Symposium on Usable Privacy and Security (SOUPS)
(co-located with the 2016 USENIX Annual Technical
Conference, June 22–24, 2016)
Denver Marriott City Center, 1701 California Street, Denver,
CO
I’d like to share the emails with my Computer Security
students. They must be pretty
convincing. What information would you
have to supply to make the emails believable?
KWCH reports that the Barton County Treasurers Office
has become the latest victim of an email scam that resulted in a wire transfer
of $48,000 to a bank in Georgia.
Barton County Sheriff Brian
Bellandir said on May 13, the treasurer’s office received several emails which
appeared to be from the Barton County Administrator’s Office.
The emails instructed $48,000 be
transferred by bank wire from the county general fund to a bank in Georgia.
On May 17, an employee of the
treasurer’s office requested information as how the transfer should be
recorded. The County Administrator’s
Office said replied and said it had no knowledge of the transfer.
Read more on KWCH.
Tools and techniques. Is this feature available on all smartphones
and could my Ethical Hackers use it to find anyone? (This is similar to one method used for
targeting missiles.)
Gay Dating Apps Promise Privacy, But Leak Your Exact Location
… I installed the
gay hookup app Grindr. I set my profile
photo as a cat, and carefully turned off the “show distance” feature in the
app’s privacy settings, an option meant to hide my location. A minute later I called Nguyen Phong Hoang, a
computer security researcher in Kyoto, Japan, and told him the general
neighborhood where I live in Brooklyn.
… Within fifteen
minutes, Hoang had identified the intersection where I live. Ten minutes after that, he sent me a
screenshot from Google Maps, showing a thin arc shape on top of my building,
just a couple of yards wide. “I think
this is your location?” he asked. In
fact, the outline fell directly on the part of my apartment where I sat on the
couch talking to him.
Hoang says his Grindr-stalking method is cheap, reliable,
and works with other gay dating apps like Hornet and Jack’d, too. (He went on to demonstrate as much with my
test accounts on those competing services.) In a paper published
last week in the computer science journal Transactions on Advanced
Communications Technology, Hoang and two other researchers at Kyoto University
describe how they can track the phone of anyone who runs those apps,
pinpointing their location down to a few feet.
… If Grindr or a
similar app tells you how far away someone is—even if it doesn’t tell you in
which direction—you can determine their exact location by combining the distance
measurement from three points surrounding them, as shown in the image
The National Telecommunications and Information
Administration (part of the Department of Commerce) spent a year (and probably
lots of my tax dollars) coming up with this?
I am not impressed.
Stephanie Condon reports:
After working for the past year
with consumer privacy advocates, industry groups and companies like Amazon, a
U.S. federal agency has finally released a set of drone privacy guidelines.
The guidelines, from the National
Telecommunications and Information Administration (NTIA), focus on protecting
personally identifiable information but leave plenty of room for big data collection. The NTIA guidelines are currently completely
voluntary, but they do represent the first step in creating federal drone
privacy standards.
Read more on ZDNet.
See also Covington & Burling Inside Privacy for their summary of the
guidelines.
[In short:
1. If you can, tell other people
you’ll be taking pictures or video of them before you do.
2. If you think someone has a
reasonable expectation of privacy, don’t violate that privacy by taking
pictures, video, or otherwise gathering sensitive data, unless you’ve got a
very good reason.
3. Don’t fly over other people’s
private property without permission if you can easily avoid doing so.
4. Don’t gather personal data for
no reason, and don’t keep it for longer than you think you have to.
5. If you keep sensitive data about
other people, secure it against loss or theft.
6. If someone asks you to delete
personal data about him or her that you’ve gathered, do so, unless you’ve got a
good reason not to.
7. If anyone raises privacy,
security, or safety concerns with you, try and listen to what they have to say, as long as they’re polite
and reasonable about it.
8. Don’t harass people with your
drone.
(Related)
FAA Releases Drone Registration Location Data
by Sabrina I. Pacifici on May 21, 2016
“The Federal Aviation Administration (FAA) posted [May 18,
2016] a large
database showing the city, state and zip code of each registered drone
owner. Release of the database responds
to a number of Freedom of Information Act (FOIA) requests submitted since the
new unmanned aircraft registration system began operating on December 21, 2015.
The FAA is not posting the names and
street addresses of registered owners because the data is exempt from
disclosure under a FOIA exemption that protects information in agency files
from a clearly unwarranted invasion of personal privacy. The FAA based its determination to post only
city, state and zip code on several factors, including, in part, that many of
the registrants are minors and only hobbyists or recreational users. In addition, when the FAA published its
Federal Register notice pertaining to the new unmanned aircraft registration
system it specifically advised the public that name and addresses would only be
available by the registration number issued to the registrant. For these reasons, the FAA believes the
privacy interest in such data outweighs any public interest.
You can view and search the registration data at: http://www.faa.gov/foia/electronic_reading_room/media/Reg-by-City-State-Zip-12May2016.xlsx“
Might be useful.
Microsoft Academic: intelligent bots at your service
by Sabrina I. Pacifici on May 21, 2016
Microsoft Research Blog: “Progress in AI research and
applications is exploding, and that explosion extends to our own team working
on academic services. Continuing our
work supercharging Bing and Cortana, we are also applying new technologies to Microsoft Academic, which
serves the research community. If you’re
not familiar with Microsoft Academic, this online destination helps researchers connect with the papers,
conferences, people, and ideas that are most relevant, using bots that
read, understand, and deliver the scientific news and papers researchers need
to further their work. Designed by and
for researchers like myself, the site puts the broadest and deepest set of
scientific information at your fingertips, with the ability to go beyond
keywords to the contextual meaning of the content. Recently, we further enhanced the analytic
content so users can see the latest research, news, and people, ranked by
importance and credibility. Users can
even drill down on the people, events, and institutions they care most about. Behind the scenes, we are taking advantage of
the fact that machines do not require time to sleep or eat, and have superior
memory to humans. We have trained our AI
robots to read, classify, and tag every document published to the web in real
time. The result is a
massive collection of academic knowledge we call the Microsoft Academic Graph
(MAG), which is growing at roughly 1 million articles per week. While one set of robots is busy gathering
knowledge from the web, another set of robots is dedicated to analyzing
citation behaviors and computing the relative importance of each node in the
MAG so that users are always presented with information they need and want…”
No comments:
Post a Comment