Thursday, July 06, 2017

Perhaps they were looking for recruits?
Terrence Mawawa reports:
Daring robbers broke into the office of Gutu Magistrate, Edwin Marecha, and stole two computers.
[…]
According to sources at the Gutu Magistrates’ Court, the robbers targeted the two computers only- indicating a likelihood that they probably were after destroying criminal records and related evidence.
Read more on ZimEye.


Perspective.  (It helps)
Understanding Geopolitics Key to Analyzing Cyber Espionage: German Intelligence Service
Understanding geopolitics is key to understanding the perpetrators and victims of cyber espionage.  This is one of the key messages from the German federal domestic intelligence service (BfV) 2016 annual report (summary PDF). 
   Russia, suggests the BfV, advocates a multipolar world -- but is suffering economically from the EU's economic sanctions imposed over the Crimea/Ukraine crisis.  A key driver in Russian foreign policy is to induce the West to lift these sanctions.  "Obtaining advance information about the positions of the Federal Government and opposition parties increases Russia's leverage in negotiations and creates opportunities for counter-measures."
   Chinese activities, suggests the BfV, are guided by three key policies: territorial integrity and protecting the communist party's hegemony; expanding China's geopolitical and military power; and modernizing the economy.  "For this reason," it says, "the intelligence services' activities abroad are primarily focused on gathering intelligence about political decision-making processes, on obtaining technological know-how and on the opposition to the system." 
   The primary motivation for the Iranian intelligence services is to spy on and suppress opposition movements at home and abroad.


For my Computer Security students.  How to get it right?
U.N. survey finds cybersecurity gaps everywhere except Singapore
Singapore has a near-perfect approach to cybersecurity, but many other rich countries have holes in their defenses and some poorer countries are showing them how it should be done, a U.N. survey showed on Wednesday.
   The ranking was based on countries' legal, technical and organizational institutions, their educational and research capabilities, and their cooperation in information-sharing networks.


Something to share with my students.


I think Troy is on to something here.  Certainly stage one (Denial) would explain why so many breach victims grossly underestimate what has been compromised.
The 5 Stages of Data Breach Grief


Seems logical to me.
Andrew Crocker and Nate Cardozo write:
Can the government stop you from finding out it’s been looking through your private Facebook content as part of a “secret” investigation that’s not actually secret?  That’s the question raised by an alarming case pending in the Washington D.C. Court of Appeals.  Facebook has described the investigation as “known to the public,” and the timing and venue match the January 20th, 2017 Presidential Inauguration protests (known as “J20”), the investigation of which is indeed quite public.  But even if the warrants pertain to another investigation, the government should not be allowed to impose gag orders with respect to any information that is already publicly known.
Read more on EFF.


Seems illogical to me. 
C. Ryan Barber reports:
The Federal Trade Commission on Wednesday adopted an indemnity policy that will shield lawyers and other staff from any personal liability for enforcement actions that draw a lawsuit and expose them to a monetary judgment.
The policy, adopted without public comment, will allow the agency to cover the cost of any adverse judgments against staff who are sued over actions taken on behalf of the regulatory agency.  It comes as two FTC attorneys seek to fend off a lawsuit brought by LabMD Inc., the now-shuttered medical testing company that accused agency lawyers in 2015 of bringing a data privacy case based on “fictional” evidence.  The two FTC lawyers are fighting in a U.S. appeals court to overturn a ruling that exposes them to liability.
Read more on National Law Journal.


For my Software Assurance students.
How Do I Identify My Application Attack Surface?
   When identifying an application’s attack surface, you must first determine what will be in and out of scope.  Organizations deploy many different types of applications, and each may be treated differently from a risk management standpoint.  Common types of applications can include web applications, web – and micro – services, mobile applications, as well as other types of deployed software.  Applications may be treated differently based on where the software came from.  Some applications may be custom software developed in-house while others may have been developed by 3rd parties –on or offshore, or out-of-the-box from external vendors both large and small.  It is important to count any cloud services among an organization’s application attack surface because they are often used to store and manage sensitive information.


I’m thinking of asking my Software Assurance students to design an Election System?
What Happens If The Election Was A Fraud? The Constitution Doesn’t Say.


Some interesting questions with which I can bedevil my students.
I, Alexa: Should we give artificial intelligence human rights?
   the field of AI is currently making a bunch of things possible we never thought realistic in the past — such as self-driving cars or Star Trek-style universal translators.
Have we also reached the point where we need to think about rights for AIs?
   as AI surpasses animal intelligence, we’ll have to begin to consider how AIs compare to the kind of “rights” that we might afford animals through ethical treatment. […] a few years back English technology writer Bill Thompson wrote that any attempt to develop AI coded to not hurt us, “reflects our belief that an artificial intelligence is and always must be at the service of humanity rather than being an autonomous mind.”
   In 1984, the owners of a U.S. company called Athlone Industries wound up in court after their robotic pitching machines for batting practice turned out to be a little too vicious.  The case is memorable chiefly because of the judge’s proclamation that the suit be brought against Athlone rather than the batting bot, because “robots cannot be sued.”

(Related).
The Fourth Industrial Age will be about AI understanding us, not the other way around
   The digital revolution was about humans becoming accustomed to using computers all day, connecting with each other over social media, and even more arcane activities like learning how to use Photoshop.  In the Fourth Industrial Age, technology will slide further behind the curtain into more of an assistive role, one that is not meant to be all about shiny new gadgets and operating system updates.  In fact, eventually, the gadget craze will subside. It will be OS Who Cares.  We won’t think as much about the next iPhone or the latest Android tweaks; we’ll care about how much the interfaces, hardware, and connections can customize themselves to meet our needs and then step out of the way.

(Related).  A source of conflict for AI systems? 
When People Don’t Trust Algorithms
Dietvorst: When I was a Ph.D. student, some of my favorite papers were old works by [the late psychology scholar and behavioral decision research expert] Robyn Dawes showing that algorithms outperform human experts at making certain types of predictions.  The algorithms that Dawes was using were very simple and oftentimes not even calibrated properly.
A lot of others followed up Dawes’s work and showed that algorithms beat humans in many domains — in fact, in most of the domains that have been tested.  There’s all this empirical work showing algorithms are the best alternative, but people still aren’t using them.
So we have this disconnect between what the evidence says people should do and what people are doing, and no one was researching why.


“Of course, I’m not running for office.  But if you vote for me, I’ll give you money!” 
Zuckerberg: Universal basic income is a 'bipartisan idea'
   Zuckerberg in a Facebook post praised Alaska’s own universal basic income system, which is known as the Permanent Fund Dividend.  The state puts a portion of its annual oil revenue into the fund, which is then distributed to Alaskan residents at roughly $1,000 per person, depending on the year.
The added income can be “especially meaningful if your family has five or six people,” Zuckerberg said.


This could be useful.  What is the US equivalent?
UK’s Independent Factchecking Charity
by Sabrina I. Pacifici on Jul 5, 2017
Full Fact is the UK’s independent factchecking charity.  We provide free tools, information and advice so that anyone can check the claims we hear from politicians and the media…  In its short history, Full Fact has significantly improved the accuracy of public debate.  We publish factchecks and secure corrections, but we also champion a culture in which the public figures are held to higher standards of transparency and accountability.”  Users may conduct subject matter specific searches on key issues:


Tools for teaching.

No comments: