Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Annie White lists the 10 largest recalls in Car and Driver's January 2019 issue: 4,846,885 FCA. Cruise control cannot be canceled. 1,619,112 Ford. Fire after seatbelt pretensioner deployment. 1,357,311 Honda. Passenger frontal airbag inflator may explode. 1,301,986 Ford. Steering wheel may detach. 1,282,596 Ford. Stuck canister purge valve may cause stall. 1,149,237 FCA. Tailgate may open unexpectedly. 1,015,918 GM. Temporary loss of electric power steering. 807,329 Toyota. Hybrid system may shut down and cause stall. 691,726 Honda. Passenger frontal airbag inflator may explode. 622,657 Toyota & Pontiac. Passenger frontal airbag inflator may explode. Recall numbers, listed on page 019, are from January--October 2018.
Dead CIA agents, ignored whistleblowers, Irresponsible encryption mongers, what-were-they-thinking ethics failures X N, election hacking, reaping-what-you-sow govt hacking blowback, Congressional oversight^H^H^H^H^Hlook, ordinary-citizens-are-human-shields-and- collateral damage, etc. In other words, 2018 was a very good year, if you happened to be a malicious hacker or a govt contractor (but I repeat myself). https://motherboard.vice.com/en_us/article/xwj38j/motherboard-cybersecurity-jealousy-list-2018 The Cybersecurity Stories We Were Jealous of in 2018 by Lorenzo Franceschi-Bicchierai and Joseph Cox Dec 21 2018, 7:10am Here at Motherboard, we are passionate about cybersecurity. ... here's a very incomplete list of our favorite stories ... that we wish we had done ourselves. Kaspersky's 'Slingshot' Report Burned An Isis-focused Intelligence Operation (Cyberscoop) https://www.cyberscoop.com/kaspersky-slingshot-isis-operation-socom-five-eyes/ What is a cybersecurity firm's responsibility around not exposing certain hacking operations? Here, Cyberscoop showed that sometimes companies do decide to unmask campaigns targeting arguably legitimate threats, such as terrorists. We also explored this dilemma in our feature on Kaspersky Lab a few weeks after Chis Bing and Patrick O'Neill's scoop. The CIA's Communications Suffered A Catastrophic Compromise. It Started In Iran. (Yahoo News) https://www.yahoo.com/news/cias-communications-suffered-catastrophic-compromise-started-iran-090018710.html The US government and its intelligence apparatus suffered a deadly blow in China in 2011 and 2012, when more than two dozen CIA sources and informants were killed. But it all started in Iran in 2009, when hackers broke into a CIA "Internet-based covert communications system," as revealed in this bombshell report by Zach Dorfman and Jenna McLaughlin. How Persian Gulf Rivals Turned US Media Into Their Battleground (BuzzFeed News) https://www.buzzfeednews.com/article/kevincollier/qatar-uae-iran-trump-leaks-emails-broidy Sometimes the best weapon a hacker can use is not an exploit or phishing kit, but the media. If you can discredit your enemy through the relatively cheap method of enticing a journalist with a scoop, you're onto a winning strategy. Just look at how Guccifier 2.0--a persona allegedly created by the Russian government--distributed the hacked Democrats material too. Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X For The Feds (Forbes) https://www.forbes.com/sites/thomasbrewster/2018/03/05/apple-iphone-x-graykey-hack/ This story broke open an entire avenue of reporting for us and others: finally, someone was selling relatively cheap tools for unlocking iPhones, which led to widespread proliferation of the tech not just among the three-letter intelligence agencies of the world, but also among state- and local law enforcement. This has ramifications for all sorts of things in the so-called Going Dark debate, and kicked off a new game of security cat-and-mouse between Apple and Grayshift. FBI Repeatedly Overstated Encryption Threat Figures To Congress, Public (The Washington Post) https://www.washingtonpost.com/world/national-security/fbi-repeatedly-overstated-encryption-threat-figures-to-congress-public/2018/05/22/5b68ae90-5dce-11e8-a4a4-c070ef53f315_story.html The FBI has been complaining about encryption ... well, pretty much since the 1990s. And in the last few years, particularly after Apple refused to help unlock an alleged terrorist's iPhone, the battle has intensified. This Washington Post scoop showed that the numbers trotted out by FBI officials when talking about how damaging strong encryption is during investigations were overstated and sometimes incorrect. In other words, encryption isn't as much of an hurdle as the FBI would like us to believe. Google Plans to Launch Censored Search Engine in China, Leaked Documents Reveal (The Intercept) https://theintercept.com/2018/08/01/google-china-search-engine-censorship/ Ryan Gallagher not only broke the news that Google was developing a search engine for China, one that would censor terms around human rights and protests, but he's also remained on top of the story. His reporting sparked widespread protests both internally at Google and among human rights organizations, questions at a Congressional hearing, and, just this week, he reported that Google has hit a major roadblock with the project as disputes have grown internally. This story reminded us--once again--that companies that have a good track record for caring about human rights don't always stay that way, and that a handful of employees speaking up can change the course of a multi-billion company. Google Is Helping the Pentagon Build AI for Drones (Gizmodo) https://gizmodo.com/google-is-helping-the-pentagon-build-ai-for-drones-1823464533 Speaking of Google employees standing up against a controversial program, this story about the Internet giant's secret Pentagon contract broke long before Googlers organized marches to protest their own company. Kate Conger's relentless reporting on the story led to Google shutting down the program and was one of the original stories that helped kick off a new wave of protests by Silicon Valley employees against their own companies. Facebook Is Giving Advertisers Access to Your Shadow Contact Information (Gizmodo) https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051 It wasn't a great year for Facebook's bosses either. Cambridge Analytica, a constant struggle to moderate content, and some embarrassing breaches affecting millions of people, among a slew of seemingly endless scandals. You may have missed or forgotten this story, but it's worth your time. Kashmir Hill, with the help of a team of smart researchers, proved how Facebook mines your cell phone's contact data to suggest new friends on the social network, and to serve you better targeted ads. Your Apps Know Where You Were Last Night, and They're Not Keeping It Secret (The New York Times) https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html Speaking of apps that know too much ... there are only a few outlets with the resources, reach, and dedication to take a story and present it in such a way that the general public can really understand a security issue. This is one of those stories--the sharing of location data lifted by apps may not be a new phenomenon, but the Times team produced the definitive piece tangibly explaining what this means for the privacy of everyone with a smartphone. Thermostats, Locks and Lights: Digital Tools of Domestic Abuse (The New York Times) https://www.nytimes.com/2018/06/23/technology/smart-home-devices-domestic-abuse.html We've extensively covered how malware is used in cases of domestic violence, stalking, and abuse. This Times piece looked at the next step in that use of technology at home: the Internet of Things. Definitely worth a read if you are concerned with how technology can impact the lives of ordinary, non-technical people. And if you don't, why are you reading a post about cyber articles? Russian Troll Farm Hijacked American Teen Girls' Computers for Likes (The Daily Beast) https://www.thedailybeast.com/russia-troll-farm-hijacked-american-teen-girls-computers-for-likes As a hacker, Kevin Poulsen brings some of the coolest technological approaches into journalism. Here, Poulsen found a dodgy browser extension belonging to Russia's controversial troll army, the Internet Research Agency. He then bought the domain linked to it, letting him see what sort of data it was collecting, and from where. He found the IRA's software on computers all over the place. A great reminder to think how can journalists approach a story from a different, technological angle. A Quebecer Spoke Out Against The Saudis--Then Learned He Had Spyware On His iPhone (CBC) https://www.cbc.ca/news/technology/omar-abdulaziz-spyware-saudi-arabia-nso-citizen-lab-quebec-1.4845179 What's the point of writing about malware, spyware, and hacking if you can't show readers how the technology affects real people? Every great infosec story should have a human angle. This is a great example of that. Former Motherboard editor Matt Braga visited one of the latest victims of government-sponsored hacking, a growing problem that's putting regular people all over the world in danger. Gray Hat--Marcus Hutchins' Profile (New York Magazine) https://nymag.com/intelligencer/2018/03/marcus-hutchins-hacker.html The security researcher better known as MalwareTech helped stop WannaCry, one of the most virally infectious malware outbreaks ever. Months later, the FBI arrested him for a crime he's accused to have committed when he was a teen. This in-depth profile tries to answer a universal question in the world of cybersecurity: does a hacker hero always have to have a past? And if so, what should authorities do with them? Service Meant to Monitor Inmates' Calls Could Track You, Too (The New York Times) https://www.nytimes.com/2018/05/10/technology/cellphone-tracking-law-enforcement.html File this under "companies you probably never heard of doing sketchy things that can affect us all." The Times scored another huge scoop revealing that Securus Technologies, a firm that provides and monitors inmates phone calls, was letting pretty much anyone track people's cell phones for a fee. Thanks to Securus, anyone "can find the whereabouts of almost any cell phone in the country within seconds," according to the investigation. As we found out later, and rather unsurprisingly, Securus wasn't securing this data at all. The Crisis of Election Security (The New York Times) https://www.nytimes.com/2018/09/26/magazine/election-security-crisis-midterms.html You've heard about election hacking for years. Everyone is worried about it, but seemingly no one is doing anything to prevent it. Veteran infosec reporter (and Motherboard contributor) Kim Zetter goes deep into the history and crisis of election security, writing perhaps the definitive piece about the subject. A must-read for anyone who cares about democracy and the integrity of the elections. The Untold Story Of NotPetya, The Most Devastating Cyberattack In History (Wired) https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ The outbreak of destructive malware NotPetya never got the attention it deserved, perhaps because it came a few weeks after the headline-grabbing WannaCry ransomware outbreak. Andy Greenberg makes it justice in this thrilling tale, part of his upcoming book, on how NotPetya crippled the largest shipping company in the world. The only downside of this story is that it will make you want to read more, but you'll have to wait until the book comes out. In Leaked Chats, Wikileaks Discusses Preference For Gop Over Clinton, Russia, Trolling, And Feminists They Don't Like (The Intercept) https://theintercept.com/2018/02/14/julian-assange-wikileaks-election-clinton-trump/ WikiLeaks and Julian Assange's fall from grace has been documented over the last few years, but this report built on a treasure trove of leaked chat logs, felt like the nail in the coffin. The Intercept revealed how the secret-spilling organization candidly talked about their preference for the Republican party to win the 2016 election, their thoughts on the "bright, well connected, sadistic sociopath" Hillary Clinton, and some unsavory comments about feminist activists. Israeli Cyber Firm Negotiated Advanced Attack Capabilities Sale With Saudis, Haaretz Reveals (Haaretz) https://www.haaretz.com/israel-news/.premium-israeli-company-negotiated-to-sell-advanced-cybertech-to-the-saudis-1.6680618 The controversial and successful spyware vendor NSO Group has been in the headlines for a couple of years, after researchers caught government hackers using sophisticated hacking tools developed by the company to hack a Dubai-based human rights activist. This investigation by Israeli newspaper Haaretz exposed the behind the scenes story of how Saudi Arabia bought iPhone malware from NSO for more than $200 million. Russian Hackers Posed As ISIS To Threaten Military Wives (Associated Press) https://apnews.com/4d174e45ef5843a0ba82e804f080988f The threat of ISIS hackers has often been unjustifiably hyped up. But in this deeply reported story, people like Angela Ricketts show that the threat was real enough for some people. The AP's Raphael Satter talked to several people targeted by ISIS sympathizers, putting a face to the victims of a scary online campaign. We need more stories that focus on the victims of hacking, this was a great example of that. And Satter and his colleagues at the AP have produced several more in the last few months that are also worth your time. Living with Depression in Tech (Jonathan Zdziarski's personal blog) https://www.zdziarski.com/blog//ZUp=7437 Apple security researcher and forensic expert Jonathan Zdziarski here opened up about an incredibly important and often overlooked topic: mental health in tech. Zdziarski powerfully details his own struggle with depression, and at the same time offers a hopeful tale of overcoming it with a lot of hard work, introspection, and learning. ...
In late November, the Justice Department unsealed indictments against eight people accused of fleecing advertisers of $36 million in two of the largest digital ad-fraud operations ever uncovered. Digital advertisers tend to want two things: people to look at their ads and premium websites—i.e., established and legitimate publications—on which to host them. The two schemes at issue in the case, dubbed Methbot and 3ve by the security researchers who found them, faked both. Hucksters infected 1.7 million computers with malware that remotely directed traffic to spoofed websites -- empty websites designed for bot traffic. https://services.google.com/fh/files/blogs/3ve_google_whiteops_whitepaper_final_nov_2018.pdf that served up a video ad purchased from one of the Internet's vast programmatic ad-exchanges, but that were designed, according to the indictments, “to fool advertisers into thinking that an impression of their ad was served on a premium publisher site,'' like that of *Vogue* or *The Economist*. Views, meanwhile, were faked by malware-infected computers with marvelously sophisticated techniques to imitate humans: bots *faked* clicks, mouse movements, and social network login information to masquerade as engaged human consumers https://cdn2.hubspot.net/hubfs/3400937/WO_Methbot_Operation_WP_01.pdf/ Some were sent to browse the Internet to gather tracking cookies from other websites, just as a human visitor would have done through regular behavior. Fake people with fake cookies and fake social-media accounts, fake-moving their fake cursors, fake-clicking on fake websites—the fraudsters had essentially created a simulacrum of the Internet, where the only real things were the ads. How much of the Internet is fake? Studies generally suggest that, year after year, less than 60 percent of web traffic is human; some years, according to some researchers, a healthy majority of it is bot. For a period of time in 2013, *The Times* reported https://www.nytimes.com/interactive/2018/01/27/technology/social-media-bots.html this year, a full half of YouTube traffic was `bots masquerading as people', a portion so high that employees feared an inflection point after which YouTube's systems for detecting fraudulent traffic would begin to regard bot traffic as real and human traffic as fake. They called this hypothetical event *The Inversion*. In the future, when I look back from the high-tech gamer jail in which President PewDiePie will have imprisoned me. http://nymag.com/intelligencer/2018/12/why-pewdiepies-anti-semitic-youtube-jokes-dont-hurt-him.html http://nymag.com/intelligencer/2018/12/how-much-of-the-internet-is-fake.html
[Note the cover story in the latest issue of *The Nation*, which goes into huge details on related cases. PGN] Cabinet departments have Inspectors General (IG) with wide and deep audit responsibility. Most agencies take IG reports seriously; the IG reports high in hierarchically-cultured agencies. The Department of Defense has released an audit of select ballistic missile defense-related facilities. These facilities manage information and operations, which if known, would compromise function of these systems. The IG audited a sample of facilities. (Longtime RISKS readers may be aware that many believe these systems will never work as represented. One need only read back to the work of Dr David Parnas.) Flaws included lack of two-factor authentication, encryption, intrusion detection and prevention systems, physical access to servers and least privilege authorization processes. “During our site visit, we observed security footage showing that a representative from the [redacted] gained unauthorized access to the [redacted] facility by simply pulling the door open. The security camera footage also showed that although the representative stopped to ask for directions, the individual she stopped did not request to see her [redacted] badge or question her facility access. Furthermore, the security footage showed that the security officer at the front desk also did not request to see her [redacted] badge.'' Enterprise IT security, credit card security, critical infrastructure, federal IT standards, NIST and cybersecurity professional NGO entities have recommended these basic controls for many years. Unclassified report: https://media.defense.gov/2018/Dec/14/2002072642/-1/-1/1/DODIG-2019-034.PDF.
https://www.nytimes.com/2018/12/26/opinion/cellphones-security-spying.html This article my not be new to you, but it raises a plethora of issues with landline and cellular telephones that have existed for many years, and indeed many that have been well know—e.g., see Geoff Goodfellow's message from 1987, which follows this one. Risks noted in Cooper's article include fake cell towers siphoning off information, readily available spying tools, SS7 security weaknesses, governmental desires for easy access, and lots more. Some of the issues from the Keys Under Doormats report are also present. [Note: I started writing this while reading *The Times* over breakfast, and revised it after reading Geoff's item this afternoon. PGN]
Cooper Quintin (EFF), *The New York Times*, 27 December 2018 Security flaws
threaten bank accounts. So why aren't we fixing them?
https://www.nytimes.com/2018/12/26/opinion/cellphones-security-spying.html
EXCERPT:
America's cellular network is as vital to society as the highway system
and power grids. Vulnerabilities in the mobile phone infrastructure threaten
not only personal privacy and security, but also the country's. According to
intelligence reports, spies are eavesdropping on President Trump's cellphone
conversations and using fake cellular towers in Washington to intercept
phone calls. Cellular communication infrastructure, the system at the heart
of modern communication, commerce and governance, is woefully insecure. And
we are doing nothing to fix it.
This should be at the top of our cybersecurity agenda, yet policymakers and
industry leaders have been nearly silent on the issue. While government
officials are looking the other way, an increasing number of companies are
selling products that allow buyers to take advantage of these
vulnerabilities.
Spying tools, which are becoming increasingly affordable, include cell-site
simulators (commonly known by the brand name Stingray), which trick
cellphones into connecting with them without the cellphone owners'
knowledge. Sophisticated programs can exploit vulnerabilities in the
backbone of the global telephone system (known as Signaling System 7, or
SS7) to track mobile users, intercept calls and text messages, and disrupt
mobile communications.
These attacks have real financial consequences. In 2017, for example,
criminals took advantage of SS7 weaknesses to carry out financial fraud by
redirecting and intercepting text messages containing one-time passwords for
bank customers in Germany. The criminals then used the passwords to steal
money from the victims' accounts.
How did we get here, and why is our cellular infrastructure so insecure?...
[...]
[And, PGN notes, here is Geoff's excerpt from something he wrote
originally in 1985]
> Date: 12 Jun *1987* 13:40-PDT
> From: Geoffrey S. Goodfellow <Geoff@CSL.SRI.COM>
> Subject: Article on Cellular [in]security.
The following is reprinted from the *November 1985* issue of Personal
Communications Technology magazine by permission of the authors and
the publisher, FutureComm Publications Inc., 4005 Williamsburg Ct.,
Fairfax, VA 22032, 703/352-1200.
Copyright 1985 by FutureComm Publications Inc. All rights reserved.
THE ELECTRONIC SERIAL NUMBER: A CELLULAR 'SIEVE'?
'SPOOFERS' CAN DEFRAUD USERS AND CARRIERS
by Geoffrey S. Goodfellow, Robert N. Jesse, and Andrew H. Lamothe, Jr.
What's the greatest security problem with cellular phones? Is it privacy of
communications? No.
Although privacy is a concern, it will pale beside an even greater problem:
spoofing.
[*Security flaws threaten our privacy and bank accounts. So why aren't we
fixing them?*]
'Spoofing' is the process through which an agent (the 'spoofer') pretends to
be somebody he isn't by proffering false identification, usually with intent
to defraud. This deception, which cannot be protected against using the
current U.S. cellular standards, has the potential to create a serious
problem—unless the industry takes steps to correct some loopholes in the
present cellular standards.
Compared to spoofing, the common security concern of privacy is not so
severe. Most cellular subscribers would, at worst, be irked by having their
conversational privacy violated. A smaller number of users might actually
suffer business or personal harm if their confidential exchanges were
compromised. For them, voice encryption equipment is becoming increasingly
available if they are willing to pay the price for it.
Thus, even though technology is available now to prevent an interloper from
overhearing sensitive conversations, cellular systems cannot—at any cost
-- prevent pirates from charging calls to any account. This predicament is
not new to the industry. Even though cellular provides a modern,
sophisticated quality mobile communications service, it is not fundamentally
much safer than older forms of mobile telephony.
History of Spoofing Vulnerability... [...]
http://massis.lcs.mit.edu/archives/cellular/cellular.sieve
[When will they ever learn? (Little boxes made of Ticky-Tacky.) PGN]
The actual paper: Parachute use to prevent death and major trauma when jumping from aircraft: randomized controlled trial. https://www.bmj.com/content/363/bmj.k5094 An article explaining the situation in a slightly more readable fashion. https://www.npr.org/sections/health-shots/2018/12/22/679083038/researchers-show-parachutes-dont-work-but-there-s-a-catch The point being: be careful when relying on the outcome of studies.
Facebook network gave Microsoft, Amazon, Spotify and others far greater access to people's data than it has disclosed. https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html
About 30,000 hot tubs are controlled by Balboa Water App. The app uses a cloud service to access a WiFi controller attached to the hot tub through the consumer's Internet-connected home network. The researchers explored and found common IOT (Internet of Things) security flaws. - Simplified setup of the WiFi network made it susceptible to hackers within local range. There was no MAC-level security. - One of those modes allowed the controllers to be discoverable by anyone on the Internet. - The tub controller authentication to the cloud uses a static username/password sent in the clear and easily discoverable (now published.) There is no authentication of the user to the mobile app. - Software quality poor and poor vendor response to the threat. All those resulted in the capability to compromise the clock, temperature and pumps. Interestingly, the programmers used a faulty conversion between Fahrenheit and Celsius! The whole story is a fascinating read: humorous, for the researchers justifying buying a hot tub and controller to their management - then photographing themselves in Santa caps using the tub; and sad ,because the vendor only returned calls to the researchers after the BBC broke the story. The system vendor has been very naughty this year. We hope this story brings a smile (and maybe a groan) to Risks readers! And we wish you all a secure new year! https://www.pentestpartners.com/security-blog/hackers-in-hot-water-pwning-smart-hot-tubs-yes-really/ https://www.bbc.com/news/technology-46674706 [Richard Stein noted the BBC item and commented, “The home is a castle, unless connected to The Internet of Mistakes.'' PGN]
As more people have access to an ECG, doctors are being inundated with patient data, and it's not all good. Apple says users of its watch should still consult their doctor. https://www.cnbc.com/2018/12/19/apple-watch-ecg-is-putting-a-lot-of-health-control-in-consumers-hands.html
The Innovation Engine, an article in the Jan-Feb 2019 Harvard Magazine by William A. Griffin discusses research by Professor William Kerr, and makes some interesting points regarding innovation and immigration. For example, * 33% of U.S. Nobel Laureates since 1901 have been immigrants. * 40% of American doctoral degrees were awarded to noncitizens. * More than 25% of American entrepeneurs were born overseas. Kerr is quoted: “powerful ideas are the main force behind long-term economic growth.'' [Xenophobia involves less logic than Zeno's paradoxes, and might be mistaken for Zenophobia, PGN]
So, I saw a car labeled "Tesla Mobile Service." Do they go to where a driver is in trouble, unplug the car, and plug it in again?
https://www.scientificamerican.com/article/computers-determine-states-of-consciousness/ In "Google is training machines to predict when a patient will die" (http://catless.ncl.ac.uk/Risks/30/74%23subj22.1, we learned that physiological measurements might be someday be applied by a machine-based algorithm to assess "death likelihood," and possibly advise a hastening or postponement of palliative healthcare treatment. Basically, Google's gizmo will yield a number of sorts indicative of a patient's viability to sustain biological activity. Now add in another data point via a machine capability based on the "DOC-Forest" algorithm trained to interpret EEG signals and conclude a value for "Disorder of Consciousness." https://en.wikipedia.org/wiki/Disorders_of_consciousness identifies several states of consciousness: locked in syndrome, minimally conscious, persistent vegetative, chronic coma, and brain death. Apparently, neurologists are sometimes challenged to accurately determine patient consciousness level (based on arousal and awareness): can they hear spoken words or music? Feel a touch though they don't react? Or smell odors? If yes, what does this imply about patient recovery and rehabilitation potential? Medical imaging (MRI, PET, CT, etc.) may yield inconclusive evidence, or are difficult to assess for an unconscious patient's brain state and recovery likelihood. If two points determine a line, would this hypothetical line's 1st derivative (the slope) imply "terminate life support" or "sustain life support"? Risk: Medical practice decision support via black box, inexplicable AI. Might be time to add a "Black Box" warning to some medical technology. See https://www.fda.gov/downloads/ForConsumers/ConsumerUpdates/UCM107976.pdf
Facebook exposes your pics. And sells the phone number you gave them for security purposes. And tries to predict your movements. And has breaches they try to hide. And tries to ad-block even when it hurts you. And gives you a VPN that spies on you. None of this is new, of course. Those of us in the security field are possibly getting a wee bit tired of continuing "news" of Facebook's misdeeds. (And probably expect to be hearing the same of Instagram and Whatsapp at any moment.) The thing is, Facebook keeps on promising to do better, but actions that they take appear to be minimal and feckless. When Facebook is caught out, they seem to immediately want to turn the tables and say it is the fault of the users (or someone else). But, if you can find actual facts, Facebook never seems to come out clean. Some have posited that Facebook's whole structure and business model is simply inherently bad. Whether that is true or not, unethical behaviour is deeply entrenched at Facebook, and, in corporations, ethics always derive from the top. Some companies, even with deep problems with misfeasance (if not malfeasance) do manage to turn things around, but only with a housecleaning at the top. Facebook seems completely unwilling to take the necessary steps. https://lite.cnn.io/en/article/h_d6f18ad97cce69b248364fa11ff2902c If you want to get at the reports behind some of the items mentioned, see https://community.isc2.org/t5/Industry-News/Facebook-recidivus-again-and-yet-again/m-p/17181 or https://is.gd/zoHD6G
The auditors missed two reasons why this migration has gone so wrong: Politics and funding. Rep. Gerry Connolly (D-Va) told NextGov, a federal technology news publication, "Since Republicans gained control of the House of Representatives in 2010, their partisan attacks have left the IRS with nearly 10,000 fewer customer service representatives to assist taxpayers and a patchwork of IT systems, some dating back to the Kennedy Administration, which is ultimately harming all taxpayers." Or, as IRS CTO Terence Milholland told Congress in 2016, "The situation is analogous to operating a 1960s automobile with the original chassis, two suspension and drivetrain, but with a more modern engine, satellite radio, and a GPS navigation system. It runs better than the original model but not nearly as efficiently as a system bought today." More recently, Nina Olson, the IRS national taxpayer advocate, told Congress, "Since FY 2010, the IRS budget has been reduced by 20 percent on an inflation-adjusted basis, and the IRS workforce has declined by about the same percentage. These reductions have led to significant cuts in taxpayer service levels and have prevented the IRS from deploying new technology that would improve the taxpayer experience." Linux could improve technology and save funding, but to save money, first you have to spend money. If, and only if, the IRS can modernize its systems can Linux show what it can do for both the agency and the American taxpayer. https://www.zdnet.com/article/irs-linux-move-delayed-by-lingering-oracle-solaris-systems/
https://www.priv.gc.ca/en/opc-news/news-and-announcements/2018/an 181217/ https://www.priv.gc.ca/en/privacy-topics/collecting-personal-information/gd_can_201812/ "Cannabis is illegal in most jurisdictions outside of Canada. The personal information of cannabis users is therefore very sensitive. For example, some countries may deny entry to individuals if they know they have purchased cannabis, even lawfully." https://www.oipc.bc.ca/guidance-documents/2248 The bottom line seems to be use cash, not a bank card, to limit the data trail. Not using pot might be an even better idea if you plan to travel to other countries in the future. This seems to be directed at people who will be buying pot now that it is legal in Canada. It is a non-issue for the rest of us who do not use pot. Apparently we can expect higher produce prices as greenhouses convert from tomatoes, peppers and lettuce to pot. I don't recall that being mentioned previously as a likely outcome of pot legalization. https://www.ctvnews.ca/canada/what-does-cannabis-cost-across-canada-1.4138585
Carriers were required to explain their plans for comprehensive call blocking on 19 Nov, with the ability to be in place in 2019. http://www.eweek.com/networking/fcc-launches-new-offensive-against-scam-robo-calls The risk? Security better late than never. But very late.
https://www.washingtonpost.com/technology/2018/12/13/this-patent-shows-amazon-may-seek-create-database-suspicious-persons-using-facial-recognition-technology The patent application proposes to use doorbell camera photo-capture with resident approval/disapproval input supplements to compile an "Ok to pass" and "Not ok to pass" database shared among neighbors, a digitally-surveilled 'Neighborhood Watch' program. This database would be shared with local law enforcement community. "An algorithm shouldn't be deciding whether someone is suspicious," he said. "We're [Jake Snow of ACLU Northern California] calling on Amazon to be more thoughtful of the consequences of their technology being deployed in communities and to put people before profit." Risk: False-positive profiling potential and 'suspicious label' attribution via algorithmic physical appearance interpretation. Perhaps the algorithm may be more effective if it applied tactile phrenology as an image capture supplement?
TAMPA, Fla. (WFLA) - A foul-mouthed parrot, who was kicked out of an animal sanctuary for swearing too much, is using technology to cause even more trouble. The Times of London reports Rocco, an African grey, has been using Amazon Alexa to shop online while his owner was away. [snip] The default "wake up" call to the Alexa Echo Spybot is the word "Alexa". However, you can change it to "Echo" and a couple of others. Yeah, it's a pain to do so, involving pulling up the Alexa application on your phone and going through a bunch of menus, but it would solve this specific problem.
This incident, and the one in Gatwick yesterday, raise the notion that it's time to require that each drone over a certain size carry an ID chip, and have these registered somewhere; this way a drone's owner could be identified in case of an incident. Such regulations are in effect for dogs in many jurisdictions, it seems that drones need an even stricter supervision.
I wonder how future AVs (autonomous vehicles) will react to GPS jamming. And GPS spoofing, making the AV think it is in a different place, might be even more fun.
[all about how the market has been so volatile downward because of high-speed trading algorithms getting suckered by fake news] Don't blame the algorithm, blame the training set. The kinds of news-scanning programs described are ultimately trying to get ahead of what their programmers/trainers/historical data say human traders would do in a similar situation. And pretty much since the founding of markets, human traders have been making ill-informed hair-trigger trades based on faulty analysis of rumors or questionable headlines. The pattern has been around in all the decades I've been watching: some piece of news or non-news triggers a spike in buying or selling of a particular company's stock, and then within hours or days the stock is back to its previous value/trend. The money that's made in these swings comes from figuring out what all the other lemmings (apology to the real rodents in question) are going to do, and doing it faster or in the other direction. So the algorithms are just being thoughtlessly greedy faster and with more resources at their command. (Once again, a computer can make a mistake in microseconds that would take humans working with paper and pencil several minutes to make).
I have two problems with that report. 1. It is a disturbing trend when every local judge in every country issues orders that he expects to be enforced globally. By what authority do they claim that power? Can a Russian judge order silence about hacking elections? 2. Google is not an originator of news. In all likelihood, the name of the accused was being discussed openly in NZ sources, and was indeed "trending" as Google said. Only American firms are accused of evil behavior, while home-grown companies, forums, and news sources get a free pass. I expect that we'll see the day when The Guardian UK editorializes about how evil Google is for indexing an article from The Guardian web site.
Thanks for this, and many other answers I have received, but they all refer to *outgoing* mail; my question was how to stop Google from inserting links into *incoming* mail, over whose contents and format I have no control.
I've seen it myself. I was on the mailing list for potential suppliers to the Washington Metropolitan Area Transit Authority (the Washington, DC bus and rail transit provider) a few years ago when they sent out a notice of an upcoming request for bid to me and the other 1645 subscribers to that mailing list, because whoever sent it out posted all 1646 names in the "To;" field. The message header ran for 75 screens; the message was one screen, about 10-15 lines.
This reminds me of the story (urban legend?) about a search site's algorithm which noticed that some people who had searched for a certain cancer medicine, also searched later for funeral homes and tombstones...
Please report problems with the web pages to the maintainer