“If
you build it, they will come...” ...to the hacker’s field of
dreams!
THE
BIG BITCOIN HEIST
With
its cheap geothermal energy and low crime rate, Iceland has become
the world’s leading miner of digital currency. Then the
crypto-crooks showed up.
Screwing
with the stock market should result in a quick response. Wouldn’t
Robinhood have to make good?
‘Infinite
leverage’ — some Robinhood users have been trading with unlimited
borrowed money
Some
Robinhood users have been manipulating the stock-trading app to trade
with what they’re calling “infinite leverage.”
The
cheat code was being shared on social media site Reddit, with one
trader claiming he took a $1,000,000 position in stock using only a
$4,000 deposit. Through Robinhood Gold, the start-up’s
subscription service, users can borrow money from the company to make
trades. The backdoor was essentially free money and was being called
“infinite leverage” and the “infinite money cheat code” by
Reddit users who discovered it.
Done
right, this could work here. “Click here for ways to be excused”
Phishing
campaign delivers data-stealing malware via fake court summons emails
Emails
claiming to be from the UK Ministry of Justice are targeting
employees of insurance and retail companies. But the cyber criminals
haven't done their homework.
For
the Security toolkit.
Experts:
Don't reboot your computer after you've been infected with ransomware
Rebooting
may lead to restarting a crashed file-encryption process, potential
loss of encryption keys stored in-memory.
I
thought this would happen. (Perhaps the President could create a
“Cyberspace Force?”)
The
National Guard’s new job? Dealing with ransomware
… "Look
at the ransomware attacks in places like Louisiana and Texas and
Montana and the governors calling up the Guard to be able to do
this,” Gen. Paul Nakasone, the head of U.S. Cyber Command said in
September. “This is a new venue, this is a new capability, this is
a new possibility for what we’re doing to build this capacity.”
Would
this logic extend to IoT devices?
Failure
to Encrypt Mobile Devices Leads to $3 Million HIPAA Settlement
… URMC
filed breach reports with OCR in
2013 and 2017 following its discovery that protected
health information (PHI) had been impermissibly disclosed through the
loss of an unencrypted flash drive and theft of an unencrypted
laptop, respectively. OCR's investigation revealed that URMC failed
to conduct an enterprise-wide risk analysis; implement
security measures sufficient to reduce risks and vulnerabilities to a
reasonable and appropriate level; utilize
device and media controls; and employ a mechanism to
encrypt and decrypt
electronic protected health information (ePHI) when it was reasonable
and appropriate to do so. Of note, in 2010, OCR
investigated URMC concerning a similar breach involving a lost
unencrypted flash drive and provided technical assistance to URMC.
Despite the previous OCR
investigation, and URMC's own identification of a lack of encryption
as a high risk to ePHI, URMC permitted the continued use of
unencrypted mobile devices.
"Because
theft and loss are constant threats, failing to encrypt mobile
devices needlessly puts patient health information at risk,"
said Roger Severino, OCR Director. "When covered entities are
warned of their deficiencies, but fail to fix the problem, they will
be held fully responsible for their neglect."
Requiring
Police drones?
Drones
Used in Crime Fly Under the Law’s Radar
The
New York Times – Drones
are increasingly being used by criminals across the country, and
local law enforcement agencies are often powerless to stop
them.”…Drones
pose novel and difficult problems for law enforcement. They are
widely available, lightly regulated and can be flown remotely by an
operator far away from the crime scene. They have already been put
to a host of nefarious uses, from smuggling contraband into prisons
to swarming F.B.I. agents who were preparing for a raid. And local
and state authorities are restricted by federal law from intercepting
drones in flight, potentially even when a crime is in progress,
though experts say that has yet to be tested in court. “The use of
drones by criminal groups is appealing in part because drones are
harder to catch,” said Arthur Holland Michel, co-director of the
Center for the Study of the Drone at Bard College. “They create
all kinds of headaches for law enforcement.”…”
A
“model” warrant?
‘Game-Changer’
Warrant Let Detective Search Genetic Database
Privacy
experts say it could set a precedent, opening up all consumer DNA
sites to law enforcement agencies across the country.
For
police officers around the country, the genetic profiles that 20
million people have uploaded to consumer DNA sites represent a
tantalizing resource that could be used to solve cases both new and
cold. But for years, the vast majority of the data have been off
limits to investigators. The two largest sites, Ancestry.com and
23andMe, have long pledged to keep their users’ genetic information
private, and a smaller one, GEDmatch, severely restricted police
access to its records this year.
Last
week, however, a Florida detective announced at a police convention
that he had obtained a warrant to penetrate GEDmatch and search its
full database of nearly one million users. Legal experts said that
this appeared to be the first time a judge had approved such a
warrant, and that the development could have profound implications
for genetic privacy.
…
Like
many
others in law enforcement,
Detective Michael Fields of the Orlando Police Department was
disappointed by GEDmatch’s policy shift. He had used the site last
year to identify
a suspect in
the 2001 murder of a 25-year-old woman that he had spent six years
trying to solve. Today, working with a forensic consulting firm,
Parabon, Detective Fields is trying to solve the case of a serial
rapist who assaulted a number of women decades ago.
In
July, he asked a judge in the Ninth Judicial Circuit Court of Florida
to approve a warrant that would let him override the privacy settings
of GEDmatch’s users and search the site’s full database of 1.2
million users. After Judge Patricia Strowbridge agreed, Detective
Fields said in an interview, the site complied within 24 hours. He
said that some leads had emerged, but that he had yet to make an
arrest. He declined to
share the warrant or say how it was worded.
Horse
droppings! Jaywalkers is just a subset of “Something in the road –
don’t hit it.”
Self-Driving
Uber in Crash Wasn’t Programmed to Spot Jaywalkers
Uber
Technologies Inc.’s self-driving test car that struck and killed a
pedestrian last year wasn’t programmed to recognize and react to
jaywalkers, according to documents released by U.S. safety
investigators.
The
U.S. National Transportation Safety Board on Tuesday released more
than 400 pages of reports and supporting documents on the March 2018
crash that killed 49-year-old Elaine Herzberg as she walked her
bicycle across a road at night in Tempe, Arizona.
… The
Uber vehicle’s radar sensors first observed
Herzberg about 5.6 seconds prior to impact before she
entered the vehicle’s lane of travel, and initially classified her
as a vehicle. But the system changed its classification of her as
different objects several times and failed
to predict that her path would cross the lane of self-driving test
SUV, according to the NTSB.
Would
the US counter Russia (et al) with our own propaganda? Is President
Trump just ahead of the curve?
Freedom
on the Net 2019 The Crisis of Social Media
Freedom
House –
“Governments around the world are increasingly using social media
to manipulate elections and monitor their citizens, tilting the
technology toward digital authoritarianism. As a result of these
trends, global internet freedom declined for the ninth consecutive
year, according to Freedom
on the Net 2019,
the latest edition of the annual country-by-country assessment of
internet freedom, released today by Freedom House. Adding to the
problem of meddling by foreign regimes, a new menace to democracy has
risen from within, as populist leaders and their armies of online
supporters seek
to distort politics at home.
Domestic election interference marred the online landscape in 26 of
the 30 countries studied that held national votes over the past year.
Disinformation was the most commonly used tactic. Authorities in
some countries blocked websites or cut off access to the internet in
a desperate bid to cling to power.
“Many
governments are finding that on social media, propaganda works better
than censorship,” said Mike Abramowitz, president of Freedom House.
“Authoritarians and populists around the globe are exploiting both
human nature and computer algorithms to conquer the ballot box,
running roughshod over rules designed to ensure free and fair
elections.” Governments from across the democratic spectrum are
indiscriminately monitoring citizens’ online behavior to identify
perceived threats—and in some cases to silence opposition. Freedom
House has found evidence of advanced social media surveillance
programs in at least 40 of the 65 countries analyzed..”
Not
sure I’ve convinced my students this is true.
GDPR
Is More Than a Legislation, It’s a Cultural Shift
The
General Data Protection Regulation (GDPR) marked a stake in the
ground when it comes to data privacy, redefining our understanding of
the value of the data organizations hold on us as citizens as well as
what should be done to protect it. The legislation has been in
effect for more than a year. The fines generated under it are not
only reaching high sums but the frequency of organizations being
fined is also on the rise, from tech industry giants, such as Google,
which was hit with a 50 million euro fine by the French government
for lacking sufficient transparency in some data gathering practices
(the company is appealing), to smaller more specific violations, such
as a Polish
data processing firm which
faced a 220,000 euro penalty for dubious marketing initiatives.
Other instances are even more emotive, with a Portuguese
hospital being
fined 400,000 euros for allowing its staff to illegally access
patient records. Most recently we’ve seen British Airways hit with
a £183 million fine and Marriott nearly £100 million from the
Information Commissioner’s Office (ICO).
… Taking
measures to comply with GDPR is extremely important and should
be considered as a best practice minimum, regardless of
whether EU citizen data is being handled. Going one step further,
however, is to embrace the cultural shift towards data privacy that
GDPR embodies, and there are a number of advantages to doing this.
Personal
toolkit. I’m sure this would not work on any other ebooks. (wink,
wink)
A new version for your phone.
… it’s now available to try for free in
public preview on both Android and iOS.
… Anyone who has already used any of these
Office apps will recognize them immediately. It’s just that
Microsoft has squeezed them into a single app.