Saturday, June 29, 2019


Killer hacks. Literally. Is security not part of the FDA approval process?
Medtronic recalls some insulin pumps as FDA warns they can be hacked
MiniMed 508” Medtronic insulin pumps have cybersecurity problems that can’t be updated or patched, and the company is recalling them as a result, the Food and Drug Administration said Thursday.
… “The FDA is concerned that, due to cybersecurity vulnerabilities identified in the device, someone other than a patient, caregiver or health care provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings. This could allow a person to over deliver insulin to a patient, leading to low blood sugar ... or to stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis,” the FDA notice says.




As more countries jump on Privacy, will Facebook face a ‘death of 1000 cuts?’ Okay, probably not…
Italy Fines Facebook Over Cambridge Analytica Case
Italy's data protection watchdog slammed Facebook Friday with a fine of one million euros ($1.1 million) for violating privacy laws over the Cambridge Analytica scandal.
The penalty was for "illegal actions committed in the 'Cambridge Analytica' case, the company that gained access to the data of 87 million users through an app for psychological tests," it said in a statement.
Critics slammed the watchdog for handing the social media giant a relatively small fine, while analysts said it was low because the offence was committed before Europe's new data protection framework came into force.
In December, Italy's competition authority fined Facebook 10 million euros for selling users' data without informing them and "aggressively" discouraging users from trying to limit how the company shares their data.




Because it’s inevitable?
The Strange Politics of Facial Recognition
Agreement is shocking in a political moment defined by polarization, but lightning has seemingly struck twice. Microsoft and Amazon, makers of Face API and Rekognition software, respectively, also both endorse federal regulation. In June, Axon, the number-one body-camera manufacturer in the United States, agreed with its ethics board’s proposal not to outfit Axon cameras with facial recognition (at least, for the foreseeable future). Microsoft President Brad Smith called for governments “to start adopting laws to regulate this technology” last year, while Amazon Web Services CEO Andy Jassy echoed those comments in June, likening the technology to a knife. It’s a less dramatic image than the plutonium and nuclear-waste metaphors critics employ, but his message—coming from an executive at one of the world’s most powerful facial-recognition technology outfits—is clear: This stuff is dangerous.




I don’t think they like Amazon.
Amazon Is Watching
The Internet giant is wiring homes, neighborhoods, and cities with cameras and microphones, and powering the nation’s intelligence services. Are we sure we can trust it?




Perspective.
Amazon, the new king of shipping
Less than a decade after Amazon broke into the logistics industry, it has become its own biggest shipper.
Researchers found that nearly half (48%) of Amazon packages are delivered by the company itself.
That's a dramatic shift from two years ago, when the Postal Service delivered more than 60% of Amazon parcels, and Amazon just around 15%.
The e-commerce behemoth is already faster than competitors — and it has ambitions of getting even speedier. It takes Amazon an average of 3.2 days to deliver a parcel after a shopper clicks "buy," per Rakuten Intelligence. For all other e-commerce companies, the average time is 6 days.
Amazon — which has started offering its shipping capabilities as a service — will be able to ship products for about two-thirds the rates of UPS and FedEx, Pellas projects. Its trucks and planes are out delivering Amazon packages anyway so it can offer shipping at cost, instead of collecting a margin.




Overly aggressive? Is squeezing every nickel out of small business a good long-term strategy?
GrubHub is buying up thousands of restaurant web addresses. That means Mom and Pop can’t own their slice of the internet




One education future. Because traditional colleges and universities aren’t fast enough?
SV Academy just landed $9.5 million to offer tuition-free training that puts people in tech jobs
Even as software eats the world, not everyone has the training or connections to land a high-paying job in either the traditional tech industry or with a company that’s actively embracing its digital future.
In fact, it would be challenging to interest an executive recruiter in someone who doesn’t have a tech background and didn’t go to college, yet a company called SV Academy is doing just that. According to cofounder and CEO Rahim Fazal, the nearly two-and-a-half-year-old, Bay Area company is currently helping 100 people every 30 days — or 1,200 per year — land jobs at companies like SurveyMonkey, Palo Alto Networks, and PayPal.
Very notably, it costs these job candidates nothing. Employers pay SV Academy between $12,000 to $15,00 per hire; all the prospects really need to do is convince SV Academy that they have the drive required to take a 12-week, training program that teaches the skills necessary for tech-based sales roles, plus a year of ongoing training and mentorship for a year after they graduate.


(Related)
Degreed Raises $75 Million to Expand Corporate Learning Platform
Founded in 2012, Degreed offers over 1,500 certificates and credentials, aimed primarily at companies looking to develop and upskill their employees. When teams sign on, they can identify the skills that they’d like to develop, ranging from customer service to data analysis, strategic planning to user experience design. The platform then surfaces courses, videos, articles and other resources to teach users.
To date, Degreed claims it has served more than 220 corporate clients, including Airbnb, Boeing, Mastercard and Unilever. The company also offers to certify individuals in certain skills for a fee of $129. An unlimited membership plan is available for $399, according to the company’s website.




Getting my students hired.
Firms Continue to Hunt for Artificial Intelligence Talent
Tech giants are far from the only companies hiring workers with data science skills. Employers in fields as diverse as media, finance and medicine are searching for machine learning engineers to help transform and enhance their product offerings.
Artificial intelligence job postings grew 29% in the 12-month period ending in May, according to career platform Indeed.
Within the AI field, machine learning engineers were the most sought after title. The position also topped the list of highest paying salaries for the sector, earning an average salary of $142,859.




Picking the right team is critical!



Friday, June 28, 2019


Ransomware is expensive.
Baltimore Approves $10M in Funding for Cyber Attack Relief
Baltimore City officials approved using $10 million in excess revenue to cover the ongoing cost of the cyber attacks that immobilized some of the city’s systems almost two months ago.
WBAL reports the city’s estimates board approved the emergency funds Wednesday to help the hack recovery process, which is moving into its eighth week.
Systems such as water billing remain offline.
The city’s budget office has estimated the total cost of responding to the hack at $18 million. Hackers demanded$ 80,000 in ransom, but city officials said they have been advised by law enforcement authorities not to pay it.
This month, two cities in Florida paid ransoms to hackers after similar cyber attacks.




Show them an oldie, use it to insert a better tool or two.
Russian internet giant Yandex reportedly hacked by Western intelligence agency
Hackers working for the US or one of its closest allies broke into Russian search giant Yandex to plant malware to spy on user accounts, Reuters reported Thursday. Called Regin, the malware is known to be used by the Five Eyes intelligence-sharing alliance of the US, Britain, Australia, Canada and New Zealand, sources told the news outlet.
It couldn't be determined which country was responsible for the Yandex cyberattack. Reuters said it occurred between October and November of 2018 and that the hackers had access to Yandex's research and development unit for several weeks.
Regin, which antivirus software maker Symantec labeled a "top-tier espionage tool," had been in use since as early as 2008 to spy on governments, companies and individuals, Symantec reported in 2014.




Not on the official “best practices” breach checklist.
Former Equifax Executive Gets 4 Months for Insider Trading
A former Equifax executive who sold stock a week and a half before the company announced a massive data breach was sentenced Thursday to serve four months in federal prison for insider trading.
Jun Ying, former chief information officer of Equifax’s U.S. Information Solutions, pleaded guilty in March. His prison time is to be followed by a year of supervised release, and he was also ordered to pay about $117,000 in restitution and a $55,000 fine, the U.S. attorney’s office in Atlanta said in a news release.




Computer Security backgrounder.
CIS Controls Internet of Things Companion Guide
To help secure this new frontier, CIS® (Center for Internet Security, Inc.) is releasing the free CIS Controls® Internet of Things Companion Guide to help organizations apply the CIS Controls to the IoT. The CIS Controls are internationally-recognized cybersecurity best practices for defense against common cybersecurity threats.
Download the guide:
https://www.cisecurity.org/white-papers/cis-controls-internet-of-things-companion-guide/
Download CIS Controls V7.1:
https://learn.cisecurity.org/20-controls-download




The FBI no longer has a reason to try forcing Apple to give them a backdoor. I’m guessing they will keep trying anyway.
https://www.schneier.com/blog/archives/2019/06/cellebrite_clai.html
Cellebrite Claims It Can Unlock Any iPhone
The digital forensics company Cellebrite now claims it can unlock any iPhone.
I dithered before blogging this, not wanting to give the company more publicity. But I decided that everyone who wants to know already knows, and that Apple already knows. It's all of us that need to know.




I’m starting a tinfoil hat business…
https://www.bespacific.com/soon-satellites-will-be-able-to-watch-you-everywhere-all-the-time/
Soon, satellites will be able to watch you everywhere all the time
MIT Technology Review – Can privacy survive? Every year, commercially available satellite images are becoming sharper and taken more frequently. In 2008, there were 150 Earth observation satellites in orbit; by now there are 768. Satellite companies don’t offer 24-hour real-time surveillance, but if the hype is to be believed, they’re getting close. Privacy advocates warn that innovation in satellite imagery is outpacing the US government’s (to say nothing of the rest of the world’s) ability to regulate the technology. Unless we impose stricter limits now, they say, one day everyone from ad companies to suspicious spouses to terrorist organizations will have access to tools previously reserved for government spy agencies. Which would mean that at any given moment, anyone could be watching anyone else..”




Only three? But they are big hurdles.
Three Hurdles Companies Face in Implementing AI Initiatives
The hurdles are in three broad categories. The first is operational hurdles. Where do you start? With people? With data? With technology? And how does that work? The second hurdle is around compliance and security. Data has always been a sensitive issue, but it is getting increasingly more so because we now have a better understanding of how big an impact AI can have. There is more public opinion around this, and the regulators have an opinion. You need to navigate around these new complexities in order to make it work. Finally, there is the ethical/societal question. Decision-makers, team members, other business peers are questioning whether we really want to do this. How do we solve the trolley problem, for example?




Summarizing 32 sets of guidelines.
Introducing the Principled Artificial Intelligence Project
Berkman Klein’s Cyberlaw Clinic launched the “Principles Artificial Intelligence Project to map AI principles and guidelines. The team created a data visualization to summarize their findings, and will later publish the final data visualization, along with the dataset itself and a white paper detailing their assumptions, methodology and key findings…”
[For some reason, I can’t load the PNG, so here’s the PDF version:




The porn industry has always been an early adopter of new technologies. Perhaps they could package this as an App for people who get nervous giving speeches?
Creator of DeepNude, App That Undresses Photos of Women, Takes It Offline




Perspective. (Podcast)
Will Facebook’s Libra Bring Cryptocurrency into the Mainstream?
Facebook, the world’s largest social network with 2.4 billion users, is developing a cryptocurrency that has the potential to reshape the global financial system. Called Libra, the cryptocurrency and blockchain system is backed by major companies and groups and scheduled to hit the market in 2020. Facebook wants Libra to become a global currency that could help the 1.7 billion ‘unbanked’ people get access to financial systems.
Unsurprisingly, the announcement was met with calls for tough scrutiny from regulators and skepticism from technologists and the cryptocurrency community. Congressional committee hearings already are planned. In an op-ed for The Financial Times, Facebook co-founder Chris Hughes called the prospect of Libra’s success “frightening.” Facebook’s practice of moving fast and breaking things works for a college social network, he said, but “it’s not appropriate for the global monetary system.”
Wall Street, however, gave a thumbs up to this endeavor because it adds a potentially big source of revenue for Facebook beyond advertising. The stock was up as much as 8.5% in the days after The Wall Street Journal reported that big backers have lined up behind Libra.




Perspective.
Programming languages: JavaScript most used, Python most studied, Go most promising
According to a survey of developers by software company JetBrains, JavaScript was used by 69% in the past 12 months, with another 5% intending to adopt it.
HTML/CSS came a close second with 61% saying they had used it in the past 12 months, followed by SQL at 56% and Java at 50%. Although Python was only fifth on the list, used by just under half of developers (49%), it shows significant potential growth: 9% of respondents said they intended to adopt it or migrate to it.




If you use eBooks, you need Calibre and probably some of these plugins.



Thursday, June 27, 2019


Have we got your attention now?
DC Court of Appeals rules OPM responsible for hacking of 22 million personnel records
Washington Post: “A federal appeals court has revived the chances of monetary awards being paid to federal employees and others whose personal information was exposed in hacks of two government databases that were revealed in 2015. The ruling criticized the Office of Personnel Management for failing to safeguard that information despite having been the target of prior hacking attempts and despite repeated warnings from its inspector general’s office that the databases were vulnerable. “OPM effectively left the door to its records unlocked by repeatedly failing to take basic, known, and available steps to secure the trove of sensitive information in its hands,” said the decision Friday by the U.S. Court of Appeals for the District of Columbia Circuit. The OPM deferred a request for comment to the Justice Department, which declined to comment.
The appellate court ruled that a federal district judge erred in dismissing a combined suit brought by two federal employee unions, the American Federation of Government Employees and the National Treasury Employees Union…”




What is an adequate backup and recovery plan worth?
On June 11, DataBreaches.net noted a report that Lake City, Florida was struggling to recover from “triple threat ransomware.” The attack had occurred on May 10, and one month later, the city’s landline phones were still knocked out and other services were also affected, although emergency services were operating.
Now, one week after another Florida city, Riviera Beach, decided to pay the equivalent of almost $600,000 ransom after they were attacked, Lake City has agreed to pay almost $500,000 ransom to its attackers. When the costs of this breach are tabulated, including any replacement hardware and consulting fees, legal fees, etc., this will likely be a very costly breach for Lake City.
Whether the attackers are the same individual or group or not is unknown, but with two Florida cities paying high ransoms within a short period of time, I think we can reasonably predict many more attacks with ransom demands in the half-million to million-dollar range.
CBS News reports:
The mayor of Lake City told CBS 47 Action News Jax on Tuesday that the small city in northern Florida would give the hackers $460,000 to hand back control of email and other servers seized two weeks ago.
Read more on CBS.




The sky is falling! The sky is falling!
Presidential Phone Alerts Can Be Spoofed, Researchers Say
Presidential Alerts that all modern cell phones in the United States are required to receive and display as part of the Wireless Emergency Alert (WEA) program can be spoofed, researchers have discovered.
Issued via the Integrated Public Alert and Warnings System (IPAWS) along with AMBER alerts and imminent threat alerts, the Presidential Alerts are intended to inform the public of imminent threats and cannot be blocked.
In a recently published whitepaper, a group of security researchers from the University of Colorado Boulder has demonstrated how Presidential Alerts could be targeted in spoofing attacks using commercially available hardware and modified open source software.




Fake browsing history is easy. I just logon to my favorite porn sites as a certain law professor I know.
Firefox Will Give You a Fake Browsing History to Fool Advertisers
Vice:Security through obscurity is out, security through tomfoolery is in. That’s the basic philosophy sold by Track THIS, “a new kind of incognito” browsing project, which opens up 100 tabs crafted to fit a specific character—a hypebeast, a filthy rich person, a doomsday prepper, or an influencer. The idea is that your browsing history will be depersonalized and poisoned, so advertisers won’t know how to target ads to you. It was developed as a collaboration between mschf (pronounced “mischief”) internet studios and Mozilla’s Firefox as a way of promoting Firefox Quantum, the newest Firefox browser…” “These trackers and these websites really commoditize you, and they don’t really make you feel like a person,” Daniel Greenberg, director of strategy and distribution for mschf, said in a phone call. “So we wanted to do something visceral that makes the user feel like they’re in control again.”


(Related) An anti-social media checker. Some interesting phrases in this video.
Companies Are Using Artificial Intelligence to Screen for Problematic Employees
Watch how a startup named Fama Technologies is using artificial intelligence to help weed out problem employees - before or after they join an organization.


(Related) ...but individual scoring is Okay?
EU should ban AI-powered citizen scoring and mass surveillance, say experts
New recommendations have also been criticized as lacking enforceability




All the guidance I can find…
UK Government’s Guide to Using AI in the Public Sector
On June 10, 2019, the UK Government’s Digital Service and the Office for Artificial Intelligence released guidance on using artificial intelligence in the public sector (the “Guidance”). The Guidance aims to provide practical guidance for public sector organizations when they implement artificial intelligence (AI) solutions.
The section of the Guidance on using AI ethically and safely is addressed to all parties involved in the design, production, and deployment of AI projects, including data scientists, data engineers, domain experts, delivery managers and departmental leads.




This is one of the worrying aspects of AI.
The first AI universe sim is fast and accurate—and its creators don't know how it works
For the first time, astrophysicists have used artificial intelligence techniques to generate complex 3-D simulations of the universe. The results are so fast, accurate and robust that even the creators aren't sure how it all works.
The real shock was that D3M could accurately simulate how the universe would look if certain parameters were tweaked—such as how much of the cosmos is dark matter—even though the model had never received any training data where those parameters varied.




Perspective. The Internet as a municipal utility.
Anacortes, Wash., Outlines City-Owned Internet Fees
The Anacortes City Council unanimously approved fees Monday for fiber-optic Internet service for residences and businesses.
It was the latest step toward building a citywide broadband network.
The City Council first passed a resolution Monday establishing the city’s right to charge for fiber Internet service just as it charges for water, sewer, other utilities, and impact and development fees.
Council members then approved fees of $39 a month for 100 megabit per second (Mbps) service, and $69 a month for 1 gigabit per second (Gbps) for residences. The prices for businesses are $89 a month for 100 Mbps and $149 for 1 Gbps.




For my geeks.
New AI programming language goes beyond deep learning
In a paper presented at the Programming Language Design and Implementation conference this week, the researchers describe a novel probabilistic-programming system named “Gen.” Users write models and algorithms from multiple fields where AI techniques are applied — such as computer vision, robotics, and statistics — without having to deal with equations or manually write high-performance code. Gen also lets expert researchers write sophisticated models and inference algorithms — used for prediction tasks — that were previously infeasible.
The researchers also demonstrated Gen’s ability to simplify data analytics by using another Gen program that automatically generates sophisticated statistical models typically used by experts to analyze, interpret, and predict underlying patterns in data.
Gen’s source code is publicly available and is being presented at upcoming open-source developer conferences, including Strange Loop and JuliaCon. The work is supported, in part, by DARPA.



Wednesday, June 26, 2019


Another reason to change default passwords…
New Silex malware is bricking IoT devices, has scary plans
A new strain of malware is wiping the firmware of IoT devices in attacks reminiscent of the old BrickerBot malware that destroyed millions of devices back in 2017.
Named Silex, this malware began operating earlier today, about three-four hours before this article's publication.
The malware had bricked around 350 devices when this reporter began investigating its operations, and the number quickly spiked to 2,000 wiped devices by the time we published, an hour later.
"It's using known default credentials for IoT devices to log in and kill the system," Cashdollar told ZDNet in an email today. "It's doing this by writing random data from /dev/random to any mounted storage it finds.




Perspective.
11 Eye Opening Cyber Security Statistics for 2019




What do lawyers know? Let’s find out.
Now Available: Webinar – Operationalizing the California Consumer Privacy Act – Key Decisions and Compliance Strategies
On June 20, 2019, Hogan Lovells partners Mark Brennan and Bret Cohen discussed in great detail the impact of the law, explained key definitions, and offered practical guidance on how to navigate it during the webinar, “Operationalizing the California Consumer Privacy Act.”
To hear the full webinar, please click here. To access the slide presentation, please click here.




Is Napoleonic law so different?
Exclusive: In a world first, Facebook to give data on hate speech suspects to French courts
In a world first, Facebook has agreed to hand over the identification data of French users suspected of hate speech on its platform to judges, France’s minister for digital affairs Cedric O said on Tuesday.
The decision by the world’s biggest social media network comes after successive meetings between Zuckerberg and Macron, who wants to take a leading role globally on the regulation of hate speech and the spread of false information online.
So far, Facebook has cooperated with French justice on matters related to terrorist attacks and violent acts by transferring the IP addresses and other identification data of suspected individuals to French judges who formally demanded it.
... “It is a strong signal in terms of regulation,” said Sonia Cisse, a counsel at law firm Linklaters, adding that it was a world first. “Hate speech is no longer considered part of freedom of speech, it’s now on the same level as terrorism.”
With Facebook’s latest move, France is now a clear frontrunner in the quest to regulate big social media outlets, and other platforms might follow suite, Cisse said.




Harvard seems to be talking about AI a lot.
Beneficial Artificial Intelligence
Stuart Russell, coauthor of the standard text on AI, “Artificial Intelligence: A Modern Approach,” joins Azeem Azhar to discuss the progress of AI research and implementation and how to ensure the outcomes are beneficial.