Fake News may be becoming the biggest Real-News story of the century. It is certainly getting wide coverage. Here are just a few of the items that seem RISKS-relevant. Facebook fake news writer Paul Horner reveals how he tricked Trump supporters, and possibly influenced election http://www.hollywoodreporter.com/news/facebook-fake-news-writer-president-donald-trump-win-948218 Facebook fake-news writer: "I think Donald Trump is in the White House because of me." https://www.washingtonpost.com/news/the-intersect/wp/2016/11/17/facebook-fake-news-writer-i-think-donald-trump-is-in-the-white-house-because-of-me/ Access to LinkedIn now officially blocked in Russia: new law requires personal data of Russians must be stored within Russia. https://consumerist.com/2016/11/17/access-to-linkedin-now-officially-blocked-in-russia/ Viral Fake Election News Outperformed Real News On Facebook In Final Months Of The US Election; fake election news stories generated more total engagement on Facebook than top election stories from 19 major news outlets combined. https://www.buzzfeed.com/craigsilverman/viral-fake-election-news-outperformed-real-news-on-facebook Fake News on Facebook? In Foreign Elections, That's Not New http://www.nytimes.com/2016/11/18/technology/fake-news-on-facebook-in-foreign-elections-thats-not-new.html Automated Pro-Trump Bots Overwhelmed Pro-Clinton Messages, Researchers Say: to rant, confuse people on facts, or simply muddy discussions, http://www.nytimes.com/2016/11/18/technology/automated-pro-trump-bots-overwhelmed-pro-clinton-messages-researchers-say.html President Obama on fake news problem: "We won't know what to fight for"; it represents a true threat to some of the fundamental U.S building blocks of society. https://techcrunch.com/2016/11/17/president-obama-on-fake-news-problem-we-wont-know-what-to-fight-for/ White supremacist Twitter users are creating fake 'black person' accounts to stir up online racism http://www.rawstory.com/2016/11/white-supremacist-twitter-users-are-creating-fake-black-person-accounts-to-stir-up-online-racism/ Facebook's New Plan to Deal With Fake News Is Too Vague and Too Late http://gizmodo.com/facebooks-new-plan-to-deal-with-fake-news-is-too-vague-1789171552 Mark Zuckerberg Announces Facebook Will Fight Fake News—Next To An Ad With Fake News https://news.slashdot.org/story/16/11/19/1834205/mark-zuckerberg-announces-facebook-will-fight-fake-news----next-to-an-ad-with-fake-news Here's why Twitter turned down a Donald Trump advertising campaign http://www.recode.net/2016/11/19/13685832/twitter-rejects-donald-trump-ad-campaign A real-names domain-registration policy would discourage political lying http://cis471.blogspot.com/2016/11/a-real-names-domain-registration-policy.html How Fake News Goes Viral http://www.nytimes.com/2016/11/20/business/media/how-fake-news-spreads.html?partner=rss&emc=rss NYTimes Editorial: Facebook and the Digital Virus Called Fake News http://www.nytimes.com/2016/11/20/opinion/sunday/facebook-and-the-digital-virus-called-fake-news.html Call it a 'crazy idea,' Facebook, but you need an executive editor https://www.washingtonpost.com/lifestyle/style/call-it-what-you-want-facebook-but-you-need-an-executive-editor/2016/11/20/67aa5320-aaa6-11e6-a31b-4b6397e625d0_story.html For the 'new yellow journalists,' opportunity comes in clicks and bucks https://www.washingtonpost.com/national/for-the-new-yellow-journalists-opportunity-comes-in-clicks-and-bucks/2016/11/20/d58d036c-adbf-11e6-8b45-f8e493f06fcd_story.html Misinformation in China Watching the Election from The Post-Truth Future https://medium.com/@xuhulk/watching-the-election-from-the-post-truth-future-97a0d66bdcfe#.hsjwf0wbk
NNSquad http://www.businessinsider.com/programmers-confess-unethical-illegal-tasks-asked-of-them-2016-11 "We are killing people," Martin says. "We did not get into this business to kill people. And this is only getting worse." He pointed out that "there are hints" that developers will increasingly face some real heat in the years to come. He cited Volkswagen America's CEO, Michael Horn, who at first blamed software engineers for the company's emissions cheating scandal during a Congressional hearing, claimed the coders had acted on their own "for whatever reason." Horn later resigned after US prosecutors accused the company of making this decision at the highest levels and then trying to cover it up. But Martin pointed out, "The weird thing is, it was software developers who wrote that code. It was us. Some programmers wrote cheating code. Do you think they knew? I think they probably knew."
https://www.theguardian.com/technology/2016/nov/11/facebook-profile-glitch-deaths-mark-zuckerberg By the way, here are his https://www.facebook.com/4/groups , and here are some more, https://www.facebook.com/search/4/groups (view on desktop computer).
https://citizenlab.org/2016/09/imsi-catcher-report-calls-transparency-proportionality-minimization-policies/ Christopher Parsons, 13 Sep 2016 <https://citizenlab.org/category/author/christopher-parsons/> Tamir Israel <https://cippic.ca/about-us#staff> The Citizen Lab and CIPPIC are releasing a report, *Gone Opaque? An Analysis of Hypothetical IMSI Catcher Overuse in Canada*, which examines the use of devices that are commonly referred to as cell site simulators, IMSI Catchers, Digital Analyzers, or Mobile Device Identifiers, and under brand names such as Stingray, DRTBOX, and Hailstorm. IMSI Catchers are a class of of surveillance devices used by Canadian state agencies. They enable state agencies to intercept communications from mobile devices and are principally used to identify otherwise anonymous individuals associated with a mobile device and track them. Though these devices are not new, the ubiquity of contemporary mobile devices, coupled with the decreasing costs of IMSI Catchers themselves, has led to an increase in the frequency and scope of these devices' use. Their intrusive nature, as combined with surreptitious and uncontrolled uses, pose an insidious threat to privacy. This report investigates the surveillance capabilities of IMSI Catchers, efforts by states to prevent information relating to IMSI Catchers from entering the public record, and the legal and policy frameworks that govern the use of these devices. The report principally focuses on Canadian agencies but, to do so, draws comparative examples from other jurisdictions. The report concludes with a series of recommended transparency and control mechanisms that are designed to properly contain the use of the devices and temper their more intrusive features. The report is structured across four sections: - Section One provides an overview of the technical capabilities of IMSI Catchers. - Section Two focuses on civil society and journalists' efforts to render transparent how IMSI Catchers are used. - Section Three examines the regulation of IMSI Catchers and avenues towards lawful regulation of their use. - Section Four sets out best practices that should be incorporated into a framework governing IMSI Catcher use. https://citizenlab.org/wp-content/uploads/2016/09/20160818-Report-Gone_Opaque.pdf https://citizenlab.org/wp-content/uploads/2016/09/Rapport-Aller_Opaque-Somm_Exec-FR.pdf
(CyberLab, 17 Nov 2016) [Remember when the Chinese began to 'show up' offline and online looking for education and cooperation in security matters?!? I considered them 'up-to-no-good' then... and do still today. It's now nearly 20 years that I found the computers of Tibetan refugees infected with malware that made calls to Asian service numbers, which AT&T insisted on billing them for ($$$ hundreds monthly), rather than reversing the scam-charges as they should and could have...] It's Parliamentary: KeyBoy and the targeting of the Tibetan Community 17 Nov 2016 <https://citizenlab.org/tag/china/>, <https://citizenlab.org/tag/malware/>, <https://citizenlab.org/tag/targeted-threats/>, <https://citizenlab.org/tag/tibet/> Adam Hulcoop, Etienne Maynier, John Scott Railton, Masashi Crete-Nishihata, Matt Brooks <https://citizenlab.org/category/research-news/reports-briefings/, News <https://citizenlab.org/category/research-news/> Key Findings - In this report we track a malware operation targeting members of the Tibetan Parliament over August and October 2016. - The operation uses known and patched exploits to deliver a custom backdoor known as KeyBoy. - We analyze multiple versions of KeyBoy revealing a development cycle focused on avoiding basic antivirus detection. - This operation is another example of a threat actor using *just enough* technical sophistication to exploit a target.
Bill Marczak and John Scott-Railton (Senior Researchers at The Citizen Lab University of Toronto, with the assistance of the research team at Lookout Security.) https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/ This report describes how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware. *Updated (Sept 1, 2016)*: Today Apple released security updates <https://support.apple.com/en-us/HT201222> for Desktop Safari and Mac OS X. These updates patch the Trident vulnerabilities that identified in this report for desktop users. The Trident vulnerabilities used by NSO could have been weaponized against users of non iOS devices, including OSX.
via NNSquad Office Depot is selling fixes for computer problems that don't exist and pushing customers to purchase costly repairs, a KIRO 7 investigation found. Now, after watching Jesse investigation, the company is pledging take appropriate action. http://jessejones.com/story/office-depot-insider-speaks-out/
15 Nov 2016 Kryptowire discovers mobile phone firmware that transmitted personally identifiable information (PII) without user consent or disclosure http://www.kryptowire.com/adups_security_analysis.html Kryptowire has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users' consent. These devices were available through major US-based online retailers (Amazon, BestBuy, for example) and included popular smartphones such as the BLU R1 HD. These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware could target specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices. The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users' consent and, in some versions of the software, the transmission of fine-grained device location information. The core of the monitoring activities took place using a commercial Firmware Over The Air (FOTA) update software system that was shipped with the Android devices we tested and were managed by a company named Shanghai Adups Technology Co. Ltd.
Thin supply chains are efficient but potentially fragile, as they in their efficiency lack redundancy or immediately available spare capacity. In Berlin, there is found a chain of large, low-cost gyms by the name of McFit. This gym chain owns a subsidiary brand, High5, composed of smaller, more highly branded gyms. The gyms are largely automatic, with minimal staff counts - typically one staff member, two at busy times, with perhaps two hundred people in the gym. Access to the gym, the lockers and even the vending machines is by key-card. McFit offers a minimum membership of one year. High5 offers a monthly subscription, and with an option to be able to attend McFit gyms. As such, it is not uncommon for people to join High5 and then attend only a McFit gym. This leads to the question of the integration of the computer systems at these two chains, such that the High5 card can function at the McFit gyms. For the last three weeks, the High5 cards have not functioned in McFit gyms, either to access the gym, or to open and close lockers. The High5 web-site itself no longer allows users to log into their accounts; clicking on the "login" button leads - without explanation, and so confusingly - to the "join now" page. In theory it is possible to log in *at* the High5 gyms, but it turns out that if the account in question lacks a photo, attempting to login silently disables the account, and so it is then no longer possible to log in even at the gym. (I have been looking to do so to change the IBAN used to pay for my account.) When a High5 member now attends a McFit gym, they must wait for assistance, which typically takes five to ten minutes. The gym has a small supply of unallocated McFit access cards to allow for locker use in such cases. It has become increasingly common for High5 members to take such a card but not return it, and then on their next visit, simply to edge past the access turnstile (there is room to do so), so that they need not suffer the onerous wait for assistance. As such, the supply of locker cards is running low. Where the demands upon staff time have now significantly risen, routine maintenance - emptying bins, cleaning the toilets, etc - has suffered. During peak times, the bins begin to overflow and the toilets and urinals, not the least fragrant even in the best of times, stink. (As an aside, as far as I am aware, there has been no communication from High5 or McFit to their customers regarding these matters; the web-site is silent in these matters and there has been no email.) When conducting failure analysis, the correct approach is to follow the chain of failure as far as possible, to find the *earliest* point at which corrective action could have been taken. With this in mind, I must first note that all of this would have been avoided had McFit offered the same pricing plans as High5; people would have joined McFit directly. Beyond this, I must look past the computing problems so described, and observe that although I live in central Berlin, this McFit is the only fully equipped (weights, machines, cardio machines, etc) gym within 20 minutes walking distance of home. I would as you can imagine by now have changed gym - if I could; however, I find if I must take the metro to get to the gym, my attendance falls off dramatically. These computer problems, from my point of view, would be solved by the presence of alternative gyms - safety in variety of supply, as Churchill remarked upon the switch by the Royal Navy from coal to oil. Given the large population here, I must think that there are unusual factors which are strongly discouraging the supply of gymnasiums. I would be interested to have some understanding of those factors, as fixing them would in effect fix these problems further down the chain of failure. My gut feeling is that this may related to Risks to the Public from Government and Related Systems.
* Kevin Fu, Infrastructure Disruption: Internet of Things Security, Testimony before the U.S. House of Representatives Committee on Energy and Commerce, Subcommittee on Communications and Technology and Subcommittee on Commerce, Manufacturing, and Trade, November 16, 2016. https://energycommerce.house.gov/hearings-and-votes/hearings/understanding-role-connected-devices-recent-cyber-attacks * Bruce Schneier, Testimony before the U.S. House of Representatives Committee on Energy and Commerce, Subcommittee on Communications and Technology and Subcommittee on Commerce, Manufacturing, and Trade, November 16, 2016. https://energycommerce.house.gov/hearings-and-votes/hearings/understanding-role-connected-devices-recent-cyber-attacks
https://motherboard.vice.com/read/hackers-claim-theft-of-data-from-gorilla-glue Motherboard, 17 Nov 2016 Hackers say they have stolen a wealth of company and personal information from US adhesive, glue, and tape company Gorilla Glue. The hackers have previously tried to extort medical organizations by demanding a sizable ransom payment in exchange for not releasing hacked data publicly. “We have everything they ever created,” someone from the hacking group The Dark Overlord told Motherboard in an online chat. The hackers claim to have over 500GB of research and development materials, including intellectual property and product designs, and access to Dropbox and personal email accounts related to the family-run Gorilla Glue.
Highway deaths have surged in the last two years, and experts put much of the blame on in-car use of smartphones and dashboard apps. http://www.nytimes.com/2016/11/16/business/tech-distractions-blamed-for-rise-in-traffic-fatalities.html
Apple denies responsibility (Bryan Clark in The Next Web) Bryan Clark, The Next Web, 18 Nov 2016 Apple finally acknowledges iPhone 'Touch Disease' problem ...by denying responsibility http://thenextweb.com/apple/2016/11/18/apple-finally-acknowledges-iphone-touch-disease-problem-by-denying-responsibility/ Also: TechCrunch, 17 Nov 2016 Apple addresses Touch Disease with reduced cost repair for iPhone 6 Plus https://techcrunch.com/2016/11/17/apple-addresses-touch-disease-with-reduced-cost-repair-for-iphone-6-plus/
Please report problems with the web pages to the maintainer