Monday, March 08, 2021

Actions short of war… Does everyone have the same threshold?

https://www.nytimes.com/2021/03/07/us/politics/microsoft-solarwinds-hack-russia-china.html

Preparing for Retaliation Against Russia, U.S. Confronts Hacking by China

Just as it plans to begin retaliating against Russia for the large-scale hacking of American government agencies and corporations discovered late last year, the Biden administration faces a new cyberattack that raises the question of whether it will have to strike back at another major adversary: China.

Taken together, the responses will start to define how President Biden fashions his new administration’s response to escalating cyberconflict and whether he can find a way to impose a steeper penalty on rivals who regularly exploit vulnerabilities in government and corporate defenses to spy, steal information and potentially damage critical components of the nation’s infrastructure.





Reliance does not mean forever.

https://www.schneier.com/blog/archives/2021/03/hacking-digitally-signed-pdf-files.html

Hacking Digitally Signed PDF Files

Interesting paper: “Shadow Attacks: Hiding and Replacing Content in Signed PDFs:

This paper introduces a novel class of attacks, which we call shadow attacks. The shadow attacks circumvent all existing countermeasures and break the integrity protection of digitally signed PDFs. Compared to previous attacks, the shadow attacks do not abuse implementation issues in a PDF viewer. In contrast, shadow attacks use the enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant. Since shadow attacks abuse only legitimate features, they are hard to mitigate.

Our results reveal that 16 (including Adobe Acrobat and Foxit Reader) of the 29 PDF viewers tested were vulnerable to shadow attacks. We introduce our tool PDF-Attacker which can automatically generate shadow attacks. In addition, we implemented PDF-Detector to prevent shadow documents from being signed or forensically detect exploits after being applied to signed PDFs.





No privacy equals no lines? Is that a fair trade?

https://apnews.com/article/travel-dubai-united-arab-emirates-coronavirus-pandemic-artificial-intelligence-4c8f2fb1f62df394e29e8365b3bd105e

At Dubai airport, travelers’ eyes become their passports

Now, the key east-west transit hub is rolling out another addition from the realm of science fiction — an iris-scanner that verifies one’s identity and eliminates the need for any human interaction when entering or leaving the country.

It’s the latest artificial intelligence program the United Arab Emirates has launched amid the surging coronavirus pandemic, contact-less technology the government promotes as helping to stem the spread of the virus. But the efforts also have renewed questions about mass surveillance in the federation of seven sheikhdoms, which experts believe has among the highest per capita concentrations of surveillance cameras in the world.





Isn’t this counter to the FBI’s stated position?

https://www.csoonline.com/article/3610752/intel-microsoft-join-darpa-effort-to-accelerate-fully-homomorphic-encryption.html#tk.rss_all

Intel, Microsoft join DARPA effort to accelerate fully homomorphic encryption

If successful, the multi-year effort could allow organizations from industries with strict data confidentiality requirements, such as healthcare, finance, banking or government, to easily share sensitive data with partners and third-party services in public clouds without the risk of exposing it.

Fully homomorphic encryption is a form of cryptography that allows mathematical operations to be performed directly on encrypted data (ciphertext) without the need to first decrypt.





Because I suspect this may point to possible anti-trust solutions.

https://www.bespacific.com/data-leverage-a-framework-for-empowering-the-public-in-itsrelationship-with-technology-companies/

Data Leverage: A Framework for Empowering the Public in its Relationship with Technology Companies

arXiv – 17 February 2021 – Association for Computing Machiner – Data Leverage: A Framework for Empowering the Public in its Relationship with Technology Companies – “Many powerful computing technologies rely on implicit and explicit data contributions from the public. This dependency suggests a potential source of leverage for the public in its relationship with technology companies: by reducing, stopping, redirecting, or otherwise manipulating data contributions, the public can reduce the effectiveness of many lucrative technologies. In this paper, we synthesize emerging research that seeks to better understand and help people action this data leverage. Drawing on prior work in areas including machine learning, human-computer interaction, and fairness and accountability in computing, we present a framework for understanding data leverage that highlights new opportunities to change technology company behavior related to privacy, economic inequality, content moderation and other areas of societal concern. Our framework also points towards ways that policymakers can bolster data leverage as a means of changing the balance of power between the public and tech companies.”



(Related) Less likely?

https://www.nytimes.com/2021/03/06/opinion/data-tech-privacy-opt-in.html

America, Your Privacy Settings Are All Wrong

Using an opt-in approach will help curb the excesses of Big Tech.





Tools. I use Feedly.

https://www.bespacific.com/how-to-use-microsoft-outlook-as-an-rss-feed-reader/

How to Use Microsoft Outlook as an RSS Feed Reader

HowToGeek: “RSS feeds are great for getting alerted to new articles on your favorite sites. But your personal time shouldn’t be taken up with reading work articles. Split your professional and personal subscriptions by adding work feeds to Microsoft Outlook instead. Managing feeds in Outlook is super easy, although it can only be done in the desktop Outlook client. If you only use the Outlook web app, there are plenty of other good feed readers, like Feedly or Inoreader, to choose from instead. Alternatively, you can subscribe to your feeds using Slack or Microsoft Teams …”





Tools.

https://www.bespacific.com/justdelete-me-2/

JustDelete.me

A directory of direct links to delete your account from web services. Many companies use dark pattern techniques to make it difficult to find how to delete your account. JustDelete.me aims to be a directory of urls to enable you to easily delete your account from web services.”

See also How to Delete Your Old Online Accounts (and Why You Should)



No comments: