Wednesday, July 28, 2021

A hint that we’re beginning to take hacking serious?

https://www.wsj.com/articles/biden-directs-agencies-to-develop-cybersecurity-standards-for-critical-infrastructure-11627477200?mod=djemalertNEWS

Biden Directs Agencies to Develop Cybersecurity Standards for Critical Infrastructure

Though voluntary, officials said the new step could be a prelude to a push for cybersecurity mandates

… “We’ve seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and destruction in the real world,” Mr. Biden said Tuesday during a visit to the Office of the Director of National Intelligence. “If we end up in a war, a real shooting war, with a major power, it’s going to be as a consequence of a cyber breach of great consequence.”





Heads-up computer security managers!

https://www.wired.com/story/punkspider-web-site-vulnerabilities/

A Controversial Tool Calls Out Thousands of Hackable Websites

THE WEB HAS long been a playground for hackers, offering up hundreds of millions of public-facing servers to comb through for basic vulnerabilities to exploit. Now one hacker tool is about to take that practice to its logical, extreme conclusion: Scanning every website in the world to find and then publicly release their exploitable flaws, all at the same time—and all in the name of making the web more secure.

At the Defcon hacker conference next week, Alejandro Caceres and Jason Hopper plan to release—or, rather, to upgrade and re-release after a years-long hiatus—a tool called PunkSpider. Essentially a search engine that constantly crawls the entire web, PunkSpider automatically identifies hackable vulnerabilities in websites, and then allows anyone to search those results to find sites susceptible to everything from defacement to data leaks.





When a pandemic is not bad enough...

https://www.zdnet.com/article/enterprise-data-breach-cost-reached-record-high-during-covid-19-pandemic/

Enterprise data breach cost reached record high during COVID-19 pandemic

On Wednesday, IBM Security released its annual "Cost of a Data Breach report, which estimates that in 2021, a typical data breach experienced by companies now costs $4.24 million per incident, with expenses incurred now 10% higher than in 2020 when 1,000 – 100,000 records are involved.

So-called "mega" breaches impacting top enterprise firms responsible for the exposure of between 50 million and 65 million records now also come with a higher price tag -- reaching an average of $401 million to resolve.





Easier than reading your postcards?

https://www.pogowasright.org/eff-sues-u-s-postal-service-for-records-about-covert-social-media-spying-program/

EFF Sues U.S. Postal Service For Records About Covert Social Media Spying Program

The Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) lawsuit against the U.S. Postal Service and its inspection agency seeking records about a covert program to secretly comb through online posts of social media users before street protests, raising concerns about chilling the privacy and expressive activity of internet users.

Under an initiative called Internet Covert Operations Program, analysts at the U.S. Postal Inspection Service (USPIS), the Postal Service’s law enforcement arm, sorted through massive amounts of data created by social media users to surveil what they were saying and sharing, according to media reports. Internet users’ posts on Facebook, Twitter, Parler, and Telegraph were likely swept up in the surveillance program.

USPIS has not disclosed details about the program or any records responding to EFF’s FOIA request asking for information about the creation and operation of the surveillance initiative. In addition to those records, EFF is also seeking records on the program’s policies and analysis of the information collected, and communications with other federal agencies, including the Department of Homeland Security (DHS), about the use of social media content gathered under the program.

We’re filing this FOIA lawsuit to shine a light on why and how the Postal Service is monitoring online speech. This lawsuit aims to protect the right to protest,” said Houston Davidson, EFF public interest legal fellow. “The government has never explained the legal justifications for this surveillance. We’re asking a court to order the USPIS to disclose details about this speech-monitoring program, which threatens constitutional guarantees of free expression and privacy.”

Media reports revealed that a government bulletin dated March 16 was distributed across DHS’s state-run security threat centers, alerting law enforcement agencies that USPIS analysts monitored “significant activity regarding planned protests occurring internationally and domestically on March 20, 2021.” Protests around the country were planned for that day, and locations and times were being shared on Parler, Telegram, Twitter, and Facebook, the bulletin said.

Monitoring and gathering people’s social media activity chills and suppresses free expression,” said Aaron Mackey, EFF senior staff attorney. “People self-censor when they think their speech is being monitored and could be used to target them. A government effort to scour people’s social media accounts is a threat to our civil liberties.”

For the complaint: https://www.eff.org/document/eff-v-usps-complaint





The pendulum of law. First Facial Recognition is a ‘must use’ to control the Covid pandemic, then comes the “Oops!” as they realize that’s not all it can do.

https://www.globaltimes.cn/page/202107/1229844.shtml

Apps barred from indiscriminate collection of unnecessary personal information

The Supreme People's Court (SPC) of China on Wednesday issued judicial rules to regulate the use of facial recognition, stipulating that no app can require users to provide unnecessary personal information. Specifically, the regulation requires apps to ask for consent from users when facial recognition information is involved.

Experts said the new rules come at a time when excessive collection and abuse of facial data have become major threats to personal information and privacy.

"At present, abuse of facial recognition may threaten an individual's payment security, but its potential risks may extend to threats against their personal safety, such as drone attacks using facial recognition," Liu Gang, director of the Nankai Institute of Economics and chief economist at the Chinese Institute of New Generation Artificial Intelligence Development Strategies, told the Global Times on Wednesday.

Facial recognition, a new technology broadly used in China that helped the country to effectively contain the coronavirus, is facing tougher regulation as China strengthens protection of personal data and people's privacy following growing concerns among the public.





Identify new potentially valuable startups, help them for a share of their business. Perhaps not all Pro Bono.

https://venturebeat.com/2021/07/27/github-offers-open-source-developers-legal-counsel-to-combat-dmca-abuse/

GitHub offers open source developers legal counsel to combat DMCA abuse

GitHub has announced a partnership with the Stanford Law School to support developers facing takedown requests related to the Digital Millennium Copyright Act (DMCA).

While the DMCA may be better known as a law for protecting copyrighted works such as movies and music, it also has provisions (17 U.S.C. 1201 ) that criminalize attempts to circumvent copyright-protection controls — this includes any software that might help anyone infringe DMCA regulations. However, as with the countless spurious takedown notices delivered to online content creators, open source coders too have often found themselves in the DMCA firing line with little option but to comply with the request even if they have done nothing wrong.





Perspective.

https://www.salon.com/2021/07/27/artificial-intelligence-wants-you-and-your-job_partner/

Artificial intelligence wants you (and your job)

We’d better control machines before they control us

In the early 1940s, science fiction writer Isaac Asimov formulated his famed three laws of robotics: that robots were not to harm humans, directly or indirectly; that they must obey our commands (unless doing so violates the first law); and that they must safeguard their own existence (unless self-preservation contravenes the first two laws).

Any number of writers have attempted to update Asimov. The latest is legal scholar Frank Pasquale, who has devised four laws to replace Asimov's three. Since he's a lawyer not a futurist, Pasquale is more concerned with controlling the robots of today than hypothesizing about the machines of tomorrow. He argues that robots and AI should help professionals, not replace them; that they should not counterfeit humans; that they should never become part of any kind of arms race; and that their creators, controllers, and owners should always be transparent.

Pasquale's "laws," however, run counter to the artificial-intelligence trends of our moment. The prevailing AI ethos mirrors what could be considered the prime directive of Silicon Valley: move fast and break things. This philosophy of disruption demands, above all, that technology continuously drive down labor costs and regularly render itself obsolescent.

To prevent the various worst-case scenarios, the European Union has proposed to control AI according to degree of risk. Some products that fall in the EU's "high risk" category would have to get a kind of Good Housekeeping seal of approval (the Conformité Européenne). AI systems "considered a clear threat to the safety, livelihoods, and rights of people," on the other hand, would be subject to an outright ban. Such clear-and-present dangers would include, for instance, biometric identification that captures personal data by such means as facial recognition, as well as versions of China's social credit system where AI helps track individuals and evaluate their overall trustworthiness.





Learn a new (programming) language.

https://www.lua.org/

Lua

Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.

Lua is free open-source software, distributed under a very liberal license (the well-known MIT license). It may be used for any purpose, including commercial purposes, at absolutely no cost. Just download it and use it.

Fourth edition of Programming in Lua available as e-book





You know you have at least one book in you.

https://www.makeuseof.com/best-iphone-book-writing-apps/

The 6 Best iPhone Book-Writing Apps

Make your book-writing tasks easier with these apps for your iPhone and iPad.



No comments: