*The Guardian* via NNSquad http://www.theguardian.com/technology/2016/mar/14/facebook-google-whatsapp-plan-increase-encryption-fbi-apple?CMP=share_btn_gp Silicon Valley's leading companies - including Facebook, Google and Snapchat - are working on their own increased privacy technology as Apple fights the US government over encryption, the Guardian has learned. The projects could antagonize authorities just as much as Apple's more secure iPhones, which are currently at the center of the San Bernardino shooting investigation. They also indicate the industry may be willing to back up their public support for Apple with concrete action.
Russian-Photoshopped footage of MH17 was accidentally picked up by Putin's Defense Ministry to (falsely) argue that one of its jets never entered Turkish airspace. http://www.thedailybeast.com/articles/2016/03/04/kremlin-falls-for-its-own-fake-satellite-imagery.html
ThreatPost via NNSquad https://threatpost.com/typosquatters-target-apple-mac-users-with-new-om-domain-scam/116768/ Typosquatters are targeting Apple computer users with malware in a recent campaign that snares clumsy web surfers who mistakenly type .om instead of .com when surfing the web. According to Endgame security researchers, the top level domain for Middle Eastern country Oman (.om) is being exploited by typosquatters who have registered more than 300 domain names with the .om suffix for U.S. companies and services such as Citibank, Dell, Macys and Gmail. Endgame made the discovery last week and reports that several groups are behind the typosquatter campaigns.
The Identity Theft Resource Center (ITRC) offers weekly updates to subscribers, on what's going on in the world of breaches, which have been confirmed by news media and government sources. Here is the latest overview: http://hosted.verticalresponse.com/358216/81857fe937/1746749985/70520fd45b/ As of March 8, the number of breaches captured in the 2016 <http://cts.vresp.com/c/?IdentityTheftResourc/81857fe937/70520fd45b/684a49f334> ITRC Breach Report totals 139, up 4.5 percent over last year's record pace for the same time period (133). This 30 page PDF provides abstracts of each of the 139 breaches of 2016 thru March-8. 5 industry sectors were involved in the 2016 breaches so far, statistics charted here: Data Breach Category Summary <http://cts.vresp.com/c/?IdentityTheftResourc/81857fe937/70520fd45b/6ee5bc6e37> While businesses had 41.7% of the breaches, with Medical/Healthcare in 2nd place with 36.7%, Medical/Healthcare had the most records breached, of the over 4 million, 87.9% of them. Both above perspectives (2016 breaches, statistics) are included in a larger 41 page PDF on the overall breaches for 2016 so far: <http://cts.vresp.com/c/?IdentityTheftResourc/81857fe937/70520fd45b/bf2a37cf2f> ITRC Breach Reports For a chronology of data breaches going back to 2005, check out: http://www.privacyrights.org/data-breach
http://www.nytimes.com/2016/03/14/sports/ncaa-tournament-bracket-leak-selection-sunday.html The N.C.A.A. said it would investigate how a Twitter user obtained, and revealed, the tournament field before its TV partner could do the same.
http://boingboing.net/2016/03/11/web-security-company-breached.html?utm_sourcețedburner&utm_mediumțed&utm_campaignțed%3A+boingboing%2FiBag+%28Boing+Boing%29 Newport Beach based Staminus Communications offered DDoS protection and other security services to its clients; early this morning, their systems went down and a dump of their internal files were dumped to the Internet. The individuals claiming credit for the breach published an accompanying article called "TIPS WHEN RUNNING A SECURITY COMPANY," a blistering attack on the sub-par security they say they encountered at Staminus. The hackers claim all the systems shared a root password, that the power systems for the company's servers had open telnet access, that the company hadn't patched its systems, that they allowed for common PHP attacks, wrote subpar code, and, worst of all, stored credit card numbers in the clear.
http://www.nytimes.com/2016/03/13/us/politics/whatsapp-encryption-said-to-stymie-wiretap-order.html A fight with WhatsApp, the world's largest mobile messaging service, would open a new front in the Obama administration's dispute with Silicon Valley over encryption, security and privacy.
Tom's Hardware via NNSquad http://www.tomshardware.com/news/wire-app-complete-end-to-end-encryption,31389.html A group of former Skype, Apple and Microsoft employees, backed by Skype's co-founder Janus Friis, created a Skype alternative called "Wire" back in 2014, which wasn't end-to-end encrypted at the time. The team announced that the latest version of the app brings open source end-to-end encryption from everything to chats to video calls, as well as multi-device end-to-end encryption.
Watch Thy Neighbor To prevent whistleblowing, U.S. intelligence agencies are instructing staff to spy on their colleagues. James Bamford, 11 MAR 2016 https://foreignpolicy.com/2016/03/11/watch-thy-neighbor-nsa-security-spying-surveillance/ or http://atfp.co/24TyhlT
Was anyone else terrified by President Obama's suggestions of on-line registration and on-line voting *in the same interview in which he was also asking for weak encryption* ? Weak encryption + voting apps = GAME OVER for democracy. President Obama Participates in South by Southwest Interactive https://www.youtube.com/watch?v=FhFibpHSJFE
Obama: cryptographers who don't believe in magic ponies are "fetishists," "absolutists" Obama's SXSW appearance included the president's stupidest-ever remarks on cryptography: he characterized cryptographers' insistence that there is no way to make working cryptography that stops working when the government needs it to as "phone fetishizing," as opposed to, you know, reality. In a rhetorical move that he would have flunked his U Chicago law students for, Obama described a landscape with two edges: "Strong crypto" and "No crypto" and declared that in the middle was a reasonable territory in which crypto could strong sometimes and disappear the rest of the time. This is like the territory in which you are "Pregnant" or "Not pregnant" where, in between, you are "a little bit pregnant" (or, of course, like "Vaccinations are safe," vs "Vaccinations cause autism" whose middle ground is "Vaccinations are safe, but just to be sure, let's not give 'too many' at once, because reasons, and never mind that this will drastically increase cost and complexity and reduce compliance"). Obama conflated cryptographers' insistence that his plan was technically impossible with the position that government should never be able to serve court orders on its citizens. This math denialism, the alternative-medicine information security. He focused his argument on the desirability of having crypto that worked in this impossible way, another cheap rhetorical trick. Wanting it badly isn't enough. If decades of attending SXSW (I leave for the airport in 30 minutes!) has taught me anything, it's that someone will be selling or giving away "phone fetishist" tees with PGP sourcecode on one side and a magic pony on the other before the week is out. http://boingboing.net/2016/03/12/obama-cryptographers-who-don.html
Todd R. Weiss, eWeek, via ACM TechNews, Friday, March 11, 2016 Researchers Spoof Phone's Fingerprint Readers Using Inkjet Printers eWeek (03/09/16) Todd R. Weiss Michigan State University (MSU) researchers used off-the-shelf inkjet printers to demonstrate how fingerprint readers on popular smartphones can be manipulated into unlocking the devices using spoofed fingerprints made with printer inks. MSU's Kai Cao and Anil K. Jain sought to investigate the overlooked spoofing strategy, which is especially relevant because half of smartphones sold by 2019 are expected to have an embedded fingerprint sensor. "With the introduction of Apple Pay, Samsung Pay, and Android Pay, fingerprint recognition on mobile devices is leveraged for more than just device unlock; it can also be used for secure mobile payment and other transactions," the researchers note. Cao and Jain used an inkjet printer loaded with three silver conductive ink cartridges and a normal black ink cartridge, and scanned a fingerprint of a phone's authorized user at 300 dpi (dots per inch) or higher resolution. Afterward, the print was reversed or mirrored before being printed onto the glossy side of a piece of AgIC paper. "Once the printed [two-dimensional] fingerprints are ready, we can then use them for spoofing mobile phones," the researchers note. The spoofed print successfully unlocked Samsung Galaxy S6 and Huawei Honor 7 smartphones. Cao and Jain say their experiment "further confirms the urgent need for anti-spoofing techniques for fingerprint-recognition systems, especially for mobile devices." http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-ec1dx2df10x065256&
http://well.blogs.nytimes.com/2016/03/14/hey-siri-can-i-rely-on-you-in-a-crisis-not-always-a-study-finds Smartphone virtual assistants often fail in their responses when someone is in distress, a new study found testing phrases such as *I was raped*.
Matthew Wright, University of Maryland, 9 Mar 2016, via ACM TechNews, 11 Mar 2016 Researchers at the University of Maryland (U-M) and the Virginia Polytechnic Institute and State University have co-authored a book ranking the vulnerability of 44 nations to cyberattacks. The U.S. was ranked 11th safest, while Scandinavian countries such as Denmark, Norway, and Finland were ranked the safest. China, India, Russia, Saudi Arabia, and South Korea ranked among the most vulnerable. "Our goal was to characterize how vulnerable different countries were, identify their current cybersecurity policies, and determine how those policies might need to change in response to this new information," says U-M professor V.S. Subrahamian, who led the research. The book, "The Global Cyber-vulnerability Report," was based on a two-year study that analyzed more than 20 billion automatically generated reports, collected from 4 million machines each year worldwide. The rankings were partly based on the number of machines attacked in a given country and the number of times each machine was attacked. Trojans, followed by viruses and worms, posed the principal threats to machines in the U.S., but misleading software is much more prevalent in the U.S. compared with other nations that have similar gross domestic product, suggesting U.S. efforts to reduce cyberthreats should focus on education to recognize and avoid misleading software. http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-ec1dx2df14x065256&
BBC via NNSquad http://www.bbc.com/news/world-us-canada-35808627 Police said Jason Dalton, 45, carried out the shootings on 20 February while working for the ride-sharing company. "When I logged onto [the Uber app], it started making me feel like a puppet," Mr Dalton told investigators. He claims that the smartphone programme told him to kill his victims ... According to documents released on Monday, Mr Dalton said the horned cow head of a devil would appear on his phone screen and give him an assignment.
Matt Swayne, Penn State News, 9 Mar 2016 via ACM TechNews Pennsylvania State University (PSU) researchers recently conducted a study in which 379 older adults who recalled more robots portrayed in films had lower anxiety toward robots than seniors who remembered fewer robot portrayals. Remembering robots from how they are portrayed in films may help ease some of the anxiety older adults have about using a robot, according to the researchers. Finding ways to ease anxiety about robot adoption also could help senior citizens accept robots as caregivers, the researchers add. "Robots could provide everything from simple reminders--when to take pills, for example--to fetching water and food for people with limited mobility," says PSU professor S. Shyam Sundar. In addition, the researchers found the trusting effect held up even when older adults recalled robots that were not friendly human-like helper robots. "So, it seems like the more media portrayals they can recall, the more likely their attitudes would be positive toward robots, rather than negative," says PSU researcher T. Franklin Waddell. The research also found people had a more positive reaction to robots that looked more human-like and those that evoked more sympathy. The researchers suggest robot designers incorporate features that remind older adults of robots in the media, and create robots with more human-like interfaces and models with features that increase sympathy. http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-ec1dx2df15x065256&
Perhaps the study of COBOL and FORTRAN might find its way into the Classics syllabus. I was gratified that PGN mentioned Algol. It was one of my first languages and should certainly be studied; the development of the Bakus-Naur Form being a key topic. I recall that Tony Hoare (Inventor of the Quicksort algorithm and CSP) described Algol as: "A language so far ahead of its time that it was not only an improvement on its predecessors but also on nearly all of its successors."
Creating human languages as a method of dividing people goes back to the Tower of Babel! Coding is now something a lot of very different people share. Don't make it a language. I would offer that computer coding is a lot more like writing a legal document. One wrong dot or comma and you have a lot of trouble!
Please report problems with the web pages to the maintainer