Friday, October 20, 2017

I like it! (But it probably won’t happen.)
Equifax Deserves the Corporate Death Penalty
Equifax is in trouble. The credit reporting company failed to protect the personal financial data of as many as 143 million Americans. Equifax's failure exposed not just names and addresses, but also Social Security numbers, birth dates, drivers' license numbers, and credit card numbers. The Federal Trade Commission, Congress, and about 40 state attorneys general are investigating the data breach, and both the Massachusetts attorney general and the city of San Francisco are suing on behalf of residents whose information was compromised.
That's a start. But it's not enough. Equifax's failure calls for the corporate death penalty, through a rare but vital procedure called judicial dissolution.
Under the law of Georgia, where Equifax is incorporated, the state attorney general may file a lawsuit in state court to dissolve a corporation if the corporation "has continued to exceed or abuse the authority conferred upon it by law." (All 50 states have similar provisions.) State attorneys general don't invoke these corporate death penalty statutes often, especially not against large, well-known corporations. But Equifax could not have obtained its unusually important position in our economy without the privileges of a corporate charter conferred by law, and it has forfeited its claim to those privileges.




This happens with patches for any useful flaw.
Russian Hackers Exploit Recently Patched Flash Vulnerability
The Russia-linked cyber espionage group known as APT28 has been using a recently patched Adobe Flash Player vulnerability in attacks aimed at government organizations and aerospace companies, security firm Proofpoint reported on Thursday.
APT28, which is also known as Fancy Bear, Pawn Storm, Strontium, Sofacy, Sednit and Tsar Team, started launching attacks using CVE-2017-11292 on October 18, Proofpoint said. It’s unclear if APT28 discovered the exploit on its own, purchased it, or reverse engineered the one used in the BlackOasis attack.
Nevertheless, Proofpoint pointed out that the cyberspies are likely trying to take advantage of the recently fixed vulnerability before Adobe’s patch is widely deployed by users.




Another “why change the default” problem?
Since 2015, this site has been reporting on data leaks due to misconfigured databases or devices that are indexed on shodan.io or other specialized search engines. Many of the leaks I have reported on involve AWS S3 buckets. And despite the fact that Amazon has issued reminders and guidance to its customers about securing buckets, there is still widespread leakage.
We all know you can lead a horse to a security tool or advice, but you can’t make them use it. With that in mind, kudos to Kromtech Security for developing and making freely available a tool to help administrators check whether their Amazon S3 bucket is allowing public access when it shouldn’t be.
We decided to make a Simple tool that can help Amazon S3 users quickly check their S3 buckets for public access. The tool gives users a report that they can then use to shut down any unwanted public access to the S3 buckets and the valuable data they contain. This free tool can provide an extra layer of security so that users can be confident that their data is well-protected and is not accessible or being downloaded by unauthorised users.
Read more here and get the tool here.




Can we keep generating public interest or will boredom (apathy) allow DoJ to win in the end?
Tim Cushing reports:
It’s amazing what effect a little public scrutiny has on government overreach. In the wake of inauguration day protests, the DOJ started fishing for information from internet service providers. First, it wanted info on all 1.2 million visitors of a protest website hosted by DreamHost. After a few months of bad publicity and legal wrangling, the DOJ was finally forced to severely restrict its demands for site visitor data.
Things went no better with the warrants served to Facebook. These demanded a long list of personal information and communications from three targeted accounts, along with the names of 6,000 Facebook users who had interacted with the protest site’s Facebook page. Shortly before oral arguments were to be heard in the Washington DC court, the DOJ dropped its gag order.
Read more on TechDirt.




Enough?
A Calendar of Our Safety Work
As we said last week, we’re updating our approach to make Twitter a safer place. This won’t be a quick or easy fix, but we’re committed to getting it right. Far too often in the past we’ve said we’d do better and promised transparency but have fallen short in our efforts. Starting today, you can expect regular, real-time updates about our progress.
… Here is a calendar of the upcoming changes we plan to make to the Twitter Rules, how we communicate with people who violate them, and how our enforcement processes work.




Perspective. Maybe Denver doesn’t need Amazon.
Denver-based email company SendGrid files for initial public offering of stock
After months of speculation, SendGrid made it official and filed documents this week for an initial public offering.
… The company expects to list its common stock on the New York Stock Exchange under the ticker symbol “SEND.”
SendGrid joins a rare list of Colorado tech companies that have gone public in recent years. Earlier this month, the parent of Golden-based HomeAdvisor acquired Angie’s List and combined the two into a new company, ANGI Homeservices, which began trading on the Nasdaq. In May, cable provider WideOpenWest in the Denver Tech Center began trading on the NYSE. In 2013, Boulder-based Rally Software went public, though it was later acquired by software firm CA Technologies. Boulder-based telecom Zayo Group went public in 2014.




Think Fortune can predict the future?
Welcome to the inaugural Fortune Future 50, our new ranking of companies best positioned for breakout growth. Produced in partnership with BCG, the Future 50 is divided into two lists: the 25 Leaders (companies with a market value above $20 billion) and the 25 Challengers (those below $20 billion when the ranking was done).




A stray thought: Should we ask AlphaGo Zero to determine what we should ask it to learn?
Google DeepMind AlphaGo Zero AI Can Now Self-Train Without Human Input
The new AI is the followup to the original AlphaZero AI that dominated all human players in an ancient Chinese game called "Go".
… AlphaGo Zero completed three days of self-learning and then challenged AlphaGo for a match. Zero decimated its predecessor winning 100 games out of 100. "AlphaGo Zero not only rediscovered the common patterns and openings that humans tend to play ... it ultimately discarded them in preference for its own variants which humans don’t even know about or play at the moment," said AlphaGo lead researcher David Silver.




Perspective.
The Future of Truth and Misinformation Online
by Sabrina I. Pacifici on Oct 19, 2017
Pew Report, October 19, 2017Experts are evenly split on whether the coming decade will see a reduction in false and misleading narratives online. Those forecasting improvement place their hopes in technological fixes and in societal solutions. Others think the dark side of human nature is aided more than stifled by technology… A Pew Research Center study conducted just after the 2016 election found 64% of adults believe fake news stories cause a great deal of confusion and 23% said they had shared fabricated political stories themselves – sometimes by mistake and sometimes intentionally.




For my students, cable cutters or not.
Have you dreamed of cutting the cord but never been sure it’s right for you? Well, you’re in luck. This weekend, you’ll be able to dip your toes in the water and see how it feels.
It’s all thanks to Sling TV. The popular television streaming provider is offering a whole day of free viewing on Sunday, October 22. But what precisely will be available? And how do you get involved? Keep reading to find out.




For my Spreadsheet students. Is this going to be better? ALWAYS worth looking.
Coda is a next-generation spreadsheet designed to make Excel a thing of the past
… Mehrotra began to fixate on a question: what would documents and spreadsheets look if they were invented today?
Coda, a company Mehrotra co-founded with his fellow former Googler Alex DeNeui, represents his answer to that question.


No comments: