Friday, July 03, 2020


Did someone in Marketing screw up? I doubt this passed a legal department review.
With Edge, Microsoft’s forced Windows updates just sank to a new low
If I told you that my entire computer screen just got taken over by a new app that I’d never installed or asked for — it just magically appeared on my desktop, my taskbar, and preempted my next website launch — you’d probably tell me to run a virus scanner and stay away from shady websites, no?
But the insanely intrusive app I’m talking about isn’t a piece of ransomware. It’s Microsoft’s new Chromium Edge browser, which the company is now force-feeding users via an automatic update to Windows.
Seriously, when I restarted my Windows 10 desktop this week, an app I’d never asked for:
  1. Immediately launched itself
  2. Tried to convince me to migrate away from Chrome, giving me no discernible way to click away or say no
  3. Pinned itself to my desktop and taskbar
  4. Ignored my previous browser preference by asking me — the next time I launched a website — whether I was sure I wanted to use Chrome instead of Microsoft’s oh-so-humble recommendation.

Did I mention that, as of this update, you can’t uninstall Edge anymore?
It all immediately made me think: what would the antitrust enforcers of the ‘90s, who punished Microsoft for bundling Internet Explorer with Windows, think about this modern abuse of Microsoft’s platform?




Has someone crossed the line? Is this how a cyber war begins?
Cyberattacks Possibly Involved in Explosions at Iranian Nuclear, Military Facilities
There have been several incidents at major Iranian industrial facilities in recent weeks, including a fire at the Natanz nuclear enrichment site and an explosion at the Parchin military complex near Tehran, which is believed to be involved in the production of missiles.
Iranian officials blamed the Parchin explosion on a gas leak and in the case of Natanz they downplayed the incident claiming that it only impacted a warehouse that was under construction.
However, some believe the damage was more extensive than Tehran admitted and in the case of Natanz there also appears to have been an explosion. Experts told the Associated Press that the Natanz incident apparently impacted a production facility.
Natanz, one of Iran’s primary nuclear facilities, was targeted a decade ago with the Stuxnet malware as part of a campaign supposedly conducted by the United States and Israel.




At some point, “mandatory” has to be enforced.
Committee hits roadblock in probing Commonwealth cybersecurity performance
In an attempt to find the direct lines of accountability within Australian government entities where cybersecurity is concerned, the Joint Committee of Public Accounts and Audit (JCPAA) on Thursday was sent running in circles like a dog chasing its tail.
Australian government entities are required to comply with the Australian Signals Directorate's (ASD) Top Four mitigation strategies for cybersecurity compliance, despite there being an Essential Eight.
Commonwealth entities are responsible for their own assessments against the Top Four, and as the JCPAA previously requested -- a request that was agreed to by the government -- entities are required to report on their performance and compliance annually.
But as Shadow Assistant Minister for Cyber Security Tim Watts has pointed out at length before, there is no mechanism that allows the individual performance of Commonwealth entities to be probed.
"At present, is there no way that the Parliament can hold individual Commonwealth entities accountable for seven years of failing to comply with mandatory ASD cybersecurity requirements?" Watts asked, receiving no further answers from those providing testimony to the JPCAA.




IP in the AI Age…
Artificial Intelligence Systems Will Need to Have Certification, CISA Official Says
Vendors of artificial intelligence technology should not be shielded by intellectual property claims and will have to disclose elements of their designs and be able to explain how their offering works in order to establish accountability, according to a leading official from the Cybersecurity and Infrastructure Security Agency.
I don’t know how you can have a black-box algorithm that’s proprietary and then be able to deploy it and be able to go off and explain what’s going on,” said Martin Stanley, a senior technical advisor who leads the development of CISA’s artificial intelligence strategy. “I think those things are going to have to be made available through some kind of scrutiny and certification around them so that those integrating them into other systems are going to be able to account for what’s happening.”
Stanley was among the speakers on a recent Nextgov and Defense One panel where government officials, including a member of the National Security Commission on Artificial Intelligence, shared some of the ways they are trying to balance reaping the benefits of artificial intelligence with risks the technology poses.




One of those articles (and podcast) that make me order the book. (From my friendly neighborhood library)
What Poker Can Teach Us about Making the World a Better Place
In her new book, The Biggest Bluff, psychologist and journalist Maria Konnikova writes about her immersion into the world of high-stakes poker. Starting as a novice who knew nothing about the game, she eventually rose to become a world-class professional poker player. Yet, poker was never just about the cards or money for Konnikova, and neither is her book. Instead, she picked up poker as a means to explore human decision-making in an environment where every player has very little control.



No comments: