Wednesday, June 10, 2020


Misconfiguration is mismanagement.
Misconfigured Public Cloud Databases Attacked Within Hours of Deployment
Misconfigured cloud databases left exposed to the internet are a huge, but largely unquantified problem. New discoveries are found and reported by security researchers on a weekly basis. What hasn't been clear is whether bad actors can find them as easily as the researchers. The answer is Yes.
Databases -- usually in Elasticsearch or AWS S3 buckets, and often containing sensitive data -- are frequently left in public Cloud storage without access controls. The problem is so great that in January 2020, the NSA warned, "misconfiguration of cloud resources remains the most prevalent cloud vulnerability." Such databases can be accessed, downloaded, or manipulated by anyone who finds them.




Here we go again?
This Simple Facial Recognition Search Engine Can Track You Down Across the Internet
a facial recognition website claims you can upload a picture of anyone and the site will find that same person’s images all around the internet.
PimEyes, a Polish facial recognition website, is a free tool that allows anyone to upload a photo of a person’s face and find more images of that person from publicly accessible websites like Tumblr, YouTube, WordPress blogs, and news outlets.
In essence, it’s not so different from the service provided by Clearview AI, which is currently being used by police and law enforcement agencies around the world. PimEyes’ facial recognition engine doesn’t seem as powerful as Clearview AI’s app is supposed to be. And unlike Clearview AI, it does not scrape most social media sites.




Will it translate from the Portuguese?
A Landmark Ruling in Brazil: Paving the Way for Considering Data Protection as an Autonomous Fundamental Right
A historic ruling of the Brazilian Supreme Court from May 07, 2020 describes the right to data protection as an autonomous right stemming from the Brazilian Constitution. By a significant majority, 10 votes to 1, the Court halted the effectiveness of the Presidential Executive Order (MP[1] 954/2020 ) that mandated telecom companies to share subscribers’ data (e.g., name, telephone number, address) of more than 200 hundred million individuals with the Brazilian Institute of Geography and Statistics (IBGE ), the country’s agency responsible for performing census research. More important than the decision itself was its reasoning, which paves the way for recognizing the protection of personal data as a fundamental right, independent of the right to privacy, that already receives such recognition, in a similar fashion to the Charter of Fundamental Rights of the European Union. This article summarizes the main findings of the ruling. First, (1) it will provide background on the role of the Brazilian Supreme Court and the legal effects of the ruling. It will then look into (2) the facts of the case, (3) the main findings of the Court, to conclude with (4) an analysis of what comes next for the Brazilian data protection and privacy law.




Who controls access to data.
Meet GAIA-X: This is Europe's bid to get cloud independence from US and China giants
France and Germany have kicked off the GAIA-X cloud project, their lofty bid to manage dominant US and Chinese cloud giants in a European way, and address potential conflicts between EU privacy laws and the US Cloud Act.
The project is establishing a Belgian non-profit, the GAIX-X Foundation, which would ensure member companies abide by its goals of data sovereignty, data availability, interoperability, portability, transparency and fair participation. It's also published five documents explaining the project's purpose and technical design.
US public cloud companies like Amazon Web Services, Microsoft and Google can apply to join GAIA-X, but they would need to commit to GAIA-X's principles.




Someone is thinking about AI. (Download available.)
Government publishes artificial intelligence procurement guidance
the document seeks to enable public bodies to buy AI systems in a more confident and responsible manner.
It follows a previous guide to using AI in the public sector by the OAI and the Government Digital Service, released in January 2020.




Perspective.
10 common uses for machine learning applications in business
Machine learning applications are unlocking value across business functions. Here are 10 examples of how machine learning applications are being used in business.




Looking for law? Categories include computer law, but not privacy.
2019 Washington and Lee Law Journal Rankings
Released on June 1, 2020, the 2019 Rankings provide citation data and calculated ranks for the top 400 U.S.-published law journals and the top 100 law journals published outside the United States. Journals ranked below these thresholds display “NR” (Not Ranked) for each data category and are listed alphabetically. The survey span of the 2019 ranking is five years (2015-2019). For more information about the new and previous rankings, please see our Methodology page. Send questions or comments to LawJournalRankings@wlu.edu.




Interesting.
Grammarly adds custom style guides for business users
Grammarly, the popular tool that aims to help you avoid grammar and style gaffes, today announced the launch of custom style guides for its paying business users. Like with any style guide, the idea here is to ensure that business communications are consistent. You wouldn’t want one email to say “datacenter” while the other says “data center,” after all.
It’s worth noting that style guides are not available to free Grammarly and paid individual users. You’ll need a paid Grammarly Business account, which starts at $12.50 per month/users, with a minimum of 3 users.




Use all the tools available? What a concept! (Podcast)
Reading, Writing and ... AI Literacy? Conrad Wolfram Wants to ‘Fix’ Math Education
Living through the COVID-19 pandemic requires some serious math literacy. There’s a daily dose of statistics on the number of new cases, and constant talk of “flattening the curve” of infections.
But the education system has done a terrible job preparing us to live in a world where such number crunching is more important than ever, according to Conrad Wolfram, co-founder of Wolfram Research Europe. He has a new book out this week called “The Math Fix: An Education Blueprint for the AI Age.” In it, he proposes a new way for schools and colleges to rethink everything in math education—about what even needs to be taught and why.
For instance, he asked: “Why are we spending ages showing people how to do quadratic equations by hand” when students today need a different kind of algorithmic literacy in order to navigate a world shaped by social media giants like Facebook and Google?
Listen to this week’s episode on Apple Podcasts, Overcast, Spotify, Stitcher, Google Play Music, or wherever you listen to podcasts, or use the player below.




Warning my students.
Employment Scams Are On The Rise. Here’s What To Look Out For
Falling victim to a job scam has never been easier. Scammers are known to create official-looking websites and email accounts to convey a sense of reliability and trust to potential victims. Many of these bogus job vacancies are listed on popular websites, and with remote work in high demand, applicants may have a hard time spotting the scam.
If you are in search of a job or simply browsing for one, here are the top warning signs to look out for:



No comments: