Saturday, October 23, 2021

Computer Security just got more interesting.

https://www.cpomagazine.com/cyber-security/dhs-secretary-killware-malware-designed-to-do-real-world-harm-poised-to-be-worlds-next-breakout-cybersecurity-threat/

DHS Secretary: “Killware,” Malware Designed To Do Real-World Harm, Poised To Be World’s Next Breakout Cybersecurity Threat

Ransomware is the current king of the cybersecurity threat landscape, in part because of a demonstrated willingness by criminal groups to escalate to real-world damage to infrastructure. U.S. Department of Homeland Security Secretary Alejandro Mayorkas thinks that things are poised to go a step further in that direction in the very near future.

Referencing recent attacks on water treatment plants and hospitals, Mayorkas told USA Today that “killware” made to intentionally cause death is the next breakout cybersecurity threat. Research from Gartner backs up his speculation; the firm projects that within the next four years, threat actors will be weaponizing operational environments to harm and kill people.



Here we go again?

https://www.businessinsider.com/harvard-freshman-facetag-stokes-facial-recognition-debate-tiktok-mark-zuckerberg-2021-10

A Harvard freshman made a social networking app called 'The FaceTag.' It's sparked a debate about the ethics of facial recognition.

Harvard freshman Yuen Ler Chow created an app in his dorm room that lets students sign up, scan the face of another user, and exchange contact information like phone numbers and Instagram handles. Right now, it's only available at Harvard. Chow calls it, "The FaceTag."

When a person first makes a FaceTag profile, the app scans their face and extracts points and measurements. That information is saved, Chow said, but not the image itself. If you scan the face of someone who hasn't signed up for The FaceTag, it won't work. But if they are signed up, too, the app will make a match.



I’m shocked! Shocked I tell you!”

https://www.pogowasright.org/a-look-at-what-isps-know-about-you-examining-the-privacy-practices-of-six-major-internet-service-providers/

A Look at What ISPs Know About You: Examining the Privacy Practices of Six Major Internet Service Providers

Many internet service providers (ISPs) collect and share far more data about their customers than many consumers may expect—including access to all of their Internet traffic and real-time location data—while failing to offer consumers meaningful choices about how this data can be used, according to an FTC staff report on ISPs’ data collection and use practices.
The staff report, which details the expanding scope and some troubling aspects of some ISP data collection practices, stems from orders the FTC issued in 2019 using its authority under 6(b) of the FTC Act to six internet service providers, which make up about 98 percent of the mobile Internet market:
    • AT&T Mobility LLC;
    • Cellco Partnership, which does business as Verizon Wireless;
    • Charter Communications Operating LLC;
    • Comcast Cable Communications, which does business as Xfinity;
    • T-Mobile US Inc.; and
    • Google Fiber Inc.
The FTC also issued orders to three advertising entities affiliated with these ISPs: AT&T’s Appnexus Inc., rebranded as Xandr; Verizon’s Verizon Online LLC; and Oath Americas Inc., rebranded as Verizon Media. The FTC sought information on their data collection and use practices, as well as any tools provided to consumers to control these practices.
As noted in the report, these companies have evolved into technology giants who offer not just internet services but also provide a range of other services including voice, content, smart devices, advertising, and analytics—which has increased the volume of information they are capable of collecting about their customers. The report identified several troubling data collection practices among several of the ISPs, including that they combine data across product lines; combine personal, app usage, and web browsing data to target ads; place consumers into sensitive categories such as by race and sexual orientation; and share real-time location data with third-parties.
At the same time, the report found the privacy protections many of the companies offer raised several concerns. Even though several of the ISPs promise not to sell consumers personal data, they allow it to be used, transferred, and monetized by others and hide disclosures about such practices in fine print of their privacy policies. For example, several news outlets noted that subscribers’ real-time location data shared with third-party customers was being accessed by car salesmen, property managers, bail bondsmen, bounty hunters, and others without reasonable protections or consumers’ knowledge and consent, according to the report.
Many of the ISPs also claim to offer consumers choices about how their data is used and allow them to access such data. The FTC found, however, that many of these companies often make it difficult for consumers to exercise such choices and sometimes even nudge them to share even more information. In addition, while several of the ISPs promise to only keep the data for as long as needed for business purposes, the definition of what constitutes a “business purpose” varies widely among the companies.
The report concludes that many of the ISPs’ data collection and use practices mirror problems identified in other industries and underscore the importance of restricting data collection and use.
The Commission voted 4-0 to approve and issue the report. Staff presented findings from the report at Wednesday’s open virtual Commission meeting. Chair Lina M. Khan issued a separate statement on the report.

Source: FTC

Related: Text of the FTC Staff Report (4.86 MB)



How a simple failure creates a FERPA kerfuffle.

https://www.databreaches.net/ohio-state-university-email-gaffe-creates-a-ferpa-breach/

Ohio State University email gaffe creates a FERPA breach

An email gaffe due to not using bcc: instead of cc: or TO: revealed almost 400 Ohio State University students’ disability status to other students. Read the story on The Lantern.

Note that this is a FERPA issue, and there really is no requirement for breach notification to those impacted, but the unintended disclosure needs to be noted in their education records/file.



Is ‘ethical AI’ useful in a war?

https://www.nato.int/cps/en/natohq/news_187934.htm

NATO releases first-ever strategy for Artificial Intelligence

On Thursday (21 October 2021), NATO Defence Ministers agreed to NATO’s first-ever strategy for Artificial Intelligence (AI).

A summary of the strategy is available here.

The strategy outlines how AI can be applied to defence and security in a protected and ethical way. As such, it sets standards of responsible use of AI technologies, in accordance with international law and NATO’s values. It also addresses the threats posed by the use of AI by adversaries and how to establish trusted cooperation with the innovation community on AI.



Who will be the first to use?

https://news.usni.org/2021/10/22/report-to-congress-on-emerging-military-technologies-3

Report to Congress on Emerging Military Technologies

Members of Congress and Pentagon officials are increasingly focused on developing emerging military technologies to enhance U.S. national security and keep pace with U.S. competitors. The U.S. military has long relied upon technological superiority to ensure its dominance in conflict and to underwrite U.S. national security. In recent years, however, technology has both rapidly evolved and rapidly proliferated—largely as a result of advances in the commercial sector. As former Secretary of Defense Chuck Hagel observed, this development has threatened to erode the United States’ traditional sources of military advantage.

Download the document here.


(Related)

https://www.axios.com/ai-future-united-states-military-9ea3766b-e415-4fb6-adf0-5366a79b58db.html

How AI is rising up the ranks of the military

The National Counterintelligence and Security Center said in a new paper published Friday that China and Russia are using legal and illegal methods to undermine and overtake U.S. dominance in critical industries including AI and autonomous systems



Another example of “the rules don’t apply to me.” Neither does reality.

https://www.theverge.com/2021/10/22/22740354/trump-truth-social-network-spac-mastodon-license-software-freedom-conservancy?scrolla=5eb6d68b7fedc32c19ef33b4

Trump’s social network has 30 days to stop breaking the rules of its software license

The Software Freedom Conservancy (SFC) says former President Donald Trump’s new social network violated a free and open-source software licensing agreement by ripping off decentralized social network Mastodon. The Trump Media and Technology Group (TMTG) has 30 days to comply with the terms of the license before its access is terminated — forcing it to rebuild the platform or face legal action.

TMTG launched a special purpose acquisition company fundraising effort yesterday with promises to build a sweeping media empire. Its only product so far is a social network called Truth Social that appears strongly to be forked from Mastodon. While anyone can freely reuse Mastodon’s code (and groups like right-wing social network Gab have already done so ), they still have to comply with the Affero General Public License (or AGPLv3) that governs that code, and its conditions include offering their own source code to all users.

Truth Social doesn’t comply with that license and, in fact, refers to its service as “proprietary.” Its developers apparently attempted to scrub references that would make the Mastodon connection clear — at one point listing a “sighting” of the Mastodon logo as a bug — but included direct references to Mastodon in the site’s underlying HTML alongside obvious visual similarities.


No comments: