Friday, November 29, 2019


Not perfect security, but a darn good response.
Cloudy biz Datrix locks down phishing attack in 15 mins after fat thumb triggers email badness
… He explained that someone within the company had been thumbing through emails on their mobile phone and accidentally tapped a link sent from a compromised supplier of Datrix's. In turn, that compromised the person's inbox, allowing the attackers to "access a bunch of internal emails, read them and send them to our finance department".
Those emails, sent to tempt finance bods into paying fake invoices, linked to a fake domain: datrlx.co.uk (with a lowercase L) (instead of datrix.co.uk).
On top of that, around 300 emails were sent to customers whose details were in emails sent to the hapless Datrix worker. Wirszycz said the company shut off the compromised email account within 15 minutes, preventing the sending of "several thousand" emails.




As happens, this is two days after my lecture on forensics.




GDPR guidance.
UK ICO publishes new guidance on special category data
On November 14, 2019, the UK Information Commissioner’s Office (“ICO”) published detailed guidance on the processing of special category data. The guidance sets out (i) what are the special categories of data, (ii) the rules that apply to the processing of special category data under the General Data Protection Regulation (“GDPR”) and UK Data Protection Act 2018 (“DPA); (iii) the conditions for processing special category data; and (iv) additional guidance on the substantial public interest condition, including what is an “appropriate policy document”.
Under the GDPR, stricter rules apply to the processing of special category data, which includes genetic and biometric data as well as information about a person’s health, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership. As noted in the guidance, there is a presumption that “this type of data needs to be treated with greater care” because the “use of this data could create significant risks to the individual’s fundamental rights and freedoms”. This blog post provides a summary of the key takeaways from the ICO’s guidance.




What if it doesn’t like what it sees?
… For better or worse, many applications of in-car AI are right around the corner. In the near future, you can expect cars to help detect distracted drivers, be more conscious of their real owner, and help improve the ride experience by tuning the environment of the car to the preferences of its passengers. But as we know all too well, technological advancements come without impactful tradeoffs.
… A camera installed near the steering wheel monitors the driver’s behavior. Affectiva’s AI measures the frequency and length of blinking eyes to determine whether a driver is drifting into drowsiness and signals a warning and recommends playing music, changing the temperature, or pulling over.
The AI is also being developed to detect distractions, such as when drivers are texting, eating, talking on the phone, or turning their heads to talk to passengers.




One step on a slippery slope. Apps that are a curiosity, then perhaps useful, then earning a discount on health insurance, then mandatory is you want health insurance, then capable of terminating anyone with a serious (costs lots of money) health risk.
How a Smartphone Can Turn Your Bathroom Into a Home Medical Lab
Israel’s Healthy.io is the first firm to get U.S. approval for a lab test by phone. Its urinalysis kits identify kidney dysfunction and other ailments


(Related)
Smart Toilets: The Jetpack of the Bathroom
Now, researchers at the University of Wisconsin-Madison are envisioning a toilet that can analyze urine for indicators of disease (such as blood, protein, or metabolites), connect to the internet, and send the information to your phone or your doctor.




A collection of useful tools.
Twelve Good Tools for Creating Mind Maps & Flowcharts - Updated



No comments: