Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
John Markoff, *The New York Times*, 18 Aug 2014 (via Dave Farber) http://bits.blogs.nytimes.com/2014/08/18/computer-eyesight-gets-a-lot-more-accurate/ Just as the Big Bad Wolf promised Little Red Riding Hood that his bigger eyes were “the better to see you with,'' a machine's ability to see the world around it is benefiting from bigger computers and more accurate mathematical calculations. The improvement was visible in contest results released Monday evening by computer scientists and companies that sponsor an annual challenge to measure improvements in the state of machine vision technology. Started in 2010 by Stanford, Princeton and Columbia University scientists, the Large Scale Visual Recognition Challenge this year drew 38 entrants from 13 countries. The groups use advanced software, in most cases modeled loosely on the biological vision systems, to detect, locate and classify a huge set of images taken from Internet sources like Twitter. The contest was sponsored this year by Google, Stanford, Facebook and the University of North Carolina. Contestants run their recognition programs on high-performance computers based in many cases on specialized processors called GPUs, for graphic processing units. This year there were six categories based on object detection, locating objects and classifying them. Winners included the National University of Singapore, the Oxford University, Adobe Systems, the Center for Intelligent Perception and Computing at the Chinese Academy of Sciences, as well as Google in two separate categories. Accuracy almost doubled in the 2014 competition and error rates were cut in half, according to the conference organizers. “This year is really what I consider a historical year for the challenge,'' said Fei-Fei Li, the director of the Stanford Artificial Intelligence Laboratory and one of the creators of a vast set of labeled digital images that is the basis for the contest. “What really excites us is that performance has taken a huge leap.'' Despite the fact that contest is based on pattern recognition software that can be `trained' to recognize objects in digital images, the contest itself is made possible by the Imagenet database, an immense collection of more than 14 million images that have been identified by humans. The Imagenet database is publicly available to researchers at http://image-net.org/. In the five years that the contest has been held, the organizers have twice, once in 2012 and again this year, seen striking improvements in accuracy, accompanied by more sophisticated algorithms and larger and faster computers. In 2012 the contest was won by Geoffrey E. Hinton, a cognitive scientist at the University of Toronto, and two of his students. Mr. Hinton is a pioneer in the field of artificial neural networks, and in 2013 he joined Google with his students Alex Krizhevsky and Ilya Sutskever. This year the entrants had the option of either disclosing the details of their algorithms or keeping them proprietary, and all of the winning groups chose to share details of their technical innovations. That was significant, according to Dr. Li, because it is possible to move quickly from research to commercial applications. Machine vision has countless applications, including computer gaming, medical diagnosis, factory robotics and automotive safety systems. Recently a number of car makers have added the ability to recognize pedestrians and bicyclists and stop automatically without driver intervention. [...]
This chart shows the world's Internet usage shifting to smartphones Jon Russell, The Next Web, 19 Aug 2014 (via Dave Farber) <http://thenextweb.com/shareables/2014/08/19/watch-world-move-towards-smartphones-one-simple-chart/> It's well known that mobile phones are increasingly the primary device for accessing the Internet across the world. Here's a great way to illustrate that using Google's Public Data service. Plotting smartphone usage against PC usage produces this fascinating chart which literally shows the rise of smartphone usage over the past three years. It's worth bearing in mind that this data comes from TNS Germany—which, though a reputable source of information, means there may be anomalies. Nonetheless, it demonstrates one of the most important technological trends of the decade. ...
http://thehackernews.com/2014/08/hacking-traffic-lights-is-amazingly_20.html
"It's worth noting that Netflix connects directly with hundreds of ISPs
globally, and 99 percent of those agreements don't involve access fees. It
is only a handful of the largest U.S. ISPs, which control the majority of
consumer connections, demanding this toll. Why would more profitable,
larger companies charge for connections and capacity that smaller
companies provide for free? Because they can. This is the reason we have
opposed Comcast's proposed acquisition of Time Warner Cable. Comcast has
already shown the ability to use its market position to require access
fees, as evidenced by the Netflix congestion that cleared up as soon as we
reached an agreement with them. A combined company that controls over half
of US residential Internet connections would have even greater incentive
to wield this power."
Reed Hastings, WiReD via NNSquad,
http://www.wired.com/2014/08/save-the-net-reed-hastings/
This is getting boring . djf http://www.huffingtonpost.com/2014/08/21/malware-breach-ups_n_5697157.html
http://www.propublica.org/article/leaked-docs-show-spyware-used-to-snoop-on-u.s.-computers
There is the url in the news item on how to check your history. djf http://thehackernews.com/2014/08/google-map-tracks-your-every-move-check.html "Google has been involved in several controversies including among the companies that was claimed to cooperate with US surveillance agencies on their global data-mining programmes, and just yesterday the popular Media tycoon Rupert Murdoch labeled Google worse than the NSA, saying “NSA privacy invasion bad, but nothing compared to Google.'' Now another, but already known controversy over the Internet giant has raised many concerns over privacy of users who carry their smartphones with them. We all have sensors in our pockets that track us everywhere we go i.e., Smartphones. GOOGLE TRACKS YOU EVERYWHERE YOU GO.
Woody Leonhard | InfoWorld, 18 Aug 2014 Microsoft recommends that users uninstall last week's update—even if their machines are working fine http://www.infoworld.com/t/microsoft-windows/microsoft-yanks-botched-black-tuesday-patches-kb-2982791-kb-2970228-kb-2975719-and-kb-2975331-248582 selected text: The problems are so bad that you'd be well-advised to uninstall the offending Automatic Update patches, even if your machine is working fine at the moment. It's possible, but by no means certain, that as long as the bad patches are at work, installing certain applications or modifying your fonts in specific odd (but entirely legitimate) ways may brick your machine. Microsoft buries that recommendation in the fine print of its FAQ for MS14-045.
This *NYTimes* article focuses on the dramatic part of Medicare fraud---the horse-out-of-the-barn scenario of catching bad guys red handed. But the problem is more interesting than that, but perhaps less dramatic. If you read the GAO reports or attend the House hearings, you'll find that the problem breaks down into subtle terms of: Fraud. Waste. Abuse. One of the more effective mitigation strategies mentioned in the GAO report is the use of stronger registration controls and vetting of new vendors (stop the bad guys from setting up shop), and the use of surety bonds (make the bad guy take a risk). The surety bonds are not sexy, but they can be more effective than just chasing horses. However, there will always be some horses to chase I suppose. U.S. GAO reports: http://www.gao.gov/assets/670/664381.pdf http://www.gao.gov/products/GAO-11-409T My U.S. House testimony: http://energycommerce.house.gov/hearing/examining-options-combat-health-care-waste-fraud-and-abuse
> who has received an Australian Research Council Future Fellowship worth > almost $800,000 to build user-owned passwords. PGN] The dollar value of the award validates the worthiness of his words? You know better than that.
... Using Existing Vulnerabilities for Wiretapping the Internet > As Dietrich Bonhoeffer, ... famously noted: It was Martin Niemöller.
> Should Google be looking for drug deals, too? Yes. Once they can tell drug deals from discounted generic pills, they should be looking. To improve the targeting of their advertising. Because you want fewer false positives, you want to be able to tell a drug dealer from a diabetic looking for insulin. Or a pedophile from a young mother shopping for pampers. Because computers are stupid, all they can do is search for patterns in a stream of e-mails. You have to figure out what the pattern means. You have to tell them: this pattern is X, that one's Y. This one we want for ads, that one we're legally required to report to LEAs. It has nothing to do with what you might think reprehensible or illegal, sorry. Dimitri Maziuk, BioMagResBank, UW-Madison—http://www.bmrb.wisc.edu
I am not one of those who is worried about EZ-Pass. I have used it since 2001 and it has saved me countless long waits for a toll booth. Yes, they know where I've been, but at least I know that they know. But I have sometimes used the cash lane instead. There have been times when the EZ-Pass-only lanes have been jammed up, and I'd rather pay cash (this is an xor choice on the Mass Pike) than be one of dozens of cars merging and creeping though an overcrowded lane. So I vote for keeping both.
Barry Gold wrote about the importance of a right to start over with a replacement Internet identity. * So that's what we need. A right to change your name and start over, possibly in a new place or at least a new website and/or ISP. Yes? I saw some time ago that there was some move from governments to make it illegal for a person to give false information about who they are, to any Internet service. Could someone point me at a url with an update on whether that is still a real threat? There are long standing needs in the physical world, for people to get new identities, or more than one identity. * Children should not be using real identities until they have sufficiently matured to know what info about themselves is too dangerous for the public to know. * Victims of real-world harassment, like domestic abuse & stalking—they need to get a new identity, new e-mail address, new phone #, then supply that to most trusted friends and family, while keeping the new contact info confidential from whoever is the threat. Judgment errors in who to trust, means that this replacement may need to be done multiple times. * Witness protection on the Internet. * There's our life associated with our career, and on the job vs. our private life outside of work place—different identities for each reality. * There's where we must use PII for government dictated interaction -- taxes, finances—and there's where PII has no place, social media -- different Internet ID for the 2 realities. There was a crook using Facebook who got caught, but I wonder how many out there are not yet caught. 1. People on Facebook were giving what was believed to be their real name, real geography, lots of personal info. 2. The crook got lists of banks and credit unions in the identified geography, then started calling them. 3. “If I forget my password, what do I need to tell you, short of coming into the bank in person?'' 4. “Can you look up to see if there is an account in my name?'' (Using name of person from Facebook, who lived in that city) 5. Then checking the info about the person on Facebook, to get the info needed for the security questions at the banks. 6. Then engaging in fraud against the people whose Facebook info matched their bank security info.
Barry Gold wrote about challenges of password management, in a world of nasty e-spies, and he concluded > Screw this. I'm going back to storing them in a Word file. One of his concerns was risk of a key-tracker. I think our security needs to be able to evaluate what is running in the background, specifically looking for things like a key-tracker. I have access to more than one `working' PC in my home: * Cave Man—supplied by my employer, which is 20+ years ancient, OS -- also ancient. * Heaven's to Betsy - personal PC, going on 10 years old. * Einstein = Latest acquisition, custom setup supplied to me last month by V. Long range plan, when one PC has problems, use another on Internet to research solutions. Normally use one personal PC for day to day interests, use other to research aps I am interested in using. I have met other people with similar arrangements, such as * several people in one household, or office work place, each with their own PC, interlinked for sharing printers and other devices. * A person has both a desk top and lap top and mobile hand-held device, occasionally interconnects them to share latest copies of some info. One idea is that we could * have a Word or Excel File on ONE PC with the passwords needed for another PC. * Refrain from using any Internet identity from more than one PC. That way, if the PC with the passwords got penetrated, they would not be valid for IDs used from that PC. Unfortunately, I now use scores of different ID, and had wanted to have Excel with columns for: ID; its password; Site; other info. The reason for different ID—if I get breached at a particular site, all they have is the ID and password I use at that site, not the ID and password used at scores of other sites. So I would need to have one file for each id. It would be convenient for me if they were all in one folder—go to folder, click on file whose name is the ID, and in there is Excel with password that ID uses at each of several different sites. Alternatively files named after site—click on them & see ID and password used for that site. But all in one folder might be too obvious for crooks—they find one id or password or site, recognize what it is, rapidly find the others. Could someone comment on the validity and risks of my approach ideas? I recognize a more ideal solution would be to have the file on a PC or other device which will NEVER be connected to the Internet, but would have copy/paste capability using some kind of smart card reader normally used by business cards. The stand-alone device copies the password & related info to like a business card. The Internet connection device reads this in, then we copy/paste from there to where needed. This way, the stand-alone unit can only be penetrated by physical burglary, or insider, where a trusted visitor is a mistake, or we forget ourselves and permit data flow in other direction, such as when we implement some upgrade. Some day I'd like to be able to again play all the old DOS MPS games & recognize such a system would have to be stand alone so it would be Ok to not get upgraded to a reality which no longer supports those games. There were also games I enjoyed on OS no longer around.
Please report problems with the web pages to the maintainer