Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
NOAA = National Oceanic and Atmospheric Administration [eos.org - from the American Geophysical Union] Many of the world's older GPS devices had a Y2K moment on 6 April. Devices made more than 10 years ago had a finite amount of storage for their date accounting system, and that number maxed out on Saturday, 6 April. Nineteen National Oceanic and Atmospheric Administration (NOAA) coastal and marine automated stations were not updated to mitigate the issue, and those stations are out of commission until workers can service them on location. The outage has the National Weather Service (NWS) office in Anchorage, Alaska, hurrying to fix their downed stations before bad weather comes in this week. rest: https://eos.org/articles/noaa-monitoring-stations-are-off-line-from-a-gps-y2k-moment
New York City Has a Y2K-Like Problem, and It Doesn't Want You to Know About It On 6 Apr 2019, something known as the GPS rollover, a cousin to the dreaded Y2K bug, mostly came and went, as businesses and government agencies around the world heeded warnings and made software or hardware updates in advance. But in New York, something went wrong—and city officials seem to not want anyone to know. At 07:59pm EDT on Saturday, the New York City Wireless Network, or NYCWiN, went dark, waylaying numerous city tasks and functions, including the collection and transmission of information from some Police Department license plate readers. The shutdown also interrupted the ability of the Department of Transportation to program traffic lights, and prevented agencies such as the sanitation and parks departments to stay connected with far-flung offices and work sites. https://www.nytimes.com/2019/04/10/nyregion/nyc-gps-wireless.html
https://arstechnica.com/information-technology/2019/04/gps-rollover-apparently-cause-of-multiple-flight-delays-groundings/
https://www.nytimes.com/2019/04/09/us/billion-dollar-medicare-scam.html The scheme, which involved the prescribing of unnecessary back, shoulder, wrist and knee braces, spanned multiple continents, according to the authorities.
Earlier Thursday, a technical error on the Central Elections Committee's website prevented publicly available numbers on the vote count from reflecting the real results of the election, sparking hours of confusion and a lack of clarity on whether the soldiers' votes changed the final results on Thursday. [....] At about 11 a.m., the elections committee announced it had finished counting the double envelopes [including absentee ballots] and that it was starting a [routine] review of the figures entered into the computers. [...] The source of the technical problem seemed to be that the Central Elections Committee website was based on the format from the previous elections, and the number of votes—both in total and in individual ballot boxes—was unable to be updated, such that the percentages were wrong on the website. This also explained why some towns had a voting rate of over 100%. https://www.jpost.com/Israel-Elections/New-Right-makes-it-into-Knesset-after-counting-soldiers-votes-586463
We've been trying to explain for the past few months just how absolutely insane the new EU Terrorist Content Regulation will be for the Internet. Among many other bad provisions, the big one is that it would require content removal within one hour as long as any "competent authority" within the EU sends a notice of content being designated as "terrorist" content. The law is set for a vote in the EU Parliament just next week. And as if they were attempting to show just how absolutely insane the law would be for the Internet, multiple European agencies (we can debate if they're "competent") decided to send over 500 totally bogus takedown demands to the Internet Archive last week, claiming it was hosting terrorist propaganda content. https://www.techdirt.com/articles/20190410/14580641973/eu-tells-internet-archive-that-much-site-is-terrorist-content.shtml
What Amazon doesn't tell you explicitly, as highlighted by an in-depth investigation from /Bloomberg/ published this evening <https://www.bloomberg.com/news/articles/2019-04-10/is-anyone-listening-to-you-on-alexa-a-global-team-reviews-audio> is that one of the only, and often the best, ways Alexa improves over time is by having human beings listen to recordings of your voice requests. Of course, this is all buried in product and service terms few consumers will ever read, and Amazon has often downplayed the privacy implications of having cameras and microphones in millions of homes around the globe https://www.theverge.com/2019/4/10/18305378/amazon-alexa-ai-voice-assistant-annotation-listen-private-recordings
A guest in someone's house in Oregon was there alone when he heard noises coming from the bathroom. He called police to report a possible burglary. They arrived and approached the bathroom with drawn guns and two dogs. When nobody responded to their shouts, they opened the door... and found a Roomba. http://www.npr.org/2019/04/10/711819433/any [There's Always Roomba for Home Improvement. PGN]
https://www.scientificamerican.com/podcast/episode/computers-turn-an-ear-on-new-york-city/ "'Over the past two years, our sensors collected huge amounts of urban sound data.' But computers don't know what different sounds mean—until they're trained by people. "That's where citizen science comes in: SONYC needs members of the public to listen to ambient sounds picked up by noise monitors and label the sounds so the computers can learn to independently recognize them. "Labeling sound is harder than labeling images because sound is invisible and ephemeral." Music or voice synthesizers can certainly be programmed to emulate sounds. Individual culture and ecosystem surroundings are applied to authenticate sounds. Hypothetically, some animals (mammals/birds) can sing or holler like a siren, and vice-versa. The SONYC project might be applied as an early warning platform by criminals to detect if the "cops are rolling" assuming is it a public common deployed to help law enforcement or people identify gunfire v. backfire, chemical explosions v. structural collapse, live assaults v. movie screeches, etc. Risk: Incorrect or inaccurate metadata audio content tags/labels pollutes the repository. Need editorial oversight/confirmation to authenticate audio origin/source before record can serve as a baseline system of record.
Ann Johnson, Corporate Vice President (Cybersecurity Solutions Group) over at Microsoft, is concerned that we are using too much jargon in information/cyber security work. People don't understand what we're talking about. https://www.microsoft.com/security/blog/2019/04/08/the-language-of-infosec/ (Of course, "Cybersecurity Solutions Group" sounds like "marketing," so it's quite possible that Ann Johnson doesn't actually know what actual security people are talking about ...) I do sympathize, in general. There are people in security, as in any field, who actually create jargon in order to hide the fact that a) they don't actually know what they are talking about, or b) they are only talking about the same stuff you are, but they want it to sound like they know a secret you don't. (See pretty much any episode of "Yes, Prime Minister." YouTube is your friend.) However, as the psycholinguistics people note, if you don't have a word for it, you can't really think about it. We have lots of concepts that we have to know about, and which are important to the protection of the systems under our care. We have to have our infosec language. And that is, after all, why I wrote the dictionary ... Postscript: So I'm talking about words and dictionaries https://community.isc2.org/t5/Career/The-language-of-InfoSec/m-p/21016 and check that mine is still on Amazon, and note that someone, slanging mine, says that all you need is Google, "just enter DEFINE:word to be defined, and wallah," and realize that when she says "wallah" she actually is trying to use "voila,"and I find it hysterical that in trashing a glossary she doesn't know what word she is trying to use ...
* Fraudsters are targeting the HR functions of businesses of all types
and convincing employees to swap out your direct deposit banking
information to an offshore account.
* One nonprofit in Kansas City describes several attempts per month,
involving scammers trying to convince payroll personnel to change
information about where to send employee pay.
* The IRS has warned of an uptick in a wide range of fraud attempts
involving payroll information.
https://www.cnbc.com/2019/04/09/new-wire-fraud-scam-targets-your-direct-deposit-info-paycheck.html
https://www.cnet.com/news/verizon-issues-patch-for-vulnerabilities-on-millions-of-fios-routers/
https://www.washingtonpost.com/world/europe/wikileakss-julian-assange-evicted-from-ecuador-embassy-in-london/2019/04/11/1bd87b58-8f5f-11e8-ae59-01880eac5f1d_story.html British authorities arrested WikiLeaks founder Julian Assange on Thursday in response to a U.S. extradition request, and a U.S. federal court unsealed an indictment charging him with a single count of conspiracy to disclose classified information that could be used to injure the United States. Assange was taken into custody by British police after Ecuador rescinded his asylum at its embassy in London, ending a standoff that lasted nearly seven years.
> Deep Brain Stimulation is a recognised treatment for Parkinsons > Dyskinesia—indeed one of my friends has an implant—and can be very > effective. It has massively improved my friend's quality of life. Consider your friend to be VERY FORTUNATE that the implantation achieved a favorable therapeutic outcome! The PRODUCTCODE (PC) and DEVICENAME fields I list below, extracted from FDA MAUDE (https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfmaude/search.cfm), possess terms related to brain stimulation for Parkinson's treatment/tremor, or for behaviorial changes through electro-stimulus. I won't name the manufacturers shown in the pareto aggregate analysis below; you can get these details from MAUDE records yourself. PC DEVICENAME MFR Stimulator, Brain, Implanted, For Behavior Modification MHY Stimulator, Electrical, Implanted, For Parkinsonian Tremor NHL Stimulator, Electrical, Implanted, For Parkinsonian Symptoms OLM Deep Brain Stimulator For Obsessive Compulsive Disorder (Ocd) PFN Implanted Brain Stimulator For Epilepsy PJS Stimulator, Electrical, Implanted, For Essential Tremor FDA's MAUDE enumerates events arising from medical devices as: DEATH (D), INJURY (I), MALFUNCTION (M), OTHER (O), and NO ANSWER SUPPLIED (N). I note that the MAUDE pareto analysis below shows a surprising result for PRODUCTCODE == MHY: 80 Deaths, 3732 Injuries, and 5032 Malfunction reports between 01JAN2017-31MAR2019. I picked this reporting interval arbitrarily to explore "production defect escape density." The pareto aggregate values strongly suggest that something in those devices is seriously under-performing. Total device implant sales/counts are closely guarded by manufacturers. I believe the MAUDE reports are distinct: Device INJURY reports are unique, and separate from MALFUNCTION reports. This means that a device implant recipient can experience multiple events. Over 8700 patients unfortunately experienced at least one clinical issue from their DBS implant device. How has their quality of life been impacted? PC EVENT/COUNT EVENT/COUNT EVENT/COUNT EVENT/COUNT EVENT/COUNT MFR D/1 I/24 M/19 O/0 N/44 MHY D/80 I/3732 M/5032 O/0 N/0 NHL D/0 I/96 M/7 O/0 N/0 OLM D/6 I/2 M/3 O/0 N/0 PFN D/0 I/119 M/7 O/0 N/0 PJS D/0 I/1 M/0 O/0 N/0
Please report problems with the web pages to the maintainer