Saturday, July 11, 2020


How hard is it to follow the instructions for creating secure installations?
Hacker Left Ransom Notes on 22,900 Exposed MongoDB Databases
NoSQL databases like MongoDB, that are widely used in online applications, are subject to several risks and can lead to a data breach if not configured properly. In June, the ZDNet security team found a hacker using an automated script to scan for misconfigured MongoDB databases.
The hacker uploaded ransom notes on approximately 22,900 unsecured MongoDB databases left exposed online, which is roughly 47% of all MongoDB databases accessible online.
  • The hacker was giving companies two days to pay and threatened to leak their data and then contact the victim's relevant local General Data Protection Regulation (GDPR) enforcement authority to report their data leak.




It’s not war, yet. Care to guess what November will bring?
Trump confirms 2018 US cyberattack on Russian troll farm
Trump confirmed the attack in a two-part interview with The Washington Post’s Marc Thiessen. When asked whether the U.S. had launched an attack on the IRA — a troll farm that led the effort to spread disinformation around the 2016 presidential election and 2018 midterm elections — Trump said that was “correct.”
The cyberattack, first reported by The Washington Post in 2019 but not confirmed publicly by the Trump administration, involved U.S. Cyber Command disrupting internet access for the building in St. Petersburg that houses the IRA on the night of the U.S. 2018 midterm elections, halting efforts to spread disinformation as Americans went to the polls.




Does this eventually lead to the fall of a government? Implications for China and other countries?
By the Intel 471 Global Research Team:
In the last decade, Iran has undergone a quiet revolution. Since the“Green Movement” uprising in 2009, more Iranians have dared to openly oppose their regime. The reasons include accusations of elections tampering, global sanctions, increased inflation, heavy investment of state funds in the nuclear and arming programs, and ambitious regional policies in Lebanon, Syria, Iraq, Yemen and others, amid a deteriorating socioeconomic situation of the average Iranian.
There was a lot of talk in the past about Iran’s espionage measures and offensive cyber activities targeting other countries. However, growing domestic unrest prompted the Iranian regime to invest more resources in developing espionage capabilities aimed against its own citizens. Additionally, the regime carried out tough measures against civil uprisings such as cutting off the internet in the country for long periods of time and killing hundreds of protestors.
During the past year, a number of online activists have leaked what they claim to be inside information about the regime’s surveillance methods, in an attempt to expose the unethical tactics used by Iranian security forces.
Read more on Intel471.




Why phishing works.
95% of Brits Unable to Consistently Identify Phishing Messages
Just 5% of Brits are able to recognize all scam emails and texts, a study from Computer Disposals Limited has found.




What happens when software is declared ‘evil?’
It Would Be Like Losing a Little Bit of Me’: TikTok Users Respond to Potential U.S. Ban
Gen Z and millennial users have found community on the app, particularly during the last few isolating months. And for some of them, it’s their livelihood.




Privacy? Not likely.
CBP says it’s ‘unrealistic’ for Americans to avoid its license plate surveillance
U.S. Customs and Border Protection has admitted that there is no practical way for Americans to avoid having their movements tracked by its license plate readers, according to its latest privacy assessment.
CBP published its new assessment — three years after its first — to notify the public that it plans to tap into a commercial database, which aggregates license plate data from both private and public sources, as part of its border enforcement efforts.
CBP struck a similar tone in 2017 during a trial that scanned the faces of American travelers as they departed the U.S., a move that drew ire from civil liberties advocates at the time. CBP told Americans that travelers who wanted to opt-out of the face scanning had to “refrain from traveling.”
The document added that the privacy risk to Americans is “enhanced” because the agency “may access [license plate data] captured anywhere in the United States,” including outside of the 100-mile border zone within which the CBP typically operates.




Beware the dreaded swath!
Off to the Races for Enforcement of California’s Privacy Law
Yesterday, the California Attorney General’s office confirmed that it has begun sending a “swath” of enforcement notices to companies across sectors who are allegedly violating the California Consumer Privacy Act (CCPA), swiftly beginning enforcement right on the July 1st enforcement date.
In an IAPP-led webinar, “CCPA Enforcement: Enter the AG,” Stacey Schesser, California’s Supervising Deputy Attorney General, confirmed details about the first week of CCPA enforcement. Below, we provide 1) key takeaways from that conversation; 2) discuss the role of the draft regulations; and 3) observe that the successes or failures of AG enforcement will directly influence debates over other legislative efforts outside of California. Meanwhile, AG enforcement will almost certainly bolster public awareness and support for the California Privacy Rights Act (CPRA) or “CCPA 2.0” ballot initiative in November 2020.




The direction everyone is taking…
Supreme Court gives nod for summons and legal notices to be sent via digital platforms
This order marks as a huge step towards digitisation of Indian legal proceedings, where notices and summons used to be sent either by mail or delivered in person.




A collection of resources.
Natural language processing: A cheat sheet
NLP is a complicated field that one can spend years studying. This guide contains the basics about NLP, details how it can benefit businesses, and explains where to get started with its implementation.




Because, work from home...
How to Collaborate on Word Documents Online
Earlier this week I received an email from a reader who wanted to know how her students could see and comment on Google Docs if they only had Microsoft 365 accounts. While that could be done with a couple of clever workarounds, the simpler solution is to just use Word online.
Just like with Google Docs, with Word online you can share documents, comment on documents, and make editing suggestions. And a bonus feature is being able to set passwords and expiration dates on shared Word documents. In the following short video I demonstrate how to collaborate on Word documents online.



Friday, July 10, 2020


I would prefer evidence that no records were stolen. This wording always sounds wishy-washy. Perhaps they did not have their logs turned on? (Thus generating ‘no evidence.’)
Vancouver Coastal Health hit by cyberattack, but says 'no evidence' data stolen
An investigation into a cyberattack at Vancouver Coastal Health turned up "no evidence" that data was stolen, according to officials.




Strategic information leads to tactical blunders?
Chicago Police Department arrest API shutdown is its own kind of ‘cover up’
the department recently shut down its arrest API used by journalists and researchers. A data API, or application programming interface, provides access to structured information in a way machines can read, akin to the difference between getting data in a spreadsheet file versus copying it by hand into a spreadsheet.
CPD’s API provided access to comprehensive and timely data about arrests going back to 2014 in ways that can be processed and analyzed by software engineers and reporters.
The Chicago Reporter used the API last month to analyze police tactics during local mass protests following the Minneapolis police killing of George Floyd. CPD had released figures stating that the majority of arrests made on the weekend of May 29 were for criminal conduct related to looting, not protesting.
But by using CPD’s own data from the arrest API, we found the opposite to be true: the majority of civil unrest-related arrests made that weekend had been for offenses related to protesting. CPD revised their numbers and acknowledged that a number of arrests had been miscategorized. The mayor’s office also addressed the discrepancy in a statement to The Chicago Reporter, saying it was “working with the Chicago Police Department to ensure they re-run all data during this period of time to ensure a more accurate representation of arrests throughout the city.”
Within a day of our publishing this analysis, CPD removed access to the API for all users.




It’s like many infographics in one. Click for different views…
Strong Data Encryption Protects Everyone: FPF Infographic Details Crypto Benefits for Individuals, Enterprises, and Government Officials
Today, the Future of Privacy Forum released a new tool: the interactive visual guide “Strong Data Encryption Protects Everyone..” The infographic illustrates how strong encryption protects individuals, enterprises, and the government.




Curious. Does this mean that France condones the porn industry? What is the magic age? Apparently privacy is a two edged sword.
France to introduce controversial age verification system for adult websites
The French Parliament unanimously agreed on Thursday to introduce a nationwide age verification system for pornography websites, months after President Emmanuel Macron pledged to protect children against such content.
The choice of verification mechanisms will be left up to the platforms. But lawmakers have suggested using credit card verification — a system first adopted by the U.K., which mulled similar plans to control access to pornography but had to drop them in late 2019 because of technical difficulties and privacy concerns. Italy also approved a similar bill in late June, which raised the same concerns over its feasibility and compliance with the EU laws.




Does that portion of the law date back to the pre-Internet age?
EU Court: YouTube Not Required to Share Email and IP-Addresses of Movie Pirates
A judgment handed down by the EU Court of Justice this morning has found that online platforms, including YouTube, do not have to hand over the email addresses, IP addresses, or telephone numbers of alleged pirates following a request from copyright holders. The 'address' referenced in the Copyright Directive relates to postal addresses only.




That’s not Niagara Falls, that’s all those class action lawyers drooling...
Florida lawsuit offers glimpse into estimated $1.4B ransomware toll on US businesses
A class-action lawsuit seeking $99 million in damages has been lodged against a Tampa-based healthcare provider for alleged negligence in a ransomware breach of patient and employee records.
Orlando-based Morgan & Morgan filed the claim days after UnityPoint Health agreed to pay $2.8 million in a preliminary settlement of a similar ransomware-related negligence lawsuit after a data breach in Iowa.
Morgan & Morgan’s suit against Musculoskeletal Institute, which operates Florida Orthopaedic Institute, alleges its "lackadaisical, cavalier, reckless, or in the very least, negligent" actions “resulted in the exposure of (records of) at least 100,000 patients and potentially in excess of 150,000 current and former patients.”
According to ransomware remediator Coveware, however, ransomware attacks against private entities are underreported, with hackers extorting $1.4 billion from U.S. businesses in 2019, usually in what are acknowledged as “data breaches.”




Background. I bet you don’t know many of these…
Gartner’s Data Center And Cloud Networking Magic Quadrant Leaders
By the end of 2022, the number of enterprise network teams using a SaaS-based console to manage data center networks will increase by more than 10 times to over 1,500, according to Gartner’s new 2020 Magic Quadrant For Data Center and Cloud Networking. Another mega trend Gartner sees is that by 2023, more than 10 percent of large enterprises will be running on-premises public cloud infrastructure, such as AWS Outposts, in their private data centers, which is an increase from less than 1 percent in 2019.
One final trend key in the networking industry is that Gartner predicts by 2025, 20 percent of data center hardware switches will be procured via an as-a-service model -- up from nearly zero in early 2020.




If you clutter your desktop with windows…
How to Make Windows Transparent in Windows 10



Thursday, July 09, 2020


Paying those evil hackers for stolen data? What could possibly go wrong. (Steal to order?)
Police Are Buying Access to Hacked Website Data
The sale is “an end-run around the usual legal processes.”
Hackers break into websites, steal information, and then publish that data all the time, with other hackers or scammers then using it for their own ends. But breached data now has another customer: law enforcement.
Some companies are selling government agencies access to data stolen from websites in the hope that it can generate investigative leads, with the data including passwords, email addresses, IP addresses, and more.




No surprise.
2020 is on Track to Hit a New Data Breach Record
Around 16 billion records have been exposed so far this year. According to researchers, 8.4 billion were exposed in the first quarter of 2020 alone, a 273% increase from the first half of 2019 which saw only 4.1 billion exposed.
What Changed?
While the number of publicly reported breaches in Q1 2020 decreased by 58% compared to 2019, the coronavirus pandemic gave cybercriminals new ways to thrive. Phishing scams skyrocketed as citizens self-isolated during the lockdown, and social-engineering schemes defrauded Internet users of millions.
However, the surprising decline in disclosed breaches is no cause to celebrate. The lack of disclosure can also be attributed to confusion brought on by the pandemic.




An interesting question. I’d say yes, but not as things stand today.
Can Our Ballots Be Both Secret and Secure?




Perspective.
The Pentagon’s AI director talks killer robots, facial recognition, and China
Joint AI Center (JAIC) acting director Nand Mulchandani said one of JAIC’s first lethal AI projects is proceeding into a testing phase now. The JAIC was founded in 2018 to act as the Pentagon’s leader in all things AI, and initially focused on non-lethal forms. Mulchandani shared few specifics, but called the project “tactical edge AI” that will involve full human control and likened it to JAIC’s “flagship product” for joint warfighting operations.
It is true that many of the products we work on will go into weapons systems. None of them right now are going to be autonomous weapon systems, we’re still governed by 3000.09,” he said.




Well, I found it interesting.
As artificial intelligence spreads throughout society, policymakers face a critical question: Will they need to pass new laws to govern AI, or will updating existing regulations suffice? A recently completed study suggests that, for now, the latter is likely to be the case and that policymakers may address most of this technology’s legal and societal challenges by adapting regulations already in the books.




For the birds…
Winners of the 2020 Audubon Photography Awards
Audubon.org: “Every spring, the judges of the Audubon Photography Awards gather at Audubon’s headquarters in Manhattan to review their favorite images and select the finalists. But as with much of life in 2020, this year’s awards had to be handled differently due to pandemic-related travel, work, and social-distancing restrictions.




Even kids can code.
This 12-year-old CEO is offering free coding, AI classes during COVID-19
Samaira Mehta is a 12-year-old with lofty goals. The founder of Yes, 1 Billion Kids Can Code and CEO of a board game company called CoderBunnyz wants to get 1 billion kids into coding by the time she graduates from college around 2030.
Through her company, which she co-founded with her mom, the Santa Clara, California-based middle schooler sells two different board games: CoderBunnyz, which teaches basic coding concepts, and CoderMindz, which is focused on artificial intelligence principles. Now, the company also offers free AI and coding curriculum online all around the world. Mehta is also launching a new initiative called Boss Biz, a program teaching kids how to create a business alongside entrepreneurs across the world.



Wednesday, July 08, 2020


These are trivial, unless they happen to you. Do you have a procedure that would defeat this type of crime?
Far North council scammed out of $100,000 after supplier's email hacked
The Far North District Council has ramped up its cyber security systems after being scammed out of just over $100,000 by computer hackers.
The cyber-attack occurred last December, when one of its Auckland-based supplier's emails was hacked and the council received a request to change the supplier's bank account details.
The council implemented the change and paid $100,600.30 into the fraudulent bank account over the holiday period.
"We have since added extra measures to our verification process and these will significantly reduce the likelihood of this type of fraud occurring again."




The evolution of hacking crime. Is your data worth more to a crook than it is to you?
Sodinokibi Gang Starts a New Trend Among Ransomware Operators by Launching an Auction Site
The mantra of having a data backup to protect oneself from ransomware attacks has gone for a toss. Today, ransomware gangs have upped their tactics by stealing their victims’ data and in some cases auctioning it off on dark web markets with an intent to make quick money.




A (video) podcast. There is a transcript.
Does conscious AI deserve rights?
Does AI—and, more specifically, conscious AI—deserve moral rights? In this thought exploration, evolutionary biologist Richard Dawkins, ethics and tech professor Joanna Bryson, philosopher and cognitive scientist Susan Schneider, physicist Max Tegmark, philosopher Peter Singer, and bioethicist Glenn Cohen all weigh in on the question of AI rights.




Technically, access is a yes or no decision.
If there’s anyone’s amicus brief on the Computer Fraud and Abuse Act (CFAA) I’d want to read, it would be Orin Kerr’s. Today, he is submitting an amicus brief to the Supreme Court on a big CFAA case: Nathan Van Buren v. United States of America.
From his brief, the “INTEREST OF THE AMICUS CURIAE” section:
Orin S. Kerr is a Professor of Law at the University of California, Berkeley School of Law. He has written extensively about 18 U.S.C. § 1030, known as the Computer Fraud and Abuse Act (CFAA). His experience includes working as a lawyer in CFAA cases fromthe prosecution side, criminal defense side, and civil defense side; testifying about the law before congressional committees; and helping to draft amendments to it. The interest of amicus is the sound development of the law.
Here’s just one paragraph to hopefully encourage you all to read the whole brief:
This case asks the Court to settle what makes access unauthorized—in the words of the statute, either an access “without authorization” or an act that “exceeds authorized access.” 18 U.S.C. § 1030(a)(2). The question is hard because two different theories of authorization exist. The first theory, based on technology, is universally accepted. The second theory, based on words, is deeply controversial. This case asks whether CFAA liability is limited to the first theory or if it also extends to the second theory.
You can read his brief here.




Perspective.
Cognitive Electronic Warfare Could Revolutionize How America Wages War With Radio Waves
The U.S. military, like many others around the world, is investing significant time and resources into expanding its electronic warfare capabilities across the board, for offensive and defensive purposes, in the air. at sea, on land, and even in space. Now, advances in machine learning and artificial intelligence mean that electronic warfare systems, no matter what their specific function, may all benefit from a new underlying concept known as advanced "Cognitive Electronic Warfare," or Cognitive EW. The main goal is to be able to increasingly automate and otherwise speed up critical processes, from analyzing electronic intelligence to developing new electronic warfare measures and countermeasures, potentially in real-time and across large swathes of networked platforms.
Over the Horizon, an online journal that officers and academics from the U.S. Air Force's Air Command and Staff College established, published an interesting piece on the principles behind Cognitive EW and the potential benefits of its application on July 3, 2020. The article, which Air Force Major John Casey wrote, is worth reading in full.




Perspective. Covid is getting expensive.
Economists Think Congress Could Create An Economic Disaster This Summer
Congress has less than a month to hammer out a deal on the next round of stimulus before expanded unemployment benefits expire. State and local governments are starting to feel the pinch of budget shortfalls. And while the U.S. got a piece of (relatively) good news in last week’s jobs report, which featured an unemployment rate 2.2 percentage points lower in June than it had been in May, the economy has been thrown back into chaos in the meantime, with a number of states pulling back on their reopenings amid spiking COVID-19 infections and hospitalizations.
Our newest survey of economists highlights just how consequential governmental decisions over the next month may be: On average, these economists think that a refusal by Congress to extend unemployment benefits or bail out state and local governments is just as likely to hurt the economy as local economies staying open in spite of COVID-19 spikes — or even closing because of the virus.


(Related) Another look at Covid economics.
The Great Innovation Deceleration
The rise of the West is often traced back to the Black Death of the mid-1300s, which killed over 40% of Europe’s population. For example, some historians think that the resulting labor scarcity increased the bargaining power of peasants in the West, which led to the end of serfdom and to higher standards of living but failed to bring about institutional change in the East.
Many parallels between COVID-19 and the Black Death have been drawn, but most of them are unhelpful. In a medieval economy, fewer people meant more land per person and a higher income for the average citizen. The opposite is true in today’s knowledge-based economy, since ideas are non-rivalrous and, unlike land, can be used by everyone simultaneously.




Perspective. Is this worth $98?
Walmart’s Amazon Prime competitor will launch in July
Walmart+ will cost $98 a year and include same-day delivery of groceries, fuel discounts, and other perks.




Culture for shut-ins.
The Voyage Complete – Remarkable Reading of The Rime of The Ancient Mariner
University of Plymouth – The Arts Institute – The Ancient Mariner Big Read – “The Rime of the Ancient Mariner is a founding fable of our modern age. We are the wedding guests, and the albatross around the Mariner’s neck is an emblem of human despair and our abuse of the natural world. Yet in its beautiful terror there lies a wondrous solution – that we might wake up and find ourselves saved. Art knows no boundaries. The Ancient Mariner Big Read is an inclusive, immersive work of audio and visual art from the 21st century that reflects the sweeping majesty and abiding influence of Samuel Taylor Coleridge’s 18th century epic poem.