Saturday, April 11, 2020


A warning too late for a ‘ready, fire, aim’ stimulus plan?
New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments
The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return. The question is, will those non-filers have a chance to claim their payments before fraudsters do?
And earlier today, the IRS unveiled a Web site where it is asking those non-filers to provide their bank account information for direct deposits.
However, the possibility that fraudsters may intercept payments to these individuals seems very real, given the relatively lax identification requirements of this non-filer portal and the high incidence of tax refund fraud in years past. Each year, scam artists file phony tax refund requests on millions of Americans, regardless of whether or not the impersonated taxpayer is actually due a refund. In most cases, the victim only finds out when he or she goes to file their taxes and has the return rejected because it has already been filed by scammers.
In this case, fraudsters would simply need to identify the personal information for a pool of Americans who don’t normally file tax returns, which may well include a large number of people who are disabled, poor or simply do not have easy access to a computer or the Internet. Armed with this information, the scammers need only provide the target’s name, address, date of birth and Social Security number, and then supply their own bank account information to claim at least $1,200 in electronic payments.




It can’t hurt.
UK Cyber Body Offers Practical Guidelines on Dealing with Coronavirus-Themed Cyber Threats
In a joint announcement with the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), the British agency warns that Coronavirus-themed scams are on the rise in “a fast moving situation.”
The 11-page full report (PDF ) outlines a lengthy list of indicators of compromise (IOCs), and details social engineering techniques used by cybercrooks, including phishing and SMS phishing, as well as malware deployment and exploitation of new home-working setups.




At last, some sensible guidance…
FTC Guidance on AI: Don’t Surprise Consumers – Or Yourself
FTC Bureau of Consumer Protection Director Andrew Smith this week published some helpful pointers for companies that are developing or using AI to support consumer-facing services. These pointers are drawn from past FTC enforcement actions, reports, and workshops. They boil down to one overarching message: Companies shouldn’t surprise consumers – or themselves – in how they develop or use AI.




Everything old is new again.
IBM will offer free COBOL training to address overloaded unemployment systems
IBM is releasing a free training course next week to teach the 60-year-old programming language COBOL to coders. It is also launching a forum where those with knowledge of the language can be matched with companies in need of help maintaining their critical systems.




For the terminally bored.
Bored During Self-Isolation? 100+ Tips for Staying Entertained and Engaged




Some industries are much more adaptable than others. That’s why I monitor the Porn industry so closely, for Academic purposes…
Inside the Strip Clubs of Instagram
Many bars and strip clubs were forced to close nearly overnight around much of the world. Thousands of bartenders, bottle service girls and dancers have been left with no income. As with many other organizations, from elementary schools to Twelve Step meetings, strip clubs have also sought to recreate the experience digitally.
Magic City, a strip club in Atlanta, has started offering “virtual lap dance performances on Instagram stories. Tory Lanez, a rapper, also recently began hosting dance nights for his 7.5 million followers, calling it “Quarantine Radio.



Friday, April 10, 2020


Another ‘low hanging fruit’ identified. Should not come as a surprise.
China's Secret Out: BlackBerry Says Govt Hackers Stole World's Sensitive Data For 10 Years
BlackBerry Ltd. has come up with a sensational report that indicates that Chinese state sponsored hackers have been stealing data from computers across the globe for almost around a decade. A major reason for this unnoticed attack is its target, Linux operating systems.
Blackberry makes the claim in a new 44-page long report. It claims advanced hackers from China camouflaged their software tools posing a low level security risk in the form of advertisements. The approach made it possible for them to extract information out of their targeted systems.




Not a new record.
115 million Pakistani mobile users data found up for sale on dark web
Rewterz, a pioneer of specialized cybersecurity services in Pakistan, has discovered a data dump of 115 million Pakistani mobile users data that have shown up for sale on the dark web today. The cyber criminal behind this data breach is demanding 300 BTC ($2.1 million USD) for the data.
This indicates that financially motivated threat actors are active in Pakistan and organizations are becoming a victim of these cyber attacks.
Read more on Rewterz.




Travelex paid $2.3M in Bitcoin to get its systems back from hackers
Hackers controled its networks for more than a month
Travelex paid hackers $2.3 million worth of Bitcoin to regain access to its computer systems after a devastating ransomware attack on New Year’s Eve, reports the Wall Street Journal.




Seems light to me.
U.S. SEC settles with two traders over EDGAR filing system hack
The traders were among several defendants charged by the agency last year for a 2016 hack that the Securities and Exchange Commission said reaped $4.1 million from illegal trades, and that exposed a security weakness in test filings sent to the system’s servers.
The two traders, David Kwon and Igor Sabodakha, have consented to final judgments and to disgorge their profits as well as pay prejudgment interest in a settlement yet to be approved by a court, the SEC




I wonder if Boeing et al. were involved in this decision?
Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay
The data was pilfered and dumped on the internet by the criminals behind the DoppelPaymer Windows ransomware, in retaliation for an unpaid extortion demand. The sensitive documents include details of Lockheed-Martin-designed military equipment – such as the specifications for an antenna in an anti-mortar defense system – according to a Register source who alerted us to the blueprints.
Other documents in the cache include billing and payment forms, supplier information, data analysis reports, and legal paperwork. There are also documents outlining SpaceX's manufacturing partner program.
The files were siphoned from Visser Precision by the DoppelPaymer crew, which infected the contractor's PCs and scrambled its files. When the company failed to pay the ransom by their March deadline, the gang – which tends to demand hundreds of thousands to millions of dollars to restore encrypted files – uploaded a selection of the documents [Suggesting there is more? Bob] to a website that remains online and publicly accessible.




Watch the words you use.
A Hacker’s Scheme is “Forthright;” Thus, No Computer Fraud Coverage for Ransomware Attacks
A computer hacker may engage in malicious and criminal conduct, but that doesn’t mean that the conduct is “fraudulent.” In G&G Oil Company v. Continental Western Ins. Co., 2020 Ind. App. LEXIS 126 (Ind. Ct. App. Mr. 31, 2020), the Court of Appeals of Indiana addressed the launch of a ransomware attack on an insured and whether the resulting loss fits within computer fraud coverage. (Hint: it doesn’t.)
[From the article:
The insurer denied coverage in part because the loss had not resulted directly from the use of a computer to “fraudulently cause” the transfer of G&G’s funds, as required under the computer fraud provisions




Yes, it could happen here.
Drones Take Italians' Temperature and Issue Fines
The hovering drone emits a mechanical buzz reminiscent of a wasp and shouts down instructions in a tinny voice.
"Attention! You are in a prohibited area. Get out immediately," commands the drone, about the size of a loaf of bread.
A heat sensor takes the offender's temperature and sends the information to a drone operator, who stares at a thermal map on his hand-held screen -- shining orange and purple blobs.
"Violations of the regulations result in administrative and criminal penalties," the drone says.
Italy's coronavirus epicentre in the northern province of Bergamo, in Lombardy region, has had enough of people spreading COVID-19.
"Once a person's temperature is read by the drone, you must still stop that person and measure their temperature with a normal thermometer," Matteo Copia, police commander in Treviolo, near Bergamo, told AFP.
"But drones are useful for controlling the territory."




Were any facts involved?
Lawsuit Against Fox News Over Coronavirus Coverage: Can It Succeed? Should It?
Fox News is nervous. This is what Gabriel Sherman, author of a New York Times-bestselling book about the cable news giant, recently told MSNBC. Sherman said Fox News insiders are expressing concern that the network’s “early downplaying” of COVID-19 might open it up to “legal action by viewers who maybe were misled and actually have died from this.”
Days later, the possibility of a lawsuit was realized. On April 2, a nonprofit called the Washington League for Increased Transparency and Ethics sued Fox News in Washington state court. The suit contains claims for violation of the Washington Consumer Protection Act and the tort of “outrage” (otherwise known as “intentional infliction of emotional distress”). It alleges that the country’s most-watched cable news network “knowingly disseminated false, erroneous, and incomplete information” to the public about COVID-19. By labeling the virus a “hoax” and “conspiracy,” the suit says, Fox News hurt efforts to contain it and to “forestall mass death.”




Worth reading.
How Machine Learning Impacts National Security




Perspective. Consider the strategy that enabled (guaranteed?) this.
The pandemic is playing to almost every one of Amazon's strengths
As the coronavirus pandemic has forced people to stay inside, few companies have proven themselves as essential as Amazon. From groceries to cleaning supplies, shipments from Amazon have become lifelines for many who are steering clear of supermarkets and other physical retail stores. Company executives have likened the surge in demand to the annual holiday shopping crush.
But e-commerce isn't the only sector where Amazon is booming. Analysts say its cloud business, Amazon Web Services, faces higher demand as people turn to some of its biggest clients – from Zoom to Netflix -- for work and play. Amazon sells access to audiobooks and original television programs that are helping to entertain reluctant shut-ins. And with more people staying home, that's more time they have to engage with Amazon's AI-powered smart speakers.
The breadth of Amazon's sprawling business interests, and its increasingly central place in America's fragile supply chain, underscores the company's hold on consumers — and its potential to solidify its dominance in the coming months. The longer this crisis goes on, the more formidable Amazon will become, according to James Bailey, a management professor at George Washington University's business school.




News apps & websites.
Cord-cutters have more free TV news options than ever
TechHive: “…In 2020, there are more ways than ever to watch the news wtihout paying for a bloated TV bundle. While you’ll still need a big pay TV package to watch cable news channels such as CNN, Fox News, and MSNBC, there are plenty of free alternatives. Here are all the ways you can stay informed even after you’ve cut the cable TV cord…”



Thursday, April 09, 2020


Cyber war is as Cyber war does.” F. Gump (Or do you believe this is not part of Russia’s strategic plan?)
Suspected Russian operatives tried using forged diplomatic documents, social media to create divisions
A Russian information operation relied on forged diplomatic emails and planted articles on a number of social media sites in an attempt to undermine multiple governments and impersonate U.S. lawmakers, according to a new analysis of recent social media activity.
Massachusetts-based Recorded Future on Wednesday published findings detailing how Russian-language operatives spent months using popular internet services to try to interfere in Estonia, the Republic of Georgia and the U.S. The effort appears to be a continuation of a prior Russian campaign, dubbed Operation Secondary Infektion, that utilized Facebook and dozens of online platforms to sow division in the West and discredit political efforts.




Blame the pandemic?
Maropost takes your privacy and security….
I confess: some data leaks are not particularly interesting to me in terms of their sector or type of data leaked, but they become noteworthy because of the entity’s horrible, terrible, ridiculously bad incident response to attempted notification.
Today we give you Maropost Inc. a marketing automation platform whose 10,000+ clients include New York Post, Shopify, Fujifilm, Hard Rock Café, and Mother Jones.
CyberNews reports today that researchers found that Maropost was exposing a database containing close to 95 million individual customer records and email logs with more than 19 million unique email addresses.
Finding the leak was relatively easy. Getting Maropost to respond to responsible disclosure notifications? Not so much. They explain:
We went through multiple channels to get in touch with literally anyone at Maropost who could escalate this issue, and we failed on every single channel.
Here’s a quick recap of their determined efforts to protect data that Maropost continued to expose:
Attempt 1: email
Attempt 2: live chat
Attempt 3: Twitter
Attempt 4: LinkedIn
Attempt 5: email, part 2
Attempt 6: an actual phone call
Attempt 7: live chat, part 2
Attempt 8: email, part 3
Two months after they began their efforts to get the data locked down, they finally got a reply from Maropost CEO Ross Andrew Paquette. According to the firm’s statement, the email addresses in the database were randomized data the company uses for internal testing. Ah, the old “it’s just test data” explanation? Not so fast, Maropost because CyberNews reports that “our own tests show that not to be the case.”
I realize that in the midst of a pandemic, priorities get adjusted. But in my opinion, Maropost’s failure to respond to repeated notifications is pretty inexcusable. Maropost is Toronto-based, so they may get away with this, but I would hope the Ontario Privacy Commissioner would look into this one.
Read CyberNews’ full report here, as they detail what happened with each of the eight channels they tried to get Maropost to respond.




I found this article by reading the snippet on Feedly. What would happen if Google stopped pointing to French media?
Google Ordered to Pay for News in French Antitrust Crackdown
Google was ordered by French antitrust regulators to pay publishers to display snippets of their articles after years of helping itself to excerpts for its own news service.
The French antitrust agency gave the Alphabet Inc. unit three months to thrash out deals with press publishers and agencies demanding talks on how to remunerate them for displaying their content.
The search engine giant may have abused its dominant market power, causing “serious and immediate harm” to the media, the Autorite de la concurrence warned in its statement on Thursday.
Search engines such as Google account for between 26% and 90% of traffic redirected on news websites, the competition regulator said, based on data from 32 press publications.
That traffic is “crucial for publishers and press agencies who can’t afford to lose any digital readership given their economic hardships,” the authority said. They had “no other choice than to comply with Google’s display policy without providing financial compensation.”




Yoicks! Gary Alexander reached out from his retirement to point me to an article I missed. (Not the first time)
Congress Should Suspend Privacy Laws for 90 Days to Fight the Coronavirus
There is one more area in which strong national leadership is called for to curb the pandemic. The President should call on Congress, and it should act swiftly, to suspend privacy laws for 90 days, for now. There are some indications that even privacy advocates will find such a suspension acceptable if it was a short-term measure and safeguards against abuse were put in place.


(Related) This would seem to reverse the President’s opinions on the pandemic, but I suppose that would not be unusual.
Kushner’s team seeks national coronavirus surveillance system
Critics worry about a Patriot Act for health care, raising concerns about patient privacy and civil liberties.




Privacy concerns from a statistic website.
Big Data Is Helping Us Fight The Coronavirus — But At What Cost To Our Privacy?
To be clear, the types of data being tracked now are usually anonymized, aggregated in large groups according to, say, geography. They are also collected with the consent of users. But long before the new coronavirus emerged, critics of big tech companies were already pointing out that users typically give such consent through labyrinthine terms-of-service agreements, often not knowing what their data would ultimately be used for. In today’s world, data is an extremely valuable commodity that rewards its collectors in many ways. Even as individual data profiles that provide search suggestions, traffic directions and health guidance help improve daily life, that goes hand in hand with more nefarious motives companies might have for recording user activities.
Again, those were the worries being raised prior to the pandemic. Now, COVID-19 has revealed much starker trade-offs between personal privacy and the collective benefits of technology. In South Korea, for example, the ability to retrace an infected person’s steps using credit card transactions and cellphone tracking data is part of the country’s (largely successful ) response to the virus. Other countries are also ramping up digital surveillance at an individual level in the name of public health. Although such measures may seem less likely to be used in the U.S., one recent Harris poll showed that a sizable, bipartisan majority of Americans would favor a public coronavirus registry and be willing to share phone location data to get alerts about infected people being nearby.1


(Related)
Tested positive for coronavirus? Health workers may share your address with police
April Glaser and Jon Schuppe report:
In a growing number of cities and states, local governments are collecting the addresses of people who test positive for the coronavirus and sharing the lists with police and first responders.
Law enforcement officials say this information sharing — which is underway in Massachusetts, Alabama and Florida, and in select areas of North Carolina — will help keep officers and EMTs safe as they respond to calls at the homes of people who have been infected. The first responders can take additional precautions in those cases to avoid being exposed to the virus, state health departments and local police officials say.
Read more on NBC.




Perspective.
Our Government Runs on a 60-Year-Old Coding Language, and Now It’s Falling Apart
Over the weekend, New Jersey governor, Phil Murphy, made an unusual public plea during his daily coronavirus briefing: The state was seeking volunteer programmers who know COBOL, a 60-year old programming language that the state’s unemployment benefits system is built on. Like every state across the nation, New Jersey was being flooded with unemployment claims in the wake of the coronavirus pandemic. And New Jersey’s data processing systems were unprepared.
We literally have a system that is 40-plus years old,” Murphy said.



Wednesday, April 08, 2020


...and surveillance is up. Taking advantage of our distraction.
Government secrecy is growing during the coronavirus pandemic
The Conversation: “Students at the University of Florida who want to know how they are being protected from the COVID-19 pandemic can’t find out. The university is hiding its emergency response plan under a legal loophole intended to keep terrorists and enemy combatants – not viruses – from exploiting government weaknesses. Since the spread of coronavirus accelerated in recent weeks, local, state and federal officials throughout the United States have locked down information from the public. Examples include:
    • The city of Palestine, Texas, banned a news reporter from a city council meeting on March 23, even though fewer than a maximum of 10 people would be in the room, and did not allow the public to listen in on the meeting through a toll-free phone number, as required by state law.
    • The Council of the District of Columbia decided on March 19 that district employees do not have to respond promptly to public records requests any more.
    • The FBI no longer accepts requests for information online or by email because of the virus. If anyone wants information they must mail their request, which ironically is more apt to pass along the virus…”




Tools.
Video Puppet Turns Your PowerPoint Presentations Into Narrated Videos
Video Puppet is a new tool that you can use to quickly turn your PowerPoint presentations into narrated videos. If you have less than twenty slides in your presentation you don't even need to create an account on the site to turn your slides into a narrated video.
To use Video Puppet simply head to the site and click "create a video." You'll have the option to upload a set of PowerPoint slides or upload a written transcript. After you upload your slides you can customize your video by choosing the voice that you want to narrate your video, background music, and the aspect ratio of your video. When your video is done you can download it to post on your favorite video sharing sites or just save it in your favorite cloud storage service.
Google Slides users, don't forget that you can download your slides as PPT files that you could then use in Video Puppet.
Before you try Video Puppet for the first time you should know that it works best with slides that have speaker notes including in them.



Tuesday, April 07, 2020


Thank you for your cooperation, citizen.
Mallika Kallingal reports:
Kentucky is taking severe measures to ensure residents exposed to the coronavirus stay at home. Louisville residents who have been in contact with coronavirus patients but refuse to isolate themselves are being made to wear ankle bracelets.
A judge has ordered one resident to stay at home after refusing to self-quarantine. CNN affiliate WDRB reports that the person, identified as D.L. in the court order, is living with “someone who has tested positive for the illness and another person who is a presumptive case,” according to an affidavit from Dr. Sarah Moyer, director of the health department.
Read more on CNN.




Tools.
Microsoft Launches Free Zero Trust Assessment Tool
Microsoft last week announced the availability of a tool designed to help organizations see where they are in their journey to implement a zero trust security model.
Nupur Goyal, senior product marketing manager at Microsoft, told SecurityWeek that the tool is free and available to anyone.
Our assessment tool will help orgs assess readiness across identities, devices, apps, infrastructure, network and data, and then provide go-dos and deployment guidance to help them reach key milestones,” Goyal said.


(Related)
The Best Online Tools To Know Everything About a Website
How do I contact the owner of a website? Where is a particular website hosted? What other websites are hosted on that same server? Is the site using WordPress or Gatsby? Which ad networks are they using to monetize a site? Is my site accessible from China?




And a link to an article.
Cartoon: The Privacy Paradox
I recently wrote an article about the privacy paradox: The Myth of the Privacy Paradox, forthcoming 89 Geo. Wash. L. Rev. You can download it on SSRN for free.




Ah, the wonders of technology.
Scared to Death’ by Arbitration: Companies Drowning in Their Own System
Teel Lidow couldn’t quite believe the numbers. Over the past few years, the nation’s largest telecom companies, like Comcast and AT&T, have had a combined 330 million customers. Yet annually an average of just 30 people took the companies to arbitration, the forum where millions of Americans are forced to hash out legal disputes with corporations.
Mr. Lidow, a Silicon Valley entrepreneur with a law degree, figured there had to be more people upset with their cable companies. He was right. Within a few months, Mr. Lidow found more than 1,000 people interested in filing arbitration claims against the industry.
About the same time last year, Travis Lenkner and his law partners at the firm Keller Lenkner had a similar realization. Arbitration clauses bar employees at many companies from joining together to mount class-action lawsuits. But what would happen, the lawyers wondered, if those workers started filing tens of thousands of arbitration claims all at once? Many companies, it turns out, can’t handle the caseload.
Hit with about 2,250 claims in one day last summer, for example, the delivery company DoorDash was “scared to death” by the onslaught, according to internal documents unsealed in February in federal court in California.




To be determined?
Europe’s Tech Czar Says Strict Rules Will Build Public Trust in AI
Margrethe Vestager, once Silicon Valley’s top foe, may turn into its best ally by pushing for the tighter oversight that Big Tech says it needs to be saved from itself.
As European Union competition chief since 2014, Vestager has targeted Alphabet’s Google, Amazon.com, Apple, and Facebook, among others, for allegedly abusing their market positions or dodging taxes. Her heavy fines and penalties earned the EU antitrust watchdog a reputation around the world as one of the only regulators unafraid to stand up to U.S. tech giants.
Now, in a beefed-up role as the bloc’s tech czar —her formal title is executive vice president of the European Commission for a Europe Fit for the Digital Age—she’s responsible not only for enforcing rules as antitrust cop but also for designing broader tech policies. Vestager, who took on the job at the end of 2019, is clear about her mission: to lay down the law so European citizens feel safe in the digital world amid ballooning corporate power, rapid technological developments, and growing disillusionment among users about how the largest tech platforms handle their personal data. Her plan to use regulation to restore trust in technology—starting with artificial intelligence—is something even Google and Facebook Inc. are conceding is necessary for the sake of their businesses.




Why a slide show?
The 10 Coolest IoT Hardware Companies: The 2020 Internet Of Things 50
Innovations in hardware are enabling a variety capabilities in IoT, including AI performance and 5G. What follows are the 10 coolest IoT hardware companies of 2020.




Surveillance knows no bounds. Imagine if it also talked to you...
SMART TOILET USES ARTIFICIAL INTELLIGENCE CAMERA TO DETECT HEALTH CONDITIONS AND ‘ANAL PRINT’
A smart toilet capable of detecting early warning signs of cancer and other serious diseases has been developed by scientists in the US.
Researchers at Stanford University built the device using an upward-facing camera, test strips and artificial intelligence to analyse faeces and urine as they pass through.
The disease-detecting technology could negate traditional stool tests and prove particularly useful for people who are genetically predisposed to certain conditions.




Meals for shut-ins.
Open Source Cookbook
Open Source Cookbook – “Open source recipes to be used in a quarantine during a global pandemic – This cookbook is meant to be an open source toolkit that everyone and anyone can access during a time of heightened need. There are recipes from chefs, line cooks, home cooks, mothers, fathers, nonnas, popo’s and everyday joes.” At launch, it features recipes from Toronto’s top chefs and restaurants…” The recipes (118 pages so far) may be view in PDF or on the web – include detailed instructions and photos along with the names of the contributors – reminiscent of the early web (1995-2000).


(Related)
Use Mondly to Learn a New Language and Have Fun Doing It
Mondly is a multi-platform app designed to help you learn new languages in a fun and effective way. Dive into more than 300 bite-sized lessons spread across 40 real-world topics, or take it slow with Mondly’s free daily lessons, weekly quizzes, and monthly challenges.
Mondly is available for free on iPhone, Android, Mac, and Windows so you can keep learning no matter which device you use. You can even access Mondly’s web app on any computer. Just be sure to sign up for a premium subscription if you want to unlock the entire catalog of language-learning content.
Download: Mondly for Android | iOS | macOS (Free, subscription available)
Mondly offers a staggering 41 languages for you to learn, as well as a range of languages to learn from. While most language-learning apps only let you choose English as your native language, Mondly lets you choose from 40 of the other languages available.


(Related) Explore!
The 101 Most Useful Websites on the Internet


(Related) Learn!
Tech Courses Gone Free! Make the most of your time at home