Ah Mickey, we warned you not to let Goofy program that
App.
Ashley Cullins reports:
A San Francisco mom says her
child was illegally tracked while using the Disney Princess Palace Pets app.
Amanda Rushing, on behalf of her
child referred to as “L.L.,” is suing The Walt Disney Company, Disney
Electronic Content and others in a proposed class action filed Thursday in
California federal court.
Rushing claims an
advertising-specific software development kit is surreptitiously embedded in
the code for the app, and that’s how Disney is collecting personal information
and tracking online behavior.
Familiar words before elections. Any real change? NOTE: What they have added reflects what they
had failed to do earlier.
States ramping up defenses against election hacks
… “We’ve upgraded all of our security,” said
Michele Reagan, the Arizona secretary of state. “Some of the things I can’t talk about
because, of course, we don’t want to give the bad guys a road map.”
Arizona was one of several states whose election systems
Russian hackers are believed to have targeted ahead of the presidential
election. The state was forced to shut
down its voter registration system for several days last summer, after a hacker
gained access to a computer connected to the database.
The hacker never gained access to the actual voter
database, but the incident spurred fears that data could have been stolen or,
worse, altered.
… Since then,
Arizona has focused on implementing multi-factor authentication for its
systems, ensuring employees have strong passwords, and adapting other “best
practices” recommended by the federal government.
… Security experts
are still divided over the extent of hacking risks to actual voting machines. Some say that because many different voting
machines are used across the country and because they are not connected to the
internet, that would make any large scale attack hard to carry out.
…
“Some election
functions are actually quite centralized,” Alex Halderman, a University of
Michigan computer science professor,
told the
Senate Intelligence Committee in June.
“A small number of election technology vendors
and support contractors service the systems used by many local governments.
Attackers could target one or a few of these
companies and spread malicious code to election equipment that serves millions
of voters.”
Further highlighting the issue, at the DEF CON
cybersecurity conference in Las Vegas last weekend, security experts
successfully
hacked into
30 different voting machines brought in for participants to experiment.
Corman, who was at the conference, noted that the hackers required physical access to actually
infiltrate the machines and, once hacked, the machines showed signs they were
hacked. [But is anyone looking? Bob]
This guy is probably on my next batch of Ethical Hacking
trading cards.
Meet Alex, the Russian Casino Hacker Who Makes Millions
Targeting Slot Machines
… But Alex
couldn’t just cash out as if he owned an ordinary startup because his business
operates in murky legal terrain. The
venture is built on Alex’s talent for reverse engineering the algorithms—known
as pseudorandom number generators, or PRNGs—that govern how slot machine games
behave. Armed with this knowledge, he
can predict when certain games are likeliest to spit out money—insight that he
shares with a legion of field agents who do the organization’s grunt work.
These agents roam casinos from Poland to Macau to Peru in
search of slots whose PRNGs have been deciphered by Alex.
They use phones to record video of a
vulnerable machine in action, then transmit the footage to an office in St.
Petersburg.
There, Alex and his
assistants analyze the video to determine when the games’ odds will briefly
tilt against the house.
They then send
timing data to a custom app on an agent’s phone; this data causes the phones to
vibrate a split second before the agent should press the “Spin” button.
By using these cues to beat slots in multiple
casinos, a four-person team can
earn more than $250,000 a week.
A bit too forgiving of basic design errors? Note too that testing with live data (data
that has already passed all regular edit) does not exercise new software.
Blood Service escapes penalties in data breach investigation
The Australian Red Cross Blood Service and its website
contractor have escaped penalties from the country's privacy watchdog over a
2016 data breach that exposed the data of 550,000 donors.
In late October last year the Blood Service revealed its
website partner Precedent had inadvertently exposed a
1.74GB database backup containing 1.28 million records entered
by donors as part of the appointment booking process.
… The contents of
the exposed file contained people's names, genders, physical and email
addresses, phone numbers, date and country of birth, as well as sensitive
medical information like blood type and instances of high-risk sexual
behaviour.
…
The OAIC today
announced the results of its 10-month investigation [
pdf], finding that the Blood Service was not directly
responsible for the breach but did contribute to it.
It said the processes the Blood Service had in place to
protect personal information were mostly
adequate, but it breached
Australian privacy principles by storing the Donate Blood website
data indefinitely and by not ensuring information held by third parties was
properly protected.
…
The OAIC
conducted a related review [
pdf] into Precedent's role in the breach, finding that the
firm had somewhat more seriously contravened Australia's privacy legislation.
… Additionally,
the OAIC said there was no need for
Precedent to use live data for the testing site, or to locate the
UAT environment on a server that was partially accessible to the public.
Are all of these people Russians? Is this “fake news” or merely ‘highly
selective news excerpts?”
Political Donors Put Their Money Where the Memes Are
Imagine you’re a millionaire or billionaire with strong
political views and a desire to spread those views to the masses.
Do you start a think tank in Washington?
Funnel millions to a shadowy “
super PAC”?
Bankroll the campaign of an up-and-coming
politician?
For a growing
number of deep-pocketed political donors, the answer is much more contemporary:
Invest in internet virality.
(Related)
McMaster: Russia Is Trying To ‘Break Apart Europe’ With
Disinformation And Propaganda
… McMaster
characterized it as a “sophisticated campaign of subversion and disinformation
and propaganda that is going every day in an effort to break apart Europe and
that pit political groups against each other … to sow dissension and conspiracy
theories.”
(Related)
Alliance for Securing Democracy – Hamilton 68: A New Tool to
Track Russian Disinformation on Twitter
“The Alliance for Securing Democracy, a bipartisan,
transatlantic initiative housed at The German Marshall Fund of the United
States (GMF), will develop comprehensive strategies to defend against, deter,
and raise the costs on Russian and other state actors’ efforts to undermine
democracy and democratic institutions. The
Alliance will work to publicly document and expose Vladimir Putin’s ongoing
efforts to subvert democracy in the United States and Europe…”
Since Russia’s interference in
the 2016 U.S. election, many have warned that Putin will be back in 2018 and
2020. But the reality is that Russian
influence operations never left. As
former Director of National Intelligence James Clapper recently stated, the
Kremlin is already beginning to “prep the battlefield” for the 2018 elections. But what does this mean? Russia’s activities continue on multiple
fronts. One happening right under our
nose and in plain sight is its continued information operations aimed at
spreading propaganda and disinformation online.
Indeed, Russia’s information operations in 2016 did not happen overnight
— they were enabled by a foundation built over several years of operations in
U.S. information space. Since the
election, Russia’s efforts to shape what Americans think has continued. Americans deserve to know what messages
Russian disinformation networks are pushing.
“In the Federalist Papers No.
68, Alexander Hamilton wrote of protecting America’s electoral process from
foreign meddling. Today, we face foreign
interference of a type Hamilton could scarcely have imagined.”
The
Hamilton 68 dashboard, launching today
as part of the
Alliance for Securing Democracy,
provides a near real-time look at Russian propaganda and disinformation efforts
online.
The top of the page shows tweets
from official Russian propaganda outlets in English, and a short post
discussing the themes of the day.
This
is Russia’s overt messaging.
But these
disinformation networks also include bots and trolls that synchronize to
promote Russian messaging themes, including attack campaigns and the spreading
of disinformation.
Some of these
accounts are directly controlled by Russia, others are users who on their own
initiative reliably repeat and amplify Russian themes.
Our analysis is based on linked 600 Twitter
accounts to Russian influence activities online, and the lower section of the
dashboard features charts that display topics, hashtags, and links currently
promoted by this network.
The content
this network tweets reflects Russian messaging priorities, but that does not
mean every name or link you see on the dashboard is pro-Russian.
The network sometimes amplifies stories that
Russia likes, or people with like-minded views but no formal connection to
Russia.
Importantly, the network also
tweets about stories and people that Russia seeks to discredit or attack…”
Lawyer tech? Just
like real people, “automating manual tasks is the technology concept
with the greatest upside.”
LawSites – The 10 Technologies That Most Drive Law Firm
Effectiveness
Robert Ambrogi: “A survey released yesterday on the
business of law and legal technology finds that competition for legal services
remains high, demand remains relatively flat, and law firms are feeling
pressure to lower prices and enhance operational efficiency.
But what caught my eye in the survey was the
question, “Which technologies provide law firms with the greatest overall
effectiveness?”
The
2017 Aderant Business of Law and Legal Technology
Survey, conducted by
Aderant, a provider of business management software
for lawyers, surveyed 112 respondents in U.S. firms, most of whom are in
financial, accounting or C-suite roles.
Most
of the respondents said that the performance of their firm this year is about
the same as last year, and that the top challenges they face are:
- Pricing pressure.
- Improving operational efficiency.
- Winning new business.
- Growing more business from existing customers.
- Improving law firm agility and adaptability…”
Perspective.
Myth of one internet has morphed into reality of the
‘splinternet’
August
4, 2017, Terry Flew: “Both
The Economist and
WIRED are worried about the
“splinternet”.
The UK research
organisation NESTA
thinks it could “break up” the world wide web as we
know it.
What is this awkwardly named
idea?
It’s the concept that someone’s
experience of the internet in Turkey, for example, is increasingly different
from their experience of the internet in Australia.
Travellers to China, in particular, will be
familiar with this phenomenon.
Thanks to
the government’s tight control, they have to use Baidu rather than Google as
their search engine, and are unable to access Facebook or news sites like The
Economist and the New York Times.
We
have a growing splinternet because of regional content blocking and the need
for companies to comply with diverse, often conflicting national policies,
regulations and court decisions.
This
tension is particularly apparent when it comes to the likes of Google, Facebook
and Twitter.
These
platform
companies have users in almost every country, and governments are increasingly
insisting that they comply with local laws and cultural norms when it comes to
access and content… the splinternet refers to a broader tendency to use laws
and regulatory powers within territorial jurisdictions to set limits on digital
activities…”
They’re not just for dropping bombs. But this probably started with bomb damage
assessment drones.
Your insurance adjuster may soon be a drone or an app
…
As per the
2017 Future of Claims Study survey by LexisNexis Risk
Solutions, these companies are looking to “virtual” or “touchless” methods of
handling claims.
In fact, a solid 38
percent of insurers are said to no longer send human employees for physical
inspections.
Instead, they’re using
drones and apps.
Faster and more efficient than their human counterparts,
drones
(and the
photos they take), apps, and artificial intelligence are
revolutionizing the insurance industry.
As
the
Wall Street Journal noted, filing a claim has traditionally
involved a long and rather arduous process, taking weeks and many a phone call
to resolve.
But now, drones and other
technology could be injecting the industry with some much-needed efficiency.
New technology requires new skills. I better start boning up…
Companies Can Put Shareholders on a Blockchain Starting Today
Blockchain got a big boost on Tuesday when a Delaware law
went into effect that lets corporations maintain shareholder lists, along with
other corporate records, using the technology. Already, several companies, including the
retailer Overstock, say they intend to use it.
Delaware's decision to bless
blockchain—which is a
type
of software that creates indelible records across multiple computers—is
significant because the state is America's
de facto
corporate law capital, and more than two-thirds of Fortune 500 companies are
incorporated there.
According to lawyers and state officials,
the new law ensures companies will not face legal trouble if they choose to
keep a list of shareholder names, which they must do by law, on a blockchain
instead of conventional methods like an Excel spreadsheet or a SQL database.
An innovative product that every employee will want. (and everyone in the White House should
wear!)