Centennial Man: 2021-06-06

Saturday, June 12, 2021

Would make a great April Fool story, unfortunately..

https://gizmodo.com/this-shockingly-invasive-malware-stole-data-from-3-25-m-1847079897

This Shockingly Invasive Malware Stole Data from 3.25 Million Windows Computers

Between 2018 and 2020, [No one noticed? Bob] a mysterious strain of malware infected and stole sensitive data from approximately 3.25 million Windows-based computers—taking with it a horrifying amount of intimate information about the users of those devices.

The data includes login credentials—both usernames and passwords—for dozens of online platforms, as well as billions of browser cookies, millions of user files stolen right off of infected desktops and, in some cases, pictures of the device’s user taken with the computer’s own webcam.

The malicious epidemic was uncovered recently when a large database of the stolen information was spotted on the dark web, reports NordLocker in a new analysis of the incident.

… The compromised login information includes 1,471,416 Facebook credentials; 261,773 Twitter credentials; 145,436 PayPal credentials; 87,282 Dropbox credentials; 1,540,650 Google account credentials, and so on. Other compromised accounts include Coinbase, Blockchain, Outlook, Skype, Netflix...you get the picture.

On top of this, the malware also apparently took screenshots of the desktops it had infected, which retroactively helped researchers piece together just how much information had been compromised. To get a better idea of how extensive the damage is, here is a little breakdown:

2 billion cookies

26 million login credentials

6.6. million files (apparently stolen off of desktops)

Upwards of 1 million images (696,000 .png and 224,000 .jpg files)

More than 650,000 Word documents and .pdf files

… You can check out a more detailed breakdown of all of the stolen files here.

Monumental Supply-Chain Attack on Airlines Traced to State Actor

A monster cyberattack on SITA, a global IT provider for 90 percent of the world’s airline industry, is slowly unfurling to reveal the largest supply-chain attack on the airline industry in history.

The enormous data breach, estimated to have already impacted 4.5 million passengers, has potentially been traced back to the Chinese state-sponsored threat actor APT41, and analysts are warning airlines to hunt down any traces of the campaign concealed within their networks.

Politics for fun and profit? Would Machiavelli approve?

https://www.csoonline.com/article/3621774/nation-states-cyberconflict-and-the-web-of-profit.html#tk.rss_all

Nation States, Cyberconflict, and the Web of Profit.

HP recently announced the findings of a new study – Nation States, Cyberconflict, and the Web of Profit – showing that nation state cyberattacks are becoming more frequent, varied, and open, moving us closer to a point of “advanced cyberconflict” than at any time since the inception of the internet.

Download the report: Nation States, Cyberconflict and the Web of Profit

Download the infographic: Nation States, Cyberconflict and the Web of Profit Infographic

(Related) Frustration is rising.

https://www.theregister.com/2021/06/11/uk_ungge_cyber_norms_submission/

UK tells UN that nation-states should retaliate against cyber badness with no warning

Britain has told the UN that international cyber law should allow zero-notice digital punishment directed at countries that attack others' infrastructure.

A statement made by UK diplomats to the UN's Group of Governmental Experts on Advancing Responsible State Behaviour in the Context of International Security (UN GGE) called for international law to permit retaliation for cyber attacks with no notice.

"The UK does not consider that States taking countermeasures are legally obliged to give prior notice (including by calling on the State responsible for the internationally wrongful act to comply with international law) in all circumstances," said the British submission to the UN GGE, made in advance of the G7 heads of government meeting in Cornwall this week.

What is likely, doable or at least possible?

https://www.globalgovernmentforum.com/human-rights-and-ai-interesting-insights-from-australias-commission/

Human rights and AI: interesting insights from Australia’s commission

The conundrum is one that many governments face: how do you make the most of technological advances in areas such as artificial intelligence (AI) while protecting people’s rights? This applies to government as both a user of the tech and a regulator with a mandate to protect the public.

Australia’s Human Rights Commission recently undertook an exercise to consider this very question. Its final report, Human Rights and Te chnology, was published recently and includes some 38 recommendations – from establishing an AI Safety Commissioner to introducing legislation so that a person is notified when a company uses AI in a decision that affects them.

Price fixing, government style.

https://arstechnica.com/tech-policy/2021/06/ny-cant-force-isps-to-offer-15-low-income-broadband-plans-judge-rules/

NY can’t force ISPs to offer $15 low-income broadband plans, judge rules

On Friday, the broadband industry won a court order that prohibits New York from enforcing a state law that would require ISPs to sell $15-per-month broadband plans to low-income households.

Lobby groups for ISPs sued New York to block the law that was scheduled to take effect on June 15 and received a preliminary injunction today from US District Court for the Eastern District of New York. The state law is preempted by federal law, US District Judge Denis Hurley wrote in the order. While the case will continue, Hurley found that the industry is likely to succeed in its lawsuit.

Future war?

https://www.c4isrnet.com/opinion/2021/06/11/drone-wars-new-book-wonders-who-will-be-the-next-drone-superpower/

‘Drone Wars’: New book wonders who will be the next drone superpower

Victory in the next major conflict could very well depend on the effectiveness of drones — from their swarm capabilities to their surveillance and artificial intelligence technologies. In “Drone Wars: Pioneers, Killing Machines, Artificial Intelligence, and the Battle for the Future,” author and Defense News correspondent Seth J. Frantzman wonders: Who will be this victorious drone superpower?

Tools & Techniques. Forgery made easy?

https://about.fb.com/news/2021/06/ai-can-now-emulate-text-style-in-images-in-one-shot-using-just-a-single-word/

AI Can Now Copy Text Style in Images Using Just a Single Word

… Today, we’re introducing TextStyleBrush, the first self-supervised AI model that replaces text in existing images of both scenes and handwriting — in one shot — using just a single example word. The work will also be submitted to a peer-reviewed journal.

Tools & Techniques.

https://www.makeuseof.com/tag/how-to-record-a-phone-call-on-iphone/

How to Record Phone Calls and Conversations on iPhone

As a result of country and state-specific laws, Apple has not created a built-in phone recording option. Apple's impeccable privacy settings are one reason it has attracted so many worldwide customers. However, you can still record iPhone phone calls using some workarounds.

Friday, June 11, 2021

Perspective. Business-like to deflect suspicion from the countries that control them?

https://news.softpedia.com/news/u-s-gets-hit-by-more-than-7-ransomware-attacks-an-hour-533191.shtml

U.S. Gets Hit by More Than 7 Ransomware Attacks an Hour

… The increase in attacks has been seen for years. According to Recorded Future, a Boston-based cybersecurity firm, there were 65,000 ransomware attacks last year.

… DarkSide, the Russia-based criminal organization responsible for the Colonial Pipeline attack, even employs what some analysts call a "customer service contact" to answer questions from targets under attack.

The start of an avalanche or an aberration?

https://www.vice.com/en/article/93y3np/new-york-senate-passes-electronics-right-to-repair-legislation

New York Senate Passes Electronics Right-to-Repair Legislation

The legislation still has to pass the Assembly, but the Senate became the first legislative body in the US to pass a bill that would make it easier to fix your things.

Shouldn’t we have access to all (non-classified) data already? FOIA is spreading access, right?

https://www.zdnet.com/article/biden-administration-forms-new-ai-task-force/

Biden administration forms new AI task force

The Biden administration on Thursday announced the formation the National Artificial Intelligence (AI) Research Resource Task Force, a group of 10 AI experts who will create a plan for giving AI researchers more access to data, computational resources and other tools.

I don’t think this is true, except in rare instances. Worth reading.

https://www.datacenterdynamics.com/en/opinions/what-if-ai-is-the-problem-not-the-solution/

What if AI is the problem, not the solution?

Artificial intelligence is a kind of modern alchemy. It promises to put the spark of humanity into inanimate objects. It says it can transmute dross into gold - taking heaps of formless data and magically creating new insights from it.

Of course that is hype, and we know it.

Learning.

https://www.jdsupra.com/legalnews/webinar-proposed-eu-regulation-on-ai-1005030/

[Webinar] Proposed EU Regulation on AI - Impact and Ripple Effect - June 23rd, 9:00 am ET

Members of WLG's Artificial Intelligence Group will explore the proposed EU legal framework for AI - what businesses, institutions, and processes will be impacted; its implications; and the likely ripple effect to other jurisdictions.

This seems confusing. I see (suspect?) problems.

https://www.politico.com/news/2021/06/09/house-democrats-announce-tech-bills-492703

House Democrats about to uncork 5-pronged assault on tech

House Democrats are set to introduce a package of five bills as soon as this week that would prohibit tech giants like Apple, Amazon, Facebook and Google from discriminating against rivals or buying potential competitors, [hostile takeovers only? Bob] two individuals familiar with the discussions told POLITICO — the most serious effort yet to rein in Silicon Valley’s power after years of complaints from Congress.

The most controversial bill would let prosecutors sue to break up major tech companies by forcing the platforms to sell off lines of business if they represent a conflict of interest. POLITICO obtained drafts of all five bills.

… Democrats on the House Judiciary antitrust panel circulated the draft bills to potential co-sponsors this week. They hope to lure at least some GOP members into supporting the bills, particularly Colorado Rep. Ken Buck, a critic of the large tech companies and the top Republican on the panel.

… “This is not traditional antitrust law. This is a broader concept of competition policy that borrows some antitrust concepts, but relies on a broader notion on what behavior for individual firms is inappropriate.”

… Under four of the bills, the Justice Department or the FTC would first be required to designate "covered platforms" — those with at least 500,000 U.S. users, $600 billion in revenue or market cap and a “critical trading partner” for other businesses. Those platforms would then have limitations on their conduct, mergers and data use. [No need to show monopolistic practices? Bob]

… Conflicts of interest: takes aim at companies like Amazon that operate a dominant platform and promote their own goods or services on it.

… Mergers: The platform would be required to show “clear and convincing evidence” in court that the potential rival doesn’t compete with it or pose a competitive threat. [At what level? Could a railroad buy an airline? Bob]

Thursday, June 10, 2021

If they pay once, will they pay the next time?

https://www.databreaches.net/meat-processor-jbs-paid-11-million-in-ransom-to-hackers/

Meat processor JBS paid $11 million in ransom to hackers.

Rebecca Robbins reports:

The world’s largest meat processor said on Wednesday that it paid an $11 million ransom in Bitcoin to the hackers behind an attack that forced the shutdown last week of all the company’s U.S. beef plants and disrupted operations at poultry and pork plants.

The company, JBS, said in a statement that the decision to pay the ransom was made to protect its data and hedge against risk for its customers. The company said most of its facilities were back up and running when the payment was made.

Read more on MassPrivateI.

Is there any way to put a positive spin on this? Clearly you don’t like my face. If you claim to be ‘improving’ my looks, I find that rude.

https://texasnewstoday.com/tiktok-changed-the-shape-of-some-peoples-faces-without-asking/307743/

TikTok changed the shape of some people’s faces without asking

On the surface, it was a strange, temporary problem that affected some users and not others. But it also forced people to change their appearance. This is an important issue for apps used by about 100 million people in the United States. So I also sent a video to Amy Niu, a PhD candidate at the University of Wisconsin who is studying the psychological effects of beauty filters. She pointed out that in China and several other places, some apps add subtle beauty filters by default. If Niu is using an app like WeChat, you can only really know that the filter is set by comparing your photo using the camera with the image generated by the app. I can do it.

A few months ago she said she downloaded a Chinese version of TikTok called Douyin. “Even if you turn off beauty mode and filters, you can still see facial adjustments,” she said.

It’s not necessarily a bad thing to have beauty filters in your app, but app designers are responsible for considering how these filters are used and how they change the people who use them. Even temporary bugs can affect people’s perspectives.

(Related) Trying to keep up…

https://www.theverge.com/2021/6/9/22525953/biden-tiktok-wechat-trump-bans-revoked-alipay?scrolla=5eb6d68b7fedc32c19ef33b4

Biden revokes and replaces Trump orders banning TikTok and WeChat

President Joe Biden signed an executive order Wednesday revoking the Trump-era bans on TikTok and WeChat. In place of the Trump order, Biden will direct the commerce secretary to investigate apps with ties to foreign adversaries that may pose a risk to American data privacy or national security.

In case my AI wants to go into business...

https://www.bespacific.com/artificial-intelligence-as-a-service-legal-responsibilities-liabilities-and-policy-challenges/

Artificial Intelligence as a Service: Legal Responsibilities, Liabilities, and Policy Challenges

Cobbe, Jennifer and Singh, Jatinder, Artificial Intelligence as a Service: Legal Responsibilities, Liabilities, and Policy Challenges (April 12, 2021). Forthcoming in Computer Law & Security Review, Available at SSRN: https://ssrn.com/abstract=3824736 or http://dx.doi.org/10.2139/ssrn.3824736

“Artificial Intelligence as a Service (‘AIaaS’) will play a growing role in society’s technical infrastructure, enabling, facilitating, and underpinning functionality in many applications. AIaaS providers therefore hold significant power at this infrastructural level. We assess providers’ position in EU law, focusing on assignment of controllership for AIaaS processing chains in data protection law and the availability to providers of protection from liability for customers’ illegal use of AIaaS. We argue that in data protection law, according to current practice, providers are often joint controllers with customers for aspects of the AIaaS processing chain. We further argue that providers lack protection from liability for customers’ illegal activity. More fundamentally, we conclude that the role of providers in customer’s application functionality – as well as the significant power asymmetries between providers and customers – challenges traditional understandings of roles and responsibilities in these complex, networked, dynamic processing environments. Finally, we set out some relevant issues for future regulation of AIaaS. In all, AIaaS requires attention from academics, policymakers, and regulators alike.”

For a minute there, I thought their AI had written the paper…

https://venturebeat.com/2021/06/09/deepmind-says-reinforcement-learning-is-enough-to-reach-general-ai/

DeepMind says reinforcement learning is ‘enough’ to reach general AI

… In a new paper submitted to the peer-reviewed Artificial Intelligence journal, scientists at U.K.-based AI lab DeepMind argue that intelligence and its associated abilities will emerge not from formulating and solving complicated problems but by sticking to a simple but powerful principle: reward maximization.

Titled “Reward is Enough,” the paper, which is still in pre-proof as of this writing, draws inspiration from studying the evolution of natural intelligence as well as drawing lessons from recent achievements in artificial intelligence. The authors suggest that reward maximization and trial-and-error experience are enough to develop behavior that exhibits the kind of abilities associated with intelligence. And from this, they conclude that reinforcement learning, a branch of AI that is based on reward maximization, can lead to the development of artificial general intelligence.

Perspective.

https://www.technologyreview.com/2021/06/10/1026008/the-coming-productivity-boom/

The coming productivity boom

Productivity growth, a key driver for higher living standards, averaged only 1.3% since 2006, less than half the rate of the previous decade. But on June 3, the US Bureau of Labor Statistics reported that US labor productivity increased by 5.4% in the first quarter of 2021. What’s better, there’s reason to believe that this is not just a blip, but rather a harbinger of better times ahead: a productivity surge that will match or surpass the boom times of the 1990s.

Soon: “We don’t need no stinking humans!”

https://techcrunch.com/2021/06/08/compose-ai-raises-2-1m-to-help-everyone-write-faster/

Compose.ai raises $2.1M to help everyone write faster

… Compose.ai is essentially an auto-complete function that works wherever you browse the web. The company is also building the capability for its AI-powered backend to learn your voice, imbibe context to help provide better responses, and, in time, absorb a company’s larger voice to help align its aggregate writing output.

Co-founders Landon Sanford and Michael Shuffett told TechCrunch that Compose.ai believes that in five years, average folks won’t type every word that they write. They want to bring that future to more people through the Compose.ai Chrome extension, which hopefully workers can access without having to get corporate permission. [A hacker’s dream is a security managers nightmare. Bob]

I chose for my text, ‘English, as she is spoke.”

https://www.makeuseof.com/how-to-teach-english-online-and-work-from-anywhere-in-the-world/

How to Teach English Online and Work From Anywhere in the World

... If you’re new to the idea of teaching English online or have any questions about qualifications, finding jobs, different teaching platforms, and what the difference between TEFL and TESOL is, read this handy guide and introduction to teaching English online.

Wednesday, June 09, 2021

Riiight. And my car was stolen because I changed hubcaps. Why does this sound so fishy?

https://www.npr.org/2021/06/09/1004684932/fastly-tuesday-internet-outage-down-was-caused-by-one-customer-changing-setting

Tuesday's Internet Outage Was Caused By One Customer Changing A Setting, Fastly Says

Fastly, the company hit by a major outage that caused many of the world's top websites to go offline briefly this week, blamed the problem on a software bug that was triggered when a customer changed a setting.

The problem at Fastly meant internet users couldn't connect to a host of popular websites early Tuesday including The New York Times, the Guardian, Twitch, Reddit and the British government's homepage.

"We experienced a global outage due to an undiscovered software bug that surfaced on June 8 when it was triggered by a valid customer configuration change," Nick Rockwell, Fastly's senior vice president of engineering and infrastructure, said in a blog post late Tuesday.

… "Even though there were specific conditions that triggered this outage, we should have anticipated it," Rockwell said.

… But the incident highlighted how the much of the global internet is dependent on a handful of behind the scenes companies like Fastly that provide vital infrastructure, and it amplified concerns about how vulnerable they are to more serious disruption.

Not a single new leak, but still a greater change to find your password in this list.

https://cybernews.com/security/rockyou2021-alltime-largest-password-compilation-leaked/

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches.

According to the post author, all passwords included in the leak are 6-20 characters long, with non-ASCII characters and white spaces removed. The same user also claims that the compilation contains 82 billion passwords. However, after running our own tests, the actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries:

If you are going to start a Privacy-Tech company, I’d like a job as a ‘bad example.’ I won’t do anything and you can explain to your clients why that might be a bad idea.

https://www.bespacific.com/privacy-tech-industry-explodes/

Privacy tech industry explodes

Axios: “Businesses forced to comply with a patchwork of state and global privacy rules have turned what was once a cottage industry focused on data and privacy into a multi-billion-dollar sector. Why it matters: As COVID-19 pushed consumers online in droves, companies — from Fortune 500 firms to the corner coffee shop — had to grapple with how to legally handle personal data. The privacy-tech companies who know how to do it have been raking in the cash. “Data is on its way to becoming a fairly regulated business, even though we don’t have a national law yet,” said Jules Polonetsky, CEO of the Future of Privacy Forum. “If you’re a restaurant or even a school — and all of a sudden you’re covered by one of these laws — you now have to assess and document that you’re in compliance.”

By the numbers: Consumers are more connected than ever, causing data flows to a wide variety of companies to grow exponentially. The average American household now has 25 connected devices, ranging from laptops, smartphones and smart TVs to gaming consoles, smart home devices and connected fitness machines, according to a Deloitte connectivity survey out today…
What’s happening: The companies that help other companies process, maintain, and legally maximize use of consumer data are in high demand, and collectively need to mature, according to a Future of Privacy Forum report shared first with Axios…”

Am I missing something? Are manual systems forbidden by the GDPR? I don’t see how it produces automatic violations…

https://www.databreaches.net/smartsearch-issues-warning-over-risk-of-gdpr-breach/

SmartSearch issues warning over risk of GDPR breach

admin posted:

Anti-money laundering specialist SmartSearch said regulated businesses in the housing chain which are relying on manual customer records risk non-compliance more than three years after the GDPR laws came into force in the UK.

John Dobson, CEO at SmartSearch explained even after this time had lapsed a lot of firms did not have procedures in place to protect customer details. This, he said, had been exacerbated with the disruption caused by the coronavirus outbreak.

Centennial Man

Saturday, June 12, 2021

Friday, June 11, 2021

Thursday, June 10, 2021

Wednesday, June 09, 2021

Search This Blog

Followers

Blog Archive

Links

About Me