Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Documentcloud via NNSquad https://assets.documentcloud.org/documents/3248260/DHS-FBI-analysis-of-Russian-hackers.pdf
http://www.nytimes.com/2016/12/29/world/europe/how-russia-recruited-elite-hackers-for-its-cyberwar.html The government scouted a wide range of civilian programmers in recent years, even criminals, while expanding its cyberwarfare abilities. While much about Russia's cyberwarfare program is shrouded in secrecy, details of the government's effort to recruit programmers in recent years -- whether professionals like Mr. Vyarya, college students, or even criminals -- are shedding some light on the Kremlin's plan to create elite teams of computer hackers.
http://www.nytimes.com/2016/12/29/us/politics/russia-election-hacking-sanctions.html The Obama administration said it was tossing out 35 intelligence operatives and imposing sanctions on Russian intelligence services and officers. [Editorial comment: We must always remember that the allegedly secure systems on which we must depend are nowhere near secure enough. Furthermore, security is often compromised by simple social engineering and other low-hanging bad fruit, irrespective of the technology. Nevertheless, nation-state hacking into other nations' systems is reprehensible. However, it is very likely to happen—especially as long as one's system and network security is so weak, and one's overall national computer literacy is so inadequate. PGN]
http://motherboard.vice.com/read/global-travel-booking-systems-open-to-fraud-and-abuse [This involves a decades-old back-end Global Distribution system that is hopelessly vulnerable and is being regularly exploited. No meaningful authentication. Almost all you need is the six-character reservation code. Exploitable hacks were apparently being discussed on 27 Dec at the annual Chaos Communication Conference. Legacy, schmegacy! PGN]
https://security.googleblog.com/2016/11/pixel-security-better-faster-stronger.html
NNSquad http://www.nytimes.com/2016/12/26/business/media/advertising-online-ads-fake-news-google.html?partner=rss&emc=rss "Honestly, the long tail is to advertising what subprime was to mortgages," he said. "No one knows what's in it, but it helps people believe that there is a mysterious tonnage of impressions that are really low cost. But low-cost impressions would mean low-cost human attention. How can any publisher of quality content survive on low-cost impressions?" Marc Goldberg, chief executive of Trust Metrics, an ad safety vendor, said the effort to remove bad actors ignored the fact that many advertisers value impressions over everything else. They would rather not choose and monitor what websites they are appearing on, he said, because they worry they will miss out on potentially lucrative destinations. "What they're doing is introducing all of these bad sites into our ecosystem and not having the means to monitor them appropriately and effectively," he said. "The big problem in our industry is our expectations of scale are not aligned with reality."
What are the risks of robots in the White House? If a robot can drive, why not a robot that tweets at 3am? The White House could use more automation, but could a robot deal with the lack of a "W" key? Also, does a robot requires Senate confirmation? https://secure.marketwatch.com/story/white-house-robots-may-take-half-of-our-jobs-and-we-should-embrace-it-2016-12-21 https://www.whitehouse.gov/sites/whitehouse.gov/files/documents/Artificial-Intelligence-Automation-Economy.PDF White House: Robots may take half of our jobs Will artificial intelligence have unintended consequences?
JR Raphael, *Computerworld*, 28 Dec 2016 Some are fascinating, others are frightening—but here's how to find out what Google has on you http://www.infoworld.com/article/3150925/privacy/14-eyebrow-raising-things-google-knows-about-you.html
There is an amusing (or, alternatively, chilling) tidbit on the German "fake news" debate. Michael Grosse-Brömer is Parliamentary Chairman of the CDU, the party of Chancellor Merkel. He made a short video teaser for a TV broadcast on ZDF, the public-service TV broadcaster, about "fake news". In this, he said (my translation) "We have to take notice, supported by findings of journalists, scientists and intelligence agencies, that there are a lot of people on the Net who want to destabilize, who spread false opinion, who want to manipulate. Politics has to deal with this, especially before election campaigns." Yes, he said "spread false opinion" ("falsche Meinung verbreiten" in the original German). Viewer comments ranged from "Finally, a politician who speaks the truth" to "Freudian slip, he said what he thinks, not what he wanted to say". Interestingly enough, the ZDF pulled the video and resulting viewer comments without comment or explanation. Grosse-Brömer later stated on Twitter that he meant to say "spread false reports" ("Falsche Meldungen verbreiten"). In view of the efforts create a "Ministry of Truth" within the German government (see RISKS-30.05), this is rather chilling. Here is the video, including the original sound track: https://twitter.com/berlindirekt/status/809786307648036865 And here some more analysis of his texts, in German: http://www.tichyseinblick.de/meinungen/destabilisierende-falsche-meinung-bitte-was/
http://www.nytimes.com/2016/12/29/world/asia/facebook-safety-check-bangkok.html The social network automatically linked to a bogus article about an explosion in Thailand and appeared to conflate it with a 2015 bombing.
http://www.usatoday.com/story/life/entertainthis/2016/12/27/britney-spears-tweets-death-hoax/95869094/
Sham scholarly publications and academic conferences without rigor reflect a legitimate problem: too many Ph.D. holders chasing too few credentials. http://www.nytimes.com/2016/12/29/upshot/fake-academe-looking-much-like-the-real-thing.html
The OSCE (international monitoring organization) says its IT systems were hit by cyberattackers. http://www.bbc.com/news/world-europe-38451064
Arkansas investigators are seeking access to what may have been recorded on the electronic personal assistant. http://www.nytimes.com/2016/12/28/business/amazon-echo-murder-case-arkansas.html
With the ability to communicate securely and free, the messaging app has become a mainstay for those who have left their homes for the unknown. http://www.nytimes.com/2016/12/21/technology/for-millions-of-immigrants-a-common-language-whatsapp.html
Airlines are wary of drones and other devices with powerful batteries. And they won't be as delighted as you are with that virtual reality headset. http://www.nytimes.com/2016/12/26/business/why-some-of-your-holiday-gifts-might-not-fly.html
FYI, Bill Gates now owns about 4% of Microsoft's stock. It's a big contract for Microsoft, but it's irrelevant for Gates.
In addition to fearing the results if governments try to label truth and falsehood, I certainly see little likelihood of that happening at least in the USA. In any grocery store checkout line there will be tabloid "newspapers" which present as truth all sorts of falsehoods. I see people reading them while waiting to check out, and occasionally buying them. When some celebrity thinks he/she has been damaged by an article, photograph, etc., and sues, these papers have consistently used the defense that "everybody knows we are just publishing material we created, for entertainment, with no claim to fact". (But I think many readers never heard that defense and subscribe to the "If it is in print it must be true" position.) These seem to me to be quite like the false news sites, but the US government has so far as I know never made any attempt to control them, and I suspect it would be thrown out on 1st Amendment grounds if it were tried. This does not mean I really want this attack on our national belief system to continue without legal action of some sort. But the only action I can imagine having a significant effect has no chance of happening, somehow educating and motivating our population to think.
[I thought Churchix was a bad joke 18 months ago, but apparently not; here's a *NYTimes* article from yesterday. HB] Jenna Wortham, *The New York Times*, 27 Dec 2016 Finding Inspiration for Art in the Betrayal of Privacy http://www.nytimes.com/2016/12/27/magazine/finding-inspiration-for-art-in-the-betrayal-of-privacy.html "There was an interactive demonstration on a widely used program called "Churchix," a facial-recognition tool licensed to churches that records and logs the identities of people entering the premises."
Since 2011, Applied Computer Security Associates, sponsor of the ACSAC, NSPW, LAW, and LASER conferences, has offered scholarships for women in security-related undergraduate and masters' degree programs through the Scholarships for Women Studying Information Security (SWSIS, www.swsis.org). Thanks to a $250,000 4-year contribution by Hewlett Packard Enterprise (HPE) in early 2014, ACSA expanded our program to award 11 scholarships for the 2014-15 academic year, 16 for the 2015-16 academic year, and 16 for the 2016-17 academic year. The Committee on the Status of Women in Computing Research (CRA-W), an arm of the Computing Research Alliance, led selection of scholarship winners. Information about the 49 SWSIS Scholars (scholarship winners) is available at www.swsis.org. ACSA, CRA-W, and HPE are pleased to announce that applications for 2017-18 scholarships are accepted Dec 15 2016 - Feb 1 2017. To apply, an applicant must provide: * An essay describing her interest and background in the information security field. * A current transcript. * A resume or CV. * At least two letters of reference (typically from faculty members). * Her university name and class status. The scholarship is renewable for a second year subject to availability of funds, given proof of satisfactory academic progress and available funds. Scholars must be US citizens or permanent residents; funds are available for use at any US campus of a US university. More information at www.swsis.org or swsis@swsis.org Jeremy Epstein, Director, Scholarship Programs Applied Computer Security Associates, Inc. Founder & Managing Director, SWSIS Rebecca Wright, CRA-W Scholar Selection Director Computing Research Association Committee on the Status of Women in Computing Research
Please report problems with the web pages to the maintainer