Saturday, May 16, 2020


Not knowing who gathered the data means we can’t ensure another batch won’t be coming.
The Unattributable "db8151dd" Data Breach
I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It's about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine. Here's what I know:
Back in Feb, Dehashed reached out to me with a massive trove of data that had been left exposed on a major cloud provider via a publicly accessible Elasticsearch instance.
It's mostly scrapable data from public sources, albeit with some key differences. Firstly, my phone number is not usually exposed and that was in there in full. Yes, there are many places that (obviously) have it, but this isn't a scrape from, say, a public LinkedIn page. Next, my record was immediately next to someone else I've interacted with in the past as though the data source understood the association. I found that highly unusual as it wasn't someone I'd expect to see a strong association with and I couldn't see any other similar folks.


(Related) If it is not your breach, who else had your data?
Security Firm claims to have discovered ‘Huge security breach at European Parliament’ that Parliament denies is theirs
Rebecca Nicholson reports:
Yash Kadakia, founder of Security Brigade and Shadow Map, said his group had found a major data breach. The security expert, a self-proclaimed “Code Monkey”, was able to easily access data and passwords from members. After Brussels denied the claims, Mr. Kadakia doubled down and revealed more details of the alleged breach.
This is another one of those cases where a researcher goes public with allegations of a leak or breach while the entity allegedly breached firmly denies any breach. In response to a statement from the European Parliament that they investigated and
can confirm no official accounts or mailboxes of the European Parliament are involved. This information may be related to an old service account of a political group.
Kadakia told the Daily Express a breach had definitely occurred and provided what he considers proof of his claim.
Read more on Express.co.uk. As of the time I’m posting this, I don’t see where this story has really picked up any traction or further assessment in EU news outlets other than those just republishing the Express’s reporting. Nor is there any formal write-up on Shadow Brigade or Shadow Map. Most of the claims appear to be on Twitter in Kadakia’s account. One hour ago, Kadakia posted this update on his timeline:
Update: The issue has been fixed and the portals have been taken offline. I’d love to understand if appropriate GDPR disclosure and incident handling policies are being followed.
So it sounds like somebody did something to lock down the data. But it was it the European Parliament? As yet, we do not know.




Perspective.
Media, Regulators, and Big Tech; Indulgences and Injunctions; Better Approaches
From Ben Smith in the New York Times:
[Chairman of the Australian Competition and Consumer Commission Rod] Sims and a like-minded regulator in France, Isabelle de Silva, are challenging a universally accepted fact [??? Bob] of the internet: that Google and Facebook can carry content created by news organizations without directly paying the organizations for creating it. Last month, as the coronavirus put hundreds of publishers out of business around the world, the Australian government instructed Mr. Sims to force the platforms to negotiate payments with newspaper publishers — making it the first country to do so.
I hesitated to write about this article for two reasons: first, I have written on multiple occasions about how the free distribution enabled by the Internet is what hurt the newspaper business, rendering geographic monopolies predicated on owning printing presses and delivery trucks obsolete, dramatically increasing competition for attention even as new platforms predicated on delivering consumers individualized content turned out to be massively superior options for advertisers looking to target individual users. Does it need to be said again?
The second reason, though, works against the first: the sheer number of flat-out wrong statements in this article is so overwhelming that I seriously despair about the long-term effects: unintended consequences are always a concern when it comes to creating new regulation; they are inevitable when regulation is rooted in facts completely unmoored from reality.
Take this paragraph: it is just assumed that Google and Facebook ought to be paying publishers for their content, but any sort of rational evaluation would suggest that money should flow in the opposite direction. Google and Facebook direct traffic to publishers, and in Facebook’s case in particular, that traffic comes from the publishers themselves and their readers placing links on the service. Google does, of course, crawl the web for its search results and for Google News (which it doesn’t monetize), but we already know what happens if Google simply stops crawling publications: they start losing money, and lots of it (more on this in a moment).
Mr. Sims, a pugnacious 69-year-old who has spent much of his career tangling with railroads, ports and phone companies, sees echoes of those classic monopolies in this battle: “The digital platforms need media generally, but not any particular media company, so there is an acute bargaining imbalance in favor of the platforms. This creates a significant market failure which harms journalism and so, society.”




When you ask: If it can do that, can it do this?
THE NEXT WAVE OF AI IS EVEN BIGGER
According to Ellison, the major trends in AI for this year and the near future include those applications building on computer vision, the development of data generation and data labelling algorithms for training AI models, and the rapid progress of natural language processing thanks to transformer-based models.
Let’s take a closer look at Lenovo’s overview of some of the major near-term trends in AI.




Tools for online teachers.
Ten Ways to Use Wakelet
One of the reasons that Wakelet has become popular in schools in the last couple of years is that it can be used for a wide range of activities.
1. Make an online art gallery.
2. Make and share instructional videos.
3. Question/ Picture/ Video of the Day.
4. Organize research.
5. At-home activity collections.
6. Video collections.
7. Archive a Twitter chat.
8. Simple blog or journal.
9. Aspirations board.
10. End-of-year reflections and highlights.




Games for shut-ins.
GTA V Is Now Free on the Epic Games Store
You can now get Grand Theft Auto V for free from the Epic Games Store.
available to download for free until May 21st, 2020.
To grab a copy of GTA V for free, all you need is a Epic Games account, which is also completely free. Once you have set one up, sign in and head over to the Grand Theft Auto: Premium Edition page on the Epic Games Store, where it should be listed as Free.



No comments: