Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Timothy Egan, *The New York Times*, 8 Dec 2018, op-ed below the main editorial At what point is control lost and the creations take over? How about now? This mentions the Lion Air Flight 610, where the pilots did not realize that what they needed to do was to disable the autopilot. It concludes: As haunting as those final moments inside the cockpit of Flight 610 were, it's equally haunting to grasp the full meaning of what happened. The system overrode the humans and killed everyone. Our invention. Our folly.
The obvious solution is a training signal. http://www.smbc-comics.com/comics/1543932715-20181204.png
The idea that using hitting a button or other control while a screen is rendering is a user error is astounding. If the machine incorrectly interprets user input it is a bug plain and simple. Amid scattered complaints by straight-ticket early voters of both parties that their ballots did not, at first, correctly record their choice of either Democrat Beto O'Rourke or Republican Ted Cruz for U.S. Senate, state and local election officials are cautioning voters to take their time in voting and check the review screen for accuracy before casting ballots. The elections officials say the problems resulted from user error in voting on the Hart eSlate machines widely used in Texas—including in Travis, Hays and Comal counties—and are not the result of a machine glitch or malfunction. “The Hart eSlate machines are not malfunctioning,'' said Sam Taylor, communications director for the Texas secretary of state's office. “The problems being reported are a result of user error—usually voters hitting a button or using the selection wheel before the screen is finished rendering.'' Taylor said the office is aware of a handful of complaints and that the voters were able to correct their ballots before casting their votes. 3Dhttps://www.statesman.com/news/20181026/texas-straight-ticket-voters-report-ballot-concerns
Users of Tesco Mobile and Sky Mobile also hit as O2 blames supplier's software glitch https://www.theguardian.com/business/2018/dec/06/o2-customers-unable-to-get-online O2 announces goodwill gestures after millions hit by data outage Provider repeats apology for customers' loss of connection and offers compensation. https://www.theguardian.com/business/2018/dec/07/o2-services-restored-after-millions-hit-by-data-outage Ericsson apologises for O2 network outage The data network crash, which affected millions of people worldwide, was caused by an expired software certificate. https://www.computing.co.uk/ctg/news/3067847/ericsson-apologises-for-o2-network-outage Update on software issue impacting certain customers https://www.ericsson.com/en/press-releases/2018/12/update-on-software-issue-impacting-certain-customers SoftBank Apology for Mobile Communication Service Troubles https://www.softbank.jp/en/corp/group/sbm/news/press/2018/20181206_02/
https://theintercept.com/2018/12/03/air-travel-surveillance-homeland-security/ Among the data items the DHS's GTAS (Global Travel Assessment System) will consume when augmented by Virgina-based DataRobot's stack are: "...the software's predictions must be able to function 'solely' using data gleaned from ticket records and demographics—criteria like origin airport, name, birthday, gender, and citizenship. The software can also draw from slightly more complex inputs, like the name of the associated travel agent, seat number, credit card information, and broader travel itinerary." "If you ask DHS, this is a categorical win-win for all parties involved. Foreign governments are able to enjoy a higher standard of security screening; the United States gains some measure of confidence about the millions of foreigners who enter the country each year; and passengers can drink their complimentary beverage knowing that the person next to them wasn't flagged as a terrorist by DataRobot's algorithm. But watchlists, among the most notorious features of post-9/11 national security mania, are of questionable efficacy and dubious legality. A 2014 report by The Intercept pegged the U.S. Terrorist Screening Database, an FBI data set from which the no-fly list is excerpted, at roughly 680,000 entries, including some 280,000 individuals with 'no recognized terrorist group affiliation.' Risk: Security by obscurity. What historical data, beyond watch list name match, will tip the algorithm into flagging a ticketed passenger for a pre-board interrogation? Perhaps a preference for pretzels over peanuts?
https://www.nytimes.com/2018/10/26/style/phones-children-silicon-valley.html Mental illness traced to wireless mobile device (WMD) addiction has a label: The 'iDisorder.' See a book review: https://www.nytimes.com/2012/05/13/business/in-idisorder-a-look-at-mobile-device-addiction-review.html Excessive mobile device usage, induced by applications that easily captivate, is unhealthy. Children are especially susceptible to overuse. While there's no equivalent to the US Surgeon General's "Smoking causes cancer" warning, strictly enforced mobile device access restrictions for adolescents constitute wise parental guidance. The National Institutes for Health archives several studies on the physiological effects arising from excessive mobile device usage. "The Potential Impact of Internet and Mobile Use on Headache and Other Somatic Symptoms in Adolescence. A Population-Based Cross-Sectional Study" published JUL2016 at https://www.ncbi.nlm.nih.gov/pubmed/27255862. "Conclusion: Results highlighted the potential impact of excessive internet and mobile use, which ranges from different types of headache to other somatic symptoms. Further studies are needed to confirm these findings and to determine if there is a need for promoting preventive health interventions, especially in school setting." "Evaluation of mobile phone addiction level and sleep quality in university students" published JUL-AUG2013 at https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3817775/. "Conclusion: The sleep quality worsens with increasing addiction level. It was concluded that referring the students with suspected addiction to advanced healthcare facilities, performing occasional scans for early diagnosis and informing the students about controlled mobile phone use would be useful."
A tweet from Mr. Giuliani now links to an anti-Trump page. The president's lawyer blamed Twitter, but the culprit was his own typo (plus a prankster in Atlanta). https://www.nytimes.com/2018/12/05/us/politics/rudy-giuliani-twitter-links.html Risks? Technology + Giuliani.
https://sg.news.yahoo.com/teen-electrocuted-while-using-headphones-053237666.html "Injuries and accidents caused by power surges while mobile phones are charging are not uncommon, and by now we should all know a few tips to keep us safe while using mobile devices. Namely, try not to use your charging phone. Plugged into a wall, the live socket could deliver up to 230 volts of electric charge, which could be leaked by a loose cable, or inferior quality charger than the one the manufacturer gave you." The "stuff that comes out of the wall" in Malaysia is 230 volts @ 50Hz. From Brazil, a similar event was reported 20FEB2018 at https://www.thesun.co.uk/news/5626441/girl-17-electrocuted-with-headphones-melted-in-her-ears-while-using-her-mobile-that-was-charging/
https://www.cbc.ca/news/canada/toronto/car-thefts-rising-1.4930890 According to Bates, many of these thieves are using a method called "relay theft." Key fobs are constantly broadcasting a signal that communicates with a specific vehicle, he said, and when it comes into a close enough range, the vehicle will open and start. "The way that the thieves are getting around this is they're essentially amplifying that low power signal coming off of the push start fob," he said. "They will prey upon the general consensus that most people are leaving their key fobs close to the front door of their home and the vehicle will be in the driveway." The thief will bring a device close to the home's door, close to where most keys are sitting, to boost the fob's signal. They leave another device near the vehicle, which receives the signal and opens the car. Many people don't realize it, Bates said, but the thieves don't need the fob in the car to drive it away.
For me, Starbucks is not the religious experience it is for those who call it St. Arbucks. But somebody gave me a Starbucks card, and I thought I'd try out their registration and rewards program. OK, I'm quitting the Starbucks rewards program. I don't drink enough coffee to justify it anyway, but I've got lots of other accounts lying around the Net that I just let go dormant. The thing is, I can't use the Starbucks system. Literally. I can't sign back in. The system refuses to let me use my existing password. It tells me that password is invalid. When I try to reset my password, Starbucks sends me email with a link. It is some kind of weird formatting, because it won't show as a link on that email system, and I have to read the raw message and HTML and try to find the link. Having found the link, I try to reset and set it to the one I have used when I created the account. But the system tells me I can't use it since I've used it before. But if I try to log in with it, the system tells me it is invalid. Starbucks also has one of those huge lists of requirements for passwords. It's gotta be mixed case. It's gotta have numbers. It's gotta have symbols. It can't have certain symbols. It's gotta have emojis. It's gotta have your favourite Star wars character. (Regardless of whether or not your even know what Star Wars is.) I suppose I could figure out how to create a password acceptable to their system, and hope that the system doesn't forget the new one like it did the old one, but, frankly, Starbucks just isn't that important ...
Lancaster University (12/05/18) via ACM TechNews Researchers at Lancaster University in the U.K., Northwest University, and Peking University in China have demonstrated a deep learning algorithm that could render captcha security and authentication redundant. The algorithm solves captchas with substantially greater accuracy than earlier captcha attack systems, and successfully cracks captcha versions that defeated previous hacks. The system uses a generative adversarial network (GAN), educating a captcha generator to produce large numbers of training captchas that are indistinguishable from actual captchas. These are employed to quickly train a solver, which is tested against real captchas; the algorithm only needs 500 genuine captchas, rather than the millions required to train a conventional attack program. Lancaster's Zheng Wang said, "Our work shows that the security features employed by the current text-based captcha schemes are particularly vulnerable under deep learning methods." https://orange.hosting.lsoft.com/trk/click%3Fref%3Dznwrbbrs9_6-1d719x2190f8x069241%26
Tina Nazerian, EdSurge (CA) (3 Dec 2018 via ACM TechNews Eighty-eight percent of teachers said computer science is critical for students' success in the workplace, but two in 10 said their students are not taught any computer science, according to a survey of 540 K-12 teachers in the U.S. that was commissioned by Microsoft. The teachers attributed the gap to computer science not being part of their schools' curricula, a lack of funding for it, and computer science not being a subject on which students are tested. Microsoft's Mark Sparvell said, "Computer science is clearly in high demand. Teachers see it as a priority, parents see it as a priority from previous research. And yet, it's in low supply." Sheena Vaidyanathan, a computer science integration specialist in the Los Altos School District in California, said computer science should be part of the core U.S. education curriculum, like math and reading, rather than being dependent on funding and involvement from tech companies. https://orange.hosting.lsoft.com/trk/click%3Fref%3Dznwrbbrs9_6-1d719x2190fex069241%26
Like many cybersecurity bunkers, IBM's foxhole has deliberately theatrical touches. Whiteboards and giant monitors fill nearly every wall, with graphics that can be manipulated by touch. "You can't have a fusion center unless you have really cool TVs," quipped Lawrence Zelvin, a former Homeland Security official who is now Citigroup's global cybersecurity head, at a recent cybercrime conference. "It's even better if they do something when you touch them. It doesn't matter what they do. Just something." Security pros mockingly refer to such eye candy as "pew pew" maps, an onomatopoeia for the noise of laser guns in 1980s movies and video arcades. They are especially useful, executives concede, to put on display when V.I.P.s or board members stop by for a tour. Two popular "pew pew" maps are from FireEye and the defunct security vendor Norse, whose video game-like maps show laser beams zapping across the globe. Norse went out of business two years ago, and no one is sure what data the map is based on, but everyone agrees that it looks cool. https://www.nytimes.com/2018/05/20/business/banks-cyber-security-military.html Of course, a comment on the article has the solution: BLOCKCHAIN Software guarantees a valid trail of corrupted files, preserving the data. I wonder how long it will be until even that system is defeated. What BlockChain software the power is its distributive system, meaning that the data is stored in multiple private computers. Whether that system meets legal requirements for privacy is another question. But the logic is clear: if data is distributed according to a randomizing algorithm, that makes it a lot more complicated for intruders to be able to follow data and to corrupt the system to a point where it shuts down. Or worse, becomes subject to malware that results in ransom or other maneuvers of financial plundering. it is, no doubt, the bane of our digital world that the vulnerabilities are incomprehensible to the lay person and difficult if not impossible for the experts to protect fully. Things may not be at the point where investors are advised to purchase gold and hide under a mattress. But we may well be headed in that direction.
Inside the 21st-century battle of ideas waged by the fearful crown prince and a conniving courtier. https://www.washingtonpost.com/opinions/global-opinions/how-a-chilling-saudi-cyberwar-ensnared-jamal-khashoggi/2018/12/07/f5f048fe-f975-11e8-8c9a-860ce2a8148f_story.html
I get spam and phishing mail in English, many different accents of broken English, Chinese, Korean, Spanish, Serbian, German, French, and Hungarian; and perhaps I've forgotten a couple. The originating systems can be anywhere on the net, lately with an unusual concentration of personal systems in South America, probably infected, plus lots of Russian systems. The GDPR doesn't seem likely to touch this business, and I can't imagine why people ever thought it would. The GDPR does, however, impede a nonprofit I work with from helping many of our signed-up email recipients actually get the mail they want from us. You might say it could use more thinking and more work.
It seems that a major problem with the fake news epidemic has been the use of bot networks to promote articles. It seems like any sort of crowd-sourcing of news validation will just cause the bad actors to move their botnets to the new feedback buttons to swamp the real users in the voting process. The "wisdom of the crowd" presumes that you have some reasonable sample of people and not an auditorium packed with your paid shills.
Responding to Geoff Goodfellow's posting about an LA Times article about the risks of airport Wi-Fi, I've never understood why we consider this such a high threat. All mobile devices which ever sit outside of very strongly secured networks (which is basically all mobile devices) must be their own security perimeters. We must assume, and appropriately configure our devices to work securely in the case, that the Internet connection is being monitored, DNS can be hijacked, and unencrypted data sessions may be monitored or even tampered with. On that basis, an airport or coffee shop or any other Wi-Fi or 3G mobile or hotel or friend's home or any other network at all is no different than computing/networking in the general use case. So why do we continue to raise flags about "insecure WiFi" and evil twins, rather than push for secure-enough general configurations?
Please report problems with the web pages to the maintainer