Friday, May 03, 2019


Hacking wholesale. Weaponized hacking?
A MYSTERIOUS HACKER GROUP IS ON A SUPPLY CHAIN HIJACKING SPREE
A software supply chain attack represents one of the most insidious forms of hacking. By breaking into a developer's network and hiding malicious code within apps and software updates that users trust, supply chain hijackers can smuggle their malware onto hundreds of thousands—or millions—of computers in a single operation, without the slightest sign of foul play. Now, what appears to be a single group of hackers has managed that trick repeatedly, going on a devastating supply chain spree—and becoming more advanced and stealthy as they go.
Over the last three years, supply chain attacks that exploited the software distribution channels of at least seven different companies have now all been tied to a single group of likely Chinese-speaking hackers.
The technique disturbs security researchers not only because it demonstrates Barium's ability to disrupt computers on a vast scale, but also because it exploits vulnerabilities in the most basic trust model governing the code users run on their machines.


(Related) Preparing to weaponize?
Zack Whittaker reports:
A denial-of-service attack launched against an energy company providing power in several western U.S. states was enough to report “interruptions of electrical system operations” to the government’s energy authority.
The “cyber event” lasted almost 10 hours on March 5, according to an electric emergency and disturbance report filed with the Department of Energy by the affected company.
Read more on TechCrunch.
Meanwhile, in India, energy has also been under attack.  The Hans Indireports:
Khairatabad: The official website of Telangana State Power Distribution Corporation Limited (TSSPDCL) was hacked on Thursday. The electricity officials lodged a complaint in this regard with Central Crime Station – Cybercrime police. Cybercrime Additional DCP Raghuveer said that an FIR was registered under sections 65 and 66, based on the complaint received from CGM of Electricity IT department. The hackers after deleting the data from the official website demanded Rs 35 crore to give back the data, the electricity officials said.
Read more on The Hans India.




Background.
FBI Annual Internet Crime Report: $2.7 Billion in Losses Headlined by Non-Payment Scams, Business Email Compromise
The FBI’s Internet Crime Report, which provides data on the agency’s complaints and cases for the previous year, has been released. This annual report is prepared by the bureau’s Internet Crime Complaint Center (IC3), and is always a worthwhile read as it helps to identify trending patterns in cybersecurity. This year’s report reveals that the IC3 received nearly 352,000 complaints in 2018, with the most common type being a non-payment or non-delivery scam. However, the most financially damaging scams in 2018 were business email compromise, confidence fraud and investment scams.




I did not realize this was in their scope.
TSA Lacks Cybersecurity Expertise to Manage Pipeline Security Program: Report
The TSA is responsible for the federal oversight of the physical security and cybersecurity of the more than 2.7 million miles of pipeline that transport and distribute natural gas, oil, and other hazardous products throughout the United States.
… “Further, TSA does not have a strategic workforce plan to help ensure it identifies the skills and competencies—such as the required level of cybersecurity expertise—necessary to carry out its pipeline security responsibilities,” the report reveals.




Apparently, Amazon doesn’t have it yet!
This is not a freebie but if you want to get started learning about privacy law, Privacy Law Fundamentals will be a great investment in your knowledge.
The authors are Daniel J. Solove, John Marshall Harlan Research Professor of Law at George Washington University Law School, and
Paul M. Schwartz, Professor of Law. U.C. Berkeley School of Law, and Director of the Berkeley Center for Law & Technology
In addition to the print format, the book is also available in electronic format.
Download a Preview from IAPP, where you can also purchase the book.




Gosh, only 50 years behind the times.
NIST Seeking Input on AI Technical Standards by May 31, 2019
On May 1, 2019, the National Institute of Standards and Technology (NIST) announced a Request for Information (RFI) in the Federal Register regarding ongoing efforts to develop technical standards for artificial intelligence (AI) technologies and the identification of priority areas for federal involvement in AI standards-related activities. Responses to the RFI are due by May 31, 2019.




I wonder how many in the legislature use Alexa?
Alexa, don’t store this recording: California bill targets smart home speakers
A bill making its way through the California Legislature would prohibit makers of smart home speakers from saving or storing recordings without users’ explicit consent.
The Anti-Eavesdropping Act, which cleared its first committee Wednesday, would also ban smart speaker device manufacturers from sharing with third parties recordings of verbal commands or requests heard by the devices.
Google said it is monitoring AB 1395.
We believe that the combination of strong and balanced regulations, with products that are designed with privacy in mind, will help provide individuals with confidence that they’re in control of their personal information,” a Google spokeswoman said.
Cunningham, who introduced the bill in January, did so as part of a state lawmakers’ “Your Data, Your Way” package of legislation, which aims to complement the California Consumer Privacy Act, which was signed into law last year and takes effect next year.


(Related)
What Amazon knows about you
Depending on how much you shop, watch and read with Amazon, the e-commerce behemoth may know more about you than any other company on earth.




I wonder if there is a search engine for DUMB? I’m tired of saying, “That senator is dumber than a bag of hammers.”
The Measure Of Things – search engine for finding comparative or relative measurements of physical quantities
Wondering how big, small, tall, long, fast, heavy, or old something is? The Measure of Things is a tool to help you understand physical quantities in terms of things you (or your audience) are already familiar with. Need a metaphor to emphasize a written measurement? Try including a comparison to the size of a whale, or the height of the Empire State Building, or the speed of a bullet train. Need to understand how big a metric or English unit really is? Try comparing them to real, tangible objects that you see everyday. Here are a few examples:
  • Through adopting these measures, we can reduce our total on-hand inventory by 230 units and save approximately 12,000 cubic feet of space in the warehouse, which will free up about 200 linear feet of shelf space.
  • A colony of brown bats can eat more than 3,360 fl oz of insects in a single evening.
  • The winning horse stood ran at 0.099 miles per second.
These phrases are all ok, but they’re a little hard to understand — especially when they contain less intuitive measurements like miles per second. Try this instead:




Too horrible to contemplate?
THE COMEDIAN IS IN THE MACHINE. AI IS NOW LEARNING PUNS
A pun generator might not sound like serious work for an artificial intelligence researcher—more the sort of thing knocked out over the weekend to delight the labmates come Monday. But for He He, who designed just that during her postdoc at Stanford, it’s an entry point to a devilish problem in machine learning. He’s aim is to build AI that’s natural and fun to talk to—bots that don’t just read us the news or tell us the weather, but can crack jokes or compose a poem, even tell a compelling story. But getting there, she says, runs up against the limits of how AI typically learns.




Architecture. Not just a flag on the map, but photos of the food.
Google Maps now highlights photos of restaurants' most popular dishes



No comments: