Saturday, August 21, 2021

Claims like this one are really scary for CSOs and other senior management. If none of your security systems detected a breach, how can you check when someone claims to have breached you? Is it worse to deny now and find out later that there was a breach?

https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/

AT&T denies data breach after hacker auctions 70 million user database

AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.

The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million.

ShinyHunters is a well-known threat actor with a long history of compromising websites and developer repositories to steal credentials or API keys. This authentication is then used to steal databases, which they then sell directly to other threat actors or utilize a middle-man data breach seller.



(Related)

https://www.databreaches.net/us-t-mobile-breach-hits-53-million-customers-as-probe-finds-wider-impact/

US T-Mobile breach hits 53 million customers as probe finds wider impact

Reuters reports:

T-Mobile US Inc said on Friday, August 20, an ongoing investigation into a data breach revealed that hackers accessed personal information of an additional 5.3 million customers, bringing the total number of people affected to more than 53 million.
The third largest US wireless carrier had earlier this week said that personal data of more than 40 million former and prospective customers was stolen along with data from 7.8 million existing T-Mobile wireless customers.

Read more on Rappler.

Will there be another update revealing even more impacted? When was the last time we saw, “On further investigation, we found that it was 5.3 million fewer customers than we originally thought?”





Is it surveillance if this is how you apply for a loan?

https://www.extremetech.com/internet/326088-should-your-web-history-impact-your-credit-score-the-imf-thinks-so

Should Your Web History Impact Your Credit Score? The IMF Thinks So

A group of researchers has published a blog post at the International Monetary Fund’s website in which they call for a significant shift in how credit scores are assessed. Instead of being based on traditional metrics, the group believes banks should begin incorporating additional information, including your browser history.

The rise of fintech services and cryptocurrencies have changed modern banking in a number of ways, and banks face an increasing number of challenges as various third-party payment processors interpose themselves between financial institutions and their traditional customers. The credit scoring systems used broadly in the US and Europe are based on so-called “hard” information — bill payments, pay stubs, and how much of your current credit limit you are tapping.

The researchers point out that so-called “hard” credit scores have two significant problems. First, banks tend to reduce credit availability during a downturn, which is when people most need help. Second, it can be difficult for companies and individuals without credit histories to begin creating one. There’s a bit of a catch-22 in the system, in that what you need to persuade an institution to loan you money is a credit history you don’t have because no one will loan you money.

However much the authors of this paper know about banking systems and finance, they’re clearly not up to date on the latest in AI research. This is a bad idea in general, but it’s a really terrible idea right now.





Correcting “Oops!”

https://arstechnica.com/information-technology/2021/08/now-that-machines-can-learn-can-they-unlearn/

Now that machines can learn, can they unlearn?

Companies of all kinds use machine learning to analyze people’s desires, dislikes, or faces. Some researchers are now asking a different question: How can we make machines forget?

A nascent area of computer science dubbed machine unlearning seeks ways to induce selective amnesia in artificial intelligence software. The goal is to remove all trace of a particular person or data point from a machine learning system, without affecting its performance.

once trained, a machine-learning system is not easily altered, or even understood. The conventional way to remove the influence of a particular data point is to rebuild a system from the beginning, a potentially costly exercise. “This research aims to find some middle ground,” says Aaron Roth, a professor at the University of Pennsylvania who is working on machine unlearning. “Can we remove all influence of someone’s data when they ask to delete it, but avoid the full cost of retraining from scratch?”





Perspective.

https://www.trendmicro.com/en_us/research/21/h/level-4-autonomous-cars-allowed-on-german-roads.html

Level 4 Autonomous Cars Allowed on German Roads

Autonomous vehicles and driverless busses are set to make their debut on German public roads after lawmakers approved a new law on autonomous driving. The law intends to bring autonomous vehicles at the Society of Automotive Engineers (SAE) Level 4 into regular operation as early 2022.

SAE’s Level 4 of driving automation means autonomous vehicles do not require human interaction in their operations—vehicles are programmed to intervene in the event of a system failure. Level 4 technology is typically for use in driverless public vehicles, such as taxis and busses. They have set travel points and are restricted to specific boundaries.



Friday, August 20, 2021

Have you been near a crime scene at the time the crime occurred? Were you smart enough to use someone else’s smartphone?

https://www.bespacific.com/google-says-geofence-warrants-make-up-one-quarter-of-all-us-demands/

Google says geofence warrants make up one-quarter of all US demands

TechCrunch: “For the first time, Google has published the number of geofence warrants it’s historically received from U.S. authorities, providing a rare glimpse into how frequently these controversial warrants are issued. The figures, published Thursday [August 19, 2021], reveal that Google has received thousands of geofence warrants each quarter since 2018, and at times accounted for about one-quarter of all U.S. warrants that Google receives. The data shows that the vast majority of geofence warrants are obtained by local and state authorities, with federal law enforcement accounting for just 4% of all geofence warrants served on the technology giant. According to the data, Google received 982 geofence warrants in 2018, 8,396 in 2019 and 11,554 in 2020. But the figures only provide a small glimpse into the volume of warrants received and did not break down how often it pushes back on overly broad requests. When reached, Google spokesperson Alex Krasov said in a statement: “We vigorously protect the privacy of our users while supporting the important work of law enforcement. We developed a process specifically for these requests that is designed to honor our legal obligations while narrowing the scope of data disclosed.” Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project (STOP), which led efforts by dozens of civil rights groups to lobby for the release of these numbers, commended Google for releasing the numbers. “Geofence warrants are unconstitutionally broad and invasive, and we look forward to the day they are outlawed completely.” said Cahn…”





Things seems to move faster when you don’t need to worry about politicians arguing…

https://www.reuters.com/world/china/china-passes-new-personal-data-privacy-law-take-effect-nov-1-2021-08-20/

China passes new personal data privacy law, to take effect Nov. 1

China's National People's Congress on Friday passed a law designed to protect online user data privacy and will implement the policy from Nov. 1, according to state media outlet Xinhua.

The law's passage completes another pillar in the country's efforts to regulate cyberspace and is expected to add more compliance requirements for companies in the country.

The law states that handling of personal information must have clear and reasonable purpose and shall be limited to the "minimum scope necessary to achieve the goals of handling" data.

… The Personal Information Protection Law, along with the Data Security Law, mark two major regulations set to govern China's internet in the future.

The Data Security law, to be implemented on Sept. 1, sets a framework for companies to classify data based on its economic value and relevance to China's national security.





Anti-social media?

https://www.nbcnews.com/tech/tech-news/facebook-unveils-tools-help-afghan-people-fearful-taliban-violence-rcna1725

Facebook unveils tools to help Afghan people fearful of Taliban violence

Facebook said Thursday it is rolling out new user controls for people in Afghanistan who are rushing to delete their digital footprints for fears that their phones or computers may be seized by the Taliban and reveal links to people from Western nations, international civil society groups, the Afghan military or the recently collapsed Afghan government.

WhatsApp, a popular messaging app in Afghanistan that the Taliban have used in recent days to spread the word of their siege of Kabul on Sunday, is also owned by Facebook.

Among the new security features Facebook has released for Afghan users is a one-click tool that allows people to quickly lock their accounts, which prevents people who aren’t already friends with the users from downloading their profile picture or seeing their posts, according to several posts on Twitter by Nathaniel Gleicher, the head of security at Facebook. On Instagram, which Facebook also owns, the company is offering new popup messages to alert users of ways to secure their accounts.





Perspective.

https://arxiv.org/abs/2108.07258

On the Opportunities and Risks of Foundation Models

AI is undergoing a paradigm shift with the rise of models (e.g., BERT, DALL-E, GPT-3) that are trained on broad data at scale and are adaptable to a wide range of downstream tasks. We call these models foundation models to underscore their critically central yet incomplete character. This report provides a thorough account of the opportunities and risks of foundation models, ranging from their capabilities (e.g., language, vision, robotics, reasoning, human interaction) and technical principles (e.g., model architectures, training procedures, data, systems, security, evaluation, theory) to their applications (e.g., law, healthcare, education) and societal impact (e.g., inequity, misuse, economic and environmental impact, legal and ethical considerations). Though foundation models are based on standard deep learning and transfer learning, their scale results in new emergent capabilities, and their effectiveness across so many tasks incentivizes homogenization. Homogenization provides powerful leverage but demands caution, as the defects of the foundation model are inherited by all the adapted models downstream. Despite the impending widespread deployment of foundation models, we currently lack a clear understanding of how they work, when they fail, and what they are even capable of due to their emergent properties. To tackle these questions, we believe much of the critical research on foundation models will require deep interdisciplinary collaboration commensurate with their fundamentally sociotechnical nature.





Perspective. You are too. Am not. Are too. Am not.

https://www.theverge.com/2021/8/19/22627032/ftc-facebook-amended-antitrust-complaint-monopoly-instagram-whatsapp?scrolla=5eb6d68b7fedc32c19ef33b4

FTC says Facebook has been a monopoly ‘since at least 2011’ in amended antitrust complaint

FTC chair Lina Khan will not recuse herself from the case

The Federal Trade Commission has filed an amended antitrust complaint against Facebook, alleging that the company violated federal antitrust laws with its acquisition of Instagram and WhatsApp. The new complaint is a more detailed version of a charge dismissed by the court in June for insufficient evidence.

Facebook has today, and has maintained since 2011, a dominant share of the relevant market for US personal social networking services,” the complaint alleges, citing time spent and active-user metrics on the daily and monthly scale. “Individually and collectively, these metrics provide significant evidence of Facebook’s durable monopoly power in social networking services.”

Facebook has until October 4th to issue a legal response to the complaint. In a post on Twitter, Facebook’s corporate account called the FTC’s latest complaint “meritless,” writing, “There was no valid claim that Facebook was a monopolist — and that has not changed.”





Tech tools for teaching.

https://www.freetech4teachers.com/2021/08/the-2021-22-practical-ed-tech-handbook.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+freetech4teachers/cGEY+(Free+Technology+for+Teachers)

The 2021-22 Practical Ed Tech Handbook

Earlier this week subscribers to my Practical Ed Tech Newsletter received their free copies of the 2021-22 edition of The Practical Ed Tech Handbook. It's a 75 page PDF that features my favorite tools, tips, and strategies for using a wide variety of educational technology tools in your classroom. If you're not subscribed to my newsletter, you can now get your copy of The Practical Ed Tech Handbook right here.



Thursday, August 19, 2021

Don’t say yes without thinking like a hacker…

https://www.cpomagazine.com/cyber-security/is-your-business-prepared-to-stop-a-ransomware-attack/

Is Your Business Prepared to Stop a Ransomware Attack?

Ransomware has become so prevalent that no industry is immune, including public sector organizations such as school districts and police forces. When cybercriminals are actively targeting the police, it’s pretty clear just how widespread the problem is.

So, why is ransomware so prevalent, other than the fact that it’s obviously making a lot of cybercriminals rich? For starters, it’s not just individual actors committing crimes. We’re now seeing well-organized syndicates and state actors getting into the mix. In some ways, ransomware has become an actual cottage industry of sorts.

Secondly, the nature of the workplace has changed so much in the pandemic era that it’s left businesses extremely vulnerable:



(Related) Another shift in method.

https://www.cpomagazine.com/cyber-security/accenture-downplays-the-lockbit-ransomware-attack-that-reportedly-encrypted-2500-computers-leaking-6-terabytes-of-data/

Accenture Downplays the LockBit Ransomware Attack That Reportedly Encrypted 2,500 Computers, Leaking 6 Terabytes of Data

The group was also actively recruiting corporate insiders to facilitate its ransomware attacks in exchange for millions of dollars. The ransomware gang also sought partners to provide Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) exploits for initial access and Cobalt Strike and Metasploit for threat emulation.





Perhaps another salary increase?

https://www.csoonline.com/article/3629460/7-key-data-points-on-the-cybersecurity-skills-shortage.html#tk.rss_all

7 key data points on the cybersecurity skills shortage

I am proud to say that the annual Life and Times of Cybersecurity Professionals report from ESG and ISSA is now available for free download.

As part of the research for this report, we always ask cybersecurity professionals several questions about the global cybersecurity skills shortage. Is it real? Are things improving or getting worse? Is your organization impacted and, if so, how?





Of course, we’ll only use it for background checks…

https://www.bespacific.com/background-check-agency-wants-a-social-media-search-tool/

Background Check Agency Wants a Social Media Search Tool

Nextgov: “The Defense Counterintelligence and Security Agency wants a tool to automatically cull social media and other public websites to create a searchable database of posts, actions and interactions that can be used in insider threat investigations. Along with conducting background investigations for all of government, DCSA also manages the insider threat program for the Defense Department. The DOD Threat Management and Analysis Center, or DITMAC, “provides an enterprisewide capability to identify, assess, and mitigate risk from insiders; to oversee and manage unauthorized disclosures; and to integrate, manage, mature, and professionalize insider-threat capabilities… The tool must meet seven specific criteria to be considered…”



(Related) Connection?

https://www.bespacific.com/amateur-investigators-provide-evidence-identifying-jan-6-rioters/

Amateur Investigators Provide Evidence Identifying Jan 6 Rioters

NPR: “As rioters made their way through the U.S. Capitol on Jan. 6, many of them livestreamed their actions and posted photos and videos on social media. That steady stream of content created an enormous record of evidence that law enforcement needed to sift through to build cases against the accused. Now, more than 575 federal criminal complaints have been filed, and a striking pattern has emerged: Time and time again, the FBI is relying on crowdsourced tips from an ad hoc community of amateur investigators sifting through that pile of content for clues. These informal communities go by a number of names: Some go by the moniker Sedition Hunters. Others call themselves Deep State Dogs. Together, they amount to hundreds of people who since Jan. 6 have dedicated themselves to helping law enforcement track down suspects. Their cumulative work represents what is likely the largest spontaneous, open source information collection and analysis effort ever conducted by volunteers to assist law enforcement. Sedition Hunters are mentioned by name in at least 13 cases, other complaints reference specific social media handles of volunteers, and still more refer to evidence voluntarily submitted by tipsters — many of whom do not seem to know the accused — citing information on public platforms such as Facebook, Twitter, YouTube or Parler…”





Perspective.

https://www.pewresearch.org/fact-tank/2021/08/18/more-americans-now-say-government-should-take-steps-to-restrict-false-information-online-than-in-2018/

More Americans now say government should take steps to restrict false information online than in 2018

Amid rising concerns over misinformation online – including surrounding the COVID-19 pandemic, especially vaccines – Americans are now a bit more open to the idea of the U.S. government taking steps to restrict false information online. And a majority of the public continues to favor technology companies taking such action, according to a new Pew Research Center survey.

Roughly half of U.S. adults (48%) now say the government should take steps to restrict false information, even if it means losing some freedom to access and publish content, according to the survey of 11,178 adults conducted July 26-Aug. 8, 2021.

… When it comes to whether technology companies should take steps to address misinformation online, more are in agreement. A majority of adults (59%) continue to say technology companies should take steps to restrict misinformation online, even if it puts some restrictions on Americans’ ability to access and publish content.





Tools & Techniques.

https://www.makeuseof.com/transfer-files-to-kindle-via-email/

How to Quickly Transfer Files to Your Kindle via Email

… If you have a document that you want to read through your Kindle but don’t know how to send it to your device, you can send it through email. You’re likely to receive your document in an instant or after a few minutes. However, Amazon said that it could take up to 60 days to deliver your document.



Wednesday, August 18, 2021

Run this by your lawyers.

https://www.csoonline.com/article/3628339/7-steps-to-protect-against-ransomware-related-lawsuits.html#tk.rss_all

7 steps to protect against ransomware-related lawsuits

International ransomware gangs aren't the only people after your enterprise's money. Long after a ransomware attack fades into gloomy history, your organization could face another potentially devastating financial threat: lawyers filing action lawsuits on behalf of clients who may have lost confidential personal or business information to the attackers.





Are all communication tools in violation?

https://www.theregister.com/2021/08/17/zoom_incompatible_with_gdpr_hamburg_warning/

Zoom incompatible with GDPR, claims data protection watchdog for the German city of Hamburg

The acting Hamburg Commissioner for Data Protection and Freedom of Information has officially warned the city's Senate Chancellery not to use the on-demand version of Zoom's videoconferencing software.

Referring to the European Court of Justice Schrems II decision of July 2020, Ulrich Kühn claimed the software violates the EU General Data Protection Directive (GDPR) as "such use is associated with the transmission of personal data to the US."

Neil Brown, director at tech-savvy virtual English law firm decoded.legal, told The Register he interpreted the "somewhat oblique" press release to mean the Hamburg DPA considers that Zoom "does not ensure a level of protection for personal data which is 'essentially equivalent' to that afforded by the GDPR."





A cautionary tale.

https://interestingengineering.com/how-algorithms-are-changing-justice

AI Could Send You to Jail: How Algorithms Are Changing Justice

Forensic AI is shrouded in the trade secrets of the companies who make it. Some want to change that.





Is dry cleaning a viable alternative to brain washing?

https://www.bespacific.com/bad-news-selling-the-story-of-disinformation/

Bad News – Selling the story of disinformation

Harper’s – “…The Commission on Information Disorder is the latest (and most creepily named) addition to a new field of knowledge production that emerged during the Trump years at the juncture of media, academia, and policy research: Big Disinfo. A kind of EPA for content, it seeks to expose the spread of various sorts of “toxicity” on social-media platforms, the downstream effects of this spread, and the platforms’ clumsy, dishonest, and half-hearted attempts to halt it. As an environmental cleanup project, it presumes a harm model of content consumption. Just as, say, smoking causes cancer, consuming bad information must cause changes in belief or behavior that are bad, by some standard. Otherwise, why care what people read and watch?





Perspective.

https://www.fastcompany.com/90666477/facial-recognition-misunderstanding

The great misunderstanding at the core of facial recognition

In this essay, however, I examine how the technology of facial recognition is intertwined with other types of social and political recognition, as well as highlight how technologists’ efforts to “diversify” and “de-bias” facial recognition may actually exacerbate the discriminatory effects that they seek to resolve. Within the field of computer vision, the problem of biased facial recognition has been interpreted as a call to build more inclusive datasets and models. I argue that instead, researchers should critically interrogate what can’t or shouldn’t be recognized by computer vision.

Ultimately, any computer-vision project is based on the premise that a person’s outsides can tell us something definitive about their insides. These are systems based solely on appearance, rather than identity, solidarity, or belonging. And while facial recognition may seem futuristic, the technology is fundamentally backward-looking, since its functioning depends on images of past selves and outmoded ways of classifying people. Looking forward, instead of asking how to make facial recognition better, perhaps the question should be: how do we want to be recognized?





A resource.

https://www.i-programmer.info/news/150-training-a-education/14802-microsofts-machine-learning-for-beginners.html

Microsoft's Machine Learning for Beginners

A free, self-paced online course about Machine Learning is on offer from Microsoft's Azure Cloud Advocates. Its 24-lesson curriculum, expected to take 12-weeks to complete is targeted at those new to Machine Learning.



(Related) Another resource.

https://www.theregister.com/2021/08/18/mcubed_webcast_series_ep_one/

Free machine-learning lessons from The Register – starting with Benford’s distribution

Tune in on the first Thursday of every month to learn about algorithms, tools, and services from field experts

In our new, free MCubed webcast series, we’ll bring you up to speed with the latest ML development-related tools, libraries, and cloud service news, before jumping into hand-selected expert talks. Through those, practitioners will help you freshen up on the basics, share serviceable advice from their day to day work, and provide insight into the issues they’re trying to solve.

The goal of every session is to have you walk away with some nuggets of knowledge useful enough to enhance your daily machine-learning practice. Professor Mark Whitehorn will kick off the new format on September 2, 2021 at 11am BST with an introduction to Benford’s distribution.

We’re looking forward to seeing you on September 2: Sign up here and we will remind you on the day.





Tools for the smartphone addict?

https://www.makeuseof.com/beginners-guide-lapdocks-how-to-use-your-phone-as-a-laptop/

A Beginner’s Guide to Lapdocks: How to Use Your Phone as a Laptop

With smartphones becoming increasingly powerful, why do we still lug around heavy laptops or additional hardware when our pocket devices perform the same functions as computers?

Enter the lapdock—a device you can use to transform your smartphone into a laptop. With a lapdock, you could eliminate the need for a traditional computer.

Read on to learn about lapdocks, including what they are, how to use them, and how they could replace your laptop.





Some tools & techniques that may be useful in other types of research?

https://www.bespacific.com/investigative-tactics-that-reporters-love/

Investigative Tactics That Reporters Love

Global Investigative Journalism Network: “Over the past year, I’ve had the opportunity to interview dozens of investigative journalists about their favorite tools and techniques. In a series of stories, their tips have shown our global audience of reporters that there are scores of muckraking tactics that can help their reporting, and that effective digital tools constantly emerge that can help them dig. But again and again, these top muckrakers point to roughly two dozen techniques that assist in almost all of their investigations, and consistently impress with their effectiveness. Most of these require no cost or computer science skills, and some involve the simplest adjustments to allow investigators to access tough sources or find elusive evidence. In part two of this piece next week, I’ll list the dozen tools that have emerged as common favorites for many reporters. But here, in part one, I list the dozen tactics and approaches that leading investigative journalists commonly rave about…”



Tuesday, August 17, 2021

Is the US treasury ready? Would Wall Street panic?

https://www.databreaches.net/brazilian-national-treasury-hit-with-ransomware-attack/

Brazilian National Treasury hit with ransomware attack

Angelica Mari reports:

The Brazilian government has released a note stating the National Treasury has been hit with a ransomware attack on Friday (13).
According to a statement from the Ministry of Economy, initial measures to contain the impact of the cyberattack were immediately taken. The first assessments so far have found there was no damage to the structuring systems of the National Treasury, such as the platforms relating to public debt administration.

Read more on ZDNet.



(Related) This is the Department charged with securing the Treasury…

https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/

Secret terrorist watchlist with 2 million records exposed online

A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.

The list was left accessible on an Elasticsearch cluster that had no password on it.

The researcher discovered the exposed database on July 19th, interestingly, on a server with a Bahrain IP address, not a US one.

However, the same day, he rushed to report the data leak to the U.S. Department of Homeland Security (DHS).

"I discovered the exposed data on the same day and reported it to the DHS."

"The exposed server was taken down about three weeks later, on August 9, 2021."





A California law, gleefully followed by British e-news…

https://www.theregister.com/2021/08/17/ccpa_blackbaud/

Blackbaud – firm that paid off crooks after 2020 ransomware attack – fails to get California privacy law claim dropped

A judge in South Carolina has struck out a number of claims in a consolidated class-action suit alleging cloud CRM provider Blackbaud didn't do enough to prevent a 2020 ransomware attack, but allegations under California's Consumer Privacy Act (CCPA) will move forward.

Blackbaud, a cloud software provider that sells CRM systems for fundraising and communications to charities and educational institutions, admitted last year that it had paid off a ransomware attacker that hit its servers with file-encrypting software in May.

It said at the time: "The cybercriminal did not access credit card information, bank account information, or social security numbers."

However, in a September 2020 US stock market 8-K filing [PDF ], Blackbaud said the ransomware infection had potentially resulted in miscreants making off with banking details.

According to an order filed last week by the judge hearing the consolidated class-action case in the district of Columbia, South Carolina, the complainants allege the CRM firm "failed to comply with industry and regulatory standards by neglecting to implement security measures to mitigate the risk of unauthorized access, utilizing outdated servers, storing obsolete data, and maintaining unencrypted data fields."

The case – which deals with more than 15 lawsuits by 34 plaintiffs across 20 states – was consolidated into a single complaint in April by the Judicial Panel on Multidistrict Litigation.

US district judge J Michelle Childs said in a 33-page ruling [PDF ] that "Blackbaud's alleged registration as a 'data broker' suggests that it is also a 'business' under the CCPA." The firm had previously argued it did not qualify as a "business" regulated by the CCPA,

The CCPA claim, if successful, could net statutory damages of up to $750 per violation for the California plaintiffs.





Potential hacking tools for self-driving vehicles?

https://www.unite.ai/optical-adversarial-attack-can-change-the-meaning-of-road-signs/

Optical Adversarial Attack Can Change the Meaning of Road Signs

Researchers in the US have developed an adversarial attack against the ability of machine learning systems to correctly interpret what they see – including mission-critical items such as road signs – by shining patterned light onto real world objects. In one experiment, the approach succeeded in causing the meaning of a ‘STOP’ roadside sign to be transformed into a ’30mph’ speed limit sign.





The opposite of one worldwide legal environment.

https://www.csoonline.com/article/3629389/data-sovereignty-laws-place-new-burdens-on-cisos.html#tk.rss_all

Data sovereignty laws place new burdens on CISOs

More than 100 countries now require data on their citizens be stored or processed within their boundaries, presenting new data protection challenges.

Oracle describes how “the exponential growth of data crossing borders and public cloud regions [has seen], more than 100 countries now have passed regulations.” There is no one-size-fits-all set of rules and therein lays the conundrum for CISOs, especially those whose customer base or digital infrastructure crosses political boundaries.

In a paper published on August 3. Professor Susan Ariel Aaronson of George Washington University commented how under the guise of digital sovereignty, “governments are seeking to regulate commercial use of personal data without enacting clear rules governing public sector use of data.”

In a 2020 “ideas paper,” the EU described digital sovereignty as “Europe's ability to act independently in the digital world and should be understood in terms of both protective mechanisms and offensive tools to foster digital innovation (including in cooperation with non-EU companies).”





I’m sure the FBI is upset, because this is also true for domestic terrorists and the political party in opposition to President Biden.

https://www.vice.com/en/article/93yvy5/whatsapp-says-its-not-banning-the-taliban-because-it-cant-read-their-texts

WhatsApp Can't Ban the Taliban Because It Can't Read Their Texts

As it quickly took control of the county, the Taliban used Facebook-owned chat app WhatsApp to spread its message and gain favor among local citizens, according to news reports as well as Afghan citizens and observers on the ground,

A WhatsApp spokesperson declined to answer a series of specific questions about WhatsApp's role and response to the Taliban using its platform.

The company spokesperson said that WhatsApp complies with U.S. sanctions law, so if it encounters any sanctioned people or organizations using the app, it will take action, including banning the accounts. This obviously depends on identifying who uses WhatsApp, without having access to any of the messages sent through the platform, given that the app uses end-to-end encryption. This would explain why WhatsApp hasn’t taken action against some account spreading the Taliban’s message in Afghanistan.





Perspective.

https://mindmatters.ai/2021/08/whats-behind-chinas-crackdown-on-big-tech/

WHAT’S BEHIND CHINA’S CRACKDOWN ON BIG TECH?

In a previous article I looked at Chinese regulators’ crackdown on Didi Global, China’s ride-hailing service. Didi is one of several Chinese tech giants that have been tamed in the past nine months. Prior to Didi, Ant Group, Tencent, Meituan, and Pinduoduo were all quelled by regulators. After Didi, regulators targeted Full Truck Alliance and Kanzhun. They recently shut down online for-profit tutoring and have banned mining cryptocurrencies in China.

Thus far, the Chinese government’s actions have resulted in almost $1 trillion net losses for the Chinese tech sector.

The two big questions are, Why now? and, relatedly, Who’s next?

SupChina has a well-organized explainer on China’s Big Tech Crackdown here.

Another helpful resource is this video from DW, “How China is tightening control of its tech companies”: https://www.youtube.com/watch?v=4l7m7OYO5Is



(Related)

https://www.scmp.com/tech/big-tech/article/3145249/didis-business-slows-break-neck-pace-site-probes-chinas-cybersecurity

Didi’s business slows from break-neck pace as on-site probes by China’s cybersecurity regulators gum up operations

The Chinese government’s unprecedented probes into Didi-Chuxing, also involving public security investigators, have gummed up business operations at the platform that dominated 90 per cent of the country’s ride-hailing industry, according to several employees.

Engineers and product managers at the Beijing company, whose smartphone apps were removed from Android and Apple app stores in early July, are now busy writing up patches to close what Chinese regulators called technical loopholes in Didi’s data management system, according to staff who spoke on condition of anonymity.

Investigators, who sequestered themselves into Didi’s head office in the Zhongguancun Software Park in the northwestern corner of the Chinese capital, have called mid-level staff in for hours of questioning, even on weekends and at short notice, employees said.





Tools & Techniques. It’s not just for stalkers…

https://www.makeuseof.com/chrome-extensions-finding-email-addresses/

The 7 Best Chrome Extensions for Finding Anyone’s Email Address