Insecurity by design.
Cars
Exposed to Hacker Attacks by Hardcoded Credentials in MyCar Apps
A
small aftermarket telematics unit from Montreal, Canada-based
AutoMobility, MyCar provides users with a series of
smartphone-controlled features for their cars, including geolocation,
remote start/stop and lock/unlock capabilities.
“The
easy-to-use MyCar app interface gives you control to remote start,
lock, unlock and locate your vehicle from anywhere just by pushing a
button on your smartphone,” the vendor says
.
… Hardcoded
admin credentials found in the MyCar Controls mobile apps can be used
to communicate with the server endpoint for a targeted user’s
account, without having their username and password.
… “A
remote un-authenticated attacker may be able to send commands to and
retrieve data from a target MyCar unit. This may allow the attacker
to learn the location of a target, or gain unauthorized physical
access to a vehicle,” Carnegie Mellon University’s CERT
Coordination Center notes in a security alert.
Amusing. (To those of us with no Facebook page.)
Transparency
tool on FB inadvertently provides window into confusing maze of
companies who have your data
BuzzFeedNews
–
“On
Facebook under Settings, there’s a page in the Ads section where
you can view your Ad Preferences. Most of this is fairly
straightforward — choices about how you’ll allow ads and how
advertisers target you based on things like what pages you’ve
liked. But there’s one section there that will probably surprise
you: a list of advertisers “Who use a contact list added to
Facebook.”… According to the description, “These advertisers
are running ads using a contact list they or their partner uploaded
that includes info about you. This info was collected by the
advertiser or their partner. Typically this information is your
email address or phone number.” The list of Advertisers, a feature
Facebook added for transparency, is incomprehensible to anyone who
isn’t an expert in advertising (and even some who are!), and leads
to the unsettling realization that…, man, our data is out there and
trafficked without our consent and being used by advertisers in ways
we have no clue about…”
Did I miss this one? I think I did.
COMMENTS ON
THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
I guess Privacy is trending. (See how the Times
selects their coverage, below)
The
New York Times has launched what it calls The
Privacy Project:
a monthslong
initiative to explore the technology, to envision where it’s taking
us, and to convene debate about how we should control it to best
realize, rather than stunt or distort, human potential.
Here are the articles they’ve posted to get it
started:
Impacts both Computer Security and System
Architecture.
… In
an attempt to to build in transparency and accountability into the
next generation of world-changing technology, American lawmakers
introduced a bill on Wednesday to
require large companies to audit machine learning systems for bias.
Democratic
Senators Ron Wyden and Cory Booker introduced the Algorithmic
Accountability Act on
Wednesday. Democratic Congresswoman Yvette Clarke introduced an
equivalent bill in the House of Representatives.
… The new
bill would task the Federal Trade Commission with crafting
regulations making companies conduct “impact assessments” of
automated decision systems to assess the decision making systems and
training data “for impacts on accuracy, fairness, bias,
discrimination, privacy and security.”
Companies
making over $50 million per year or holding the data of over one
million individuals would be targeted by the bill.
(Related) Did
they ever promise not to? Auditing for bias? Probably not.
Amazon
Workers Are Listening to What You Tell Alexa
… Amazon.com
Inc. employs thousands of people around the world to help improve the
Alexa digital assistant powering its line of Echo speakers. The team
listens to voice recordings captured in Echo owners’ homes
and offices.
The recordings are transcribed, annotated and then fed back into the
software as part of an effort to eliminate gaps in Alexa’s
understanding of human speech and help it better respond to commands.
… Occasionally
the listeners pick up things Echo owners likely would rather stay
private: a woman singing badly off key in the shower, say, or a
child screaming for help.
The teams use internal chat rooms to share files when they need help
parsing a muddled word—or come across an
amusing recording.
(Related)
Customers are told it may reduce the cost of their insurance. Could
it also cause them to be dropped from any insurance plan?
A.I.
Is Changing Insurance
A
smartphone app that measures when you brake
and accelerate in your car.
The algorithm that analyzes your social
media accounts for
risky behavior. The program that calculates your life expectancy
using your
Fitbit
This isn’t
speculative fiction — these are real technologies being deployed by
insurance companies right now.
… The
idea is that if your Fitbit or Apple Watch can tell whether or not
you’re living the good, healthy life — and if you are, your
insurance premium will go down .
This
is the cutting edge of the insurance industry, adjusting premiums and
policies based on new forms of surveillance. It will affect your
life insurance, your car insurance and your homeowner’s insurance —
if it hasn’t already. If the Affordable Care Act’s protections
for people with
pre-existing conditions should
vanish, it will no doubt penetrate the health
insurance industry as
well.
(Related)
Affectiva
raises $26 million to bring emotional intelligence AI to car safety
systems
… Affectiva
wants its solution to be incorporated into cameras used in car safety
systems to recognize when a driver is happy, sad, drowsy, or
frustrated.
In
the future the company wants its detection systems to include more
context about how vehicle passengers interact with each other and
objects in a vehicle.
Apparently he could not resist trying to stay
involved. To keep his name in the news?
Julian
Assange: Wikileaks co-founder arrested in London
Video footage shows
Julian Assange being dragged from the Ecuadorian embassy in London
Mr Assange
took refuge in the embassy seven years ago to avoid extradition to
Sweden over a sexual assault case that has since been dropped.
… Ecuador's
president said it withdrew his asylum after repeated violations of
international conventions.
… But
he still faces a lesser charge of skipping bail in 2012 and he says
this could lead to an extradition to the US for publishing US secrets
on the Wikileaks website.
Scotland Yard
said it was invited into the embassy by the ambassador, following the
Ecuadorian government's withdrawal of asylum.
After his
arrest for failing to surrender to the court, police said he had been
further arrested on behalf of US authorities under an extradition
warrant.
… Press
freedom organisation Reporters Without Borders said that the UK
should resist extradition, because it would "set a dangerous
precedent for journalists, whistleblowers, and other journalistic
sources that the US may wish to pursue in the future".
Silly me. I
thought journalists were reporting on important things.
Lifting
Journalism by Knowing What Readers Are Looking For
Claudio E. Cabrera,
who specializes in search engine optimization, describes how he keeps
track of what’s hot in search and how that informs coverage — and
what the limits are.
Perspective.
We’re not ready for cashless.
After
pushback from states and cities, Amazon Go might accept cash
According to CNBC,
Amazon executive Steve Kessel told employees at a recent all-hands
meeting that the company's brick-and-mortar, cashier-less Amazon Go
stores would start accepting "additional payment mechanisms"
to combat charges of discrimination.
An
Amazon spokesperson later
told CNBC that
those additional mechanisms included accepting cash. "You’ll
check out, pay with cash, and then get your change,”
the spokesperson said. [What
a bold new concept! Bob]
My
guess is that President Trump’s Library will be measured in
“Tweets.”
Obama’s
Presidential Library Is Already Digital
The
Atlantic – The
question now is how to leverage its nature to make it maximally
useful and used…
”The
debate about the Obama library exhibits a fundamental confusion.
Given its origins and composition, the Obama library is already
largely
digital. The vast majority of the record his presidency left behind
consists not of evocative handwritten notes, printed cable
transmissions, and black-and-white photographs, but email,
Word documents, and JPEGs.
The question now is how to leverage its digital nature to make it
maximally useful and used…the record of President Obama’s White
House: 1.5 billion “pages” in the initial collection, already
more than 33 times the size of President Johnson’s library. I
use “pages” because the Obama Foundation has
noted
that
“95 percent of the Obama Presidential Records were created
digitally and have no paper equivalents.”
The email record alone for these eight years is 300 million
messages, which NARA (the U.S. National Archives and Records
Administration) estimates amounts to more than a billion printed
pages. In addition, millions of other “pages” associated with
the Obama administration are word-processing documents, spreadsheets,
or PDFs, or were posted on websites,
apps, and social media.
Much of the photographic
and video record
is
also born-digital. There are also 30 million actual pages on paper,
which are currently stored in a suburb near Chicago. Given the
likelihood that a decent portion of this paper record actually came
from digital files—think about all of the printouts of PDFs, for
instance—only
a miniscule portion of what we have from Obama’s White House is
paper-only…”
I
will share this with my “students who text during class.”
No comments:
Post a Comment