Saturday, April 09, 2022

A common misperception.

https://www.wired.com/story/tracers-in-the-dark-welcome-to-video-crypto-anonymity-myth/

Inside the Bitcoin Bust That Took Down the Web’s Biggest Child Abuse Site

They thought their payments were untraceable. They couldn’t have been more wrong. The untold story of the case that shredded the myth of Bitcoin’s anonymity.

Janczewski had come along on this raid only as an observer, a visitor flown in from Washington, DC, to watch and advise the local Homeland Security team as it executed its warrant. But it had been Janczewski’s investigation that brought the agents here, to this average-looking house with its well-kept yard among all the average-looking houses they could have been searching, anywhere in America. He had led them there based on a strange, nascent form of evidence. Janczewski had followed the links of Bitcoin’s blockchain, pulling on that chain until it connected this ordinary home to an extraordinarily cruel place on the internet—and then connected that place to hundreds more men around the world. All complicit in the same massive network of unspeakable abuse. All now on Janczewski’s long list of targets.





Time to start thinking?

https://www.insideprivacy.com/artificial-intelligence/nist-releases-draft-ai-risk-management-framework-for-public-comment/

NIST Releases Draft AI Risk Management Framework for Public Comment

The National Institute of Standards and Technology (“NIST”) issued its initial draft of the “AI Risk Management Framework (“AI RMF”), which aims to provide voluntary, risk-based guidance on the design, development, and deployment of AI systems. NIST is seeking public comments on this draft via email, at Aiframework@nist.gov, through April 29, 2022. Feedback received on this draft will be incorporated into the second draft of the framework, which will be issued this summer or fall.





Good point. Do too little and you might lose to your competition. Do too much and you might lose your touch with clients.

https://www.bloomberg.com/opinion/articles/2022-04-09/too-much-email-let-your-bot-answer-it

Too Much Email? Let Your Bot Answer It

As artificial intelligence continues to improve, we humans are going to have to decide what we're comfortable letting it do.

What will it be like when you have your own bot, and it is as good as or better than you at many daily tasks?

The answer may come sooner than you think. Google’s new Pathway Languages Model, which is not yet open for public testing, is the latest advance in artificial intelligence. The technical explanation is that neural networks have been scaled to 540 billion parameters for “breakthrough performance.” The practical effect is that AI is now better at engaging in natural conversation, explaining novel jokes and writing code.





Perspective. What’s obvious and what’s not.

https://thenextweb.com/news/what-does-free-public-transport-mean-in-different-cities

What do we mean when we say ‘free’ public transport?

There’s a lot of attention right now on the idea of making public transport free. In the first instance, you might think it’s a no-brainer. You can ride public trains, trams, buses, and ferries at no charge. That sounds too good to be true, but they’re a reality in many parts of the world.

Over 100 cities have some form of free public transport, but there are many different models of free public transport, each with its own intention and actual impact. What do they achieve when it comes to economic, infrastructural, and environmental impact?

This is part of a series of articles on free public transport – I’m also looking at the specific realities of free public transport and climate change, and whether it serves disadvantaged communities.





Proof I do it (almost) totally wrong!

https://www.makeuseof.com/to-do-before-starting-a-blog/

7 Things to Do Before Starting a New Blog



Posted by at No comments:

Friday, April 08, 2022

War is merely the continuation of policy by other means. Interesting, but I’m not sure I agree with their conclusions.

https://thenextweb.com/news/experts-explain-cyberattacks-havent-played-huge-role-russian-ukraine-war

Experts explain why cyberattacks haven’t played a huge role in the Russia-Ukraine war

We are political scientists who study the role of cybersecurity and information in international conflict. Our research shows that the reason pundits on both sides of the argument got it wrong is because they failed to consider that cyber and military operations serve different political objectives.

Cyber operations are most effective in pursuing informational goals, such as gathering intelligence, stealing technology, or winning public opinion or diplomatic debates. In contrast, nations use military operations to occupy territory, capture resources, diminish an opponent’s military capability, and terrorize a population.




Learn from the mistakes of others.

https://www.databreaches.net/ca-slga-business-partners-should-have-figured-out-on-their-own-that-their-data-may-have-been-stolen-minister/

Ca: SLGA business partners should have figured out on their own that their data may have been stolen: minister

Geoff Leo reports on what sounds like an utterly unsatisfactory response by the government to questions as to why it didn’t directly notify those affected of a breach:

The minister responsible for the Saskatchewan Liquor and Gaming Authority (SLGA) says the Crown corporation didn’t directly notify its business partners that their data may have been stolen in a hack because those companies should have figured it out on their own.
According to a Dec 28 news release, SLGA’s computer systems were the target of a “cyber security incident” on Christmas Day. It said that at that time, “SLGA does not have any evidence that the security of any customer, employee or other personal data has been misused.” The organization repeated that line in communications with business partners.
Three weeks after the hack, the organization alerted employees that their data may have been stolen and offered them credit monitoring services.
At that time, it gave no such notification to SLGA’s suppliers, vendors or licensees.

So the government told them they had no evidence, but then only told some of those affected when the risk level changed after they did find evidence. They didn’t directly update/notify the others?

[…]
In an email, SLGA told CBC it is required by law to notify people whose data may have been unlawfully accessed and may be misused. The organization said rather than notify the potential victims directly, it decided to use the “indirect notification” approach, posting an update on its website.
SLGA says in a written statement on its website that Saskatchewan’s privacy commissioner has given the thumbs up to this indirect approach in cases “where the privacy breach is potentially very large or you may not be able to identify the affected individuals.”

Ah, the old “indirect notification approach,” otherwise known as “We can’t be expected to act responsibly after we were breached, so you’re kind of on your own.”

Unbelievable. At the very least, the government should have plastered big press releases in national media and popular provincial media.

Read more at CBC.

h/t, Brett Callow, who has his own thoughts on the matter.





Any limitations on time or treasure? Can they recover from the poster or the complainer?

https://www.pogowasright.org/google-must-investigate-links-for-false-information-says-top-eu-court-adviser/

Google must investigate links for false information, says top EU court adviser

Molly Quell reports:

If someone asks for links to be removed from Google because they are false, the company must look into the claim, said an adviser to the European Court of Justice in a non-binding opinion issued Thursday.
Advocate General Giovanni Pitruzzella found that, when Google is asked to remove something from its search results, it is responsible for fact-checking the results. The underlying case arose in Germany and involves two financial service providers accused of malfeasance by a purported extortion blog.

Read more at Courthouse News.





Contrary to expectations…

https://www.scmagazine.com/analysis/business-contunuity/ransomware-negotiations-are-taking-longer-and-thats-a-good-thing

Ransomware negotiations are taking longer (and that’s a good thing)

It's taking longer to negotiate ransomware demands. That is a good thing.

Law firm BakerHosteler, which handles more than 1,250 cyber-related incidents a year, said in its annual Data Security and Incident Response report that the typical ransomware negotiation for its clients in 2021 lasted eight days. That is roughly twice as long as the five days in 2020.

BakerHostetler's statistics provide a platform- and negotiator-independent look at how enterprises with high-end legal advice handle breaches. All single-company-based statistics are biased toward a customer base. In 2019, BakerHostetler clients paid on average three times as much as those using Palo Alto's incident response team, a possible consequence of the size of the firms involved. In 2020, that dropped to twice as much, even as statistics for the average payments for both skyrocketed. But in 2021, BakerHostetler clients' average payments dropped from $795,000 to $510,000, with PAN's client's jumping from $311,000 to $570,000, the first time the law firm's client base paid less. BakerHostetler thinks time of negotiation might be a reason why.

If time is not a scarce resource, the negotiating advantage is back in the hands of the consumer. Between 2020 and 2021, the average ransomware payment dropped by a third among BakerHostetler clients. And the difference was particularly pronounced in those who spent more time negotiating.





Because they have to?

https://www.csoonline.com/article/3656732/how-cisos-can-manage-the-intersection-of-security-privacy-and-trust.html#tk.rss_all

How CISOs Can Manage the Intersection of Security, Privacy & Trust

There’s an old adage among cyber security professionals: “You can’t protect what you can’t see.” And with data exploding literally everywhere, it has become increasingly hard to protect. In fact, the World Economic Forum estimates that by 2025, the volume of data generated each day will reach 463 exabytes globally. To put that number into perspective, one exabyte is equivalent to one billion gigabytes. Chief Information Security Officers (CISOs) are already required to guard sprawling corporate and customer data at all costs or risk hefty legal and compliance fines; however, they now face an even tougher challenge.

Deploying a robust data privacy program is a complex job for CISOs who wear many hats these days – in fact, the CISO job description keeps growing and growing. CISOs are often asked by the Chief Privacy Officer (CPO), compliance and legal teams to provide data protection solutions that span security, privacy and legal issues. On top of that, they must keep employee data safe while balancing security with user productivity. They often have accountability directly to the Board, who is constantly asking for ROI on security investments to protect the organization from a brand-damaging data breach.





Not untypical. Management often underestimates the cost of new technology.

https://insidebigdata.com/2022/04/08/comet-reveals-machine-learning-survey-results/

Comet Reveals Machine Learning Survey Results

Comet, the provider of the leading development platform for enterprise machine learning (ML) teams, announced the results of its recent survey of machine learning professionals.

Hundreds of enterprise ML team leaders were asked about their experiences and the factors that affected their teams’ ability to deliver the level of business value their organizations expected from ML initiatives. Rather than attaining desired outcomes, however, many survey respondents revealed that they lack the right resources, or they shared that the resources they have are often misaligned. As a result, many AI initiatives have been far less productive than they could be.





Backgrounder…

https://www.csoonline.com/article/3334617/what-is-spear-phishing-examples-tactics-and-techniques.html#tk.rss_all

What is spear phishing? Examples, tactics, and techniques

Spear phishing is a targeted email attack purporting to be from a trusted sender. Learn how to recognize—and defeat—this type of phishing attack.





Tools & Techniques. I need to practice this more.

https://www.bespacific.com/go-beyond-the-search-box-introducing-multisearch/

Go beyond the search box: Introducing multisearch

Google Blog: “How many times have you tried to find the perfect piece of clothing, a tutorial to recreate nail art or even instructions on how to take care of a plant someone gifted you — but you didn’t have all the words to describe what you were looking for? At Google, we’re always dreaming up new ways to help you uncover the information you’re looking for — no matter how tricky it might be to express what you need. That’s why today, we’re introducing an entirely new way to search: using text and images at the same time. With multisearch in Lens, you can go beyond the search box and ask questions about what you see. Let’s take a look at how you can use multisearch to help with your visual needs, including style and home decor questions. To get started, simply open up the Google app on Android or iOS, tap the Lens camera icon and either search one of your screenshots or snap a photo of the world around you, like the stylish wallpaper pattern at your local coffee shop. Then, swipe up and tap the “+ Add to your search” button to add text…” The antithesis of key word searching – now search is image based – using photos you take to replace creating a query.



Posted by at No comments:

Thursday, April 07, 2022

Kind of good news, bad news…

https://www.csoonline.com/article/3655969/how-gdpr-has-inspired-a-global-arms-race-on-privacy-regulations.html#tk.rss_all

How GDPR has inspired a global arms race on privacy regulations

Companies with a global presence face the challenge of achieving compliance with an increasing array of regional data-protection regulations.





Finding a balance could be difficult.

https://www.makeuseof.com/what-is-bark-social-monitoring-app/

What Is Bark? The Social Monitoring App Explained

Bark is a parental social monitoring app. It has parental control features that allow parents to provide safety for their children online. These control features include content monitoring, website blocking, screen time management, and location sharing.

Social media apps have raised safety concerns regarding children online. Thus, parents resort to monitoring apps like Bark to help them ensure that their kids aren't at risk.

This app must be installed on both the parent's and child's devices to function.

Download: Bark for Android | iOS (Free, Available In-App Purchases)





Tools & Techniques.

https://www.freetech4teachers.com/2022/04/annotate-pdfs-with-lumin-pdf-free-for.html

Annotate PDFs With Lumin PDF - Free for Teachers

Lumin PDF is a neat tool that I wrote about a couple of years ago when one of my colleagues needed a way for her math students to draw on PDFs that she sent to them in Google Classroom. You can read more about that situation right here.

I just received an email from Lumin PDF announcing that all of the premium features are now available to teachers and their students for free! The premium features include merging and splitting PDFs, highlighting (in addition to the normal annotating options), and the removal of banner advertising. And Lumin PDF integrates with Google Classroom. You can register for a free Lumin PDF premium account here.





Tools & Techniques. Worth reminding myself...

https://www.makeuseof.com/top-google-tools-for-entrepreneurs/

The Top 12 Google Tools for Entrepreneurs

Everyone has used Google’s product once in their lifetime. However, when it comes to entrepreneurs, Google has some pretty awesome tools, and almost all of them have a free version.





Tools & Techniques. Might be handy…

https://techcrunch.com/2022/04/06/microsoft-launches-its-a-i-powered-notetaking-app-journal-as-an-official-windows-app/

Microsoft launches its AI-powered notetaking app Journal as an official Windows app

A little over a year after its initial release, a digital note-taking app called Journal is making the leap from being an experimental project housed with Microsoft’s internal incubator, Microsoft Garage, to becoming a full-fledged Microsoft Windows application. The company this week announced the new note-taking app will now be available as “Microsoft Journal,” allowing users to capture their thoughts and create drawings using their digital pen on Windows tablets, 2-in-1s and other pen-capable devices.



Posted by at No comments:

Wednesday, April 06, 2022

A war by any other name would void your insurance. Shouldn’t it?

https://www.databreaches.net/cyberwar-are-attacks-by-russian-hackers-still-covered-by-cyber-insurance-germanys-perspective-for-now/

Cyberwar: Are attacks by Russian hackers still covered by cyber insurance? Germany’s perspective (for now)

Google translation:

In the wake of Russia’s attack on Ukraine, there are fears that Russia will launch a broad-based cyber war. Western countries could also become the focus of Russian cyber attacks. In this context, it can be expected that cyber insurers will invoke the so-called war exclusion and refuse to pay benefits. However, the considerations made by the insurers are not convincing, as Jürgen Seiring, Managing Director of VSMA GmbH, reports.
[…]
Cyber attacks by Russian hackers against German companies should probably continue to be insured.

Read more at UnternehmenCybersicherheit.de.





Re: Emperors and new clothing… This is like ignoring a smoke alarm.

https://www.databreaches.net/would-sea-mar-community-health-even-know-about-large-patient-data-dumps-if-not-for-databreaches-net/

Would Sea Mar Community Health even know about large patient data dumps if not for DataBreaches.net?

The chronology of Sea Mar Community Health Center’s responses to a massive data breach suggests that they may be first learning of data dumps because of notifications by DataBreaches.net or this site’s reporting of our discoveries. If true, what does that say about their security and incident response? A DataBreaches.net commentary.

Since 2021, DataBreaches.net has been reporting on a massive breach involving Sea Mar Community Health Centers in Washington state. For almost one year now, DataBreaches.net has been contacting Sea Mar to alert them to data appearing on the internet and to ask them for a response. For more than one year, Sea Mar has not responded to a single alert or request from this site. The chronology of their public notifications, however, suggests that if it were not for this site, they might not even know that their patients’ and employees’ personal and protected health information had been dumped on the internet.

Last month, DataBreaches.net broke the story that yet another 161 GB of Sea Mar data had been leaked on the internet. The files in that leak, unlike two previous data dumps of Sea Mar data, consisted of more than 650,000 image files that, for the most part, were driver’s license images.

DataBreaches.net’s earlier coverage of prior data leaks of Sea Mar data are linked from our March article. The three leaks — one by Marketo and two by Snatch Team — all contained different files. Snatch Team would not reveal whether there were two different entities who had listed data with them at different times or if there was just one entity. Nor did Snatch Team even seem to know that the data came from Sea Mar, saying that the entity who listed the data dump with them did not indicate the source of the data. As a result, it is not clear how many threat actors or groups are in possession of the Sea Mar data or how broadly it has been circulated already.

Sea Mar has now issued another press release, stating that it has learned of additional information involved in their previously-reported incident. This additional information, they write, “may have impacted data belonging to current and former Sea Mar patients and other individuals associated with Sea Mar.” Looking at their press release below, keep in mind that DataBreaches.net first alerted Sea Mar to the Marketo leak on June 24, 2021. This site then posted updates to the incident in October, 2021 (when Sea Mar first issued a press release ), and then again in January, 2022 when we discovered the first dump of 22 GB on Snatch Team, in February after Sea Mar was sued, and then again in March, when we discovered the 161 GB dump on Snatch Team.

Keeping that chronology in mind, here is Sea Mar’s newest press release (emphasis added by DataBreaches.net):

On June 24, 2021, Sea Mar was informed that certain Sea Mar data may have been copied from its digital environment by an unauthorized actor. Upon receipt of this information, Sea Mar immediately took steps to secure its environment and commenced an investigation with the assistance of leading, independent cybersecurity experts. Through the investigation, Sea Mar learned that certain data may have been copied from its digital environment between December 2020 and March 2021 and provided notification to individuals known to have been potentially impacted.
In January and March 2022, Sea Mar learned of additional data that may have been copied from its digital environment, and, upon review, identified that such data contained personal and protected health information. The additional data contained the following personal and protected health information: Name, date of birth, and, in some cases, Social Security number and/or driver’s license information.
Sea Mar has provided notice of the incident on its website to alert all potentially impacted individuals of this incident and the update related thereto. The notice includes information about the incident and steps that potentially impacted individuals can take to protect their information.
The privacy and protection of personal and protected health information is a top priority for Sea Mar, which deeply regrets any inconvenience or concern this incident may cause. Sea Mar is continuing to work with cybersecurity experts to take steps to prevent a similar incident from occurring in the future. Sea Mar has also established a toll-free call center to answer questions about the incident. Call center representatives are available Monday through Friday from 6:00 am 3:30 pm Pacific Time and can be reached at 1-855-651-2684.

Apart from the civil lawsuits they are facing, and from a regulatory standpoint: will investigators look at why Sea Mar had so much old and unencrypted data on their system? What did their risk assessment look like for old data? What security did they have on current data? And shouldn’t they have had a system to receive and acknowledge notifications of a breach? Finally, for now: would they have even known about the data leaks if this site hadn’t discovered their data on leak sites and taken the time to alert them each time?





Should they also explain to the customer? “We know you don’t want to subscribe, and we know why!”

https://www.reuters.com/technology/ai-is-explaining-itself-humans-its-paying-off-2022-04-06/

AI is explaining itself to humans. And it's paying off

Microsoft Corp's LinkedIn boosted subscription revenue by 8% after arming its sales team with artificial intelligence software that not only predicts clients at risk of canceling, but also explains how it arrived at its conclusion.

The system, introduced last July and to be described in a LinkedIn blog post on Wednesday, marks a breakthrough in getting AI to "show its work" in a helpful way.

Google Cloud sells explainable AI services that, for instance, tell clients trying to sharpen their systems which pixels and soon which training examples mattered most in predicting the subject of a photo.

But critics say the explanations of why AI predicted what it did are too unreliable because the AI technology to interpret the machines is not good enough.





Perhaps easier than some people I know...

https://www.newyorker.com/tech/annals-of-technology/can-computers-learn-common-sense

Can Computers Learn Common Sense?

A few years ago, a computer scientist named Yejin Choi gave a presentation at an artificial-intelligence conference in New Orleans. On a screen, she projected a frame from a newscast where two anchors appeared before the headline “cheeseburger stabbing.” Choi explained that human beings find it easy to discern the outlines of the story from those two words alone. Had someone stabbed a cheeseburger? Probably not. Had a cheeseburger been used to stab a person? Also unlikely. Had a cheeseburger stabbed a cheeseburger? Impossible. The only plausible scenario was that someone had stabbed someone else over a cheeseburger. Computers, Choi said, are puzzled by this kind of problem. They lack the common sense to dismiss the possibility of food-on-food crime.





Perspective.

https://theconversation.com/the-russian-invasion-shows-how-digital-technologies-have-become-involved-in-all-aspects-of-war-179918

The Russian invasion shows how digital technologies have become involved in all aspects of war

Since Russia invaded Ukraine, we keep hearing that this war is like no other; because Ukrainians have cellphones and access to social media platforms, the traditional control of information and propaganda cannot work and people are able to see through the fog of war.

As communications scholars and historians, it is important to add nuance to such claims. The question is not so much what is “new” in this war, but rather to understand its specific media dynamics. One important facet of this war is the interplay between old and new media — the many loops that go from Twitter to television to TikTok, and back and forth.





Tools & Techniques. When you have that tingle of suspicion?

https://www.bespacific.com/reverse-google-images-search-can-help-you-bust-fake-news-and-fraud/

Reverse Google Images Search Can Help You Bust Fake News and Fraud

CNET: “On Friday, a photo that purported to show two British naval aircraft carriers dwarfing a much smaller French naval ship made the rounds on social media. But you can’t always believe your eyes online. Photos are easy to duplicate and then use in misleading ways. Scammers can lift a social media profile photo, for example, and use it to give a fake account a sheen of authenticity. Similarly, news photos can be grabbed from coverage of one event and pasted into stories about another event, misleading readers about what’s happening. In the case of the photo of the aircraft carriers, a reverse image search revealed the tiny vessel had been added digitally, Snopes found. A reverse image search can help you spot misleading photos by identifying their origin. If you’re in doubt, this search engine tool will help you spot scams, debunk false news, and discover people using your images without your permission. Reverse image searches rely on either Google’s Images or Lens service. Either will provide a list of websites displaying the photo or image, as well as a link and description. Both services can also give you a list of visually similar images that might provide images shot from different angles. The list might also show the same picture with an original caption or from an earlier news story. That information is often used by fact-checkers, who’ve been using the tools to verify whether images from the war in Ukraine are current and shared in the right context. These tools are so powerful that scammers are turning to high-tech methods to end-run reverse image searches. AI-generated profile pictures have become popular with dishonest groups that rely on bogus social media accounts, like the scheme researchers identified on LinkedIn that aimed to generate sales leads with a raft of fake profiles. Reverse image searching an AI-generated photo won’t lead you to a real person, so they’re harder to identify as fake. But the use of AI-generated photos is currently fairly limited…”





Tools & Techniques.

https://www.engadget.com/snapchat-american-sign-language-lens-practice-184825207.html

Snapchat's latest lens helps you learn the American Sign Language alphabet

Snap isn't done teaching Snapchat users how to communicate using sign language. The social media service has introduced an ASL Alphabet Lens that, as the name implies, significantly expands the American Sign Language learning experience. You'll still learn how to fingerspell your name using individual letters, but you now also get to practice the ASL alphabet and play two games to test your knowledge.



Posted by at No comments:
Subscribe to: Posts (Atom)