Wednesday, December 19, 2018

Phishing normally gives access only to the account phished. In this case it seems the cables are general ‘status reports’ distributed to all EU diplomatic offices as background.
'Thousands' of EU Diplomatic Cables Hacked: Report
The cables from the EU's diplomatic missions around the world reveal anxiety about how to handle US President Donald Trump as well as concerns about China, Russia and Iran.
There are extensive reports on the situation in Ukraine, where a conflict rumbles on between government forces and pro-Russian separatists, including a warning dating from February that Moscow may already have deployed nuclear warheads in Crimea, which it annexed in 2014.
The NYT said that according to Area 1, the techniques used by the hackers over the course of three years were similar to those used by an elite Chinese military unit.
The hackers apparently gained access to the diplomatic communications network after a simple "phishing" campaign targeting EU officials in Cyprus.




There must be money here.
Truecaller: Spam calls jumped over 300% in 2018




I suspect this is a re-hash of the September GAO report.
Congressional Report on the 2017 Equifax Data Breach
The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this.
Here is my testimony before before the House Subcommittee on Digital Commerce and Consumer Protection last November.
[The earlier report is available at: https://www.gao.gov/assets/700/694158.pdf




What can you do when even your toaster turns on you?
The Coming Commodification of Life at Home
As internet-connected devices and appliances accumulate, one academic foresees “the monetization of every move you make.”
“Imagine this,” says an advertising consultant named Barry Lowenthal. “I’m a smart toaster, and I’m collecting data on how many times the toaster is used.”
I’ve just asked Lowenthal what he, as an advertiser, would be able to do with data transmitted from an internet-connected appliance, and I happened to mention a toaster. He thought through the possibility of an appliance that can detect what it’s being asked to brown: “If I’m toasting rye bread, a bagel company might be interested in knowing that, because they can re-target that household with bagel advertising because they already know it’s a household that eats bread, toasts bread, is open to carbs. Maybe they would also be open to bagels. And then they can probably cross that with credit-card data and know that this is a household that hasn’t bought bagels in the last year. I mean, it’s going to be amazing, from a targeting perspective.”




Is it easier to sell cameras that make you look better? Is it wise to sell cameras that modify every image? Is there any way to see the unfiltered image? Will the change be enough to fool facial recognition tools?
No, You Don’t Really Look Like That
… Over weeks of taking photos with the device, I realized that the camera had crossed a threshold between photograph and fauxtograph. I wasn’t so much “taking pictures” as the phone was synthesizing them.
This isn’t a totally new phenomenon: Every digital camera uses algorithms to transform the different wavelengths of light that hit its sensor into an actual image. People have always sought out good light. In the smartphone era, apps from Snapchat to FaceApp to Beauty Plus have offered to upgrade your face. Other phones have a flaw-eliminating “beauty mode” you can turn on or off, too. What makes the iPhone XS’s skin-smoothing remarkable is that it is simply the default for the camera. Snap a selfie, and that’s what you get.
These images are not fake, exactly. But they are also not pictures as they were understood in the days before you took photographs with a computer.




Something to think about.
According to the yearly report published by Stockholm-based phone number-identification service Truecaller, spam calls grew by 300 percent year-over-year in 2018.
… Between January and October of this year, Truecaller said, users worldwide received about 17.7 billion spam calls. That’s up from some 5.5 billion spam calls they received last year.
… One in every 10 American adults lost money from a phone scam, according to a yearly report the firm published in April this year (Truecaller worked with the Harris Poll to survey over 2,000 Americans aged 18 or higher). Scam calls cost 24.9 million people in the U.S. an estimated $8.9 billion in total losses.




I don’t understand “mindfulness” in this context. Rage is certainly not compatible with mindfulness.
Mass Shootings and Mindfulness
WhoWhatWhy: “As of December 16, 2018, there had been 333 mass shootings so far this year, or almost one a day, according to the Gun Violence Archive (which defines a mass shooting as having four or more victims, killed or injured). You have to wonder why so many young men (almost always) see this as the best option for their lives. What are their actions telling us? Why do they want out?
…Murder rates are generally down in America, but mass shootings are up. The latter crimes, unlike most others, are not about personal gain or revenge against an individual. They’re not done by serial killers, who often take lives for sport. They’re not crimes of passion, where the attacker knows the victim. They’re social crimes, intended to harm the entire culture, carried out by those who feel powerless and an extreme sense of victimization, yet many of the shooters come from reasonably good economic circumstances. They’re about indiscriminate rage and the desire to inflict extreme pain on as many people as possible, while sacrificing their own life in the process. The best analogy is combat…”




Lists make my life easier. For books, if I find one that seems interesting I just ask my library to find it for me. Free and simple.
Notable Privacy and Security Books 2018
Here are some notable books on privacy and security from 2018. To see a more comprehensive list of nonfiction works about privacy and security, Professor Paul Schwartz and I maintain a resource page on Nonfiction Privacy + Security Books.


No comments: