“We can hack it for you wholesale!” (Interesting anti-copying
tech on this site. Try to copy the headline.)
Attack
Steals Bank Passwords by Hijacking 180,000 Internet Routers in Brazil
Antivirus manufacturer Avast has published an
alert for two attacks tampering with Internet router settings in
Brazil. The change — made to at least 180,000 devices in the first
half of 2019 alone — diverts access to certain sites to cloned
pages, which then forwards any password entered to hackers.
Redirecting changes the destination of banking
services and advertising material, as well as sending a
cryptocurrency mining code to the victim’s browser.
The targets of the attack are domestic routers,
such as those provided by operators and internet providers or
acquired privately in the market to access the internet (see list of
models below).
A much smaller hacking target.
Ed Dept:
Hackers breached 62 colleges, created thousands of fake student
profiles
The security flaw was found in previous versions
of Banner software that colleges use to design web applications and
authenticate users.
Hackers used the security flaw to take over users'
sessions when they tried to log in and may have been able to access
sensitive student data, according to the National Institute of
Standards and Technology. The Ed Department noted on its website
that the security breach may have also given hackers access to the
agency's student financial aid data; it did not return a request for
further comment.
It's not clear how many institutions are still
using the older versions of the software, but more than 1,400
colleges use Banner for a variety of services, including for managing
student information, employee benefits and financial aid.
An
Ellucian spokesperson didn't say how or when the vulnerability was
discovered. However, a GitHub
post suggests
a University of South Carolina student worker may
have found and reported the issue to the company in December.
How much would adequate Computer Security have
cost? How much will Directors pay?
Equifax
reportedly close to $700 million data breach settlement
Remember that time Equifax
had a data breach and leaked an incredible amount of
information – addresses, social security numbers and even driver's
licenses – on more than 143 million people in the US
alone? That was revealed nearly two years ago, and tonight media
reports suggest the company is closing in on a settlement with
federal and state agencies including the FTC, Consumer Financial
Protection Bureau and state attorneys general. The New
York Times and Wall
Street Journal reported it could pay between $650 and
$700 million, near the $690 million figure Equifax told investors it
had set aside for a penalty.
… The
Equifax breach came after hackers exploited a known flaw in unpatched
software that its former CEO pinned
on one employee instead of flawed policies. The data broker
already agreed to new rules on security policies in some earlier
settlements, and it remains to be seen if or how this will add
additional oversight.
Are we finally getting serious about policing the
Internet? (Probably not)
FTC
approves settlement with Google over YouTube kids privacy violations
The Federal Trade Commission has finalized a
settlement with Google in its investigation into YouTube for
violating federal data privacy laws for children, said two people
familiar with the matter who were not authorized to discuss it on
record.
The settlement — backed by the agency’s three
Republicans and opposed by its two Democrats — finds that Google
inadequately protected kids who used its video-streaming service and
improperly collected their data in breach of the Children’s Online
Privacy Protection Act, or COPPA, which prohibits the tracking and
targeting of users younger than 13, the people said.
I can see where lawyers might disagree.
Ill-Suited:
Private Rights of Action and Privacy Claims
The
U.S. Chamber of Commerce Institute for Legal Reform has published
“Ill-Suited:
Private Rights of Action and Privacy Claims,”
a white paper authored by Hogan Lovells’ Mark W. Brennan, Alicia
Paller, Melissa Bianchi, Adam Cooke, and Joseph Cavanaugh explaining
why private litigation is a poor enforcement tool for privacy laws.
As detailed in the paper, when it comes to privacy interests, “harms”
are largely inchoate and intangible, and the wrongdoers are often
unknown or unidentifiable. Even where class members may have
suffered a concrete injury, the data indicates that they are unlikely
to receive material compensatory or injunctive relief through private
litigation. Meanwhile, plaintiffs’
counsel often walks away with millions of dollars,
court dockets are unduly cluttered, and companies are forced to
expend resources on baseless litigation.
This may relate to a couple of articles later in
the blog…
Andis
Robeznieks reports:
The Food and Drug Administration (FDA) has basic rules for regulating wearable devices and other digital health tools, but those rules may change as rapid innovation continues and the agency creates new pathways to ensure the safety and efficacy of new consumer-facing products. AMA experts outlined this and other need-to-know facts for physicians counseling patients who are increasingly looking to the wearable as a health tool.
Attorney Shannon Curtis, AMA assistant director for federal affairs, said during a recent education session that there are three important things for physicians to keep in mind when counseling patients about wearables or mobile health (mHealth) apps.
Be
aware of an app or device’s regulatory status before recommending
it to patients. […]
Alert
patients to data privacy issues. […]
Help
patients understand the information they receive.
[…]
I
am delighted that they are advising physicians to alert patients to
privacy issues.
Read
more on the American
Medical Association.
Not the best headline (no detailed timeline), but
an interesting article.
The Twenty
Year History Of AI At Amazon
If
you’ve ever browsed through the vast selection of items Amazon
offers on their website then you’ve most likely had an interaction
with their advanced AI algorithms. Beginning with product
recommendations, Amazon started using machine learning algorithms as
part of their core offerings, and over time they have quietly built
strong AI and ML capabilities broadly across the whole organization.
There
is no single AI group at Amazon.
Rather, every team is responsible for finding ways to utilize AI and
ML in their work. At the company’s recent re:MARS show in June
2019, Amazon showcased its wide footprint on use of AI & ML. At
the event, the
AI Today podcast interviewed three executives across various Amazon
groups to
hear how each group is utilizing AI.
(Related) Interesting. Imagine lawyers creating
their own evidence alternative version of events.
DeepMind’s
AI learns to generate realistic videos by watching YouTube clips
Perhaps
you’ve heard of FaceApp, the mobile app that taps AI to transform
selfies, or This Person Does Not Exist, which surfaces
computer-generated photos of fictional people. But what about an
algorithm whose videos are wholly novel? One of the newest papers
from Google parent company Alphabet’s DeepMind (“Efficient
Video Generation on Complex Datasets”)
details recent advances in the budding field of AI clip generation.
Thanks to “computationally efficient” components and techniques
and a new custom-tailored data set, researchers say their
best-performing model — Dual Video Discriminator GAN (DVD-GAN) —
can generate coherent 256 x 256-pixel videos of “notable fidelity”
up to 48 frames in length.
Yeah?
How?
AI
Weekly: A growing chorus of experts agrees facial recognition systems
must be regulated
On Tuesday, Oakland became the third U.S. city
after San Francisco and the Boston suburb of Somerville to ban facial
recognition use by local government departments, including its police
force. The ordinance adopted by the city council, which was written
by Oakland’s Privacy Advisory Commission and sponsored by
Councilmember Rebecca Kaplan, prohibits the city and its staff from
obtaining, retaining, requesting, accessing, or using facial
recognition technology or any information gleaned from it.
… A
September 2018 report
revealed
that IBM worked with the New York City Police Department to develop a
system that allowed officials to search for people by skin color,
hair color, gender, age, and various facial features. Elsewhere, the
FBI and U.S. Immigration and Customs Enforcement are reportedly using
facial recognition software to sift through millions of driver’s
license photos, often without a court order or search warrant. And
this past summer, Amazon seeded Rekognition,
a cloud-based image
analysis technology.
to law enforcement in Orlando, Florida and the Washington County,
Oregon Sheriff’s Office. The City of Orlando said this week it
discontinued its Rekognition pilot, citing a lack of necessary
equipment or bandwidth. But Washington County used Rekognition to
build an app that lets deputies run scanned photos of suspected
criminals through a database of 300,000 faces, which the Washington
Post claims
has “supercharged” police efforts in the state.
Your home gym
as a Thing on the Internet of Things.
COLLECTIVE
SWEAT
The
future of fitness is together but alone
… ne of
the reasons the Peloton model has been so popular is due in part to
society’s growing interest in self-care and wellness, with people
looking to technology in the hopes of easily finding it.
Self-improvement was the number one app theme last year, while the
hashtag #selfcare soared from 5 million to 17 million posts on
Instagram between August 2018 and July 2019. Now that people are
used to finding self-care at the tap of a touchscreen, the
convenience of connected fitness machines have also made them more
attractive over the past few years, says Stephen Intille, an
associate professor at Northeastern University specializing in health
technology.
PLEASE tell me
this is fake news! Babies are now a Thing on the Internet of Things?
Pampers
introduces internet-connected diapers
Pampers is the
latest company to jump into trendy, wearable devices with a new
"connected care system" called Lumi that tracks babies'
activity through a sensor that attaches to diapers.
The sensor
sends an alert to an app notification when a diaper is wet. It also
sends information on the baby's sleep and wake times and allows
parents to manually track additional info, like dirty diapers and
feeding times. A video monitor is included with the system and is
integrated into the app. Pampers didn't say how much the system,
which is launching in the U.S. this fall, will cost.
… The Lumi system encrypts all data and uses
"the same standard of security as the financial services
industry," [Will the
FBI demand access? Bob] said Pampers spokeswoman Mandy
Treeby. The system does not currently include two-factor
authentication, something security experts consider key to avoiding
unauthorized access to systems.
… The risk with so many ordinary objects
becoming “smart” is that it makes them dependent on software
updates and malfunctions - or a product losing its connectivity if a
company goes out of business or discontinues the line. Nike’s $350
self-lacing shoes for instance stopped lacing earlier this year
because of a software update.
