Saturday, February 01, 2020


Another evolving scam. The low probability of a shotgun approach is refined by a little research.
Ashley Madison cyber-breach: 5 years later, users are being targeted with ‘sextortion’ scams
… Researchers at email security company Vade Secure found the new scam earlier this year, when they saw a small number of targeted emails with apparent information from Ashley Madison breach victims. The scam emails seemed to be well researched, with not just the users’ email addresses but information like when the victim signed up, their username, and their interests they entered on the site, said Adrien Gendre, chief product officer for Vade Secure.
The threats are a worrying evolution of the sextortion scam because they appear to incorporate real information.
In the most typical version of sextortion, fraudsters make dubious, fictional claims about you via email. They say they’ve recorded you in a compromising position through your computer or that they have pictures of an alleged affair you are having. In those cases, the criminals blast out thousands of similar-sounding emails in hopes of persuading just one person to fall for the trick and make a requested extortion payment. The recordings and affairs are almost always nonexistent.
But in the new Ashley Madison cases, Gendre said the scammers are using carefully selected information that appear to be from real Ashley Madison subscribers, and piecing that information into more precisely targeted emails to those individuals. The ransomers then demand around $1,000 in bitcoin to keep the information silent. The grain of truth to their pitch sets the scam apart.




For my students.
5 Free Guides to Understand Digital Security and Protect Your Privacy




Something they could have done from the beginning if they had thought of it.
Ring has begun pushing out an update to its phone app with the aim of consolidating all of its security settings, a likely response to general privacy concerns, as well as more specific ones about “hackers ” who’ve hijacked in-home camera feeds in recent months.
The changes, teased at CES 2020, include implementation of a “Control Center” within the Ring app that grants customers easy access to a variety of security options, including two-factor authentication—an easy-to-use feature that, as Gizmodo has reported, all but entirely prevents cameras from being hijacked remotely.




Not sure I agree.
As automated technologies quickly and methodically climb out of the uncanny valley, customer service calls, website chatbots, and interactions on social media may become progressively less evidently artificial.
This is already happening. In 2018, Google demoed a technology called Duplex, which calls restaurants and hair salons to make appointments on your behalf. At the time, Google faced a backlash for using an automated voice that sounds eerily human, even employing vocal ticks like “um,” without disclosing its robotic nature. Perversely, today’s Duplex has the opposite problem. The automated system does disclose itself, but at least 40% of its calls have humans on the phone, and it’s very easy for call recipients to confuse those real people with AI.
As I argue in a new Brookings Institution paper, there is clear and immediate value to a broad requirement of AI disclosure in this case and many others.




Russia wants full control of its tech areas?
Apple has a Vladimir Putin problem
In November 2019, Russian parliament passed what’s become known as the “law against Apple.” The legislation will require all smartphone devices to preload a host of applications that may provide the Russian government with a glut of information about its citizens, including their location, finances, and private communications.
Apple typically forbids the preloading of third-party apps onto its system’s hardware. But come July 2020, when the law goes into effect, Apple will be forced to quit the country and a market estimated at $3 billion unless it complies. This piece of legislation, along with a controversial law aimed at the construction of a “sovereign internet,” is the latest step in Vladimir Putin’s ongoing encroachment into digital space—and has brought Apple into direct conflict with the autocratic Russian president.




To amuse my students.
NSA Security Awareness Posters
From a FOIA request, over a hundred old NSA security awareness posters. Here are the BBC's favorites. Here are Motherboard'sfavorites.



No comments: