Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
In the hands of criminals, small drones could be a menace. Now is the time to think about how to detect them and knock them down safely. On 22 April, a drone carrying radioactive sand landed on the roof of the Japanese prime minister's office in Tokyo. It was the latest of a string of incidents around the world involving small drones. Last year more than a dozen French nuclear plants were buzzed by them. In January one crashed on the White House lawn. In February and early March several were spotted hovering near the Eiffel tower and other Parisian landmarks. Later in March someone attempted to fly one full of drugs (and also a screwdriver and a mobile phone) into a British prison. The employment of drones for nefarious, or potentially nefarious, purposes thus seems to have begun in earnest. It is only a matter of time before somebody attempts to use a drone, perhaps carrying an explosive payload, to cause serious damage or injury. The question for the authorities is how to try to stop this happening. *The Economist*, 1 May 2015
Lee Page, University of Warwick, 5 May 2015 via ACM TechNews, Friday, May 8, 2015 Computer scientists from the University of Warwick used Twitter to predict the outcome of the U.K. general election. The team has developed an algorithm that harvests political tweets, and incorporating sentiment conveyed in tweets was one of its key features. The user-generated content is aggregated and put into conventional polling reports to produce a daily prediction of voting share. "We then put all this information into our forecasting model, along with the parties' share of the vote as measured by opinion polls," says Warwick researcher Adam Tsakalidis. The team says the approach will provide key insights into how public opinion is developing and what factors might be influencing any changes in support. The researchers believe their forecasts could be more accurate than traditional opinion methods. Tested during the Greek election in January, the model achieved better results than all of the most recent polls leading up to the vote and three exit polls once the ballots closed. "We are particularly interested in automatically identifying the sentiment expressed towards specific politicians or parties and topics such as immigration," Tsakalidis says. "This will help us obtain more accurate predictions as well as better understanding of the reasons behind public support or discontent." http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_5-dac7x2cca3x061924&
Stephan Ibaraki, IT World Canada, 1 May 2015 via ACM TechNews, 4 May 2015 In a wide-ranging interview, Vint Cerf, co-creator of the Internet and vice president at Google, discusses a range of topics, including the modern challenges of the Internet, the technologies of the future, and the Association for Computing Machinery (ACM). Asked what he sees as the main challenges and controversies surrounding the Internet today, Cerf, co-recipient in 2004 of the ACM A.M. Turing Award, identified the need to ensure users' safety, security, and privacy. He also reiterated his frequent warnings about a "digital Dark Age" that could result as software continues to advance and the means of interacting with older software and data falls away. Finally, he pointed to the Internet of Things, particularly the need to ensure the security of all Internet-connected devices. Cerf also commented on a number of speculative topics, saying he thinks the singularity envisioned by Ray Kurzweil is "a stretch," but that he sees a great deal of promise in current research into quantum computing and quantum entanglement. He also comments on the need for professionalism and credentialing in software development and discusses his time as president of ACM. Cerf says ACM's main challenges today are helping to establish 21st century business models, being relevant to computer science practitioners, and helping to promote computer science as a discipline. http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_5-da62x2cbd1x061742&
The Associated Press, 6 May 2015 FAIRFAX, Va. (AP) - The American Civil Liberties Union of Virginia is suing Fairfax County police over a policy in which they store data collected on thousands of drivers through the use of license-plate readers. The civil-liberties group filed the suit Tuesday in Fairfax County Circuit Court. The ACLU alleges that keeping a database of information collected through license-plate readers amounts to an illegal invasion of privacy. http://www.wjla.com/articles/2015/05/aclu-sues-fairfax-county-police-over-license-plate-data-113755.html
Unlike the gung-ho mood post-9/11 America, which led to the passage of the
USA Patriot Act, industry and academic experts and even members of
Congress have lambasted Comey's efforts to outlaw strong encryption as a
vast overstep of government authority and grossly naive. Just last week,
for example, a congressional hearing on encryption got downright hostile
when Rep. Ted Lieu (D-Calif.) called Comey's proposal "stupid."
The Daily Dot via NNSquad
http://www.dailydot.com/politics/james-comey-no-tradeoff-between-liberty-and-security/
[We note thatthe federal appeals court for the Second Circuit ruled
on 7 May 2015 that the NSA's bulk record collection program is unlawful.
PGN]
http://www.nytimes.com/2015/05/05/technology/with-boxing-match-video-piracy-battle-enters-latest-round-mobile-apps.html With the Mayweather-Pacquiao bout, live streaming from mobile apps was just one of the new piracy headaches facing media companies. [That, plus the fact that thousands of paying customers were unable to access the live streaming. PGN]
That didn't take long..... @SamuelGibbs, 4 May 2015 Twitter kills MS-Dos games embedded in tweets Social network kills MS-Dos gaming fun, saying interactives and games breach its embedded cards terms of service http://www.theguardian.com/technology/2015/may/04/twitter-kills-ms-dos-games-embedded-in-tweets
http://www.nytimes.com/2015/05/03/magazine/zpm-espresso-and-the-rage-of-the-jilted-crowdfunder.html What happens when a Kickstarter project fails to launch?
I looked in Wiki and the EHR article listed 11 different standards plus 3 "open" ones for them. Whaa? In the mortgage banking industry where I work there's the MISMO standard. Different people modify it somewhat, but it's a single basic standard. Of course the idea with the mortgage data is the data is meant to be exchanged, not merely used by the creator. Isn't that the case with EHRs also?
Several observations: * I think train locomotives should have radar in front to detect vehicles which have not yet cleared RR crossings, such as back end of a school bus or truck, that is stuck in a traffic jam. * Some cars are imported into EU. I assume it will be a requirement to have this installed in imports, before they are driven in EU. But EU auto manufacturers, which export to other nations, may need to disable this feature, or give owners the opportunity to have this disabled, depending on the laws of the other nations. * The USA has places where cell reception is no good, such as some rural areas, and valleys. Is this also true in Europe? * There are areas where cell phone service is blocked, because national security mentality thinks most bombs are set off by cell phone calls. That will work until the enemy uses alternative technology, such as timers (as in the Spain train bombing), and other techniques. It can also inconvenience first responders who may rely on that system. The Boston Marathon had no drones harassing the runners, thanks to a system which used cell phone communications. * There may need to be some threshold adjustment to recognize what some people do not consider to be an accident, such as car door hitting adjacent car, when they parked too close to each other, or what goes on when crossing the picket line of a labor management dispute . lots of hands thumping the roof. * Some riots may set off excess alarms, as the police shoot pellets into a crowd, and many parked cars get hit. * The US has systems where people are required to notify the police, such as medical personnel observing what appears to be evidence of child abuse, then funding for the police to do anything with the info is lost, and the mandatory reports go into the garbage, without updating the requirements. Is this also true in Europe? * Will this system be as easy to hack as prior systems installed in vehicles? * Many alarm systems in the USA trigger calls to the police, but some systems have lots of false alarms, then the police send the owners of the false alarm systems bills for the wasted time of the police or fire dept. Is this also true in Europe? What will happen with alleged false alarms from this system? There have been multiple disasters, where power outages take out cell phone towers, such as 9/11 in NYC where communication services used the Twin Towers. In the Haiti 2010 quake, which took out a capital city's infrastructure, many volunteer foreign first responders were flooded with SOS. Some speculated: * Where we come from, lots of people do prank 911 calls, so many of these may also be a similar situation. * Cell tower service was knocked out, until the USAF launched a flying cell tower, so what we are probably hearing is the last gasp of the batteries of the cell phones of now dead people. For these, and other reasons, many cell phone SOS were not responded to. But later examination of where dead bodies were found, showed a correlation that many of those SOS were in fact real, and had they been taken seriously, more lives could have been saved.
248 days is the time it takes a 100Hz counter to go from zero to 2**31. If such a counter is stored in a signed 32-bit integer, its value then overflows to become negative, and confusion may ensue. The Solaris 2.5 operating system, circa 1996, had this problem with the system clock and would hang after 248 days of uptime. [Also noted by Gene Wirchenko and Kent Borg—who recalls the day Berkshire Hathaway broke $(2^15)/share, and the stock market also broke. PGN]
> Where's the backup system? What's the data on the iPad used for? Is it just stuff used to setup the flight computers and inform the tower and so-on? Because if it IS just pre-flight information, then staying at the gate is a perfectly safe (if moderately expensive) fallback procedure.
[Re: Lauren Weinstein, South Korean ID system in disarray, 14 Oct 2014, Privacy Forum and Network Neutrality Squad, but not in RISKS. PGN] PRIVACY Forum's Lauren Weinstein pointed out a BBC story about identity theft in South Korea, and the piece is interesting, because it points up the RISKS of *not learning lessons*. The problem there, it seems stems from the same source as in the US: Treating an identifier as an authenticator. Well, more properly, *knowledge of an identifier*. In the US, of course, this is the Social Security Number, which we are told to keep a State Secret... except for all the people to whom we are required to give it. (TTBOMK, you are only legally required to disclose your SSN to employers, the IRS, and—thanks to the USA PATRIOT Act, passed by an entire Congress nearly none of whom have read it *by now*, much less before passing it—banks, and non-bank debit card service providers. (And as another correspondent points out, state DMVs in REALID states, now.)) Identifiers and authenticators each have several properties which it is necessary for them to fulfill in order to successfully accomplish their tasks. Herewith, a recap: For identifiers: they must be unique, they must be arbitrary (you cannot encode mnemonics into them, or, if you do, at least some part must be globally unique and arbitrary amongst the relevant namespace), and it *mustn't ever be necessary to change them*. Authenticators, on the other hand, *must* be changeable, to avoid and recover from authentication breaches, and they must *not* be researchable -- that is, unlike "mothers maiden name" or "city you grew up in" or "name of your first pet", or any other bit of information that people can pry out of you by posting a cute quiz on Facebook, it must not be possible to determine what the authenticator is for a given identity relationship. Anything which is not a password/phrase/PIN violates the second requirement, and biometrics violate the first (quite apart from the requirement that biometrics must test for a living human, lest someone cut your finger off to scan it—and please don't think I'm joking there). Identity theft problems in both the US and S Korea stem from the persistent and wilfull failure of businesses and governments in both countries to cease trying to extend SSN/identity numbers (which are identifiers) to fill the purpose of authenticators as well—one data item cannot do both jobs, as they have conflicting requirements... and those requirements are absolute. As you realize, if you shop at Home Depot. Or Target. Or Kohls. Or have tried to make a change to your power utility account. It is often possible to convince someone who tells you they "must have your SSN" that they are wrong; some organizations have policy for this. Duke Energy was happy to put my FL DL number on file instead, once I insisted. In the 60s, a friend forced the Mass DMV to make up an SSN for him, rather than putting his on his MA DL. In the final analysis, each individual is responsible for their own security; while laws may protect you from some of the inevitable results, they generally don't protect you from the hassle. On the larger scale, CIOs of big organizations MUST (to borrow normative language from the RFCs) learn this lesson and MUST stop using "knowledge of SSN" as an authenticator, and MUST stop asking for it at all unless they have a real, legal reason to need it. That's the only way we'll *really* stop having to deal with Identity Theft in the United States. > (BBC): http://www.bbc.com/news/technology-29617196 (Oct 2014) > > The government is considering issuing new ID numbers to every citizen > aged over 17, costing billions of dollars. The ID numbers and > personal details of an estimated 80% of the country's 50 million > people have been stolen from banks and other targets, say experts. > Rebuilding the system could take up to a decade, said one. Some 20 > million people, including the president Park Geun-hye, have been > victims of a data theft from three credit card companies. "The > problems have grown to a point where finding a way to completely solve > them looks unlikely,'' technology researcher Kilnam Chon told Reuters. Jay R. Ashworth, Ashworth & Associates, 2000 Land Rover DII, St Petersburg FL +1 727 647 1274 http://www.bcp38.info jra@baylink.com
Please report problems with the web pages to the maintainer