Friday, December 06, 2019


Tools for hackers.
Easily Reveal Hidden Passwords In Any Browser
lifehacker – “Autofill is a great setting if you don’t want to have to remember and type in your password every time you log in to an online account. In fact, we highly recommend you use a password manager (and take advantage of autofill features) to keep track of secure passwords. But autofill makes it easy to forget what your passwords are in the event you need to type them in elsewhere. Thankfully, there’s a way around this. [Take time to read the Comments section for additional useful information – and once again – try DuckDuckGo rather than Chrome]


(Related) Delete does not mean delete.




A ‘complication’ my Security students must consider.
How to fool infosec wonks into pinning a cyber attack on China, Russia, Iran, whomever
Learning points, not an instruction manual
"I can buy infrastructure in Iran very easily, it turns out," he said. "That's not 26 servers; that's 26 different VPS providers that, with a credit card or Bitcoin, I can go ahead and buy servers in Iran that I can send traffic through. It's going to be awesome!"




Help to justify that security budget…
The Drums of Cyberwar
In mid-October, a cybersecurity researcher in the Netherlands demonstrated, online, as a warning,* the easy availability of the Internet protocol address and open, unsecured access points of the industrial control system—the ICS—of a wastewater treatment plant not far from my home in Vermont. Industrial control systems may sound inconsequential, but as the investigative journalist Andy Greenberg illustrates persuasively in Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers, they have become the preferred target of malicious actors aiming to undermine civil society. A wastewater plant, for example, removes contaminants from the water supply; if its controls were to be compromised, public health would be, too.
That Vermont water treatment plant’s industrial control system is just one of 26,000 ICS’s across the United States, identified and mapped by the Dutch researcher, whose Internet configurations leave them susceptible to hacking.




Local
CO: Sunrise Community Health Notifies Patients of Data Security Incident
Sunrise Community Health in Colorado has posted a notice concerning a recent data security incident. From their notice:
Sunrise recently learned certain employee email accounts were accessed by an unauthorized individual(s). On November 5, 2019, it was determined that certain personal information was present in the affected email accounts. Sunrise began working with third party forensic experts to confirm the full nature and scope of this incident and to confirm the security of the Sunrise email environment. The investigation is ongoing at this time. To date, the investigation has determined certain Sunrise email accounts may have been subject to unauthorized access at various times between September 11, 2019 and November 22, 2019.
The complete can be found here or on their website.




There must have been much more criticism than normal. Just a reaction to Face recognition?
After criticism, Homeland Security drops plans to expand airport face recognition scans to US citizens




Could you (or your AI) explain it to your grandma?
UK ICO and The Alan Turing Institute Issue Draft Guidance on Explaining Decisions Made by AI
The UK’s Information Commissioner’s Office (“ICO”) has issued and is consulting on draft guidance about explaining decisions made by AI. The ICO prepared the guidance with The Alan Turing Institute, which is the UK’s national institute for data science and artificial intelligence. Among other things, the guidance sets out key principles to follow and steps to take when explaining AI-assisted decisions — including in relation to different types of AI algorithms — and the policies and procedures that organizations should consider putting in place.




Huh. Another worry to worry about.
Are Businesses Ready for Deglobalization?
As we enter a new decade, characterized by rising economic complexity and geopolitical divisions — U.S.-China tensions, populism and nationalism in Europe, and the looming risk of a global recession — forward-thinking business leaders are developing strategies to mitigate the longer-term risk of deglobalization. They are concerned about trade protectionism, and the revenue a company could lose in any tariff wars.
However, there is a more hidden risk associated with deglobalization: that global corporations are not structured in a way that is fit for purpose to compete in a deglobalizing world. It is increasingly understood that this ever-more siloed world directly impacts three key pillars of global corporations: technology, global recruiting, and the finance function.




Perspective. (Lowest score is 12/25)
50 countries ranked by how they’re collecting biometric data and what they’re doing with it
comparitech: “From passport photos to accessing bank accounts with fingerprints, the use of biometrics is growing at an exponential rate. And while using your fingerprint may be easier than typing in a password, just how far is too far when it comes to biometric use, and what’s happening to your biometric data once it’s collected, especially where governments are concerned? Here at Comparitech, we’ve analyzed 50 different countries to find out where biometrics are being taken, what they’re being taken for, and how they’re being stored. While there is huge scope for biometric data collection, we have taken 5 key areas that apply to most countries (so as to offer a fair country-by-country comparison and to ensure the data is available). Each country has been scored out of 25, with high scores indicating extensive and invasive use of biometrics and/or surveillance and a low score demonstrating better restrictions and regulations regarding biometric use and surveillance…” [Spoiler – U.S. ranks #4 of top 5 countries using biometric data]




Because I like lists.
Boing Boing’s 28 favorite books in 2019
boing boing Rob Beschizza – “Here’s 28 of our favorites from the last year – not all of them published in the last year, mind you – from fairy-tales to furious politics and everything in between, including the furious fairy-tale politics getting between everything. The links here include Amazon Affiliate codes; this helps us make ends meet at Boing Boing, the world’s greatest neurozine…” [Each “favorite” or “best books” list offers unique insights on books that you may have missed – like Coders: The Making of a New Tribe and the Remaking of the World.



No comments: