Tuesday, December 03, 2019


A friend once told me that the fastest way to get rich would be to invent a new sin. New hacking techniques work kind of like that.
New Experian Data Breach Trends Report Highlights New Risks For 2020
With every passing year, hackers are becoming more sophisticated not just in the technologies that they use to carry out their attacks, but also in ways that they spot potential new attack surfaces. That’s one of the big takeaway trends from Experian’s seventh annual “Data Breach Industry Forecast 2020,” which outlines five key data breach trends to keep an eye on over the next 12 months.
At the top of the list of new trends is text-based “smishing” attacks, in which nefarious hackers use SMS text messages to carry out phishing attacks against unsuspecting users.
Another trend cited in the Experian data breach trends report, for example, is the “hacker in the sky” attack involving drones.
some cybercriminals are experimenting with so-called “deepfake” technology (a term coined in Reddit online forums in 2017), in which artificial intelligence (AI) algorithms are used to create false identities.




An example of “undue reliance?” Imagine a ransomware attack where client contact information was blocked…
In Weekend Outage, Diabetes Monitors Fail to Send Crucial Alerts
For many parents of children with diabetes, the Dexcom G6 continuous glucose monitor is a lifesaver. The device tracks their children’s glucose levels and sends them an alert when their blood sugar climbs too high or falls too low, allowing them to take quick action to correct it.
But around midnight on Friday, Dexcom suffered a mysterious service outage, leaving thousands of people who rely on the device for critical information in the dark. Many parents who woke up on Saturday morning and learned about the outage hours after it began had to scramble to make sure their children were safe. The affected service, Dexcom Follow, had been partly restored by Monday morning, a company spokesman said.




This may be in the future.
US Government Will Welcome Ethical Hackers
According to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA), the US federal government hasn’t been gracious when presented with these voluntary reports. Some agencies ignore them, while some publish officious language on their sites threatening legal action if anyone tinkers with their systems. That isn’t helpful behaviour, it says. Now, it wants to change all that.
The Agency has published a proposed directive forcing agencies to play nicely with voluntary bug reporters. Under the draft rules, federal agencies would have to provide and monitor clear channels (an email or web form) through which people could report security flaws. They would also have to respond and keep researchers updated on efforts to fix the bugs.
The rules go beyond basic courtesy, though. Agencies could no longer publish threatening language discouraging bug hunters. Neither could they forbid hackers from publishing the bugs after waiting for an acceptable period.




Because the US Passport photo won’t serve?
From Papers, Please!
Buried in the latest Fall 2019 edition of an obscure Federal bureaucratic planning database called the Unified Agenda of Regulatory and Deregulatory Actions is an official notice from the U.S. Department of Homeland Security (DHS) that:
To facilitate the implementation of a seamless biometric entry-exit system that uses facial recognition … DHS is proposing to amend the regulations to provide that all travelers, including U.S. citizens, may be required to be photographed upon entry and/or departure [to or from the U.S.].
Read more on Papers, Please!




Been there, screwed that up too.”
If You’re Reading This Now It’s (Almost) Too Late (and Other GDPR Lessons)
January 1, 2020 is a landmark day for data privacy in the United States. It’s the day the biggest state in the union, indeed, the sixth biggest economy in the entire world, California, will enact its own piece of privacy-focused regulation, the California Consumer Privacy Act (or CCPA).
I want to address some of the most pervasive in hopes that they’ll bolster readers’ cases when lobbying their colleagues to get serious about the CCPA. Because after going through this before with the GDPR, I feel secure in saying it will represent a significant challenge for many businesses.
First, the six month “grace period” from January to July 2020 does not actually mean that companies can wait until July to ensure they’re compliant. It does not apply to the private right of action that consumers can exercise (with a value of up to $750 per consumer per breach incident). And the California Attorney General will be able to prosecute retroactively for companies who were in violation during the first six months – it’s true that the AG is likely to skew lenient during this period, but there’s nothing to stop them from taking a hard line if they see a case of gross negligence.
A common refrain I hear is “we just did this with the GDPR, so we don’t need to go back and do it all over again.”
This is often not true; it’s possible that a business, in preparing for GDPR, overspec’d so much that they unwittingly attained CCPA compliance. It’s much more likely that they did enough to scrape by GDPR, and, for example, dealt only with their European data. Most legacy businesses with a large footprint aren’t holding European and US customer data together. Even if they are, there are important aspects in which the CCPA is even more stringent than the GDPR – for example, regarding the Right to Equal Service and Prices.
Lastly, there’s the dangerous argument that a given business isn’t large or visible enough to incur regulatory wrath – that if you’re not a FAANG company the risk of privacy non-compliance is theoretical rather than practical. A simple look at the GDPR numbers demonstrates this is false. Enforcement started slow but has picked up significantly in 2019, as regulatory authorities found their footing. A running tracker hosted by CMS Law currently shows 86 different entities have been fined under GDPR, ranging from the world’s biggest companies to small merchants to the mayor of a small Belgian town.




Privacy for Twits? Interesting that what CCPA allows may be a violation of GDPR.
Twitter makes global changes to comply with privacy laws
Twitter Inc is updating its global privacy policy to give users more information about what data advertisers might receive and is launching a site to provide clarity on its data protection efforts, the company said on Monday.
Twitter also announced on Monday that it is moving the accounts of users outside of the United States and European Union which were previously contracted by Twitter International Company in Dublin, Ireland, to the San Francisco-based Twitter Inc.
The company said this move would allow it the flexibility to test different settings and controls with these users, such as additional opt-in or opt-out privacy preferences, that would likely be restricted by the General Data Protection Regulation (GDPR), Europe’s landmark digital privacy law.
We want to be able to experiment without immediately running afoul of the GDPR provisions
Twitter’s new privacy site, dubbed the ‘Twitter Privacy Center’ is part of the company’s efforts to showcase its work on data protection and will also give users another route to access and download their data.




So useful we may ignore the risks?
Amazon AI generates medical records from patient-doctor conversations
The company says its new software can understand medical jargon and automatically punctuate text.
Amazon believes its latest Web Services tool will help doctors spend more time with their patients. The tool, called Amazon Transcribe Medical, allows doctors to easily transcribe patient conversations and add those interactions to someone's medical records with the help of deep learning software.
… For Amazon, Transcribe Medical is just the company's latest foray into the lucrative healthcare industry. Earlier this year, the company announced Amazon Care, a service that allows employees to take advantage of virtual doctor consultations and in-home follow-ups. Moving forward, the issue Amazon is likely to face as it tries to convince both doctors and their patients to use Transcribe Medical is -- as always -- related to privacy.
Wood told CNBC the tool is fully compliant with the federal government's Health Insurance Portability and Accountability Act (HIPAA). Amazon, however, will likely have to go above and beyond the requirements of the law to satisfy privacy critics. HIPAA doesn't provide detailed guidance on how healthcare companies should secure digital patient medical records and hasn't been updated since 2013. The urgent need for updated legislation was highlighted earlier this year when a ProPublica report found that the records of some 5 million patients in the US were easily accessible with free software. The company will need to be specific about how any data will be used, and who has access to it.




One possible view.
The Ethical Threat of Artificial Intelligence in Practice
How do clinicians set rules that allow professionals "to make good use of technology to find patterns in complex data" but also "stop companies from extracting unethical value from those data?" asked Raymond Geis, MD.
Geis, from the American College of Radiology (ACR) Data Science Institute, is one of the authors of a joint statement that addresses the potential for the unethical use of data, the bias inherent in datasets, and the limits of algorithmic learning, and was the moderator of a session on the topic at the Radiological Society of North America (RSNA) 2019 Annual Meeting in Chicago.



1 comment:

Griffin Brooks said...

Vigora 50mg Tablet MD is a phosphodiesterase-5 inhibitor. This tablet contains sildenafil 50 mg as a functioning fixing. It works by loosening up the blood vessels in your penis, in this way expanding blood flow into the penis on sexual incitement. This assists with accomplishing and keep a hard, erect penis reasonable for sexual action.