Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
[via Dave Farber] ... a recurring but unexplained phenomenon keeps shutting down *all* solar power in the country for as much as 14 hours at a time. Scientists have not yet named the frightening event, although some have suggested adapting the French term "La nuit" or German's "Der Nacht". Geoff Kuenning geoff@cs.hmc.edu http://www.cs.hmc.edu/~geoff/
http://www.masslive.com/business-news/index.ssf/2017/07/massachusetts_tax_system_blocks_payments.html
https://www.wired.com/story/alphabay-takedown-dark-web-chaos/ Not since the days of the now-legendary Silk Road has a single site dominated the dark web's black market as completely, and for as long, as the online bazaar known as AlphaBay. And with the news that the site has been torn down by a law enforcement raid--and one of its leaders found dead in a Thai prison—the dark web drug trade has fallen into a temporary state of chaos. https://www.wired.com/story/alphabay-takedown-dark-web-chaos/
via NNSquad https://www.upguard.com/breaches/verizon-cloud-leak The data repository, an Amazon Web Services S3 bucket administered by a NICE Systems engineer based at their Ra'anana, Israel headquarters, appears to have been created to log customer call data for unknown purposes; Verizon, the nation's largest wireless carrier, uses NICE Systems technology in its back-office and call center operations. In addition, French-language text files stored in the server show internal data from Paris-based telecommunications corporation Orange S.A.--another NICE Systems partner that services customers across Europe and Africa. Beyond the risks of exposed names, addresses, and account information being made accessible via the S3 bucket's URL, the exposure of Verizon account PIN codes used to verify customers, listed alongside their associated phone numbers, is particularly concerning. Possession of these account PIN codes could allow scammers to successfully pose as customers in calls to Verizon, enabling them to gain access to accounts--an especially threatening prospect, given the increasing reliance upon mobile communications for purposes of two-factor authentication.
NNSquad https://www.scientificamerican.com/article/how-fake-news-goes-viral-mdash-heres-the-math/ Models similar to those used to track disease show what happens when too much information hits social media networks.
Spotify's playlists are dotted with hundreds of songs done by composers under pseudonyms, but the company says it is just soliciting music to meet demand. https://www.nytimes.com/2017/07/14/business/media/while-some-cry-fake-spotify-sees-no-need-to-apologize.html
via NNSquad http://gizmodo.com/nearly-90-000-sex-bots-invaded-twitter-in-one-of-the-la-1796985630 Last week, Twitter's security team purged nearly 90,000 fake accounts after outside researchers discovered a massive botnet peddling links to fake "dating" and "romance" services. The accounts had already generated more than 8.5 million posts aimed at driving users to a variety of subscription-based scam websites with promises of—you guessed it—hot Internet sex.
via NNSquad https://electrek.co/2017/07/17/tesla-fleet-hack-elon-musk/?utm_content=buffer304a1&utm_medium=social&utm_source=plus.google.com&utm_campaign=buffer He followed with an interesting example of what someone could do with that kind of access: "In principles, if someone was able to say hack all the autonomous Teslas, they could say - I mean just as a prank - they could say 'send them all to Rhode Island' [laugh] - across the United States... and that would be the end of Tesla and there would be a lot of angry people in Rhode Island." And that's like a best case scenario. Musk continued with what Tesla is doing to try to prevent that: "We gotta make super sure that a fleet-wide is basically impossible and that if people are in the car, that they have override authority on whatever the car is doing. If the car is doing something wacky, you can press a button that no amount of software can override and ensure that you gain control of the vehicle and cut the link to the servers." But governments will demand access to data from and control over autonomous vehicles, both individually and en masse, no matter what Musk or other manufacturers want. Autonomous vehicles represent the greatest potential for government control over individuals in the history of mankind.
https://www.youtube.com/watch?v=qtpRMsDuH74
It seems to me that any allegation that the pacemaker data is evidence of anything should require, at a minimum, establishment of a cause --> effect relationship published in peer-reviewed literature. Lacking that, it's just like tarot cards or something. http://www.bbc.com/news/technology-40592520
I am reluctant to question an Australian's statement about kangaroos, but surely a taller object would appear to be nearer than it really is?
Tom Donilon, National Security Advisor 2010-2013, advocates for paper ballots in his opinion piece https://www.washingtonpost.com/opinions/russia-will-be-back-heres-how-to-hack-proof-the-next-election/2017/07/14/f085e870-67d5-11e7-a1d7-9a32c91c6f40_story.html?utm_term=.1be864cac68d Tom Donilon, *The Washington Post*, 14 Jul 2017 Russia will be back. Here's how to hack-proof the next election. Russian President Vladimir Putin and President Trump meet at the G-20 summit in Hamburg on July 7. (Evan Vucci/Associated Press) [PGN-ed] Tom Donilon was national security adviser to President Barack Obama from 2010 to 2013. In 2016, he chaired the President's Commission on Enhancing National Cybersecurity. We now know that Russian President Vladimir Putin ordered a comprehensive effort to interfere with the 2016 presidential election. This mission involved the cybertheft and strategic publication of politically sensitive emails, the placement and amplification of misinformation on social media, overt propaganda and efforts to penetrate the systems of dozens of state election authorities. This is not speculation or political posturing; it is the public and high-confidence conclusion of the U.S. intelligence community. And it is wholly consistent with past Soviet and Russian use of active measures -- intelligence operations meant to shape an adversary's political decisions -- with the strategic goal of undermining the integrity of and confidence in the West. Modern technology has only increased the speed, scale and efficacy of such actions. This would be alarming even as a one-time occurrence, but as former FBI director James B. Comey recently warned, They will be back. The fact is that, so far, Putin has paid too small a price to meaningfully deter him in the future. Here are five concrete steps the United States should take to meet this ongoing threat to our democracy: First, President Trump must unequivocally acknowledge Russia's attack on the 2016 election and clearly state that any future attack on our democratic institutions will not be tolerated. [...] Second, the Department of Homeland Security and the Election Assistance Commission (EAC) should lead a process to develop election baseline cybersecurity guidelines and help states implement these best practices. [...] Third, we must develop a better system for sharing information between state and federal officials. While the U.S. election system is decentralized, the threats against it are not confined to state borders. [...] Fourth, we must engage in a national policy discussion about the roles and responsibilities of our social media platforms and the steps they should take to protect our democracy from malign interference. [...] Fifth, the United States should work within international forums to establish the principle that an attack on election systems violates the principles of noninterference and sovereignty and would justify a robust response. [...] These are steps we can take to help secure the future of our democratic institutions in the cyber-age. We are on notice. We must act now.
Middle East Monitor (Israel), Jul 14 2017 [PGN-ed] <https://www.middleeastmonitor.com/category/region/middle-east/israel/> *Haaretz* reported yesterday that Israel's National Cyber Authority is expected to recommend the manual counting of votes in future elections in order to prevent cyberattacks, following recent attempts to meddle with elections in the West, Formed 18 months ago, the authority is working on a defence plan against possible meddling in Israeli elections through cyberattacks similar to what recently took place in the United States, France and Ukraine. It will recommend that votes continue to be counted manually in Israel, as they always have, even if this is an outdated method. However, *Haaretz* noted that other aspects of the election campaign and preparations for Election Day are also exposed to cyberattacks and need protection. Citing cyberexperts, they report that Israel is aware that countries and groups seek to disrupt Israeli elections, and that there is a growing risk they might succeed in their endeavour.
https://www.washingtonpost.com/world/national-security/uae-hacked-qatari-government-sites-sparking-regional-upheaval-according-to-us-intelligence-officials/2017/07/16/00c46e54-698f-11e7-8eb5-cbccc2e7bfbf_story.html
Maybe I have forgotten the context of Youngman's email but I don't understand what point he is making. ALL engineering depends on mathematics, because math-based methods are far more likely to lead to dependable systems than using math-free methods. What methods would he recommend? All reasoning depends on axioms. Does Youngman eschew reasoning? https://www.gresham.ac.uk/professorships/it-professorship/
> Risks (totally unmentioned, and often left to the imagination of RISKS > readers) might include (for example), ... And probably invalidating your insurance.
No surprise here. Tapscott, a "futurist" (and now with his son), has a well-established history as an uncritical Internet cheerleader, and he's simply applying his MO to the Next Big Thing. Hard to sell books and get lecturing gigs otherwise.
> "How do you check out shrink-wrapped commercial thumb drives?" The commercial antivirus installed on my home computer automatically scans any portable media connected via a USB port. The scan continues unless stopped explicitly. Doing away with auto run was a good start. That said, scanning only works for detectable malware. Custom or low volume malware may evade scans for a long time, unless the people using it get stupid or the check monitors patterns of access to storage and network. Michael Haephrati and his "clients" got caught when he used his custom malware to hack ex-relatives after a bitter divorce, then posted draft novel excerpts written by one of them on the web. Ironically the novel portrayed police investigating IT crimes as unresponsive and ineffective. In life Israeli Law Enforcement action was timely and very effective. Life is not compelled to imitate Art. http://www.networkworld.com/article/2344015/security/four-private-investigators-in-the-israeli-trojan-fiasco-sentenced--finally-.html https://www.theguardian.com/world/2005/may/31/israel https://en.wikipedia.org/wiki/Amnon_Jackont#Trojan_horse_exposure
Bruce Schneier, CTO, IBM Resilient https://www.schneier.com
CRYPTO-GRAM, July 15, 2017 [PGN-excerpted]
For back issues, or to subscribe, visit
<https://www.schneier.com/crypto-gram.html>.
Book Review: "Twitter and Tear Gas," by Zeynep Tufekci
There are two opposing models of how the Internet has changed protest
movements. The first is that the Internet has made protesters mightier than
ever. This comes from the successful revolutions in Tunisia (2010-11), Egypt
(2011), and Ukraine (2013). The second is that it has made them more
ineffectual. Derided as "slacktivism" or "clicktivism," the ease of action
without commitment can result in movements like Occupy petering out in the
US without any obvious effects. Of course, the reality is more nuanced, and
Zeynep Tufekci teases that out in her new book "Twitter and Tear Gas."
Tufekci is a rare interdisciplinary figure. As a sociologist, programmer,
and ethnographer, she studies how technology shapes society and drives
social change. She has a dual appointment in both the School of Information
Science and the Department of Sociology at University of North Carolina at
Chapel Hill, and is a Faculty Associate at the Berkman Klein Center for
Internet and Society at Harvard University. Her regular "New York Times"
column on the social impacts of technology is a must-read.
Modern Internet-fueled protest movements are the subjects of "Twitter and
Tear Gas." As an observer, writer, and participant, Tufekci examines how
modern protest movements have been changed by the Internet—and what that
means for protests going forward. Her book combines her own ethnographic
research and her usual deft analysis, with the research of others and some
big data analysis from social media outlets. The result is a book that is
both insightful and entertaining, and whose lessons are much broader than
the book's central topic.
"The Power and Fragility of Networked Protest" is the book's subtitle. The
power of the Internet as a tool for protest is obvious: it gives people
newfound abilities to quickly organize and scale. But, according to Tufekci,
it's a mistake to judge modern protests using the same criteria we used to
judge pre-Internet protests. The 1963 March on Washington might have
culminated in hundreds of thousands of people listening to Martin Luther
King Jr. deliver his "I Have a Dream" speech, but it was the culmination of
a multi-year protest effort and the result of six months of careful planning
made possible by that sustained effort. The 2011 protests in Cairo came
together in mere days because they could be loosely coordinated on Facebook
and Twitter.
That's the power. Tufekci describes the fragility by analogy. Nepalese
Sherpas assist Mt. Everest climbers by carrying supplies, laying out ropes
and ladders, and so on. This means that people with limited training and
experience can make the ascent, which is no less dangerous—to sometimes
disastrous results. Says Tufekci: "The Internet similarly allows networked
movements to grow dramatically and rapidly, but without prior building of
formal or informal organizational and other collective capacities that could
prepare them for the inevitable challenges they will face and give them the
ability to respond to what comes next." That makes them less able to respond
to government counters, change their tactics—a phenomenon Tufekci calls
"tactical freeze"—make movement-wide decisions, and survive over the long
haul.
Tufekci isn't arguing that modern protests are necessarily less effective,
but that they're different. Effective movements need to understand these
differences, and leverage these new advantages while minimizing the
disadvantages.
To that end, she develops a taxonomy for talking about social movements.
Protests are an example of a "signal" that corresponds to one of several
underlying "capacities." There's narrative capacity: The ability to change
the conversation, as Black Lives Matter did with police violence and Occupy
did with wealth inequality. There's disruptive capacity: The ability to stop
business as usual. An early Internet example is the 1999 WTO protests in
Seattle. And finally, there's electoral or institutional capacity: The
ability to vote, lobby, fund raise, and so on. Because of various
"affordances" of modern Internet technologies, particularly social media,
the same signal—a protest of a given size—reflects different
underlying capacities.
This taxonomy also informs government reactions to protest movements. Smart
responses target attention as a resource. The Chinese government responded
to 2015 protesters in Hong Kong by not engaging with them at all, denying
them camera-phone videos that would go viral and attract the world's
attention. Instead, they pulled their police back and waited for the
movement to die from lack of attention.
If this all sounds dry and academic, it's not. "Twitter and Tear Gas" is
infused with a richness of detail stemming from her personal participation
in the 2013 Gezi Park protests in Turkey, as well as personal on-the-ground
interviews with protesters throughout the Middle East—particularly Egypt
and her native Turkey—Zapatistas in Mexico, WTO protesters in Seattle,
Occupy participants worldwide, and others. Tufekci writes with a warmth and
respect for the humans that are part of these powerful social movements,
gently intertwining her own story with the stories of others, big data, and
theory. She is adept at writing for a general audience, and—despite being
published by the intimidating Yale University Press—her book is more
mass-market than academic. What rigor is there is presented in a way that
carries readers along rather than distracting.
The synthesist in me wishes Tufekci would take some additional steps, taking
the trends she describes outside of the narrow world of political protest
and applying them more broadly to social change. Her taxonomy is an
important contribution to the more-general discussion of how the Internet
affects society. Furthermore, her insights on the networked public sphere
has applications for understanding technology-driven social change in
general. These are hard conversations for society to have. We largely prefer
to allow technology to blindly steer society or—in some ways worse --
leave it to unfettered for-profit corporations. When you're reading
"Twitter and Tear Gas," keep current and near-term future technological
issues such as ubiquitous surveillance, algorithmic discrimination, and
automation and employment in mind. You'll come away with new insights.
Tufekci twice quotes historian Melvin Kranzberg from 1985: "Technology is
neither good nor bad; nor is it neutral." This foreshadows her central
message. For better or worse, the technologies that power the networked
public sphere have changed the nature of political protest as well as
government reactions to and suppressions of such protest.
I have long characterized our technological future as a battle between the
quick and the strong. The quick—dissidents, hackers, criminals,
marginalized groups—are the first to make use of a new technology to
magnify their power. The strong are slower, but have more raw power to
magnify. So while protesters are the first to use Facebook to organize, the
governments eventually figure out how to use Facebook to track
protesters. It's still an open question who will gain the upper hand in the
long term, but Tufekci's book helps us understand the dynamics at work.
This essay originally appeared on Vice Motherboard.
https://motherboard.vice.com/en_us/article/43dx3j/twitter-and-tear-gas-review
The book:
https://www.twitterandteargas.org/
https://www.amazon.com/Twitter-Tear-Gas-Fragility-Networked/dp/0300215126/
Tufekci:
https://twitter.com/zeynep
https://www.nytimes.com/column/zeynep-tufekci
Please report problems with the web pages to the maintainer