Saturday, July 20, 2019


“We can hack it for you wholesale!” (Interesting anti-copying tech on this site. Try to copy the headline.)
Attack Steals Bank Passwords by Hijacking 180,000 Internet Routers in Brazil
Antivirus manufacturer Avast has published an alert for two attacks tampering with Internet router settings in Brazil. The change — made to at least 180,000 devices in the first half of 2019 alone — diverts access to certain sites to cloned pages, which then forwards any password entered to hackers.
Redirecting changes the destination of banking services and advertising material, as well as sending a cryptocurrency mining code to the victim’s browser.
The targets of the attack are domestic routers, such as those provided by operators and internet providers or acquired privately in the market to access the internet (see list of models below).




A much smaller hacking target.
Ed Dept: Hackers breached 62 colleges, created thousands of fake student profiles
The security flaw was found in previous versions of Banner software that colleges use to design web applications and authenticate users.
Hackers used the security flaw to take over users' sessions when they tried to log in and may have been able to access sensitive student data, according to the National Institute of Standards and Technology. The Ed Department noted on its website that the security breach may have also given hackers access to the agency's student financial aid data; it did not return a request for further comment.
It's not clear how many institutions are still using the older versions of the software, but more than 1,400 colleges use Banner for a variety of services, including for managing student information, employee benefits and financial aid.
An Ellucian spokesperson didn't say how or when the vulnerability was discovered. However, a GitHub post suggests a University of South Carolina student worker may have found and reported the issue to the company in December.




How much would adequate Computer Security have cost? How much will Directors pay?
Equifax reportedly close to $700 million data breach settlement
Remember that time Equifax had a data breach and leaked an incredible amount of information – addresses, social security numbers and even driver's licenses – on more than 143 million people in the US alone? That was revealed nearly two years ago, and tonight media reports suggest the company is closing in on a settlement with federal and state agencies including the FTC, Consumer Financial Protection Bureau and state attorneys general. The New York Times and Wall Street Journal reported it could pay between $650 and $700 million, near the $690 million figure Equifax told investors it had set aside for a penalty.
The Equifax breach came after hackers exploited a known flaw in unpatched software that its former CEO pinned on one employee instead of flawed policies. The data broker already agreed to new rules on security policies in some earlier settlements, and it remains to be seen if or how this will add additional oversight.




Are we finally getting serious about policing the Internet? (Probably not)
FTC approves settlement with Google over YouTube kids privacy violations
The Federal Trade Commission has finalized a settlement with Google in its investigation into YouTube for violating federal data privacy laws for children, said two people familiar with the matter who were not authorized to discuss it on record.
The settlement — backed by the agency’s three Republicans and opposed by its two Democrats — finds that Google inadequately protected kids who used its video-streaming service and improperly collected their data in breach of the Children’s Online Privacy Protection Act, or COPPA, which prohibits the tracking and targeting of users younger than 13, the people said.




I can see where lawyers might disagree.
Ill-Suited: Private Rights of Action and Privacy Claims
The U.S. Chamber of Commerce Institute for Legal Reform has published “Ill-Suited: Private Rights of Action and Privacy Claims,” a white paper authored by Hogan Lovells’ Mark W. Brennan, Alicia Paller, Melissa Bianchi, Adam Cooke, and Joseph Cavanaugh explaining why private litigation is a poor enforcement tool for privacy laws. As detailed in the paper, when it comes to privacy interests, “harms” are largely inchoate and intangible, and the wrongdoers are often unknown or unidentifiable. Even where class members may have suffered a concrete injury, the data indicates that they are unlikely to receive material compensatory or injunctive relief through private litigation. Meanwhile, plaintiffs’ counsel often walks away with millions of dollars, court dockets are unduly cluttered, and companies are forced to expend resources on baseless litigation.




This may relate to a couple of articles later in the blog…
Andis Robeznieks reports:
The Food and Drug Administration (FDA) has basic rules for regulating wearable devices and other digital health tools, but those rules may change as rapid innovation continues and the agency creates new pathways to ensure the safety and efficacy of new consumer-facing products. AMA experts outlined this and other need-to-know facts for physicians counseling patients who are increasingly looking to the wearable as a health tool.
Attorney Shannon Curtis, AMA assistant director for federal affairs, said during a recent education session that there are three important things for physicians to keep in mind when counseling patients about wearables or mobile health (mHealth) apps.
Be aware of an app or device’s regulatory status before recommending it to patients. […]
Alert patients to data privacy issues. […]
Help patients understand the information they receive. […]

I am delighted that they are advising physicians to alert patients to privacy issues.
Read more on the American Medical Association.




Not the best headline (no detailed timeline), but an interesting article.
The Twenty Year History Of AI At Amazon
If you’ve ever browsed through the vast selection of items Amazon offers on their website then you’ve most likely had an interaction with their advanced AI algorithms. Beginning with product recommendations, Amazon started using machine learning algorithms as part of their core offerings, and over time they have quietly built strong AI and ML capabilities broadly across the whole organization. There is no single AI group at Amazon. Rather, every team is responsible for finding ways to utilize AI and ML in their work. At the company’s recent re:MARS show in June 2019, Amazon showcased its wide footprint on use of AI & ML. At the event, the AI Today podcast interviewed three executives across various Amazon groups to hear how each group is utilizing AI.


(Related) Interesting. Imagine lawyers creating their own evidence alternative version of events.
DeepMind’s AI learns to generate realistic videos by watching YouTube clips
Perhaps you’ve heard of FaceApp, the mobile app that taps AI to transform selfies, or This Person Does Not Exist, which surfaces computer-generated photos of fictional people. But what about an algorithm whose videos are wholly novel? One of the newest papers from Google parent company Alphabet’s DeepMind (“Efficient Video Generation on Complex Datasets”) details recent advances in the budding field of AI clip generation. Thanks to “computationally efficient” components and techniques and a new custom-tailored data set, researchers say their best-performing model — Dual Video Discriminator GAN (DVD-GAN) — can generate coherent 256 x 256-pixel videos of “notable fidelity” up to 48 frames in length.




Yeah? How?
AI Weekly: A growing chorus of experts agrees facial recognition systems must be regulated
On Tuesday, Oakland became the third U.S. city after San Francisco and the Boston suburb of Somerville to ban facial recognition use by local government departments, including its police force. The ordinance adopted by the city council, which was written by Oakland’s Privacy Advisory Commission and sponsored by Councilmember Rebecca Kaplan, prohibits the city and its staff from obtaining, retaining, requesting, accessing, or using facial recognition technology or any information gleaned from it.
A September 2018 report revealed that IBM worked with the New York City Police Department to develop a system that allowed officials to search for people by skin color, hair color, gender, age, and various facial features. Elsewhere, the FBI and U.S. Immigration and Customs Enforcement are reportedly using facial recognition software to sift through millions of driver’s license photos, often without a court order or search warrant. And this past summer, Amazon seeded Rekognition, a cloud-based image analysis technology. to law enforcement in Orlando, Florida and the Washington County, Oregon Sheriff’s Office. The City of Orlando said this week it discontinued its Rekognition pilot, citing a lack of necessary equipment or bandwidth. But Washington County used Rekognition to build an app that lets deputies run scanned photos of suspected criminals through a database of 300,000 faces, which the Washington Post claims has “supercharged” police efforts in the state.




Your home gym as a Thing on the Internet of Things.
COLLECTIVE SWEAT
The future of fitness is together but alone
ne of the reasons the Peloton model has been so popular is due in part to society’s growing interest in self-care and wellness, with people looking to technology in the hopes of easily finding it. Self-improvement was the number one app theme last year, while the hashtag #selfcare soared from 5 million to 17 million posts on Instagram between August 2018 and July 2019. Now that people are used to finding self-care at the tap of a touchscreen, the convenience of connected fitness machines have also made them more attractive over the past few years, says Stephen Intille, an associate professor at Northeastern University specializing in health technology.




PLEASE tell me this is fake news! Babies are now a Thing on the Internet of Things?
Pampers introduces internet-connected diapers
Pampers is the latest company to jump into trendy, wearable devices with a new "connected care system" called Lumi that tracks babies' activity through a sensor that attaches to diapers.
The sensor sends an alert to an app notification when a diaper is wet. It also sends information on the baby's sleep and wake times and allows parents to manually track additional info, like dirty diapers and feeding times. A video monitor is included with the system and is integrated into the app. Pampers didn't say how much the system, which is launching in the U.S. this fall, will cost.
… The Lumi system encrypts all data and uses "the same standard of security as the financial services industry," [Will the FBI demand access? Bob] said Pampers spokeswoman Mandy Treeby. The system does not currently include two-factor authentication, something security experts consider key to avoiding unauthorized access to systems.
… The risk with so many ordinary objects becoming “smart” is that it makes them dependent on software updates and malfunctions - or a product losing its connectivity if a company goes out of business or discontinues the line. Nike’s $350 self-lacing shoes for instance stopped lacing earlier this year because of a software update.



No comments: