Here is how the pros do it. I wonder if anyone
has recommended an App to President Trump?
North
Korea-tied hackers used Google Play and Facebook to infect defectors
Researchers said a team of hackers tied to North
Korea recently managed to get the Google
Play market to host at least three Android apps designed to
surreptitiously steal personal information from defectors of the
isolated nation.
The three apps first appeared in the official
Android marketplace in January and weren’t removed until March when
Google was privately notified. That’s according to a blog
post published Thursday by researchers from security company
McAfee. Two apps masqueraded as security apps, and a third purported
to provide information about food ingredients. Hidden functions
caused them to steal device information and allow them to receive
additional executable code that stole personal photos, contact lists,
and text messages.
The apps were spread to selected individuals, in
many cases by contacting
them over Facebook. The apps had about 100 downloads when
Google removed them. Nation-operated espionage campaigns frequently
infect a small number
of carefully selected targets and keep the number small in
an attempt to remain undetected. Thursday’s report is
the latest to document malicious apps
that bypassed Google filters designed to keep bad wares
out of the Play market.
… In January, McAfee reported finding
malicious apps targeting North Korean journalists and defectors.
Some of the Korean words found in the control servers weren’t used
in South Korea but were used in North Korea. The researchers also
found a North Korean IP address in a test log file of some Android
devices that were connected to accounts used to spread the malware.
McAfee said the developers didn’t appear to be connected to any
previously known hacking groups. The researchers named the group Sun
Team after finding a deleted folder called “sun Team Folder.”
Just one of millions of the tiny errors that
hacker exploit.
Cell phone
tracking firm exposed millions of Americans' real-time locations
… The company, LocationSmart, is a data
aggregator and claims to have
"direct connections" to cell carriers to obtain
locations from nearby cell towers. The site had its
own "try-before-you-buy" page that lets you test the
accuracy of its data. The page required
explicit consent from the user before their location data can be
used by sending a one-time text message to the user. When we tried
with a colleague, we tracked his phone to a city block of his actual
location.
But that website had a bug that allowed anyone to
track someone's location silently without their permission.
"Due to a very elementary bug in the website,
you can just skip that consent part and go straight to the location,"
said Robert Xiao, a PhD student at the Human-Computer Interaction
Institute at Carnegie Mellon University, in a phone call.
"The implication of this is that
LocationSmart never required consent in the first place," he
said. "There seems to be no security oversight here."
It’s a start...
DHS
Publishes New Cybersecurity Strategy
The
U.S. Department of Homeland Security (DHS) this week published its
long-delayed Cybersecurity Strategy. It had been mandated by
Congress to deliver a strategy by March 2017, and did so on May 15,
2018.
The
strategy is defined in a high-level document (PDF)
of 35 pages. Its scope is to provide "the Department with a
framework to execute our cybersecurity responsibilities during the
next five years to keep pace with the evolving cyber risk landscape
by reducing vulnerabilities and building resilience; countering
malicious actors in cyberspace; responding to incidents; and making
the cyber ecosystem more secure and resilient."
… Of
necessity, however, the five pillars and seven goals are defined in
very basic terms. They define objectives, sub-objectives and
outcomes – but with little on methods. For example, goal #1 (the
risk identification pillar) is to assess evolving cybersecurity
risks. This will be achieved by working with "stakeholders,
including sector-specific agencies, nonfederal cybersecurity firms,
and other federal and nonfederal entities, to gain an adequate
understanding of the national cybersecurity risk posture, analyze
evolving interdependencies and systemic risk, and assess changing
techniques of malicious actors."
However,
nobody was able to predict, detect or prevent Russian meddling in the
2016 presidential election, nor the WannaCry and NotPetya outbreaks.
The implication is that something new and beyond just increased
interagency cooperation needs to be done to achieve genuine risk
identification.
Another
failed IT project?
US
federal immigration officials have abandoned pursuit of a
controversial machine-learning technology to help with "extreme
vetting" of foreign visitors
Sort of a multi-generational Big Brother to guide
the entire human race. You can’t say they don’t think big.
Google's
Hypothetical 'Selfish Ledger' Imagines Collecting All Your Data to
Push You to Change Society
A couple of years ago, Alphabet’s X “moonshot
factory” conjured up a concept that describes how total and
absolute data collection could be used to shape the decisions you
make. And now a video about that concept has leaked online.
The video was obtained and published
on Thursday by The Verge. It describes a so-called “Selfish
Ledger” that would collect all of your data, including actions you
make on your phone, preference settings, and decisions you make, and
not just keep it there for future evaluation. Instead, the ledger,
which would be designed and managed by Google, would interpret that
information and guide you down a path towards reaching a goal, or on
a broader scale, doing your part to help solve poverty or other
societal problems.
(Related)
20 years of
the Laws of Cyberspace
What if an architecture emerges that permits constant monitoring; an architecture that facilitates the constant tracking of behavior and movement. What if an architecture emerged that would costlessly collect data about individuals, about their behavior, about who they wanted to become. And what if the architecture could do that invisibly, without interfering with an individual’s daily life at all? … This architecture is the world that the net is becoming. This is the picture of control it is growing into. As in real space, we will have passports in cyberspace. As in real space, these passports can be used to track our behavior. But in cyberspace, unlike real space, this monitoring, this tracking, this control of behavior, will all be much less expensive. This control will occur in the background, effectively and invisibly. -Lawrence Lessig, “The Laws of Cyberspace,” 1998
My
cousin, the crook?
DNA Data
From 100 Crime Scenes Has Been Uploaded To A Genealogy Website —
Just Like The Golden State Killer
The remarkable sleuthing method that tracked down
the Golden State Killer was not a one-off. A company in Virginia is
now working with several law enforcement agencies to solve cases
using the same “genetic genealogy” approach that led
investigators in California to arrest Joseph
James DeAngelo.
The company, Parabon NanoLabs, has already loaded
DNA data from about 100 crime scenes into a public genealogy database
called GEDmatch.
And in about 20 of these cases, the company says, it has found
matches with people estimated
to be the suspect’s third cousins or even closer relatives.
“We were actually pretty surprised,” Ellen
Greytak, Parabon’s director of bioinformatics, told BuzzFeed News.
With those known genetic connections, she said, investigators have a
good chance of using genealogical research to draw family trees and
identify possible suspects. Some arrests could come quickly, she
suggested. “I think
there is going to be press around this very soon.”
About time!
… At Microsoft, Horvitz helped establish an
internal ethics board in 2016 to help the company navigate
potentially tricky spots with its own AI technology. The group is
cosponsored by Microsoft’s president and most senior lawyer, Brad
Smith. It has prompted the company to refuse business from corporate
customers, and to attach conditions to some deals limiting the use of
its technology.
Horvitz declined to provide details of those
incidents, saying only that they typically involved companies asking
Microsoft to build custom AI projects. The group has also trained
Microsoft sales teams on applications of AI the company is wary of.
Google … promised that it would require a new,
hyperrealistic form of its voice assistant to identify itself as a
bot when speaking with humans on the phone. The pledge came two days
after CEO Sundar Pichai played impressive—and
to some troubling—audio clips in which the experimental
software made restaurant reservations with unsuspecting staff.
(Related)
What Google
isn't telling us about its AI demo
… Axios asked Google for the name of the hair
salon or restaurant, in order to verify both that the businesses
exist and that the calls were not pre-planned. We also said that
we'd guarantee, in writing, not to publicly identify either
establishment (so as to prevent them from receiving unwanted
attention).
A longtime Google spokeswoman declined to provide
either name.
We also asked if either call was edited, even
perhaps just cutting the second or two when the business identifies
itself. And, if so, were there other edits? The spokeswoman
declined comment, but said she'd check and get back to us. She
didn't.
Perspective. But all the political journalists
do.
Very Few
Voters Actually Read Trump’s Tweets
… since politicians are known for boring,
repetitive, long-winded speeches, what could be a better political
platform than one that literally forbids using more than 280
characters at a time? Twitter seems good for Trump, too: As his
allies
often say, it gives the president a way to speak directly to the
American electorate, getting around the media’s filter. Trump’s
Twitter account is followed by 52
million people, not that far off from the nearly 63
million who voted for him in 2016.
But some data released this week should give Trump
and his supporters pause about the power of his Twitter account in
directly reaching American voters — and push the media to think
carefully about its coverage of Trump’s tweets. Only 8 percent of
U.S. adults say they follow Trump’s Twitter account
(@realDonaldTrump),
and only 4 percent say they follow his account and regularly read the
president’s tweets, according to a new
Gallup poll.
Zillman makes large and useful collections.
Always worth a careful read!
New on LLRX
– 2018 New Economy Resources and Tools
Via LLRX.com
– 2018
New Economy Resources and Tools – This guide by Marcus
Zillman provides researchers in multiple disciplines – law,
economists, academia, government, corporate, and journalism – the
latest, most reliable web resources for discovering sources to meet
the multifaceted needs of time sensitive, specific, actionable work
product. The global economic landscape is rapidly changing as
transparency, big data and the ability to access data from new and
now accessible databases are increasingly available through portals
and sites around the world. Understanding how to locate and leverage
new economy analytics, resources and alerts will provide you with
keep tools and techniques to expand access to requisite knowledge
that you can apply daily in your work place.
Could be handy for my researchers…
No comments:
Post a Comment