Tuesday, December 04, 2018

Somehow, a mere 100 million seems small…
Saheli Roy Choudhury reports:
Quora, the popular question-and-answer website, said Monday evening that hackers broke into one of its systems and compromised information from approximately 100 million users.
CEO Adam D’Angelo said in a blog post the company discovered last week that a malicious third party had gained unauthorized access to one of its systems.
Account information, including names, email addresses and encrypted passwords, may have been illegally accessed, according to the post. User-imported data from other social networks could also have been taken.
Read more on CNBC.
Quora’s statement on their blog:




Talk to the business side of the house! Something I try to teach my Computer Security students.
Knowing Value of Data Assets is Crucial to Cybersecurity Risk Management
Understanding the value of corporate assets is fundamental to cybersecurity risk management. Only when the true value is known can the correct level of security be applied.
Sponsored by DocAuthority and based on Gartner's Infonomics Data Valuation Model, Ponemon Institute queried 2,827 professionals across the U.S. and UK to gauge how different business functions value different information assets. The business functions included in the research comprise IT security, product & manufacturing, legal, marketing & sales, IT, finance & accounting, and HR.
These groups were asked to put a financial cost to the hypothetical loss of 36 different information types on a per record basis -- such as R&D, M&A documents, source code and customer contracts. The results show a consistent and sometimes marked difference in value perception between different business functions.
For example, IT Security departments undervalued documents including research and development (R&D) and financial reports, while excessively prioritizing less sensitive Personally Identifiable Information (PII) data." ('Excessively' and 'less sensitive' are DocAuthority terms.)
Further examples that show what is almost a dichotomy of attitudes between ITsec and the rest of the business include ITsec valuing R&D documents at less than 50% of the business valuation ($306,504 versus $704,619 for reconstruction); and the leaking of financial reports at $131,570 versus the Financial department's valuation of $303,182.




Oops? I will be interested to see how (if) this works.
Australia Set to Pass Sweeping Cyber Laws Despite Tech Giant Fears
Australia's two main parties struck a deal Tuesday to pass sweeping cyber laws requiring tech giants to help government agencies get around encrypted communications used by suspected criminals and terrorists.
The laws are urgently needed to investigate serious crimes like terrorism and child sex offences, the conservative government said, citing a recent case involving three men accused of plotting attacks who used encrypted messaging applications.
But critics including Google and Facebook as well as privacy advocates warn the laws would weaken cybersecurity and be among the most far-reaching in a Western democracy.
Under the planned laws, Canberra could compel local and international providers to remove electronic protections, conceal covert operations by government agencies, and help with access to devices or services.
The draft legislation expands obligations to assist investigators from domestic telecom businesses to encompass foreign companies, including any communications providers operating in Australia.
This means social media websites and messaging services such as Facebook and Whatsapp, as well as gaming platforms with chat facilities, could be covered.
The government has said it is not asking tech firms to build in backdoors to access people's data.
But the Digital Industry Group Inc (DIGI) -- which represents major players such as Twitter and Amazon -- said in a submission to parliament last week that the bill as it is currently written would force them to create vulnerabilities in their operations which could be exploited by hackers.
The proposed changes are based on the UK's "snooper's charter" surveillance powers passed in 2016.




Compliance is not guaranteed.
Paper – ‘Modernised’ Data Protection Convention 108 and the GDPR
Greenleaf, Graham, ‘Modernised’ Data Protection Convention 108 and the GDPR (July 20, 2018). (2018) 154 Privacy Laws & Business International Report 22-3. Available at SSRN: https://ssrn.com/abstract=3279984
“One week before the GDPR came into force on 25 May 2018, the ‘modernisation’ of data protection Convention 108 was completed by the Council of Europe on 18 May, by the parties to the existing Convention agreeing to a Protocol amending it (‘Protocol’). The new version of the Convention is now being called ‘108 ’ to distinguish it. This article analyses some aspects of the relationships between 108 and 108 , and further developments at the Plenary Meeting of the Convention’s Consultative Committee in Strasbourg, 19-21 June 2018 including a conference to ‘launch’ the new 108. The transition from 108 to 108 is complex. Any new countries wishing to accede will have to accede to the Protocol (ie to 108 ) as well as to Convention 108, except for a handful of countries previously invited to accede. There are two options for when Convention 108 will come into force. One involves ratification by all existing 52 parties; the other could see it in force between ratifying parties as early as 2023. Accession to Convention 108 will have a positive effect on applications for ‘adequacy’ assessments to the EU under the General Data Protection Regulation (GDPR), but the extent to which 108 compliance will be sufficient for EU adequacy is uncertain. The article discusses these various complexities.”




So, the world is flat after all.
Paper – Common-Knowledge Attacks on Democracy
Farrell, Henry John and Schneier, Bruce, Common-Knowledge Attacks on Democracy (October 2018). Berkman Klein Center Research Publication No. 2018-7. Available at SSRN: https://ssrn.com/abstract=3273111 or http://dx.doi.org/10.2139/ssrn.3273111 /a>
“Existing approaches to cybersecurity emphasize either international state-to-state logics (such as deterrence theory) or the integrity of individual information systems. Neither provides a good understanding of new “soft cyber” attacks that involve the manipulation of expectations and common understandings. We argue that scaling up computer security arguments to the level of the state, so that the entire polity is treated as an information system with associated attack surfaces and threat models, provides the best immediate way to understand these attacks and how to mitigate them. We demonstrate systematic differences between how autocracies and democracies work as information systems, because they rely on different mixes of common and contested political knowledge. Stable autocracies will have common knowledge over who is in charge and their associated ideological or policy goals, but will generate contested knowledge over who the various political actors in society are, and how they might form coalitions and gain public support, so as to make it more difficult for coalitions to displace the regime. Stable democracies will have contested knowledge over who is in charge, but common knowledge over who the political actors are, and how they may form coalitions and gain public support. These differences are associated with notably different attack surfaces and threat models. Specifically, democracies are vulnerable to measures that “flood” public debate and disrupt shared decentralized understandings of actors and coalitions, in ways that autocracies are not.”




Interesting approach. Why only “camera equipt” phones?
Want to See All the Vermeers in the World? Now’s Your Chance
The New York Times: “Johannes Vermeer, whose acute eye captured the quiet beauty of Dutch domestic life, was not a prolific artist: Just 36 paintings are widely acknowledged as his work. Still, anyone who wanted to see them all had to travel far and wide — to New York, London, Paris and beyond. Until now. The Mauritshuis museum in The Hague, which owns what is perhaps Vermeer’s best-known masterpiece, “Girl With a Pearl Earring,” has teamed up with Google Arts & Culture in Paris to build an augmented-reality app that creates a virtual museum featuring all of the artist’s works. For the app, the Metropolitan Museum of Art has contributed images of all five of its Vermeer masterpieces, while the National Gallery of Art in Washington and the Rijksmuseum in Amsterdam, each with four, have also given photographs of theirs. Two more have come from the Louvre, and three from the Frick Collection. The Isabella Stewart Gardner Museum in Boston has shared an image of “The Concert,” the Vermeer that disappeared after being stolen from the museum’s collection in 1990. That painting will be on view once again in Meet Vermeer, the digital museum. Starting Monday, the free app will be accessible to anyone with a camera-equipped smartphone…”




I’m assuming they can be recorded along with your talk.
Microsoft PowerPoint is getting real-time captions and subtitles for presentations
Microsoft is adding real-time captions and subtitles to PowerPoint early next year. The subtitles and captions are designed to help support the deaf or hard of hearing community, and even allow speakers to include a translation of a presentation. Live captions and subtitles will support 12 spoken languages and display on-screen in more than 60 different languages.
… Microsoft had previously used an add-in to provide this type of PowerPoint functionality in the past, and Google also provides similar features in G Suite. Microsoft is planning to bring these features to the Office 365 version of PowerPoint in late January, and they’ll be available across Windows, PowerPoint for Mac, and online versions of PowerPoint.




Deaf communications is a niche I follow.
Huawei’s StorySign app can translate kids’ books into sign language
Chinese smartphone giant Huawei has launched a new Android app that leverages AI tools such as image recognition and optical character recognition (OCR) to translate popular children’s books into sign language.
StorySign was developed in a collaboration between Huawei, the nonprofit European Union for the Deaf, Penguin, and animation gurus Aardman.
The app is available to download from Google Play and Huawei’s own AppGallery in 10 European markets from today.




For my (Graduate!) students who did not know what RSS was…


No comments: