Friday, March 15, 2019

How it should be done.
Pat Ferrier reports:
When employees of the Fort Collins Loveland Water District and South Fort Collins Sanitation District got to work the morning of Feb. 11, they were locked out of technical and engineering data and drawings stored on their computers.
The districts had fallen victim to a ransomware cyber attack, the second in two years, General Manager Chris Matkins said. Hackers were holding the data hostage and demanding a ransom payment before they’d unlock the information.
Matkins won’t say how big the ransom demand was or how payment was to be made. “It’s not something we will talk about,” he said. “It didn’t have any bearing on how we responded.”
Fort Collins Loveland Water never considered paying the ransom and within about three weeks was able to unlock the data on its own, Matkins said.
Read more on The Coloradoan.




That persistent threat: North Korea.
Lily Hay Newman reports:
In January 2018 a group of hackers, now thought to be working for the North Korean state-sponsored group Lazarus, attempted to steal $110 million from the Mexican commercial bank Bancomext. That effort failed. But just a few months later, a smaller yet still elaborate series of attacks allowed hackers to siphon off 300 to 400 million pesos, or roughly $15 to $20 million from Mexican banks. Here’s how they did it.
At the RSA security conference in San Francisco last Friday, penetration tester and security advisor Josu Loza, who was an incident responder in the wake of the April attacks, presented findings on how hackers executed the heists both digitally and on the ground around Mexico.
Read more on Wired.
[From the article:
All of these vulnerabilities collectively made it possible for hackers to lay extensive groundwork, eventually establishing the infrastructure they needed to begin carrying out actual cash grabs. Once that was in place, the attacks moved quickly.
The hackers would exploit flaws in how SPEI validated sender accounts to initiate a money transfer from a nonexistant source like “Joe Smith, Account Number: 12345678.” They would then direct the phantom funds to a real, but pseudonymous account under their control and send a so-called cash mule to withdraw the money before the bank realized what had happened. Each malicious transaction was relatively small, in the range of tens or hundreds of thousands of pesos. "SPEI sends and receives millions and millions of pesos daily, this would have been a very little percentage of that operation," Loza says.
Attackers would have potentially needed to work with hundreds of mules to make all of those withdrawals possible over time.




Why is this a DARPA thing? Is it Defense related?
DARPA to Develop $10 Million Open Source Voting System
The US election might be different in 2020 thanks to a project by DARPA (Defense Advanced Research Projects Agency), the US Department of Defense research division, aiming at bullet-proofing voting machines by moving away from proprietary software that can’t be properly evaluated for bugs, writes Motherboard.
$10 million is invested in creating an unhackable, fully open source voting system with a touch screen that will allow voters to ensure their votes are accurately recorded.
… “We will not have a voting system that we can deploy. That’s not what we do,” said Salmon. “We will show a methodology that could be used by others to build a voting system that is completely secure.”




Chatters gotta chat! I’m (mostly/kinda/almost) sure they had nothing to do with the outage.
Telegram gets 3M new signups during Facebook apps’ outage
Messaging platform Telegram claims to have had a surge in signups during a period of downtime for Facebook’s rival messaging services.
In a message sent to his Telegram channel, founder Pavel Durov wrote: “I see 3 million new users signed up for Telegram within the last 24 hours.”
It’s probably not a coincidence that Facebook and its related family of apps went down for most of Wednesday, as we reported earlier.




I have been hacked, that is proof our enemies fear me! OR I have been hacked. That does not mean I don’t understand security.
Leading Israeli Candidate for PM Targeted by Iranian Hackers
Israeli media reported Thursday that the Shin Bet internal security service warned Benny Gantz that Iranian intelligence hacked his cellphone, putting “his personal details and addresses in hostile hands.”
A statement from Gantz’s campaign insinuated his opponents leaked the news to damage his political bid, saying the timing of the report just weeks before Israel’s April 9 elections “raises important questions.”
A campaign official says the security breach happened several months ago, before Gantz entered politics. The official spoke on condition of anonymity because they were not authorized to talk to media.


(Related) Why only “successful” attacks? Why not five days for everyone? Sounds like they think the attacks are not important.
U.S. Senators Want Transparency on Senate Cyberattacks
U.S. Senators Ron Wyden and Tom Cotton believe all senators should receive information on successful cyberattacks aimed at the Senate.
In a letter sent this week to the U.S. Senate Sergeant at Arms, Michael C. Stenger, Wyden and Cotton have asked that each senator be provided an annual report containing information on the number of cyber incidents that involved compromised Senate computers or illegally accessed sensitive data.
They also want Senate leadership and members of the Committees on Rules and Intelligence to be informed of any breach within five days of discovery.




But will it become law?
Mike Maharrey writes:
Last Friday, a Utah House committee passed a bill that would prohibit police from using a person’s biometric data to gain access to their electronic device. The bill would not only privacy in Utah; it would also hinder one aspect of the federal surveillance state.
Rep. Adam Robertson (R-Provo) introduced House Bill 438 (HB438) on Feb. 27. The legislation would prohibit law enforcement from using an individual’s biometric information to access an electronic device protected by biometric security.
[…]
There are no exceptions to the ban.
Read more on TenthAmendmentCenter.




Should I be surprised?
The Internet Knows You Better Than Your Spouse Does
If you enjoy computerized personality tests, you might consider visiting Apply Magic Sauce (https://applymagicsauce.com). The Web site prompts you to enter some text you have written—such as e-mails or blogs—along with information about your activities on social media. You do not have to provide social media data, but if you want to do it, you either allow Apply Magic Sauce to access your Facebook and Twitter accounts or follow directions for uploading selected data from those sources, such as your history of pressing Facebook’s “like” buttons. Once you click “Make Prediction,” you will see a detailed psychogram, or personality profile, that includes your presumed age and sex, whether you are anxious or easily stressed, how quickly you give in to impulses, and whether you are politically and socially conservative or liberal.
Examining the psychological profile that the algorithm derives from your online traces can certainly be entertaining. On the other hand, the algorithm’s ability to draw inferences about us illustrates how easy it is for anyone who tracks our digital activities to gain insight into our personalities—and potentially invade our privacy. What is more, psychological inferences about us might be exploited to manipulate, say, what we buy or how we vote.




Public ledger meets GDPR Privacy.
Blockchain Privacy Poisoning a New Concern in Post-GDPR Era
When it comes to blockchain technology, the very features that make blockchain so attractive to many enterprises – such as the ability to create an immutable public ledger of transactions – are also the very features that could lead to privacy issue headaches for those enterprises. In fact, tech research firm Gartner is now calling “blockchain privacy poisoning” one of the biggest risks facing organizations over the next few years. By 2022, says Gartner, three-fourths of all public blockchains will suffer some form of privacy poisoning.
What is blockchain privacy poisoning?
The term “blockchain privacy poisoning” refers to the insertion of personal data into a public blockchain, thereby making that blockchain non-compliant under the European General Data Protection Regulation (GDPR).




Farming in your PJs?
The Amazing Ways John Deere Uses AI And Machine Vision To Help Feed 10 Billion People
… Near the start of the journey in 2013, it unveiled its Farm Forward vision – demonstrating the concept of the “autonomous farm” where machinery would be remotely managed from a central control hub. It showed a farmer monitoring data points and managing machinery from a console in his home in real-time, while AI takes care of the moment-to-moment operational decisions.
Now it has released what it calls the 2.0 version of that vision – representing the leaps in learning and practical application of smart, self-teaching technology that has been made since those early days of the digital transformation.
… “When we tell them they can spray their fields with 80 – 90% less herbicide, based on Blue River's testing … that's real money right in your pocket. As well as less herbicide going onto the plants that are going to become our food. Farmers are business people, and they're looking for business outcomes from this precision agricultural technology."
… Stone says “The farmer has been the primary ‘sensor’ on a farm for years – and so much of farming is visual.
“It’s how does the ground look, what can you tell about the health of a plant by how it looks? Are the leaves nice and lush or are they going yellow? Are there bugs?
… One application of Blue River’s technology has been in the development of Deere’s See and Spray pesticide and herbicide distribution systems. This involves using smart cameras powered by computer vision, which are able to distinguish between healthy and unhealthy crops as machinery passes through the field. While traditionally the decision about whether or not to dose a crop with chemicals has been made on a field-by-field basis, this system allows targeted bursts of chemicals to be directed precisely where they are needed, at individual plants – hence the 80 to 90% reduction in herbicide use touted above.




Perspective. Why they are looking at self-driving cars?
Don't Read This If You're Bullish About Lyft
The coming initial public offerings from Lyft Inc. and Uber give the public its first deep look inside the economics of car rides on demand. There were two obscure data points about Lyft that I found discouraging about the financial viability of that company, and potentially the entire industry.
First, Lyft disclosed in its IPO document that it generates about the same average revenue for each car ride as it does from a trip on Lyft's growing network of rented bicycles and scooters: $3.75, to be exact, as of the fourth quarter. 1 And second, Lyft's financials show that its average expense for each ride has  gone up.
… People don't pay much to rent a scooter for a mile or two, but remember the important difference compared to a car: There's no driver in the equation when Lyft rents a scooter or bike, so the company keeps almost 100 percent of the fare. With a car ride, the driver effectively ends up with the vast majority of that money.




Interesting article. They’ve got the data, why not use it?
Amazon gets an edge with its secret squad of PhD economists
Estimating inflation is a tricky and complex task. In the United States, the government's Bureau of Labor Statistics sends testers to stores to record the price of everything from cheese to tires, and surveys consumers over the phone about what they spent on gas and funeral services.
Amazon thinks it could do it better.
With help from outside researchers, the company's economists are working on a way to measure inflation using thousands of transactions across its own platform. Automatically analyzing product descriptions allows them to better assess the quality of a dress or a juicer or a bathmat, theoretically creating a more accurate, up-to-date index of how much things cost.
That's just one way Amazon is using the squad of economists it has recruited in recent years.




Make your tools work for you.
A beginners guide to voice search and digital assistants in 2019
Search Engine Land: “Voice search isn’t only here to stay, it’s on the rise. Is your website optimized for spoken queries? If not, then you could lose market share to competitors whose websites are optimized for voice search. Good news, though, that’s a problem you can start fixing today. In this article, I’ll explain the various types of digital assistants and what to do to get your site ready for voice search. If you want to learn more, I’ll be talking about voice search in more detail at SMX Advanced in Seattle on June 5…”




One of those tools you don’t know you need until you need it.




For my students, who still think every “big” company is profitable.
How Does Netflix Make Money?
Netflix is the undisputed leader in streaming video. The DVD-by-mail company created modern streaming as we know it and has built a massive audience by being the first mover -- more than 50% of U.S. households have the streaming service.
But how does the company turn all those eyeballs into dollar signs?
In this video from our YouTube channel, we break down how Netflix makes money and what the strategy is behind the company's huge cash burn.




For us military history buffs. (Perhaps a map showing the spread of GDPR level Privacy?)
Interactive Map - The Battle of Gettysburg
Decisive Moments at the Battle of Gettysburg is an interactive map hosted on Smithsonian.com. The map details events of the battle and the decisions made by commanding officers on both sides of the war. You can navigate the map by using the timeline on the left-hand side of the map or by clicking the placemarks on the map. While viewing the map you will see "eye" icons that you can click to view a panorama of that location. The panoramic view is of Gettysburg as it exists today.
… The map also provides a good model of using ArcGIS Story Maps to convey geo-located information. Your students could take the model of Decisive Moments at the Battle of Gettysburg and apply it to the creation of their own maps about significant moments in history.


No comments: