Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
https://www.bloomberg.com/news/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections Russia's cyberattack on the U.S. electoral system before Donald Trump's election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said. The scope and sophistication so concerned Obama administration officials that they took an unprecedented step—complaining directly to Moscow over a modern-day red phone. In October, two of the people said, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia's role in election meddling and to warn that the attacks risked setting off a broader conflict. Unwinding the Twists, Turns in Trump-Russia Probe: QuickTake Q&A <https://www.bloomberg.com/politics/articles/2017-05-09/unwinding-the-twists-turns-in-trump-russia-probe-quicktake-q-a> The new details, buttressed by a classified National Security Agency document recently disclosed by the Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts. But they also paint a worrisome picture for future elections: The newest portrayal of potentially deep vulnerabilities in the U.S.'s patchwork of voting technologies comes less than a week after former FBI Director James Comey warned Congress that Moscow isn't done meddling. “They're coming after America. They will be back.'' Kremlin Denials Russian officials have publicly denied any role in cyberattacks connected to the U.S. elections, including a massive spear-phishing effort that compromised Hillary Clinton's campaign and the Democratic National Committee, among hundreds of other groups. President Vladimir Putin said in recent comments to reporters that criminals inside the country could have been involved without having been sanctioned by the Russian government. [...] [Truncated for RISKS. PGN]
Evan Schuman, Computerworld, 13 Jun 2017 A criminal-case ruling favoring law enforcement would have implications for companies facing civil complaints http://www.computerworld.com/article/3200199/mobile-wireless/supreme-court-to-look-at-mobile-privacy-uh-oh.html opening text: Does the prospect of your company's worst enemies getting access to full tracking information on your employees' mobile phones freak you out? If so, you'll want to track something yourself: a case the U.S. Supreme Court just agreed to consider. Although the case involves criminal law and the question of whether police need a court-issued search warrant for intimate mobile records, one former federal prosecutor points out that the Court's ruling could open the door to civil discovery and subpoena access. In other words, the ruling could make such mobile data available to anyone who chooses to sue your company, for any reason, whether the claim is legitimate or not.
via NNSquad http://www.zdnet.com/article/microsoft-warns-of-destructive-cyberattacks-issues-new-windows-xp-patches/ Citing an "elevated risk for destructive cyberattacks," Microsoft today released an assortment of security updates designed to block attacks similar to those responsible for the devastating WannaCry/WannaCrypt ransomware outbreak last month. Today's critical security updates are in addition to the normal Patch Tuesday releases, Microsoft said. They'll be delivered automatically through Windows Update to devices running supported versions, including Windows 10, Windows 8.1, Windows 7, and post-2008 Windows Server releases. But in an unprecedented move, Microsoft announced that it was also making the patches available simultaneously for manual download and installation on unsupported versions, including Windows XP and Windows Server 2003. Both of those operating systems are still deployed by significant numbers of business customers years after their official support lifecycles ended.
These days, it's common knowledge that your phone and computer are tracking your location. Most people don't appear to care. They think the benefits of location tracking outweigh the security and privacy implications. You can make the argument they're right. Services such as Cortana and Google Search are not as powerful if they can't monitor your movements. However, you might be less aware of other ways some companies are tracking your location. Often, they use underhand tactics and collate information without you knowing. They are tracking you purely for self-interest. Here are a few ways you probably don't realize your whereabouts are being tracked. http://www.makeuseof.com/tag/location-tracking/
NNSquad http://gizmodo.com/hackers-hijacking-verified-accounts-to-spread-fake-news-1795997941 https://www.accessnow.org/doubleswitch-attack/ Security research group Access Now has discovered a clever attack being used against influential social media users as a means of disseminating fake news. The "Doubleswitch" not only involves hijacking verified accounts but makes it extremely difficult for the legitimate owner to regain control of their handle.
Lemme see. Computer algorithms read company SEC reports, company press releases, etc., and automatically generate "human"-readable news stories. Other computer algorithms read company SEC reports, twitter feeds, company press releases, and "human-readable" news stories and—before any human interaction -- near-instantaneously execute trades on various exchanges as a result. If some news story really is "news"—i.e., it contains new information that could affect the price of one or more stocks—then whichever algorithmic trader can process it fastest and place trades earliest can reap enormous rewards. What could possibly go wrong? "A lie can travel halfway round the world while the truth is putting on its shoes."—attributed to Mark Twain "Buy the rumor, sell the news" If someone can manufacture a fake news story and get it onto some social media—e.g., Twitter—these "AI" traders will have traded tens of millions of dollars worth of stock on this fake information during the milliseconds, seconds, minutes or hours it will take for the truth to catch up. What are the chances that this sort of thing is going on right now? What are the chances that some measurable fraction of the trading volume is generated in this manner? To cheat is human; to commit major fraud requires a fast computer. -- apologies to Bill Vaughan http://www.cnbc.com/2017/06/13/death-of-the-human-investor-just-10-percent-of-trading-is-regular-stock-picking-jpmorgan-estimates.html Just 10% of trading is regular stock picking, JPMorgan estimates 'Quantitative investing based on computer formulas and trading by machines directly are leaving the traditional stock picker in the dust and now dominating the equity markets, according to a new report from JPMorgan.' 'Kolanovic [global head of quantitative and derivatives research at JPMorgan] estimates "fundamental discretionary traders" account for only about 10 percent of trading volume in stocks. Passive and quantitative investing accounts for about 60 percent, more than double the share a decade ago, he said.' 'A subset of quantitative trading known as high-frequency trading accounted for 52 percent of May's average daily trading volume of about 6.73 billion shares, Tabb said. During the peak levels of high-frequency trading in 2009, about 61 percent of 9.8 billion of average daily shares traded were executed by high-frequency traders.' John Carney, CNBC, 23 Apr 2013 The Trading Robots Really Are Reading Twitter http://www.cnbc.com/id/100666302 Let's call it the Twitter Skitter. When the market briefly skidded after a hacked AP Twitter account reported explosions at the White House, we saw the first real-time demonstration of robo-trading riding on the back of social media. The plunge in the market was so quick that it obviously was not the result of individuals reading the phony news and deciding what action to take. Computers were making the tradesor, more precisely, ending the trades. ... The Twitter data stream has been available to high frequency traders since at least 2009. https://en.wikipedia.org/wiki/Algorithmic_trading '"Computers are now being used to generate news stories about company earnings results or economic statistics as they are released. And this almost instantaneous information forms a direct feed into other computers which trade on the news."' '"Increasingly, people are looking at all forms of news and building their own indicators around it in a semi-structured way," as they constantly seek out new trading advantages said Rob Passarella, global director of strategy at Dow Jones Enterprise Media Group. His firm provides both a low latency news feed and news analytics for traders. Passarella also pointed to new academic research being conducted on the degree to which frequent Google searches on various stocks can serve as trading indicators, the potential impact of various phrases and words that may appear in Securities and Exchange Commission statements and the latest wave of online communities devoted to stock trading topics.'
http://www.columbian.com/news/2017/jun/11/wsj-ends-google-users-free-ride-then-falls-44-in-search-results/ After blocking Google users from reading free articles in February, the Wall Street Journal's subscription business soared, with a fourfold increase in the rate of visitors converting into paying customers. But there was a trade-off: Traffic from Google plummeted 44 percent. The reason: Google search results are based on an algorithm that scans the Internet for free content. After the Journal's free articles went behind a paywall, Google's bot only saw the first few paragraphs and started ranking them lower, limiting the Journal's viewership. Executives at the Journal, owned by Rupert Murdoch's News Corp., argue that Google's policy is unfairly punishing them for trying to attract more digital subscribers. They want Google to treat their articles equally in search rankings, despite being behind a paywall. The ranking change is exactly what should have happened. A paywalled article is less useful to the average Google search user than a free article, so it's completely reasonable that this differential is reflected in search results rankings. Sorry, WSJ, I'm playing the world's tiniest violin for you.
NNSquad https://www.nytimes.com/2017/06/10/world/europe/turkey-wikipedia-ban-recep-tayyip-erdogan.html?partner=rss&emc=rss But beyond the problems it has created for the curious, Turkey's Wikipedia ban is a reminder of something darker, government critics say: a wholesale crackdown on free expression and access to information, amid wider oppression of most forms of opposition. Wikipedia is just one of 127,000 websites blocked in Turkey, estimated Professor Akdeniz, who has led legal challenges against the Wikipedia ban and other web restrictions. An additional 95,000 pages, like social media accounts, blog posts and articles, are blocked on websites that are not otherwise restricted, Mr. Akdeniz said. Some of these sites are pornographic. But many contain information and reporting that the government finds embarrassing. Sendika, an independent news outlet, is now on the 45th iteration of its website. The previous 44 were blocked.
“How screwed am I?'' asked a recent user on Reddit, before sharing a mortifying story. On the first day as a junior software developer at a first salaried job out of college, his or her copy-and-paste error inadvertently erased all data from the company's production database. https://qz.com/999495/the-tech-world-is-rallying-around-a-young-developer-who-made-a-huge-embarrassing-mistake/ [Even more embarrassing for the company if there were no backups! PGN]
Prof. Thimbleby and I shared our thoughts on how hospitals can climb out of the ransomware mess. Ransomware is just a symptom. Resolve the key root causes within the healthcare delivery supply chain: manufacturing, procurement, regulation, training, and governance. http://www.healthcareitnews.com/blog/ransomware%E2%80%A8-how-we-can-climb-out-mess Kevin Fu, Associate Professor, EECS Department, The University of Michigan kevinfu@umich.edu web.eecs.umich.edu/~kevinfu/ Twitter @DrKevinFu
> It's scary how many applications will not work on anything more modern > than Windows XP, or rely on appallingly out-of-date and deprecated > versions of Java. The problem is not the application software. There are programs written, compiled, and linked in the 1960s which can still be run on the most modern of IBM's mainframes with the most current operating system and program products installed. The problem is that, unlike IBM mainframes, operating systems and important products for PCs are not upwards compatible. This problem is not limited to Windows. I find the fact that some programs required "appallingly out-of-date" versions of Java to be a condemnation of current versions of Java.
[Dave Parnas has long been an advocate of better software. This article
makes a strong case for the role of precise documentation in trying to
attain better software. I consider this mandatory reading for designers
and implementers. PGN]
David L. Parnas, Precise Documentation: The Key to Better Software, in
*The Future of Software Engineering*, S. Nanz, (ed), Springer Berlin
Heidelberg, 2010, pp. 125--148,
DOI: 10.1007/978-3-642-15187-3_8
ISBN 978-3-642-15186-6 (Print)
ISBN 978-3-642-15187-3 (Online)
Abstract. The prime cause of the sorry `state of the art' in software
development is our failure to produce good design documentation. Poor
documentation is the cause of many errors and reduces efficiency in every
phase of a software product's development and use. Most software developers
believe that `documentation' refers to a collection of wordy, unstructured,
introductory descriptions, thousands of pages that nobody wanted to write
and nobody trusts. In contrast, Engineers in more traditional disciplines
think of precise blueprints, circuit diagrams, and mathematical
specifications of component properties. Software developers do not know how
to produce precise documents for software. Software developments also think
that documentation is something written after the software has been
developed. In other fields of Engineering much of the documentation is
written before and during the development. It represents forethought not
afterthought. Among the benefits of better documentation would be: easier
reuse of old designs, better communication about requirements, more useful
design reviews, easier integration of separately written modules, more
effective code inspection, more effective testing, and more efficient
corrections and improvements. This paper explains how to produce and use
precise software documentation and illustrate the methods with several
examples.
Here's another useful reference as well:
Carl Landwehr, J. Ludewig, R. Meersman, D.L. Parnas, P, Shoval, Y. Wand,
D. Weiss, and E. Weyuker, Software Systems Engineering programmes: a
capability approach, in Journal of Systems and Software, Vol. 125, March
2017, pp. 354--364, Article: JSS9898.
DOI: 10.1016/j.jss.2016.12.016
Please report problems with the web pages to the maintainer