Friday, June 28, 2019


Ransomware is expensive.
Baltimore Approves $10M in Funding for Cyber Attack Relief
Baltimore City officials approved using $10 million in excess revenue to cover the ongoing cost of the cyber attacks that immobilized some of the city’s systems almost two months ago.
WBAL reports the city’s estimates board approved the emergency funds Wednesday to help the hack recovery process, which is moving into its eighth week.
Systems such as water billing remain offline.
The city’s budget office has estimated the total cost of responding to the hack at $18 million. Hackers demanded$ 80,000 in ransom, but city officials said they have been advised by law enforcement authorities not to pay it.
This month, two cities in Florida paid ransoms to hackers after similar cyber attacks.




Show them an oldie, use it to insert a better tool or two.
Russian internet giant Yandex reportedly hacked by Western intelligence agency
Hackers working for the US or one of its closest allies broke into Russian search giant Yandex to plant malware to spy on user accounts, Reuters reported Thursday. Called Regin, the malware is known to be used by the Five Eyes intelligence-sharing alliance of the US, Britain, Australia, Canada and New Zealand, sources told the news outlet.
It couldn't be determined which country was responsible for the Yandex cyberattack. Reuters said it occurred between October and November of 2018 and that the hackers had access to Yandex's research and development unit for several weeks.
Regin, which antivirus software maker Symantec labeled a "top-tier espionage tool," had been in use since as early as 2008 to spy on governments, companies and individuals, Symantec reported in 2014.




Not on the official “best practices” breach checklist.
Former Equifax Executive Gets 4 Months for Insider Trading
A former Equifax executive who sold stock a week and a half before the company announced a massive data breach was sentenced Thursday to serve four months in federal prison for insider trading.
Jun Ying, former chief information officer of Equifax’s U.S. Information Solutions, pleaded guilty in March. His prison time is to be followed by a year of supervised release, and he was also ordered to pay about $117,000 in restitution and a $55,000 fine, the U.S. attorney’s office in Atlanta said in a news release.




Computer Security backgrounder.
CIS Controls Internet of Things Companion Guide
To help secure this new frontier, CIS® (Center for Internet Security, Inc.) is releasing the free CIS Controls® Internet of Things Companion Guide to help organizations apply the CIS Controls to the IoT. The CIS Controls are internationally-recognized cybersecurity best practices for defense against common cybersecurity threats.
Download the guide:
https://www.cisecurity.org/white-papers/cis-controls-internet-of-things-companion-guide/
Download CIS Controls V7.1:
https://learn.cisecurity.org/20-controls-download




The FBI no longer has a reason to try forcing Apple to give them a backdoor. I’m guessing they will keep trying anyway.
https://www.schneier.com/blog/archives/2019/06/cellebrite_clai.html
Cellebrite Claims It Can Unlock Any iPhone
The digital forensics company Cellebrite now claims it can unlock any iPhone.
I dithered before blogging this, not wanting to give the company more publicity. But I decided that everyone who wants to know already knows, and that Apple already knows. It's all of us that need to know.




I’m starting a tinfoil hat business…
https://www.bespacific.com/soon-satellites-will-be-able-to-watch-you-everywhere-all-the-time/
Soon, satellites will be able to watch you everywhere all the time
MIT Technology Review – Can privacy survive? Every year, commercially available satellite images are becoming sharper and taken more frequently. In 2008, there were 150 Earth observation satellites in orbit; by now there are 768. Satellite companies don’t offer 24-hour real-time surveillance, but if the hype is to be believed, they’re getting close. Privacy advocates warn that innovation in satellite imagery is outpacing the US government’s (to say nothing of the rest of the world’s) ability to regulate the technology. Unless we impose stricter limits now, they say, one day everyone from ad companies to suspicious spouses to terrorist organizations will have access to tools previously reserved for government spy agencies. Which would mean that at any given moment, anyone could be watching anyone else..”




Only three? But they are big hurdles.
Three Hurdles Companies Face in Implementing AI Initiatives
The hurdles are in three broad categories. The first is operational hurdles. Where do you start? With people? With data? With technology? And how does that work? The second hurdle is around compliance and security. Data has always been a sensitive issue, but it is getting increasingly more so because we now have a better understanding of how big an impact AI can have. There is more public opinion around this, and the regulators have an opinion. You need to navigate around these new complexities in order to make it work. Finally, there is the ethical/societal question. Decision-makers, team members, other business peers are questioning whether we really want to do this. How do we solve the trolley problem, for example?




Summarizing 32 sets of guidelines.
Introducing the Principled Artificial Intelligence Project
Berkman Klein’s Cyberlaw Clinic launched the “Principles Artificial Intelligence Project to map AI principles and guidelines. The team created a data visualization to summarize their findings, and will later publish the final data visualization, along with the dataset itself and a white paper detailing their assumptions, methodology and key findings…”
[For some reason, I can’t load the PNG, so here’s the PDF version:




The porn industry has always been an early adopter of new technologies. Perhaps they could package this as an App for people who get nervous giving speeches?
Creator of DeepNude, App That Undresses Photos of Women, Takes It Offline




Perspective. (Podcast)
Will Facebook’s Libra Bring Cryptocurrency into the Mainstream?
Facebook, the world’s largest social network with 2.4 billion users, is developing a cryptocurrency that has the potential to reshape the global financial system. Called Libra, the cryptocurrency and blockchain system is backed by major companies and groups and scheduled to hit the market in 2020. Facebook wants Libra to become a global currency that could help the 1.7 billion ‘unbanked’ people get access to financial systems.
Unsurprisingly, the announcement was met with calls for tough scrutiny from regulators and skepticism from technologists and the cryptocurrency community. Congressional committee hearings already are planned. In an op-ed for The Financial Times, Facebook co-founder Chris Hughes called the prospect of Libra’s success “frightening.” Facebook’s practice of moving fast and breaking things works for a college social network, he said, but “it’s not appropriate for the global monetary system.”
Wall Street, however, gave a thumbs up to this endeavor because it adds a potentially big source of revenue for Facebook beyond advertising. The stock was up as much as 8.5% in the days after The Wall Street Journal reported that big backers have lined up behind Libra.




Perspective.
Programming languages: JavaScript most used, Python most studied, Go most promising
According to a survey of developers by software company JetBrains, JavaScript was used by 69% in the past 12 months, with another 5% intending to adopt it.
HTML/CSS came a close second with 61% saying they had used it in the past 12 months, followed by SQL at 56% and Java at 50%. Although Python was only fifth on the list, used by just under half of developers (49%), it shows significant potential growth: 9% of respondents said they intended to adopt it or migrate to it.




If you use eBooks, you need Calibre and probably some of these plugins.



No comments: