I’m going to stop explaining how easy it would be to make elections trustworthy. Apparently no one is listening.
https://gizmodo.com/good-luck-to-the-judge-who-sealed-a-ballot-machine-vuln-1847481421
Good Luck to the Judge Who Sealed a Ballot Machine Vulnerability Report in Georgia
Facing a quintessential damned-if-I-do-damned-if-I-don’t scenario, a federal judge in Georgia has sealed a 25,000-word report said to outline vulnerabilities in the state’s ballot-marking machines. The decision was seemingly made out of fear that the contents would add fuel to rampant conspiracy theories surrounding the 2020 election; a topic which is not even broached by its author.
The Daily Beast, reporting the judge’s decision early Friday, said the report by J. Alex Halderman, a computer science professor at the University of Michigan, outlines specific vulnerabilities that, to quote the professor, “allow attackers to change votes despite the state’s purported defenses.”
In a signed declaration, Halderman said he’d discovered “multiple severe security flaws” that could be exploited using malware, either with temporary physical access to the machine or by injecting it remotely via election management systems.
Everyone is keeping score…
https://www.makeuseof.com/biggest-ransomware-attacks-2021/
The 5 Biggest Ransomware Attacks of 2021 (So Far!)
2021 has seen many major ransomware attacks involving hefty ransom payments, leaked data, and major disruptions.
If you like my resume enough to offer me a job, why wouldn’t one of you competitors do the same?
These People Who Work From Home Have a Secret: They Have Two Jobs
When the pandemic freed employees from having to report to the office, some saw an opportunity to double their salary on the sly. Why be good at one job, they thought, when they could be mediocre at two?
… Alone in their home offices, they toggle between two laptops. They play “Tetris” with their calendars, trying to dodge endless meetings. Sometimes they log on to two meetings at once. They use paid time off —in some cases, unlimited —to juggle the occasional big project or ramp up at a new gig. Many say they don’t work more than 40 hours a week for both jobs combined. They don’t apologize for taking advantage of a system they feel has taken advantage of them.
This is rather depressing… Why would they not fix the security hole that allowed the attack? Granted, those who do not learn from history are doomed to repeat it, but this is like not learning from touching a hot stove...
Half of Organizations Suffered Attacks From Repeat Hackers While Most Failed To Utilize Their Threat Hunting Teams
A report by Ponemon Institute and commissioned by Team Cymru found that half of the organizations surveyed experienced disruptive cyber attacks from repeat sophisticated threat actors, the majority of whose exploits were unresolved.
… More than half of the organizations in North America (NA) experienced recurring attacks from a previous threat actor compared to 49% in Latin America (LATAM), 51% in the United Kingdom (UK), and 46% in Europe.
Half of the respondents said that the attack was because of the inability to defend against the same threat actor. An even higher number (61%) said they did not remediate a previous compromise by the same threat actor, leaving their organizations vulnerable to subsequent attacks.
(Related) Fool me twice, shame on me!
https://threatpost.com/solarwinds-financial-crisis-podcast/168677/
SolarWinds 2.0 Could Ignite Financial Crisis – Podcast
That’s what NY State suggests could happen, given the utter lack of cybersec protection at many private equity & hedge fund firms. Can AI help avert it?
… “This incident confirms that the next great financial crisis could come from a cyberattack,” superintendent of financial services Linda A. Lacewell said in a press release following the DFS’ investigation of New York’s financial services industry’s response to the supply-chain attack. “Seeing hackers get access to thousands of organizations in one stroke underscores that cyberattacks threaten not just individual companies but also the stability of the financial industry as a whole.”
We’re not talking about banks. As a whole, banking cybersecurity has been tight for a long time. Rather, the slice of the finance industry that causes experts to lose sleep over is the asset management industry: All the private equity and hedge fund firms that control trillions of dollars of notional value. It’s an enormous part of the economy that’s all too often guarded by little more than duct tape and prayers.
“A large majority don’t even have dedicated cybersecurity staff,” lamented Bart McDonough, CEO and founder of Agio, a hybrid managed IT and cybersecurity services provider specializing in the financial services, healthcare and payments industries. “You’re talking about all these organizations that manage a tremendous amount of money that don’t have dedicated staff.”
They have a point.
https://www.fastcompany.com/90664693/privacy-laws-fatal-flaw
Privacy laws are useless when everyone wants to be surveilled
Welcome to the world of opt-in surveillance, where people are happy to trade their data for a coffee.
Around the world, concern is growing about the implications of digital surveillance. Widespread tracking of users by apps, the treatment of data by internet giants, and covert government activity have produced a groundswell in support for strengthening online privacy rights. This has led to some apparent legislative victories for the cause—such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the U.S. In some cases, increased scrutiny of digital privacy practices even seems to be turning the tide of our surveillance economy.
Despite this surge in support for privacy, we’re looking at a situation where routine surveillance of citizens will continue to become normalized—not through coercion, but through convenience. There’s been much fanfare around supposedly privacy-protecting laws like GDPR. But what good are they if people voluntarily surrender their data anyway?
Perhaps this explains Donald Trump?
https://news.yale.edu/2021/08/13/likes-and-shares-teach-people-express-more-outrage-online
‘Likes’ and ‘shares’ teach people to express more outrage online
Social media platforms like Twitter amplify expressions of moral outrage over time because users learn such language gets rewarded with an increased number of “likes” and “shares,” a new Yale University study shows.
And these rewards had the greatest influence on users connected with politically moderate networks.
“Social media’s incentives are changing the tone of our political conversations online,” said Yale’s William Brady, a postdoctoral researcher in the Yale Department of Psychology and first author of the study. He led the research with Molly Crockett, an associate professor of psychology at Yale.
The Yale team measured the expression of moral outrage on Twitter during real life controversial events and studied the behaviors of subjects in controlled experiments designed to test whether social media’s algorithms, which reward users for posting popular content, encourage outrage expressions.
“This is the first evidence that some people learn to express more outrage over time because they are rewarded by the basic design of social media,” Brady said.
The study was published Aug. 13 in the journal Science Advances. https://advances.sciencemag.org/content/7/33/eabe5641
To know AI is to fear it? More likely, know what could go wrong.
https://venturebeat.com/2021/08/13/why-ai-ethics-needs-to-address-ai-literacy-not-just-bias/
Why AI ethics needs to address AI literacy, not just bias
When you hear about AI ethics, it’s mostly about bias. But Noelle Silver, a winner of VentureBeat’s Women in AI responsibility and ethics award, has dedicated herself to an often overlooked part of the responsible AI equation: AI literacy.
… After presenting to one too many boardrooms that could only see the good in AI, Silver started to see this lack of knowledge and ability to ask the important questions as a danger. Now, she’s a consistent champion for public understanding of AI, and has also established several initiatives supporting women and underrepresented communities.
We recently caught up with her to chat more about the inspiration for her work, the misconceptions about responsible AI, and how enterprises can make sure AI ethics is more than a box to check.
Nothing earthshaking.
Four Policies that Government Can Pursue to Advance Trustworthy AI
… A recent report from the U.S. Chamber Technology Center (C_TEC) and the Deloitte AI Institutes highlights the proper role of the federal government in facilitating trustworthy AI and the importance of sound public policies to mitigate risks posed by AI and accelerate its benefits. Based on a survey of business leaders across economic sectors focused on AI, the report examines perceptions of the risks and benefits of AI and outlines a trustworthy AI policy agenda.
No comments:
Post a Comment