Only three and a half years later and they are finally “planning”
to do something? Note that what they plan is NOT a fix. Is it even
mandatory?
Exclusive:
U.S. officials fear ransomware attack against 2020 election
The U.S. government plans
to launch a program in roughly one month that narrowly
focuses on protecting voter registration databases and systems ahead
of the 2020 presidential election.
These systems, which are widely used
to validate the eligibility of voters before they cast
ballots, were compromised in 2016 by Russian hackers seeking to
collect information. Intelligence officials are concerned that
foreign hackers in 2020 not only will target the databases but
attempt to manipulate, disrupt or destroy the data, according to
current and former U.S. officials.
“We assess these systems as high risk,” said a
senior U.S. official, because they are one
of the few pieces of election technology regularly connected to the
Internet.
The Cybersecurity Infrastructure Security Agency,
or CISA, a division of the Homeland Security Department, fears the
databases could be targeted by ransomware
… CISA’s program will reach out to state
election officials to prepare for such a ransomware scenario. It
will provide educational material, remote computer penetration
testing, and vulnerability scans as well as a list of recommendations
on how to prevent and recover from ransomware.
By now my students are sick of my repetitious
reiteration of the things I repeat a lot. Like the failure of
government bureaucracies to fix security weaknesses they are told
about.
It was
sensitive data from a U.S. anti-terror program – and terrorists
could have gotten to it for years, records show
The Department of Homeland Security stored
sensitive data from the nation’s bioterrorism defense program on an
insecure website where it was vulnerable to attacks by hackers for
over a decade, according to government documents reviewed by The
Times.
… The information — housed on a dot-org
website run by a private contractor — has been moved behind a
secure federal government firewall, and the website was shut down in
May. But Homeland Security
officials acknowledge they do not know whether hackers ever gained
access to the data. [Unlike
competent organizations. Bob]
… A security audit completed in January 2017
found “critical” and “high risk” vulnerabilities, including
weak encryption that made the website “extremely prone” to online
attacks. The audit concluded that there
“does not seem to be any protective monitoring of the site,”
according to a Homeland Security report summarizing the findings.
An inspector general’s report published later
that year said sensitive information had been housed on the BioWatch
portal since 2007 and was vulnerable to hackers.
Not
just because Harvard says so (or because I teach Computer Security).
Bad
economics? Would this hold true for any other crimes?
‘Just
Enough’ Piracy Can Be a Good Thing
Be
ye careful when displaying new clothes to professionals lest someone
point out the lack of fabric. Note also that the lawsuit keeps your
embarrassment in the news.
Company
Sues Black Hat Conference Over Mocked Presentation
Crown
Sterling advertises itself as “an emerging company in development
of non-factor based dynamic encryption and innovative new
developments in AI.” The company’s website does not provide any
details about the company’s technology, TIME AI, but it has
published a short
presentation video and
an 8-page paper.
The
company paid $115,000 to be a gold sponsor at the 2019 Black Hat USA
conference, which included an exhibition booth at the event and a
sponsored talk. The presentation, titled “The 2019 Discovery of
Quasi-Prime Numbers: What Does This Mean for Encryption?,” was held
by Robert E. Grant, Crown Sterling founder and CEO.
Some
of the individuals who attended the talk called
out the company during
its presentation over what has been described as “pseudoscience.”
… Many
individuals, including reputable
experts,
have ridiculed
Crown
Sterling on social media and pointed
out errors in
its claims, with some calling the company “frauds” and “snake
oil vendors.” Following the incident, Black Hat organizers decided
to remove any mention of the presentation from the event’s official
website.
I
must be getting the message across. One of my students tipped me to
this story.
https://thenextweb.com/eu/2019/08/27/facial-recognition-in-schools-leads-to-swedens-first-gdpr-fine/
Facial
recognition in schools leads to Sweden’s first GDPR fine
The Swedish Data Protection Authority (DPA) has
served a municipality in northern Sweden the country’s
first GDPR fine — amounting to almost €19,000
(200,000 SEK) — for using facial recognition technology to monitor
the attendance of students in school.
The high school in Skellefteå conducted a pilot
program last fall where the attendance of 22
students over a period of three weeks was taken with the
help of facial recognition technology, instead of good ol’
fashioned roll call, according
to Computer Sweden.
… The school failed to consult the Swedish DPA
before launching its program and didn’t do a proper impact
assessment.
… The school maintains it had its students’
consent, but the DPA found there was no valid legal basis for this as
there’s a “clear imbalance between the data subject and the
controller.”
Perspective. Some you know, some you might not.
It’s what they’re doing that is most interesting.
10
Companies Using AI to Grow
According
to Fortune Business Insights, the global AI (artificial intelligence)
market in 2018 was $21
billion.
It’s expected to grow 33% annually between 2019 and 2026 to $203
billion.
Something to amuse my students.
No comments:
Post a Comment