Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
via NNSquad http://www.bbc.com/news/world-asia-39176350 In Indonesia, the rise of fake news, hoaxes, and misleading information online has cast a pall over an already bitterly divided election in the capital, Jakarta. BBC Indonesian's Christine Franciska looks at why activists are describing this as a dark era in Indonesia's digital life.
Andrew Higgins, *The New York Times*, 18 Apr 2017 State-run Russian News Operations Disperse Slanted Reports
Patrick Kingsley, *The New York Times*, 18 Apr 2017 Noting irregularities, opposition party seeks recount. The pro-Kurdish party noted that as many as 3M votes lacked an official stamp and should be invalidated. Teams of European observers also had complaints. Unlevel playing field with Erdogan's "state of emergency". Opposition party people arrested. "No" campaigners physically intimidated, rallies limited. That seems to be a recipe for a "fair" election rather than a "good" one or an "excellent" one—if you subscribe to the other meaning of "fair". [PGN-ed]
Princeton University 13 Apr 2017 via ACM TechNews 17 Apr 2017 Researchers at Princeton University have demonstrated how machines can be reflections of their creators' biases. They determined common machine-learning programs, when fed ordinary human language available online, can obtain cultural prejudices embedded in the patterns of wording. "We have a situation where these artificial intelligence [AI] systems may be perpetuating historical patterns of bias that we might find socially unacceptable and which we might be trying to move away from," warns Princeton professor Arvind Narayanan. The team experimented with a machine-learning version of the Implicit Association Test, the GloVe program, which can represent the co-occurrence statistics of words in a specific text window. The test replicated the broad substantiations of bias found in select Implicit Association Test studies over the years that relied on human subjects. Coders might hope to prevent the perpetuation of cultural stereotypes via development of explicit, math-based instructions for machine-learning programs underpinning AI systems. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-13472x2118efx072995&
BBC via NNSquad http://www.bbc.com/future/story/20170410-how-to-fool-artificial-intelligence The year is 2022. You're riding along in a self-driving car on a routine trip through the city. The car comes to a stop sign it's passed a hundred times before - but this time, it blows right through it. To you, the stop sign looks exactly the same as any other. But to the car, it looks like something entirely different. Minutes earlier, unbeknownst to either you or the machine, a scam artist stuck a small sticker onto the sign: unnoticeable to the human eye, inescapable to the technology. In other words? The tiny sticker smacked on the sign is enough for the car to "see" the stop sign as something completely different from a stop sign. It may sound far-fetched. But a growing field of research proves that artificial intelligence can be fooled in more or less the same way, seeing one thing where humans would see something else entirely.
Robert Hackett On Friday the Shadow Brokers, a mysterious hacker or group of hackers, released the Microsoft apocalypse that wasn't. What originally appeared to be one of the most damaging releases in recent memory of zero-day exploits, or hacking tools that take advantage of previously unknown software vulnerabilities, fell from the sky with the shrieking ferocity of a MOAB bomb and landed with the soft thud of a dud. Unknown to members of the information security community all through the day, Microsoft had quietly patched the majority of the Windows flaws in a security update last month, preventing the NSA-crafted espionage tools from being abused by opportunistic attackers after their leak. The company only announced that fact late in the evening. Prior to Microsoft's hysteria-neutering blog post, security pros had been tearing apart the leaked cache of digital weapons, running the attack code on their test systems, and warning the world about the potential danger of anyone connected to the Internet with a Windows-based computer. That the researchers were running slightly outdated, un-patched versions of Microsoft's software only became apparent after the company made its late-night announcement. Given that Microsoft seemed to miraculously fix the hitherto unknown bugs just a month prior to their exposure leads any sane onlooker to the conclusion that the U.S. government must have alerted the company to these problems earlier and on the sly, preempting fallout. (A customary acknowledgment for the researcher who reported the bugs was conspicuously absent from Microsoft's post, hmm.) If so, this coordinated disclosure represents a major policy coup. Instead of sticking its head in the sand (as critics often accuse the intelligence community of doing), the spy set appears to have worked with the tech sector, taking proactive measures to defuse the situation before it could get out of hand. This is the right approach; kudos to all involved. To stay protected, make sure your systems—Windows 7 or later—are up to date with the latest patches, dear readers. And a Happy Easter to those who celebrate.
Henry Farrell, 15 Apr 2017 https://www.washingtonpost.com/news/monkey-cage/wp/2017/04/15/shadowy-hackers-have-just-dumped-a-treasure-trove-of-nsa-data-heres-what-it-means/ A group of hackers called the Shadow Brokers has just released a new dump of data from the National Security Agency. This is plausibly the most extensive and important release of NSA hacking tools to date. It's likely to prove awkward for the U.S. government, not only revealing top-secret information but also damaging the government's relationships with U.S. allies and with big information technology firms. That is probably the motivation behind the leak: The Shadow Brokers are widely assumed to be connected with the Russian government. Here's what the dump means. What information has been released? The release is only the most recent in a series of Shadow Broker dumps of information. However, it is by far the most substantial, providing two key forms of information. The first is a series of zero-day exploits for Microsoft Windows software. Zero-day exploits are attacks that take advantage of unknown vulnerabilities in a given software package. Exploits against commonly used software such as Windows are highly valuable =94 indeed, there is a clandestine international market where hackers sell exploits (sometimes through middlemen) to intelligence agencies and other interested parties, often for large sums of money. Intelligence services can then use these exploits to compromise the computers of their targets. Second, information in the dump seems to show that the NSA has penetrated a service provider for SWIFT, an international financial messaging service. Specifically, it appears to have penetrated a SWIFT Service Bureau that provides support for a variety of banks in the Middle East. Why are zero-day exploits important? The leak of the zero-day exploits is important for two reasons. First, once the existence of a zero-day exploit is revealed, it rapidly loses a lot of its value. Zero-day exploits work reliably only when they are held secret. Microsoft may already have fixed many of these vulnerabilities (there are conflicting reports from Microsoft and security companies UPDATE: NOW SECURITY RESEARCHERS APPEAR TO HAVE WITHDRAWN THEIR CLAIMS). However, if it hasn't, or if the attacks provide information to hackers that can b= e used to generate more attacks, unscrupulous hackers might be able to take advantage. In a worst-case scenario, there may be a period when it's as if criminal hackers suddenly acquired super powers in an explosion, as in the TV show The Flash, and started using them for nefarious ends. Second, and as a consequence, trust between the United States and big software companies may be seriously damaged. Some weeks ago, Adam Segal of the Council on Foreign Relations wrote a report talking about how the U.S. government needs to rebuild a relationship with Silicon Valley that had been badly damaged by the Edward Snowden revelations. Now, the damage is starting to mount up again. Most people think of the NSA as a spying agency and do not realize that it has a second responsibility: It is also supposed to protect the security of communications by U.S. citizens and companies against foreign incursions. When the United States learns of a zero-day exploit against software used by Americans, it is supposed to engage in an equities process, in which the default choice should be to inform the software producer so that it can fix the vulnerability, keeping the zero-day secret only if a special case can be made for it. [...]
http://www.telegraph.co.uk/news/2017/04/15/car-parking-app-customers-personal-data-shared-others-company/
via NNSquad http://www.kabc.com/news/california-secession-bid-fails-leader-is-living-in-russia/ Supporters of one long-shot bid to make California an independent nation ended their effort on Monday, while another group said it will launch a new campaign for a statewide vote next year, reports the AP. The Yes California Independence Campaign faltered after its president, Louis Marinelli, revealed ties to Russia.
OnTheWire via NNSquad https://www.onthewire.io/inside-the-tech-support-scam-ecosystem/ "So far, we collected more than 25K scam domains and thousands of scam phone numbers and we [have] evidence that this threat is not going to decrease soon and it still has an increasing trend," Miramirhani said. REFERENCE: User Trust Fail: Google Chrome and the Tech Support Scams -- https://lauren.vortex.com/2017/01/12/user-trust-failure-google-chrome-and-the-tech-support-scams
A Republican lawmaker who voted to eliminate Internet privacy rules said, "Nobody's got to use the Internet" when asked why ISPs should be able to use and share their customers' Web browsing history for advertising purposes. https://arstechnica.com/tech-policy/2017/04/dont-like-privacy-violations-dont-use-the-internet-gop-lawmaker-says/ The risk? People like that.
Parking meter? How quaint. I'm now using a phone application called Pango which identifies where a user is parked (in a garage or on a street) when it's turned on, and charges the account for parking fees when it's turned off (in garages it can do this automatically, I prefer manual mode). Additional payments could be charged to the account the same way. > But if we are to have autonomous cars zooming past too fast to see the signs, marketing to reach riders of the autonomous vehicles may need a sea change of technology rethinking. The Waze navigation application (recently acquired by Google) already has this feature, flashing ads on the screen for businesses while a user approaches them or drives by.
Please report problems with the web pages to the maintainer