Centennial Man: 2021-07-25

Saturday, July 31, 2021

Searching for politicians to blackmail?

https://apnews.com/article/technology-europe-russia-election-2020-5486323e455277b39cd3283d70a7fd64

Justice Department says Russians hacked federal prosecutors

… The department said 80% of Microsoft email accounts used by employees in the four U.S. attorney offices in New York were breached. All told, the Justice Department said 27 U.S. Attorney offices had at least one employee’s email account compromised during the hacking campaign.

The Justice Department said in a statement that it believes the accounts were compromised from May 7 to Dec. 27, 2020. Such a timeframe is notable because the SolarWinds campaign, which infiltrated dozens of private-sector companies and think tanks as well as at least nine U.S. government agencies, was first discovered and publicized in mid-December.

… Jennifer Rodgers, a lecturer at Columbia Law School, said office emails frequently contained all sorts of sensitive information, including case strategy discussions and names of confidential informants, when she was a federal prosecutor in New York.

“I don’t remember ever having someone bring me a document instead of emailing it to me because of security concerns,” she said, noting exceptions for classified materials.

Perspective.

https://www.csoonline.com/article/3627274/cso-global-intelligence-report-the-state-of-cybersecurity-in-2021.html#tk.rss_all

CSO Global Intelligence Report: The State of Cybersecurity in 2021

Any lingering indifference to cybersecurity risk has evaporated in the face of spiking ransomware attacks, software supply chain threats, and the challenges of securing remote workers. That’s the clear message of CSO’s Global Intelligence Report: The State of Cybersecurity in 2021, fielded via online survey in May and June of this year.

CSO Global Intelligence Report: The State of Cybersecurity in 2021

The continuing back and forth of ‘almost war.’. I would like more particulars. Were the drones armed with explosives? How far did they fly before hitting the ship. Were they autonomous?

https://www.timesofisrael.com/multiple-iranian-drones-used-in-deadly-attack-on-israeli-operated-ship-report/

Multiple Iranian drones used in deadly attack on Israeli-operated ship – report

Several Iranian drones were apparently used in a strike on an oil tanker operated by an Israeli-owned company, killing two on board, unnamed Israeli officials told the New York Times on Saturday.

The Israeli officials told the newspaper that the strike earlier this week was apparently carried out by a number of Iranian drones that slammed into the ship’s living quarters underneath the vessel’s command center as it sailed off the coast of Oman in the Arabian Sea.

An unnamed US official confirmed to the newspaper that multiple drones were involved in the attack but it was as yet unknown how many had hit the vessel.

An Israeli intelligence official also told the paper that the timing of Thursday’s attack could mean that Iran was expanding its maritime operations by apparently responding at sea to a land attack which Tehran blamed on Israel.

Previously Iran carried out sea attacks only in response to maritime operations it attributed to Israel.

Build your own Terminator?

https://www.marktechpost.com/2021/07/30/facebook-ai-open-sources-droidlet-a-platform-for-building-robots-with-natural-language-processing-and-computer-vision-to-understand-the-world-around-them/

Facebook AI Open-Sources ‘Droidlet’, A Platform For Building Robots With Natural Language Processing And Computer Vision To Understand The World Around Them

Bad decisions just keep on giving...

https://www.databreaches.net/ri-treasurer-sues-facebook-zuckerberg-over-alleged-financial-losses-due-to-data-breach/

RI treasurer sues Facebook, Zuckerberg over alleged financial losses due to data breach

Katie Mulvaney reports:

The state retirement system is suing Facebook and its co-founder, Mark Zuckerberg, alleging that the social media giant and its leaders breached their financial duties in connection with the collection of private data of millions of users.

“As Treasurer, my job is to stand up for the financial wellbeing of all Rhode Islanders, including the teachers, first responders and other community servants who depend on the Rhode Island pension fund for their retirement security,” General Treasurer Seth Magaziner said in a news release announcing the lawsuit filed by the Employees’ Retirement System of Rhode Island. “When Facebook leaders improperly allowed user data to fall into the hands of bad actors trying to influence elections in support of Donald Trump and others, they not only put our democratic system of government at risk, they also put shareholder capital at risk.”

Friday, July 30, 2021

Study these attacks because they could happen here.

https://thehackernews.com/2021/07/a-new-wiper-malware-was-behind-recent.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System

A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor."

The campaign — dubbed "MeteorExpress” — has not been linked to any previously identified threat group or to additional attacks, making it the first incident involving the deployment of this malware, according to researchers from Iranian antivirus firm Amn Pardaz and SentinelOne. Meteor is believed to have been in the works over the past three years.

"Despite a lack of specific indicators of compromise, we were able to recover most of the attack components," SentinelOne's Principal Threat Researcher, Juan Andres Guerrero-Saade, noted. "Behind this outlandish tale of stopped trains and glib trolls, we found the fingerprints of an unfamiliar attacker," adding the offensive is "designed to cripple the victim's systems, leaving no recourse to simple remediation via domain administration or recovery of shadow copies."

Read and despair.

https://krebsonsecurity.com/2021/07/the-life-cycle-of-a-breached-database/

The Life Cycle of a Breached Database

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database.

What will the people who wanted and purchased this equipment have to say? Are they already too useful to give up?

https://www.bespacific.com/48-advocacy-groups-call-on-the-ftc-to-ban-amazon-surveillance/

48 Advocacy Groups Call on the FTC to Ban Amazon Surveillance

Vice: “…While a number of firms offer networked surveillance devices to try and make homes “smart,” the coalition uses Amazon as a case study into how dangerous corporate surveillance can become (and the sorts of abuses that can emerge) when in the hands of a dominant and anti-competitive firm. From Amazon’s Ring —which has rolled out networked surveillance doorbells and car cameras that continuously surveil public and private spaces —to Alexa, Echo, or Sidewalk, the company has launched numerous products and services to try and convince consumers to generate as much data as possible for the company to eventually capitalize on...”

Auto recognition; it’s easier than I thought. (It’s the reporting that’s hard.)

https://www.tmj4.com/news/local-news/grafton-police-use-artificial-intelligence-for-new-type-of-policing

Grafton police use artificial intelligence for new type of policing

… For example in less than 2.5 minutes, Chief Jeff Caponera found the car our TMJ4 News crew drove to the interview.

A camera installed on I-43 near the Washington Street exit, captured images of our SUV, along with every other vehicle that passes this stationary camera.

Information from those vehicles is put into a national database, where officers can check for wanted criminals, Amber Alerts, Silver Alerts or Green Alerts. It even counts how often a vehicle passes a camera.

It is called a Flock Safety camera.

Grafton has eight of them. Three were bought privately and installed at a heavily trafficked retail area called “The Commons.”

… The technology has helped solve several investigations in the two months since it was installed. This includes a homicide, retail thefts, and indecent exposure.

Chief Caponera says of the indecent exposure case, “We didn’t even have a plate. We just had a vehicle description. We were able to identify who that person was.”

A search engine attached to these cameras can narrow down the search results to specific damage to a vehicle if it has a tow hits [hitch? Bob] or even a bumper sticker. But what about privacy?

Chief Caponera ensures, “We’re not out there just searching plates randomly.”

He is well aware of those who may be weary [wary? Bob] and explains, “There’s a footprint to see who the officer was, when they looked at it, what time they looked at it, and why” [Self-described Bob]

All of the images captured purged after 30 days. [Even the national database? Bob]

… TMJ4 News Julia Fello asked the chief, "If there's a neighborhood in Grafton that may be interested in installing it, would you be open to that?"

Caponera answered, "Oh absolutely! The more the merrier."

The second country to recognize AI as the inventor. Is it a trend yet?

https://www.theguardian.com/technology/2021/jul/30/im-sorry-dave-im-afraid-i-invented-that-australian-court-finds-ai-systems-can-be-recognised-under-patent-law

I’m sorry Dave I’m afraid I invented that: Australian court finds AI systems can be recognised under patent law

Federal court judge says allowing artificial intelligence systems, as well as humans, to be inventors is ‘consistent with promoting innovation’

An artificial intelligence system is capable of being an “inventor” under Australian patent law, the federal court has ruled, in a decision that could have wider intellectual property implications.

University of Surrey professor Ryan Abbott has launched more than a dozen patent applications across the globe, including in the UK, US, New Zealand and Australia, on behalf of US-based Dr Stephen Thaler. They seek to have Thaler’s artificial intelligence device known as Dabus (a device for the autonomous bootstrapping of unified sentience) listed as the inventor.

… “In my view, an inventor as recognised under the act can be an artificial intelligence system or device,” he said.

Beach said a non-human inventor could not be the applicant of a patent, and as the owner of the system, Thaler would be the owner of any patents that would be granted on inventions by Dabus.

That was “consistent with the reality of the current technology”, the judge said. “It is consistent with the act and it is consistent with promoting innovation.”

Perspective.

https://news.usni.org/2021/07/29/department-of-the-navy-strategy-for-intelligent-autonomous-systems

Department of the Navy Strategy for Intelligent Autonomous Systems

The following is the July document, Department of the Navy Strategy for Intelligent Autonomous Systems.

Download the document here.

For my nephew, the history major. Might work for other subjects also…

https://www.freetech4teachers.com/2021/07/using-google-books-in-history-classes.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+freetech4teachers/cGEY+(Free+Technology+for+Teachers)

Using Google Books in History Classes

As the name implies, Google Books is a search engine for locating books. Through Google Books you’ll find books that you can read in their entirety for free and books that you can preview for free. Most importantly, Google Books lets you search for keywords within books. Searches on Google Books can be refined according to date of publication, access level (full view vs. preview-only), and publication type (book vs. periodical).

A typical example of using Google Books in a history setting is found in a search for information about the Battle of New Orleans in The War of 1812. Head to Google Books and enter a search for “War of 1812.” Then refine the search to books with a full view published in the 20th Century and you’ll quickly locate The Naval War of 1812, volume 2 authored by Theodore Roosevelt in 1906. You can then use the “search inside” function to find every page that makes a reference to New Orleans. You can then quickly jump to each page that references New Orleans because each page in the search result is hyperlinked. You can read those pages online or print them for reading offline.

It should also be noted that you can search within books that are marked as preview-only. The utility in that is identifying how much content there is related to your search term within a chosen book. If that search reveals that there is a substantial amount of useful content, you can then use the “get the book” function in Google Books to locate libraries in your area that have a copy of the book. The “get the book” function will also provide links to places to purchase copies.

A video overview of how to use Google Books is available here

Thursday, July 29, 2021

Very simple, very ‘common sense,’ so why do we still see so much BEC?

https://thehackernews.com/2021/07/best-practices-to-thwart-business-email_29.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29

Best Practices to Thwart Business Email Compromise (BEC) Attacks

… In a recent study, 71% of organizations acknowledged they had seen a business email compromise (BEC) attack during the past year. Forty-three percent of organizations experienced a security incident in the last 12 months, with 35% stating that BEC/phishing attacks account for more than 50% of the incidents.

The FBI's Internet Crime Complaint Center (IC3) reports that BEC scams were the most expensive of cyberattacks in 2020, with 19,369 complaints and adjusted losses of approximately $1.8 billion. Recent BEC attacks include spoofing attacks on Shark Tank Host Barbara Corcoran, who lost $380,000; the Puerto Rican government attacks that amounted to $4 million, and Japanese media giant, Nikkei, who transferred $29 million based on instructions in a fraudulent email.

To thwart a BEC attack, an organization must focus on the Golden Triangle: the alignment of people, process, and technology. Read on to discover best practices every organization should follow to mitigate BEC attacks.

In the First Half of 2021, HP Found that 75% of Threats Came via Email

A recent report published by HP titled HP Wolf Security Threat Insights Report shows that in the first half of 2021, email is the most used method of spreading malware and other threats, accounting for 75% of all threats.

Probably wise to assume your report will not be privileged either. So, get your security right.

https://www.huntonprivacyblog.com/2021/07/28/another-court-deems-forensic-investigation-report-not-privileged/

Another Court Deems Forensic Investigation Report Not Privileged

On July 22, 2021, a Magistrate Judge in the U.S. District Court for the Middle District of Pennsylvania (the “Court”) ordered Rutter’s, a convenience-store chain, to produce an investigative report prepared by a security consultant regarding a suspected data breach event, as well as all communications between the party and the company performing the investigation. In the ruling. Rutter’s Data Sec Breach Litig, No. 1:20-cv-000382-JEJ-KM, the Court held that the report and related communications were not protected from disclosure by the work product doctrine or the attorney-client privilege.

Pros and cons.

https://www.bespacific.com/facial-recognition-surges-in-retail-stores/

Facial recognition surges in retail stores

Axios: “Face-recognition tech is coming to a store near you, if it’s not there already, and that’s sparking a new wave of opposition.

Why it matters: The systems can scan or store facial images of both shoppers and workers. Their use accelerated during the pandemic as retailers looked for ways to prevent fraud, track foot traffic with fewer employees, and offer contactless payments at a time when consumers were wary of interacting with others.
Driving the news: More than three dozen advocacy groups launched a campaign late last week to pressure retailers to stop using facial recognition technologies, or to pledge not to use them…”

As Facial Recognition Technology Surges, Organizations Face Privacy and Cybersecurity Concerns, and Fraud

Joseph J. Lazzarotti, Jason C. Gavejian, and Maya Atrakchi of JacksonLewis write:

Facial recognition technology has become increasingly popular in recent years in the employment and consumer space (e.g. employee access, passport check-in systems, payments on smartphones), and in particular during the COVID-19 pandemic. As the need arose to screen persons entering a facility for symptoms of the virus, including temperature, thermal cameras, kiosks, and other devices with embedded with facial recognition capabilities were put into use. However, many have objected to the use of this technology in its current form, citing problems with the accuracy of the technology, and now, more alarmingly, there is growing concern that “Faces are the Next Target for Fraudsters” as summarized by a recently article in the Wall Street Journal (“WSJ”).

A campaign issue?

https://www.pogowasright.org/houses-resolve-to-curb-surveillance-state-faces-biggest-test-since-trump-presidency/

House’s Resolve to Curb Surveillance State Faces Biggest Test Since Trump Presidency

Sara Sirota reports:

In a huge win for surveillance reformers, the House Rules Committee agreed on Wednesday morning to another full chamber vote on a bipartisan proposal that would limit the federal government’s warrantless searches of Americans’ private data. The vote, expected later in the day, will now test rank-and-file lawmakers’ willpower to break with congressional leaders, who’ve killed similar measures in years past, and safeguard their constituents’ Fourth Amendment rights after the Donald Trump presidency brought greater attention across the political spectrum to the surveillance state’s excesses.

Wednesday, July 28, 2021

A hint that we’re beginning to take hacking serious?

https://www.wsj.com/articles/biden-directs-agencies-to-develop-cybersecurity-standards-for-critical-infrastructure-11627477200?mod=djemalertNEWS

Biden Directs Agencies to Develop Cybersecurity Standards for Critical Infrastructure

Though voluntary, officials said the new step could be a prelude to a push for cybersecurity mandates

… “We’ve seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and destruction in the real world,” Mr. Biden said Tuesday during a visit to the Office of the Director of National Intelligence. “If we end up in a war, a real shooting war, with a major power, it’s going to be as a consequence of a cyber breach of great consequence.”

Heads-up computer security managers!

https://www.wired.com/story/punkspider-web-site-vulnerabilities/

A Controversial Tool Calls Out Thousands of Hackable Websites

THE WEB HAS long been a playground for hackers, offering up hundreds of millions of public-facing servers to comb through for basic vulnerabilities to exploit. Now one hacker tool is about to take that practice to its logical, extreme conclusion: Scanning every website in the world to find and then publicly release their exploitable flaws, all at the same time—and all in the name of making the web more secure.

At the Defcon hacker conference next week, Alejandro Caceres and Jason Hopper plan to release—or, rather, to upgrade and re-release after a years-long hiatus—a tool called PunkSpider. Essentially a search engine that constantly crawls the entire web, PunkSpider automatically identifies hackable vulnerabilities in websites, and then allows anyone to search those results to find sites susceptible to everything from defacement to data leaks.

When a pandemic is not bad enough...

https://www.zdnet.com/article/enterprise-data-breach-cost-reached-record-high-during-covid-19-pandemic/

Enterprise data breach cost reached record high during COVID-19 pandemic

On Wednesday, IBM Security released its annual "Cost of a Data Breach” report, which estimates that in 2021, a typical data breach experienced by companies now costs $4.24 million per incident, with expenses incurred now 10% higher than in 2020 when 1,000 – 100,000 records are involved.

So-called "mega" breaches impacting top enterprise firms responsible for the exposure of between 50 million and 65 million records now also come with a higher price tag -- reaching an average of $401 million to resolve.

Easier than reading your postcards?

https://www.pogowasright.org/eff-sues-u-s-postal-service-for-records-about-covert-social-media-spying-program/

EFF Sues U.S. Postal Service For Records About Covert Social Media Spying Program

The Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) lawsuit against the U.S. Postal Service and its inspection agency seeking records about a covert program to secretly comb through online posts of social media users before street protests, raising concerns about chilling the privacy and expressive activity of internet users.

Under an initiative called Internet Covert Operations Program, analysts at the U.S. Postal Inspection Service (USPIS), the Postal Service’s law enforcement arm, sorted through massive amounts of data created by social media users to surveil what they were saying and sharing, according to media reports. Internet users’ posts on Facebook, Twitter, Parler, and Telegraph were likely swept up in the surveillance program.

USPIS has not disclosed details about the program or any records responding to EFF’s FOIA request asking for information about the creation and operation of the surveillance initiative. In addition to those records, EFF is also seeking records on the program’s policies and analysis of the information collected, and communications with other federal agencies, including the Department of Homeland Security (DHS), about the use of social media content gathered under the program.

“We’re filing this FOIA lawsuit to shine a light on why and how the Postal Service is monitoring online speech. This lawsuit aims to protect the right to protest,” said Houston Davidson, EFF public interest legal fellow. “The government has never explained the legal justifications for this surveillance. We’re asking a court to order the USPIS to disclose details about this speech-monitoring program, which threatens constitutional guarantees of free expression and privacy.”

Media reports revealed that a government bulletin dated March 16 was distributed across DHS’s state-run security threat centers, alerting law enforcement agencies that USPIS analysts monitored “significant activity regarding planned protests occurring internationally and domestically on March 20, 2021.” Protests around the country were planned for that day, and locations and times were being shared on Parler, Telegram, Twitter, and Facebook, the bulletin said.

“Monitoring and gathering people’s social media activity chills and suppresses free expression,” said Aaron Mackey, EFF senior staff attorney. “People self-censor when they think their speech is being monitored and could be used to target them. A government effort to scour people’s social media accounts is a threat to our civil liberties.”

For the complaint: https://www.eff.org/document/eff-v-usps-complaint

The pendulum of law. First Facial Recognition is a ‘must use’ to control the Covid pandemic, then comes the “Oops!” as they realize that’s not all it can do.

https://www.globaltimes.cn/page/202107/1229844.shtml

Apps barred from indiscriminate collection of unnecessary personal information

The Supreme People's Court (SPC) of China on Wednesday issued judicial rules to regulate the use of facial recognition, stipulating that no app can require users to provide unnecessary personal information. Specifically, the regulation requires apps to ask for consent from users when facial recognition information is involved.

Experts said the new rules come at a time when excessive collection and abuse of facial data have become major threats to personal information and privacy.

"At present, abuse of facial recognition may threaten an individual's payment security, but its potential risks may extend to threats against their personal safety, such as drone attacks using facial recognition," Liu Gang, director of the Nankai Institute of Economics and chief economist at the Chinese Institute of New Generation Artificial Intelligence Development Strategies, told the Global Times on Wednesday.

Facial recognition, a new technology broadly used in China that helped the country to effectively contain the coronavirus, is facing tougher regulation as China strengthens protection of personal data and people's privacy following growing concerns among the public.

Identify new potentially valuable startups, help them for a share of their business. Perhaps not all Pro Bono.

https://venturebeat.com/2021/07/27/github-offers-open-source-developers-legal-counsel-to-combat-dmca-abuse/

GitHub offers open source developers legal counsel to combat DMCA abuse

GitHub has announced a partnership with the Stanford Law School to support developers facing takedown requests related to the Digital Millennium Copyright Act (DMCA).

While the DMCA may be better known as a law for protecting copyrighted works such as movies and music, it also has provisions (17 U.S.C. 1201 ) that criminalize attempts to circumvent copyright-protection controls — this includes any software that might help anyone infringe DMCA regulations. However, as with the countless spurious takedown notices delivered to online content creators, open source coders too have often found themselves in the DMCA firing line with little option but to comply with the request even if they have done nothing wrong.

Perspective.

https://www.salon.com/2021/07/27/artificial-intelligence-wants-you-and-your-job_partner/

Artificial intelligence wants you (and your job)

We’d better control machines before they control us

… In the early 1940s, science fiction writer Isaac Asimov formulated his famed three laws of robotics: that robots were not to harm humans, directly or indirectly; that they must obey our commands (unless doing so violates the first law); and that they must safeguard their own existence (unless self-preservation contravenes the first two laws).

Any number of writers have attempted to update Asimov. The latest is legal scholar Frank Pasquale, who has devised four laws to replace Asimov's three. Since he's a lawyer not a futurist, Pasquale is more concerned with controlling the robots of today than hypothesizing about the machines of tomorrow. He argues that robots and AI should help professionals, not replace them; that they should not counterfeit humans; that they should never become part of any kind of arms race; and that their creators, controllers, and owners should always be transparent.

Pasquale's "laws," however, run counter to the artificial-intelligence trends of our moment. The prevailing AI ethos mirrors what could be considered the prime directive of Silicon Valley: move fast and break things. This philosophy of disruption demands, above all, that technology continuously drive down labor costs and regularly render itself obsolescent.

… To prevent the various worst-case scenarios, the European Union has proposed to control AI according to degree of risk. Some products that fall in the EU's "high risk" category would have to get a kind of Good Housekeeping seal of approval (the Conformité Européenne). AI systems "considered a clear threat to the safety, livelihoods, and rights of people," on the other hand, would be subject to an outright ban. Such clear-and-present dangers would include, for instance, biometric identification that captures personal data by such means as facial recognition, as well as versions of China's social credit system where AI helps track individuals and evaluate their overall trustworthiness.

Learn a new (programming) language.

https://www.lua.org/

Lua

Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.

… Lua is free open-source software, distributed under a very liberal license (the well-known MIT license). It may be used for any purpose, including commercial purposes, at absolutely no cost. Just download it and use it.

… Fourth edition of Programming in Lua available as e-book

You know you have at least one book in you.

https://www.makeuseof.com/best-iphone-book-writing-apps/

The 6 Best iPhone Book-Writing Apps

Make your book-writing tasks easier with these apps for your iPhone and iPad.

Centennial Man

Saturday, July 31, 2021

Friday, July 30, 2021

Thursday, July 29, 2021

Wednesday, July 28, 2021

Search This Blog

Followers

Blog Archive

Links

About Me