Monday, January 28, 2019

“It’s for your own good!” Perhaps my Ethical Hacking students could do the same?
Catalin Cimpanu reports:
The Japanese government approveda law amendment on Friday that will allow government workers to hack into people’s Internet of Things devices as part of an unprecedented survey of insecure IoT devices.
The survey will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal Affairs and Communications.
Read more on ZDNet.
[From the article:
NICT employees will be allowed to use default passwords and password dictionaries to attempt to log into Japanese consumers' IoT devices.
The plan is to compile a list of insecure devices that use default and easy-to-guess passwords and pass it on to authorities and the relevant internet service providers, so they can take measures to alert consumers and secure the devices.




Great for my Computer Security students, but I’ll share this with everyone.
Be safe on the internet.
An open source checklist of resources designed to improve your online privacy and security.




Is it easy to fix this?
Misinformation Woes Could Multiply With 'Deepfake' Videos
If you see a video of a politician speaking words he never would utter, or a Hollywood star improbably appearing in a cheap adult movie, don't adjust your television set -- you may just be witnessing the future of "fake news."
"Deepfake" videos that manipulate reality are becoming more sophisticated due to advances in artificial intelligence, creating the potential for new kinds of misinformation with devastating consequences.
"A well-timed and thoughtfully scripted deepfake or series of deepfakes could tip an election, spark violence in a city primed for civil unrest, bolster insurgent narratives about an enemy's supposed atrocities, or exacerbate political divisions in a society," Chesney and University of Maryland professor Danielle Citron said in a blog post for the Council on Foreign Relations.
Paul Scharre, a senior fellow at the Center for a New American Security, a think tank specializing in AI and security issues, said it was almost inevitable that deepfakes would be used in upcoming elections.
With believable fake videos in circulation, he added, "people can choose to believe whatever version or narrative that they want, and that's a real concern."




Interesting to think through.
The internet of human things: Implants for everybody and how we get there
Over the past several years, the Government of Sweden has been moving toward becoming a completely cashless society. By 2025, most Swedish citizens will perform all their financial transactions using debit and credit cards, mobile devices, PCs, or wearables.
But a small, growing number have gone even further than using conventional technology to make payments. They are using implants -- tiny, rice grain-sized microchips that use Near-Field Communications (NFC) technology -- to communicate wirelessly with reader terminals installed in stores and other public places.
… Wallets Must Die
… And So Should Your Keys




There is no reason for any of these companies to store their data in an easily-read-by-humans format. Perhaps there is a business opportunity to “translate” for reporters?
GDPR makes it easier to get your data, but that doesn’t mean you’ll understand it
If the numerous tech scandals of recent years have taught us anything, it’s that tech companies hold a truly terrifying amount of data about us all. Along with feeling invasive, this data can be outright dangerous when it falls into the wrong hands.
Europe’s response to that risk, put in place as part of the General Data Protection Regulation (GDPR), is the “Right of Access.” The right says that, when requested, any company should be prepared to provide you with your personal data. They should provide it in a way that’s easy for you to read, in a timely manner, and with enough background information for you to understand how they got it and how they use it. The thinking is that once you know what data a company holds about you, you can use it to make informed decisions about whether you want to provide it, as well as holding them accountable when they gather data without your consent.
… All of my location data from Google was contained within a single 61MB JSON file, and opening it with Chrome revealed a bewildering array of fields labeled “timestampMs,” “latitudeE7,” “logitudeE7,” and estimations about whether I was sitting still or in some kind of transport (I assume).
I don’t doubt that this is all the location history information that Google has associated with my account, but without context, this data is meaningless. It’s a series of numbers that I’d have to make a serious effort to even begin to understand and import into another piece of software to properly parse.




How to handle e-assets?
Court rules man must be given access to husband's iCloud photos
Apple must provide a man access to the iCloud account of his late husband so he can retrieve family photos shot with an iPhone and a dedicated camera, a New York judge has ruled.
Nicholas Scandalios has so far been locked out of the Apple ID belonging to his husband, Ric Swezey, who was killed in an accident two years ago, according to MarketWatch. Apple hasn't been outright fighting the request, but did insist that Scandalios obtain a court order. [Sounds like ‘fighting’ to me. Bob]
"Apple shall afford the opportunity to reset the password to [Swezey's] Apple ID," Surrogate Judge Rita Mella wrote in her ruling.
Complicating the situation is that Swezey's will didn't contain language authorizing access. Mella's opinion stated that the photos weren't a form of "electronic communication" requiring proof of consent or even a court order, which could help build precedent against Apple's position.




This is a fun way to look at AI.
Google – Talk to Books
“In Talk to Books (Beta), when you type in a question or a statement, the model looks at every sentence in over 100,000 books to find the responses that would most likely come next in a conversation. The response sentence is shown in bold, along with some of the text that appeared next to the sentence for context.. Mastering Talk to Books may take some experimentation. Although it has a search box, its objectives and underlying technology are fundamentally different than those of a more traditional search experience. It’s simply a demonstration of research that enables an AI to find statements that look like probable responses to your input rather than a finely polished tool that would take into account the wide range of standard quality signals. You may need to play around with it to get the most out of it..
  • Not a traditional search – Use this demo as a creativity tool to explore ideas and discover books by getting quotes that respond to your queries.
  • Use natural language – Speaking to it in sentences will often get better results than keywords. That’s because the AI is trained on human conversations.
  • Play with it – Try our sample queries then try your own. Experiment with different wording to see how it changes the results…”


No comments: