Wednesday, November 08, 2017

So many fail to protect their data that Amazon is now checking how they set up security. Still not making “best practices” the default. I wonder why?
New tools help could help prevent Amazon S3 data leaks
If you do a search for Amazon S3 breaches due to customer error of leaving the data unencrypted, you’ll see a long list that includes a DoD contractor, Verizon (the owner of this publication) and Accenture, among the more high profile examples. Today, AWS announced a new set of five tools designed to protect customers from themselves and ensure (to the extent possible) that the data in S3 is encrypted and safe.
For starters, the company is giving the option of default encryption. [But not encryption by default? Forcing the client to override “best practice” Bob]
… Amazon is putting a signal front and center on the administrative console that warns admins with a prominent indicator next to each S3 bucket that has been left open to the public. [But not private by default? Bob]
… Finally, should all else fail, there is a report, which includes the encryption status of each object in S3. Of course, you have to read it, but it’s there as an additional tool in the battle against human error. [No doubt the Auditors will want a copy. Bob]




My Computer Security students have been discussing how to hack an election.
The Computer Scientist Who Prefers Paper
Barbara Simons believes there is only one safe voting technology.




This can’t be right. There are a few hundred questions I might ask before I would consider recommending this. Why not have the “hash” created on the victim’s computer? Will they accept video from children? Won’t a man-in-the-middle attack siphon off every photo or video?
Facebook’s unorthodox new revenge porn defense is to upload nudes to Facebook
Facebook is testing a new preemptive revenge porn defense in Australia that may, at first blush, feel counterproductive: uploading your nude photos or videos directly to Messenger. According to the Australia Broadcasting Corporation, Facebook has partnered with the office of the Australian government’s e-Safety Commissioner, which works primarily to prevent the online abuse of minors, to develop the new system for combating the nonconsensual sharing of explicit media.
By uploading the images or videos you fear may be shared in the future in an attempt to shame or harass you online, Facebook can digitally “hash” the media, effectively giving it a digital footprint. This allows the social network to track the media using the same artificial intelligence-based technologies it uses in its photo and face matching algorithms, and then prevent it from being uploaded and shared in the future. This works only if you’re in possession of the original file, but it would seem to bypass any attempts from a malicious third party to alter the metadata by analyzing and tagging the actual content of the image or video.
Facebook first implemented a similar, although less preemptive, mechanism for preventing the proliferation of revenge porn back in April, with the implementation of a photo-matching system to prevent the spread of images that have already been reported and taken down. The company has also liberally banned accounts for revenge porn activities. But now Facebook seems to be asking users to think ahead and play it safe if they feel particularly vulnerable, which could be the case in a relationship that becomes abusive over time or only after it’s ended.


(Related)
Facebook doesn’t just know too much about you — it allows other people to know too much about you! The social network’s privacy settings are so complicated that we managed to write a 4,500-word guide about them and still didn’t manage to cover everything.
Did you know you can use a secret URL to see the entire Facebook history of any two people on the network? (For people you aren’t friends with, it’ll only show their publicly-available interactions.)


(Related) Maybe this social media stuff is really hard? How would you do it?
Facebook's fake news experiment backfires
A Facebook test that promoted comments containing the word fake to the top of news feeds has been criticised by users.
The trial, which Facebook says has now concluded, aimed to prioritise "comments that indicate disbelief".
It meant feeds from the BBC, the Economist, the New York Times and the Guardian all began with a comment mentioning the word fake.
The test, which was visible only to some users, left many frustrated.
The comments appeared on a wide range of stories, from ones that could be fake to ones that were clearly legitimate. The remarks, which would appear at the top of the comments section, came from a variety of people but the one thing that they had in common was the word fake.
"Clearly Facebook is under enormous pressure to tackle the problem of fake news, but to question the veracity of every single story is preposterous," said Jen Roberts, a freelance PR consultant.
"Quite the reverse of combating misinformation online, it is compounding the issue by blurring the lines between what is real and what isn't. My Facebook feed has become like some awful Orwellian doublethink experiment."




Finding “acceptable” reasons for intensive surveillance?
Mobile phone tracking data 'could replace census questions'
Thousands of people have had their movements tracked by the Office for National Statistics to see if they can find out where they live and work.
The ONS is trying to build up a picture of people's daily commute - something it normally asks about in the census.
Mobile phones create a record of every location visited by the user if the phone is switched on.
The experiment ... tracked where phones were overnight, to work out where users lived, and where they travelled during the day, which was assumed to be their place of work.
… The census has been carried out every 10 years since 1801, with the exception of 1941, to provide a snapshot of the size of the country's population and details about how people live and work.
But the government wants the next census, in 2021, to be the final one to be carried out using the traditional paper-based questionnaire method.




If it is really needed, I’m sure the FBI can hire the same firm that cracked the phone used in the San Bernardino attack. They should already know who he called or received calls from.
FBI can’t unlock Texas shooter’s phone




Moving too quickly into unfamiliar tech areas could also be dangerous. I like the idea of shared security though.
Deutsche Bank's CEO Hints at Thousands of Job Cuts
Deutsche Bank CEO John Cryan dropped his clearest hint about the scale of his planned slash-and-burn exercise at Germany’s biggest lender.
“We employ 97,000 people,” Cryan told the Financial Times. “Most big peers have more like half that number.”
Cryan has warned repeatedly that technology will allow big savings across his sprawling empire, and recent media reports suggest he’s under increasing pressure from shareholders to deliver, having also suspended the bank’s regular dividend.
… “We’re too manual, which can make you error-prone and it makes you inefficient. There’s a lot of machine learning and mechanisation that we can do,” Cryan said.
… Cryan told the FT that further branch closures and cooperation with rivals in the area of crime prevention and detection were also areas where savings can be made. “Every bank at the moment has a huge and burgeoning department of people who are doing the same stuff,” he said. “It’s not a source of competitive advantage and you’re exposed to making your own mistakes.


No comments: