Company: “…while many people never do more than open up a video, watch it, and then move on, YouTube has a surprisingly rich set of features. Here are some cool tricks you can use to make your viewing experience more engaging, efficient, and fun… If you’re looking to achieve true YouTube-watching mastery, then keyboard shortcuts are a must. Google keeps a full list here, but some of the more notable ones include using the J, K, and L keys to go back 10 seconds, pause, and go forward 10 seconds, respectively [Google owns YouTube]… There are roughly a bajillion ways to turn YouTube videos into animated GIFs, but adding “gif” to the front of a video’s URL is probably the easiest to remember…”

You know that book you’ve been meaning to write…

https://www.makeuseof.com/reedsy-book-editor-write-publish-book/

How to Use the Reedsy Book Editor to Write and Publish Your Book

It’s one thing to write a story and another to prepare a manuscript for publication. This is something professional writing software like Reedsy's Book Editor can help with.

Apart from a space to type out your narrative, you get tools that transform it according to publishing industry standards. If you’d like to get to know this handy writing app, here are some key steps to follow.