Can’t imagine the scams we could run with more
advanced AI? You won’t have to wait long to find out.
It Is
Mind-Bogglingly Easy to Rope Apple’s Siri into Phishing Scams
A month ago I was milling about a hotel room in
New Orleans, procrastinating my prep for on-stage sessions at a tech
conference, when I received a startling iMessage. “It’s Alan
Murray,” the note said, referring to
my
boss’ boss’ boss.
Not in the habit of having Mr. Murray text my
phone, I sat up straighter. “Please post your latest story here,”
he wrote, including a link to a site purporting to be related to
Microsoft
365, replete with Microsoft’s official corporate logo and
everything. In the header of the iMessage thread, Apple’s virtual
assistant Siri offered a suggestion: “Maybe: Alan Murray.”
The sight made me stagger, if momentarily. Then I
remembered: A week or so earlier I had granted a cybersecurity
startup, Wandera, permission to demonstrate a phishing attack on me.
They called it, “Call Me Maybe.”
… Wandera reported the problem as a security
issue to Apple on April 25th. Apple sent a preliminary response a
week later, and a few days after that said it did not consider the
issue to be a “security vulnerability,” and that it had
reclassified the bug as a software issue “to help get it resolved.”
What’s alarming about the ploy is how little
effort it takes to pull off. “We didn’t do anything crazy here
like jailbreak a phone or a Hollywood style attack—we’re not
hacking into cell towers,” said Dan Cuddeford, Wandera’s director
of engineering. “But it’s something that your layman hacker or
social engineer might be able to do.
For my Software Architecture students.
What We've
Got Here is Failure to Communicate!
Many
enterprises have been taking stock of their security architecture as
well as assessing gaps and redundancies (see last month’s article
Wading
Through Tool Overload and Redundancy?). Sometimes it is the
result of a post breach investigation, and the post investigation
finger pointing. Sometimes it is due to new management taking stock
of the company’s risk exposure. Sometimes it is a financially
driven exercise to better understand budgets and bang for the buck.
Regardless of the motivation, what many
are finding is that they don’t really have an architecture so much
as a bunch of disparate parts sitting in silos across the
environment.
Looking back at it all, CISOs may wonder how they got there, but
hindsight is always 20/20.
Another
Architecture article. I assigned a project (due this week) to
develop the architecture for a banking (ATM) App. I wonder if any of
my students even considered some of these features?
Monzo's big
smart bank move links your money to Alexa, Twitter and pretty much
anything else
Want your Amazon Echo to play Money, Money,
Money every time you get paid? Or for your debit card to
automatically record every purchase you make on a budgeting
spreadsheet? Well, challenger bank Monzo is making a move to become
the UK's first smart bank and is using If This Then That (IFTTT) to
connect your account to a host of other services.
Monzo's integration with IFTTT lets people build
mini ‘applets’ by setting a series of personalised rules
automatically triggered by actions in the real world. This is the
first time that a bank has linked-up with IFTTT to connect their bank
account with a range of other apps and devices.
(Related) Another consideration for the ATM App.
Could Venmo
Hurt Your Relationships? Yup, Says Expert On Social Status. Here's
Why
When you calculate what you owe for your portion
of lunch, drinks or cab rides down to the penny and share it with
your friends, does that boost or harm your standing in a group?
It’s a good question, and a familiar one for
anyone who’s made
Venmo,
a
hugely
popular app owned by PayPal that allows you to quickly transfer
money to other people’s accounts to pay for anything from a cup of
coffee to your share of the dinner bill.
As
The New York Times pointed
out recently, while you can keep account information and payments
private, many users do not, essentially broadcasting their financial
activity in the same way they show off their happy vacation photos on
Facebook or Instagram.
Sounds like “Pre-Crime.” Do the police have
the expertise to see (in a brief records review) what teachers don’t
see with daily contact?
NBC10 reports:
In
Bensalem, Bucks County, the school district has spent hundreds of
thousands of dollars on some 500 surveillance cameras in and around
its facilities.
But
the township police director, Fred Harran, doesn’t think they are
enough.
He
is pushing for preventative measures on another front. Harran wants
Pennsylvania lawmakers to give greater access to police for
information about students: grades, medical records, attendance
history.
[From
the article:
"The key is making sure that person gets
identified before they grab that gun, before they get into the
building," Harran said.
...and yet, we do.
Why Do We
Care So Much About Privacy?
Big Tech wants to
exploit our personal data, and the government wants to keep tabs on
us. But “privacy” isn’t what’s really at stake.
… as it has become apparent in the past year,
we don’t really know who is seeing our data or how they’re using
it. Even the people whose business it is to know don’t know.
Do we gain enough as a society for the individual
privacy lost?
I missed this one, but thankfully, Joe Cadillic
caught it. Maria Dinzeo reports:
A federal judge indicated Friday he will
uphold a California law allowing police to collect and store DNA
samples from people arrested but not yet charged with crimes.
The government has a high interest in
accurately identifying arrestees, U.S. District Judge Charles Breyer
said, perhaps even greater
than an arrestee’s expectation of privacy under the Fourth
Amendment. Breyer suggested scenarios in which the
arrestee is an ex-con who has a gun on him, but he gives the cops a
phony I.D. during booking, or one in which someone is arrested on a
case of mistaken identity.
Big Brother has invited all the neighbors?
In Newark,
Police Cameras, and the Internet, Watch You
The camera perched above the bus stop sends back a
continuous feed from the corner of 16th Avenue and South 18th Street
in Newark’s West Ward. Regular customers come and go from Max’s,
a convenience store, and a man without a shirt paces aimlessly on the
same slice of pavement. Anyone with a fast internet connection and a
desire to watch could also see Fernando Demarzino stepping out of his
cousin’s barbershop.
“My girlfriend called and told me what I had in
my hand,” Mr. Demarzino said on a recent evening as he stood within
the camera’s line of sight. His girlfriend had heard about
official camera feeds that had recently been made available online,
and she was checking out the spot where she knew she was likely to
find Mr. Demarzino. He had change in his hand, and she jokingly told
him the image was sharp enough for her to count out three quarters.
She also spotted his Jeep parked on the street.
… in Newark, the police have taken an
extraordinary step that few, if any, other departments in the country
have pursued: They have opened up feeds from dozens of
closed-circuit cameras to the public, asking viewers to assist the
force by watching over the city and reporting anything suspicious.
The Citizen Virtual Patrol, as the program is
called, has been hailed by officials as a move toward transparency in
a city where a mistrust of the police runs deep, rooted in
long-running claims of aggressive enforcement and racial animosity.
The cameras, officials said, provide a way to recruit residents as
Newark tries to shake a dogged reputation for violence and crime.
“This is part of building a partnership,” said Anthony F.
Ambrose, who, as public safety director, oversees the city’s police
and fire operations. Since the program started about a month ago, he
said, 1,600 users have signed into the website, and residents
have been lobbying the department to add more cameras in their
neighborhoods.
Helping my students select their next class.
The What,
Why, and How of Digital Forensics
Digital forensics is a
branch of forensic science focused on recovery and investigation of
artifacts found on digital devices. Any devices that store data
(e.g. computers, laptops, smartphones, thumb drives, memory cards or
external hard drives) are within the ambit of digital forensics.
Given the proliferation of digital devices, there has been a ramp-up
in use of digital forensics in legal cases and investigations.
I want to use Mickey Mouse as a political analyst…
Lessig –
Congress’ Latest Move to Extend Copyright Protection Is Misguide
Lawrence
Lessig – Wired [Lawrence Lessig (
@lessig)
is the Roy L. Furman professor of law and leadership at Harvard
University and founder of Equal Citizens. He was lead counsel in
Eldred v. Ashcroft (2002)]: “Almost exactly 20 years ago,
Congress passed the Sonny Bono Copyright Term Extension Act, which
extended the term of existing copyrights by 20 years. The Act was
the 11th extension in the prior 40 years, timed perfectly to assure
that certain famous works, including Mickey Mouse, would not pass
into the public domain. Immediately after the law came into force, a
digital publisher of public domain works,
Eric
Eldred, filed a lawsuit challenging the act. The Constitution
gives Congress the power to secure copyrights “for limited times,”
for the express purpose of “promot[ing] Progress.” Extending the
copyright of an existing work, Eldred argued, could not promote
anything — the work already exists. And repeated extensions of
existing terms cannot be what the framers meant by “limited times.”
The Supreme Court agreed to hear the challenge. I was
lead
counsel for the plaintiff. And in addition to our brief, a scad
of creators who build upon the public domain, along with librarians,
archivists, and economists, filed briefs in support of Eldred; Nobel
Prize winner Milton Friedman agreed to sign the economists’ brief
only if the words “no brainer” were included. Yet the court
rejected our challenge to the law… Twenty years later, the fight
for term extension has begun anew. Buried in an otherwise harmless
act, passed by the House and now being considered in the Senate, this
new
bill purports to create a new digital performance right—basically
the right to control copies of recordings on any digital platform
(ever hear of the internet?)—for musical recordings made before
1972…”
Perspective. All that data about consumers can
become addictive.
Four years ago, when Rich Fulop founded
Brooklinen, the direct-to-consumer luxury bedding startup, the
customer acquisition strategy was straightforward for DTC brands:
pour money into Facebook ads.
Soon, Brooklinen was spending up to 75 percent of
its overall ad budget on Facebook. But Brooklinen and other DTC
companies, and marketers of all stripes, were pouring money into
Facebook’s giant ad machine, lured
by micro-targeting segments. Simple economics took over:
Facebook ads became very expensive for DTC brands like Brooklinen,
Thinx, Roman and Quip — all of which are now diversifying their
spending to new channels, including fuddy-duddy outlets like
out-of-home, terrestrial radio and even — heavens — print.
“We’re
trying to move away from Facebook as fast as we can,”
said Fulop, who said CPMs on the platform are double what they were a
year ago. “We’re fighting in this little slip of real estate
with everyone else out there and it’s hard to cut through. You’re
paying an impression-based auction so you are essentially bidding
against anybody and everybody that wants to compete for that space,
so it’s become a hyper-competitive environment.”
Perspective. Even copy paper is going paperless.
Copy
Machines in Libraries Are ‘Going the Way of the Dodo’—Slowly
EdSurge:
“The printed book just won’t die. But another print-based
technology—the copy machine—is disappearing from many academic
libraries, as librarians swap the old dime-eating machines for
multi-function
devices that
scan texts and send copies to students via email.
“Copiers seem to be going the way of the dodo, slowly,” says
Stephanie Walker, dean of libraries and information resources at the
University of North Dakota. The switch from copiers to scanners
makes sense in the hybrid digital/print environment students and
faculty operate in now. There’s also a financial incentive for
academic libraries looking to economize and streamline operations and
provide patrons with the services they most need. And in at least
one case, the rise of the scanner has created an opportunity for an
academic library to engage in a little community-minded
entrepreneurship, providing fellow libraries with a customized
computer/scanner/software bundle that won’t break the bank…
Budget pressures have hastened the switch from copiers to scanners…”
Just because it seems illustrative. (Also
interesting: The picture accompanying the article shows the President
signing a bill with a Sharpie. And where does he buy his 4$ shirts?)
Meet the
guys who tape Trump's papers back together
Solomon Lartey spent the first five months of the
Trump administration working in the Old Executive Office Building,
standing over a desk with scraps of paper spread out in front of him.
Lartey, who earned an annual salary of $65,969 as
a records management analyst, was a career government official with
close to 30 years under his belt. But he had never seen anything
like this in any previous administration he had worked for. He had
never had to tape the president’s papers back together again.
Armed with rolls of clear Scotch tape, Lartey and
his colleagues would sift through large piles of shredded paper and
put them back together, he said, “like a jigsaw puzzle.”
Sometimes the papers would just be split down the middle, but other
times they would be torn into pieces so small they looked like
confetti.
It was a painstaking process that was the result
of a clash between legal requirements to preserve White House records
and President Donald Trump’s odd and enduring habit of ripping up
papers when he’s done with them — what some people described as
his unofficial “filing system.”
Under the Presidential Records Act, the White
House must preserve all memos, letters, emails and papers that the
president touches, sending them to the National Archives for
safekeeping as historical records.
I feel like I had a deprived childhood, I never
had a scooter.
How Skip
wants to win the scooter wars by following the rules
Skip hasn't yet dumped its
e-scooters
onto the streets of hometown San Francisco, instead quietly testing
its service in Washington, D.C. while waiting for San Francisco to
put a regulatory regime in place.
Bottom
line: Skip is betting that its friendlier,
play-by-the-rules approach will help put it ahead of competitors like
Bird, Lime and Spin.
Interesting offering by my local pizza joint in
honor of the summit.
The Summit: a little
Korean Kimchi and a lot of American Bologna.