Tuesday, March 30, 2021

From the “Ready, Fire, Aim” school of thought.

https://www.cpomagazine.com/data-privacy/is-tiktok-really-a-national-security-threat-new-report-from-university-of-toronto-says-no/

Is TikTok Really a National Security Threat? New Report From University of Toronto Says No

One of the hottest social media discussion topics of late 2020 was the Trump administration’s proposed ban of popular social media platform TikTok as a national security threat. With 80 million active monthly users in the United States, and a fair share of them making a living from the platform, it was naturally a very contentious idea.

The ban eventually sputtered out without ever really being enforced; the Biden administration has the whole affair on pause pending a broader review of the previous administration’s China policy. Though the Beijing-based app may well still end up being sold to an American company due to Trump’s pressure (the odd tandem of Oracle and Walmart being the frontrunners at present), the framing of TikTok as national security threat was always much more speculative than tied to concrete evidence of spying. While independent reverse engineering of the app raised some questions about its capabilities, the concern was based more on China’s national intelligence laws which compel any private business within its borders to turn over data to the government upon request.

Cybersecurity researchers from the University of Toronto’s Citizen Lab have tackled the question of TikTok’s trustworthiness by comparing its code to Douyin, the version made available in China. The researchers found that Douyin collects a greater amount of personal information and sends it to a variety of servers in China, but TikTok does not share that code. While that does not preclude the possibility of stored data being handed over in other ways, the researchers conclude that TikTok is not a direct or overt national security threat as it is presently constructed.

The research builds on prior work (published in May of 2020) which found that WeChat, China’s most popular messaging app and also named for a ban by the Trump administration, contained a hidden censorship algorithm that scanned non-Chinese accounts to train itself for automated filtering of what Chinese users see on the platform.





Don’t worry, DHS will protect us!

https://www.makeuseof.com/solarwinds-hackers-breached-emails-top-dhs-officials/

SolarWinds Hackers Breached the Email Accounts of Top DHS Officials

The Department for Homeland Security was just one victim of SolarWinds.

As reported by the Associated Press, the then-acting Department for Homeland Security Secretary Chad Wolf's email account was accessed during the SolarWinds attack. The information accessed in Wolf's account at the time isn't known, nor is the length of time the attackers had access to his account.

However, that the attackers gained access to the email account of an individual sitting at the top of one of the US's most important national departments sends a strong message.





Oh please… Isn’t this why we have allies?

https://www.defenseone.com/technology/2021/03/senators-offer-let-nsa-hunt-cyber-actors-inside-us/172938/

Senators Offer to Let NSA Hunt Cyber Actors Inside the US

Nakasone told senators that the U.S. was unable to keep up with the threat in large part because laws prevent NSA and Cyber Command from adequately observing adversaries operating on U.S. networks. “They’re no longer just launching their attacks from different parts of the world. They understand that they come into the United States, use our infrastructure, and there’s a blind spot for us not being able to see them.”





Good to know the market for my Ethical Hackers is strong.

https://www.csoonline.com/article/3613171/booming-dark-web-gig-economy-is-a-rising-threat.html#tk.rss_all

Booming dark web gig economy is a rising threat

Experts seen a sharp increase in help-wanted ads for black hat hackers-for-hire. Here's what they are targeting and how to respond to the threat.





AI needs lots and lots of data. Is it possible someone is feeding an AI?

https://www.bespacific.com/billions-of-records-have-been-hacked-already-make-cybersecurity-a-priority-or-risk-disaster-warns-analyst/

Billions of records have been hacked already. Make cybersecurity a priority or risk disaster, warns analyst

ZDNet – “A new report warns against relegating cybersecurity to the bottom of the to-do list. More data records have been compromised in 2020 alone than in the past 15 years combined, in what is described as a mounting “data breach crisis” in the latest study from analysis firm Canalys. Over the past 12 months, 31 billion data records have been compromised, found Canalys. This is up 171% from the previous year, and constitutes well over half of the 55 billion data records that have been compromised in total since 2005. Cases of ransomware – a specific type of attack that encrypts servers and data to block access to a computer system until a sum of money is paid – have been on the rise, with the number of reported incidents up 60% compared to 2019. “Prioritize cybersecurity and invest in broadening protection, detection and response measures or face disaster,” said Canalys chief analyst Matthew Ball. According to Canalys, this unprecedented boom in attacks can be in part attributed to the COVID-19 pandemic, which forced organizations across the world to digitize at pace, without putting enough thought into the new security requirements that come with doing business online…”





Long, detailed and crazy?

https://www.databreaches.net/mobikwik-offers-master-class-in-how-not-to-respond-to-a-breach-researchers-scoff-consumers-rage/

Mobikwik offers master class in how NOT to respond to a breach; researchers scoff, consumers rage

Things have rapidly escalated in the wake of Mobikwik’s repeated denials that the digital wallet and payments network firm had a massive breach. As DataBreaches.net reported on Sunday, more than 8 TB of data from the firm had been listed for sale on a popular forum, data that allegedly included KYC (Know Your Customer ) data on 3.5 million consumers. And to prove the data were real, the seller created a portal where MobiKwik customers could input their information to see what MobiKwik had on file about them.

Despite the samples provided and confirmation by independent researchers that the data were real, MobiKwik gave DataBreaches.net a statement that there had been no breach, repeating a statement it had made on March 4, when it tried to claim that a “media-crazed researcher” had concocted files but that their systems were secure.

People watching this all unfold should keep in mind that MobiKwik has reportedly been planning for an IPO later this year. The very last thing they need or want right now is a massively expensive and embarrassing data breach that would make investors shy away. Is that what is the explanation — are they denying all this in the hopes that investors will not run away?





Something the FBI will point to...

https://www.theregister.com/2021/03/29/terror_cops_password_law_change_call/

UK terror law reviewer calls for expanded police powers to imprison people who refuse to hand over passwords

Cops should be exempted from regulatory safeguards, says lawyer

The UK's Government Reviewer of Terrorism Laws is again advising the removal of legal safeguards around a controversial law that allows people to be jailed if they refuse police demands for forced decryption of their devices.

In what appears to be a recurring theme, Jonathan Hall QC said police should be able to threaten people arrested under terror laws with five years in prison if they don't hand over passwords on demand.

By recommending the creation of a new crime of failing to co-operate with police under the law, Hall would be calling for cops to operate with fewer controls on their behaviour if they wanted to search a terror suspect's phone.





Nothing on a camera tells you what will or might happen. It may provide some useful evidence after the fact.

https://theconversation.com/ai-driven-cctv-upgrades-are-coming-to-the-worlds-most-watched-streets-will-they-make-britain-safer-157789

AI-driven CCTV upgrades are coming to the ‘world’s most watched’ streets – will they make Britain safer?

Renewed concern about the safety of public streets, especially for women, has prompted the UK government to announce the doubling of a “Safer Streets” fund to £45 million, with planned measures including more CCTV in public places such as parks.

This would be to add to a street surveillance ecosystem that is already extensive in the UK – often referred to as the most surveilled nation on Earth. The first wave of surveillance cameras went in 30 years ago, and by 2013 an estimated 5.9 million units were watching UK streets. That figure is likely far higher today, driven in part by the new availability of compact cameras like dashcams, bodycams and doorbell cameras.

Enlarging that ecosystem still further may be a seductive policy solution to street safety concerns, but there’s limited evidence of their effectiveness at reducing and deterring crime. And, as women’s groups have recently pointed out, the focus on street surveillance neglects the wider societal change required in order to make women feel safer in public places.





It’s always good to have something to point to when we say, “That’s not how it works.”

https://www.menshealth.com/entertainment/g35960460/movies-about-ai-artificial-intelligence/

18 Movies About Artificial Intelligence Worth Streaming Now





See? I gots kulture!

https://www.bespacific.com/musee-du-louvre-launches-online-collection-database-and-new-website/

Musée du Louvre launches online collection database and new website

Two new digital tools have just gone live to bring the richness of the Louvre collections to the world’s fingertips: collections.louvre.fr/en, a platform that for the first time ever brings together all of the museum’s artworks in one place; and a new and improved website, https://www.louvre.fr/en that is more user-friendly, attractive and immersive. Designed for both researchers and curious art lovers, the collections.louvre.fr/en database already contains more than 482,000 entries, including works from the Louvre and the Musée National Eugène-Delacroix, sculptures from the Tuileries and Carrousel gardens, and ‘MNR’ works (Musées Nationaux Récupération, or National Museums Recovery) recovered after WWII and entrusted to the Louvre until they can be returned to their legitimate owners. For the first time ever, the entire Louvre collection is available online, whether works are on display in the museum, on long-term loan in other French institutions, or in storage…”





Helping my students leave…

https://www.bespacific.com/bring-your-professional-story-to-life-on-linkedin/

Bring Your Professional Story to Life on LinkedIn

LinkedIn Blog: “…we’re excited to announce that we have re-imagined how you can bring your professional story to life on LinkedIn and are introducing tools to help you create a more expressive and inclusive Profile. This starts with a video Cover Story, a new tool that lets you personalize your first “hello,” so you can engage your audience and reach recruiters. For inspiration on how to bring yours to life, check out the video below, or see mine here. Once you add your Cover Story, an orange ring will appear around your Profile photo, and a preview of your video will auto-play silently within your photo frame (we like to think of it as the “Harry Potter” effect). And, stay tuned for captioning capabilities coming soon. For job seekers, a Cover Story is a great way to introduce yourself to hiring managers by sharing your career goals, providing a peek at your personality and showcasing your communication skills. According to a recent U.S. survey* almost 80% (76%) of hiring managers believe seeing a pre-recorded video of a job seeker would be useful. Also, if you’re searching for a job, check out the announcement from Ryan, LinkedIn’s CEO,  about free LinkedIn Learning courses to sharpen your skills…”





Another research resource.

https://www.bespacific.com/dissemin-fostering-self-archiving-of-research-papers-in-open-repositories/

Dissemin – Fostering self-archiving of research papers in open repositories

Dissemin detects papers behind paywalls and helps their authors to upload them in one click to an open repository. FAQ – “What is dissem.in? Dissemin is a web platform gathering metadata from many sources and analyzing the full text availability of publications of researchers. It has been designed to foster the use of repositories (rather than preprints posted on personal homepages), for numerous reasons. Is dissem.in a repository? Dissemin is not a repository as it does not store any full text. When the full text of a publication is available, a link to the relevant page is provided. The full texts deposited through Dissemin are stored in third-party repositories such as Zenodo or HAL. Who runs dissem.in? Dissemin is brought to you by the CAPSH association. Can I create a profile on dissem.in? Yes, you can do it, by first registering on ORCID if you do not have an ORCID identifier yet. This only takes a few seconds, and you can then use your ORCID identifier to log into Dissemin…”



No comments: