A
heads up! Privacy
Foundation Seminar – October 28th – 10:00 AM to 1:00 PM
Legal
Ethical and Privacy Issues in AI Contracting.
I
must discuss this with my Computer Security students. Their career
path is getting riskier. What happens when a DA asks for information
on a breach that didn’t happen?
https://www.csoonline.com/article/3676148/guilty-verdict-in-the-uber-breach-case-makes-personal-liability-real-for-cisos.html#tk.rss_all
Guilty
verdict in the Uber breach case makes personal liability real for
CISOs
The
conviction of Uber's former CSO could change the roles of top
security leaders and raises the level of personal risk in the wake of
a breach.
Yesterday,
a federal jury handed down a guilty verdict to Joe Sullivan, the
former CSO on charges of “obstruction of the proceedings of the
Federal Trade Commission and misprision of felony in connection with
the attempted cover-up of a 2016 hack at Uber” according to a
notice published by the Department of Justice (DOJ).
(Related)
https://www.databreaches.net/covering-up-cyber-breaches/
Covering
Up Cyber Breaches
I
was researching something and stumbled across a post in r/sysadmin
on
Reddit that begins:
I
wanted to make this post for a few months now because I know we all
have horror stories on this topic. It seems the only way to stop
this is to make sure more IT admins are aware of their reporting
requirements in regulated industry or nonregulated areas make sure
they a transparent procedure for notifying customers.
It
seems companies and tech vendors are being attacked with increased
sophistication and they are covering up or downplaying security
breaches with hippo sized lies with increased frequency. Its an open
secret amongst IT admins and security professionals but definitely
one of the ugliest things we have to deal with. I am currently in
the midst of a very nasty Hospital provider client separation because
they have been trying to avoid reporting a HIPAA breach with numerous
excuses that had no merit.
Read
more of the post and the replies to it on Reddit.
Would
this be an acceptable time to point out that HHS was sent a formal
whistleblower complaint in 2018 about a coverup that occurred in 2016
and they still have not closed the complaint with any enforcement
action? How can they not impose a severe monetary penalty on a
medical practice that knew it was hacked, saw evidence that the
hacker had exfiltrated patient data, and told the police that they
were the victims of a hack and extortion attempt — but never told
the patients? The only reason the patients were ever told anything —
years later — was because the hacker told DataBreaches the story of
the hack and provided this site with all of the patients’
information!
The
Reddit post shows that the problem of coverups is well-known and
continuing. Well, why shouldn’t it continue if HHS never takes
stern action when it is aware of a coverup?
Where
do we draw the line? Someone will cross it sometime, probably sooner
rather than later. Would NATO be obligated to respond in kind?
https://www.databreaches.net/albania-weighed-invoking-natos-article-5-over-iranian-cyberattack/
Albania
weighed invoking NATO’s Article 5 over Iranian cyberattack
Maggie
Miller reports:
Albania
was hit by cyberattacks earlier this year so debilitating that the
government considered invoking a NATO declaration that could have
pulled all member states into confrontation with Iran, Prime Minister
Edi Rama said.
It
would have been the first time a NATO member state used a cyberattack
to invoke Article Five — which treats an attack against one member
as an “attack against them all,” requiring
collective defense.
Read
more at Politico.
Make
the time
https://aleteia.org/2022/10/07/are-we-all-in-danger-from-ai/
Are
we all in danger from AI?
…
Understanding
AI, and especially delving into anthropological questions related to
this ongoing transformation, is the goal of “Masterclass
Homo Roboticus for Global Leaders,”
a free international online event to be held on October 21, 2022
(10am – 1pm EST, 2pm – 5pm GMT) at the initiative of the Vatican
Dicastery
for Culture and Education (formerly
the Pontifical Council for Culture) and the CTN
Foundation.
Among
the keynote speakers will be Jesuit astronomer and director of the
Vatican Observatory, Brother Guy Consolmagno, who recorded a video in
preparation for the event in which he answers the question, “Should
we be afraid of AI?”
Another
distortion of reality. Should we assume everything is fake until
proven real? How do we prove “real?”
https://petapixel.com/2022/10/06/mindboggling-ai-program-allows-you-to-fly-into-a-landscape-photograph/
Mindboggling
AI Program Allows You to ‘Fly’ Into a Landscape Photograph
In a new paper entitled InfiniteNature-Zero,
the researchers take a landscape photo and then use AI to “fly”
into it like a bird, with clever software generating a fake landscape
thanks to machine learning.
Tools & Techniques. (The RSS guide is worth
the read!)
https://www.bespacific.com/5-of-the-best-solutions-for-monitoring-website-changes/
5 of the
Best Solutions for Monitoring Website Changes
maketecheasier:
“One of the quickest ways to check a website for new updates is to
add the site to your favorite RSS reader and let the tool notify you
of any new content. However, an RSS reader can only check for
updates within the confines of RSS-formatted code. This limitation
means RSS readers won’t work on any static webpages or dynamic
websites without RSS components. Fortunately, you can use
third-party tools to monitor website changes and receive
notifications for any new changes. A website monitor can be an
automated solution to regularly checking a product listing for price
changes. If you are monitoring an Amazon product, you can use
these extensions instead,
but thanks to website monitors, you won’t have to wait for a
developer to make an extension for a specific online marketplace just
for price tracking. Website monitors may also eliminate the need for
subscribing to email newsletters. For instance, if you want to
figure out whether an updated version of a software or game is out,
you can set the monitor to track changes in the version number of the
change log…”
See
also Via
LLRX
–
What
is RSS and How to Use it Effectively –
This
guide by Pete
Weiss –
expert
listserv manager, communication device integrator, and newswire
publisher/editor – and author of Pete Recommends – Weekly
highlights on cybersecurity issues – provides researchers with an
overview of why you should use RSS, along with step by step examples
of how to implement this application which should be part of your
knowledge gathering and current awareness toolkit.
Learn
to delegate!
https://dilbert.com/strip/2022-10-06
Tools
& Techniques.
https://www.makeuseof.com/best-3d-scanning-apps-iphone/
The
5 Best 3D Scanning Apps for iPhone
3D
scanners capture a 3D object or scene, and then the scanned
information is converted into a digital model. Most 3D scanning
applications make use of a smartphone or tablet camera to capture 3D
data. The camera takes multiple pictures of an object from different
angles, and the app processes them to create a 3D model.
Many
such 3D scanning apps are available for the iPhone, but not all are
created equal. Here we’ll take a look at five of the best.