Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The Seattle Times finally offers an explanation of why only one sensor fed data into the Maneuvering Characteristics Augmentation System on the Boeing 737 Max 8 airplanes. In both cases, it is presumed that faulty sensors fed wrong data into the system, which led to miscorrections of the aircraft attitude, to total loss of control of the aircraft and to 346 deaths. Boeing wanted to avoid software complexity. "Boeing is changing the MAX's automated flight-control systemâs software so that it will take input from both flight-control computers at once instead of using only one on each flight. That might seem simple and obvious, but in the architecture that has been in place on the 737 for decades, the automated systems take input from only one computer on a flight, switching to use the other computer on the next flight." In all previous reports (that I have read, at least) people were utterly baffled why only one sensor was being used. Now it is clear why. It is also clear now why the "patch" (rather a complete rewrite, using a different software architecture) takes so long. Sometimes, "Keep it simple and stupid" is not the right policy... https://www.seattletimes.com/business/boeing-aerospace/newly-stringent-faa-tests-spur-a-fundamental-software-redesign-of-737-max-flight-controls/
Eric D. Lawrence, *The San Francisco Chronicle*, 6 Aug 2019, page D1 Boxed highlight: "Fiat Chrysler made a software fix in 2015 to prevent hacking into Jeep Cherokees but some experts believe many vehicles are still vulnerable." Warnings about connected vehicle vulnerabilities have been a steady drumbeat for years. [RISKS!!!] Now a consumer advocacy group California's Consumer Watchdog's 49-page report paints a dire picture and urges automakers to install a 50-cent kill switch that would allow vehicles to be disconnected from the Internet. [PGN-ed] "Millions of cars on the Internet running the same software means a single exploit can effoect millions of vehicles simultaneously."
They just get too used to it. That tends to be more of an issue. It's not a lack of understanding of what Autopilot can do. It's [drivers] thinking they know more about Autopilot than they do, https://www.theverge.com/2018/5/2/17313324/tesla-autopilot-safety-statistics-elon-musk-q1-earnings https://www.theverge.com/2019/8/1/20750715/tesla-autopilot-crash-lawsuit-wrongful-death Pick one: EITHER it's not a lack of understanding OR they think they know more than they do.
EXCERPT: If you could sum up climate change's impact on the Arctic in one image, you'ld be hard pressed to find something better than this satellite view, which shows the meltdown of one of the largest stores of ice on Earth while a wildfire rages in the distance. Here it is, below, courtesy of satellite image wizard Pierre Markuse and our planet, which is quickly becoming a smoke-filled, waterlogged hellscape. ... https://earther.gizmodo.com/this-satellite-image-shows-everything-wrong-with-greenl-1836919989
North Korea has generated an estimated $2 billion for its weapons of mass destruction programs using “widespread and increasingly sophisticated'' cyberattacks to steal from banks and cryptocurrency exchanges, according to a confidential U.N. report seen by Reuters on Monday. Pyongyang also “continued to enhance its nuclear and missile programmes although it did not conduct a nuclear test or ICBM (Intercontinental Ballistic Missile) launch,'' said the report to the U.N. Security Council North Korea sanctions committee by independent experts monitoring compliance over the past six months.
https://www.nationalreview.com/magazine/2019/07/08/how-china-weaponized-the-global-supply-chain/ ... the introduction of Chinese cyber-capabilities, including the installation of digital networks at Chinese-controlled sites, typically by Huawei, and a subsea cable network being built by Huawei's marine unit that will nearly encircle the globe by the end of this year. Chinese state-owned companies are leading a rapid, digitally enabled consolidation of the logistics sector—bringing together supply-chain functions that had previously been performed by separate companies, adopting centralized IT systems to control distribution from the doors of factories in China to the doors of consumers in America, and developing a wide array of technologies that can be used for both commercial and military purposes. The most threatening aspect of China's commercial triad is that the physical network of ports, ships, and terminals serves as a force multiplier for China's cyber-aggression. From drones that monitor operations to facial-recognition technologies that control access to container yards, port facilities provide nearly perfect cover for cyber-espionage. There's a lot going on in a seaport, and all of it is controlled and monitored by technology that feeds information over digital networks to buyers, sellers, regulators, financial institutions, and transportation companies. In short, ports are power. Power over imports and exports, power over economic-development policies, construction, shipbuilding, land transport, and electricity grids—and power over the digital information needed to move goods through global supply chains that originate in China and Southeast Asia. These critical supply lines have increasingly come under the influence or control of a handful of Chinese state-owned companies. [...] [Monty Solomon noted this item: Official Cybersecurity Review Finds U.S. Military Buying High-Risk Chinese Tech (Forbes) https://www.forbes.com/sites/zakdoffman/2019/08/02/u-s-military-spends-millions-on-dangerous-chinese-tech-with-known-cyber-risks/ PGN]
In recent years, the country has rushed to pursue *intelligent education*. Now its billion-dollar ed-tech companies are planning to export their vision overseas. Zhou Yi was terrible at math. He risked never getting into college. Then a company called Squirrel AI came to his middle school in Hangzhou, China, promising personalized tutoring. He had tried tutoring services before, but this one was different: instead of a human teacher, an AI algorithm would curate his lessons. The 13-year-old decided to give it a try. By the end of the semester, his test scores had risen from 50% to 62.5%. Two years later, he scored an 85% on his final middle school exam. “I used to think math was terrifying. But through tutoring, I realized it really isn't that hard. It helped me take the first step down a different path.'' Experts agree AI will be important in 21st-century education—but how? While academics have puzzled over best practices, China hasn't waited around. In the last few years, the country's investment in AI-enabled teaching and learning has exploded. Tech giants, startups, and education incumbents have all jumped in. Tens of millions of students now use some form of AI to learn—whether through extracurricular tutoring programs like Squirrel's, through digital learning platforms like 17ZuoYe, or even in their main classrooms. It's the world's biggest experiment on AI in education, and no one can predict the outcome. Silicon Valley is also keenly interested. In a report in March, the Chan-Zuckerberg Initiative and the Bill and Melinda Gates Foundation identified AI as an educational tool worthy of investment. In his 2018 book Rewiring Education, John Couch, Apple's vice president of education, lauded Squirrel AI. (A Chinese version of the book is coauthored by Squirrel's founder, Derek Li.) Squirrel also opened a joint research lab with Carnegie Mellon University this year to study personalized learning at scale, then export it globally. But experts worry about the direction this rush to AI in education is taking. At best, they say, AI can help teachers foster their students' interests and strengths. At worst, it could further entrench a global trend toward standardized learning and testing, leaving the next generation ill prepared to adapt in a rapidly changing world of work... https://www.technologyreview.com/s/614057/china-squirrel-has-started-a-grand-experiment-in-ai-education-it-could-reshape-how-the/
44 people in China were injured when a water park wave machine launched a crushing tsunami The operator was not drunk, as originally reported. https://www.washingtonpost.com/world/2019/07/31/people-were-injured-after-waterpark-wave-machine-launched-crushing-tsunami/
A quest to identify protesters and police officers has people in both groups desperate to protect their anonymity. Some fear a turn toward China-style surveillance. https://www.nytimes.com/2019/07/26/technology/hong-kong-protests-facial-recognition-surveillance.html
https://www.vice.com/en_us/article/mb88za/amazon-requires-police-to-shill-surveillance-cameras-in-secret-agreement
Charlie Osborne for Zero Day | 30 Jul 2019 Apple's Siri overhears your drug deals and sexual activity, whistleblower says Quality control frequently comes across recordings which should not have existed in the first place. https://www.zdnet.com/article/apples-siri-overhears-your-drug-deals-and-sexual-activity-whistleblower-says/ selected text: Apple's Siri records private and confidential conversations and activities on a regular basis including talk relating to medical conditions, drug deals, and sex acts. Staff members tasked with grading how Siri responds to commands and whether or not the correct wake word "Hey Siri" was used before a recording occurred often hear explicit recordings, which are accidentally saved when the assistant mistakenly associates a sound as the wake word. The publication's source notes, for example, that the sound of a zipper can be misconstrued as a demand to wake up. In what the whistleblower says are "countless instances," conversations between doctors and patients, business deals, and both criminal and sexual activity have been captured by the smart assistant. The Apple Watch, in particular, has come under fire. While many recordings captured by Siri may only be a few seconds in length, The Guardian says that the watch—with Siri enabled—may record up to 30 seconds.
https://www.washingtonpost.com/news/business/wp/2019/07/29/capital-one-data-breach-compromises-tens-of-millions-of-credit-card-applications-fbi-says/
https://www.nbcnews.com/news/us-news/california-state-bar-accidentally-leaks-details-upcoming-exam-n1035681
*A group of hackers linked to Russian spy agencies are using "Internet of things" devices like internet-connected phones and printers to break into corporate networks, Microsoft announced on Monday.* EXCERPT: *Fancy Bear never hibernates*: The Russian hackers, who go by names like Strontium, Fancy Bear, and APT28, are linked to the military intelligence agency GRU. The group has been active since at least 2007. They are credited with a long list of infamous work including breaking into the Democratic National Committee in 2016, the crippling NotPetya attacks against Ukraine in 2017, and targeting political groups in Europe and North America throughout 2018. *Insecurity of Things*: The new campaign from GRU compromised popular internet of things devices including a VOIP (voice over internet protocol) phone, a connected office printer, and a video decoder in order to gain access to corporate networks. Microsoft has some of the best visibility into corporate networks on earth because so many organizations are using Windows machines. Microsoft's Threat Intelligence Center spotted Fancy Bear's new work starting in April 2019. *The password is password*: Although things like smartphones and desktop computers are often top of mind when it comes to security, it's often the printer, camera, or decoder that leaves a door open for a hacker to exploit. [...] https://www.technologyreview.com/f/614062/russian-hackers-fancy-bear-strontium-infiltrate-iot-networks-microsoft-report/
When major vulnerabilities show up in ubiquitous operating systems like Microsoft Windows, they can be weaponized and exploited, the fallout potentially impacting millions of devices. Today, researchers from the enterprise security firm Armis are detailing just such a group of vulnerabilities in a popular operating system that runs on more than 2 billion devices worldwide. But unlike Windows, iOS, or Android, this OS is one you've likely never heard of. It's called VxWorks. VxWorks is designed as a secure "real-time" operating system for continuously functioning devices, like medical equipment, elevator controllers, or satellite modems. That makes it a popular choice for Internet of Things and industrial control products. But Armis researchers found a cluster of 11 vulnerabilities in the platform's networking protocols, six of which could conceivably give an attacker remote device access, and allow a worm to spread the malware to other VxWorks devices around the world. Roughly 200 million devices appear to be vulnerable; the bugs have been present in most versions of VxWorks going back to version 6.5, released in 2006. https://www.wired.com/story/vxworks-vulnerabilities-urgent11/
https://www.bloomberg.com/news/articles/2019-07-29/capital-one-data-systems-breached-by-seattle-woman-u-s-says
Updating this blog post with info that non-customers of Capital One were also affected by the breach, etc. https://lauren.vortex.com/2019/07/30/another-breach-what-capital-one-could-have-learned-from-googles-beyondcorp
https://www.nytimes.com/2019/07/30/business/paige-thompson-capital-one-hack.html Ms. Thompson, a 33-year-old software developer, made a habit of oversharing online. Those posts led the authorities to her door.
[Thanks to Paul Vixie. PGN] https://www.ted.com/talks/carole_cadwalladr_facebook_s_role_in_brexit_and_the_threat_to_democracy
The U.S. faces a voting security crisis. Eric Geller, Beatrice Jin, Jordyn Hermani and Michael B. Farrell Politico, 4 Aug 2019 Tens of millions of Americans across 14 states cast ballots last year on paperless voting machines—devices that security experts say can be undetectably hacked and that offer no way to audit results when tampering or errors occur. Many voters will still be using paperless machines in 2020, despite warnings from intelligence leaders and cybersecurity experts that Russia will try to reprise its interference in the 2016 presidential campaign. Click here to read the results of POLITICO's survey and see our interactive presentation on the nationwide, state-by-state and county-by-county picture of U.S. voting security as 2020 approaches. <http://go.politicoemail.com/?qs=fd655ae1233a06b1b7f1752972e43eea46a05288d2617d3f24aa2617ab812f0bdae6d83d692c4e703f1488e207a56d87> https://www.politico.com/interactives/2019/election-security-americas-voting-machines/index.html
Web Informant, 30 Jul 2019 The past week has seen a lot of news stories about hacking our elections. Today in this edition of Inside Security I take a careful look at what we know and the various security implications, which I cover in the last paragraph. It is hard to write about this without getting into politics, but I will try to summarize the facts. Here are two of them: ” Russians have penetrated election authorities in every statehouse and continue to try to compromise those networks. We have evidence that has been published in the Mueller report and more recently the Senate Intelligence Committee report from last week. ” A second and more troublesome collection of election compromises is described in a report from the San Mateo County grand jury that was also posted last week. I will get to this report in a moment. For infosec professionals, the events described in these documents have been well known for many years. The reports talk about spear-phishing attacks on election officials, phony posts on social media or posts that originate from sock puppet organizations (such as Russian state-sponsored intelligence agencies), or from consultants to political campaigns that misrepresent themselves to influence an election. https://blog.strom.com/wp/?p=7291
https://www.washingtonpost.com/technology/2019/07/30/lawmaker-wants-end-social-media-addiction-by-killing-features-that-enable-mindless-scrolling/ "Big tech has embraced a business model of addiction," Hawley, a Missouri Republican, said in a statement announcing the bill. "Too much of the 'innovation' in this space is designed not to create better products, but to capture more attention by using psychological tricks that make it difficult to look away. This legislation will put an end to that and encourage true innovation by tech companies." iDisorder (http://catless.ncl.ac.uk/Risks/30/89#subj18.1) constitutes an acute public health and safety risk. Apple's opposition to 'gaze-blocker' application sales suggest they merit pursuit as a public health benefit. See https://catless.ncl.ac.uk/Risks/31/21#subj16.1.
Cisco Systems has settled a longstanding lawsuit in which federal and state agencies alleged a product was badly insecure and that the company knew about it for at least four years before it did anything. Not a good look. Not only that, but Cisco will compensate a whistleblowing contractor who says he was fired for rocking the boat. Although Cisco maintains his job was no longer needed. And the PR statement is, well, let's just say nuanced. https://securityboulevard.com/2019/08/cisco-in-whistleblower-payoff-and-pr-doublespeak-row/
*Can't look away*. Speaking of new rules, a bill proposed by Sen. Josh Hawley dubbed the Social Media Addiction Reduction Technology, or SMART, Act would ban techniques used to hook people in to social media *Facebook's* (and many other sites) infinite scroll would be illegal, as would autoplay videos. “Big Tech has embraced addiction as a business model,'' Hawley tweeted. The bill obviously has along way to go before becoming a law. <https://click.newsletters.fortune.com/?qs=3d78e25a4a015e4f81ef8aa570ded719ff100f5c5c1fad1c69075643289ea7346c4d3f2108608cab99cc61c36ecf80db896e780d98394df0> [Next to be outlawed, human nature.]
https://arstechnica.com/information-technology/2019/07/200-million-devices-some-mission-critical-vulnerable-to-remote-takeover/
https://www.zdnet.com/article/siemens-contractor-pleads-guilty-to-planting-logic-bomb-in-company-spreadsheets/
https://arstechnica.com/tech-policy/2019/07/people-forged-judges-signatures-to-trick-google-into-changing-results/
https://arstechnica.com/information-technology/2019/08/apples-airdrop-and-password-sharing-features-can-leak-iphone-numbers/
A prudent move, in the wake of Amazon and Google bad PR from their eavesdropping activities. The putative motive of having human listeners was to improve Siri's ability to respond to queries. http://www.taipeitimes.com/News/biz/archives/2019/08/03/2003719808 Someone must have gotten around to asking "What could go wrong?.
Essentially, workable quantum computing could, in theory, help solve some of humanity's most pressing problems like capturing "carbon from the atmosphere to save the planet" and improving clean and energy and food production, Svore said. It's not as if conventional computers can't handle the calculations underpinning the feats Svore mentioned. It's just that it would take a person's lifetime, as opposed to the "matter of weeks or months" it would take a quantum computer to process the information related to the problems. https://fortune.com/2019/07/15/quantum-computing-brainstorm-tech/ More vague blather, I think. There's NEVER discussion about quantum apps, programming, algorithms, specific applications. It's never beyond: Quantum, however, relies on mysterious so-called qbits, which can represent data in multiple states like a "0" or "1" at the same time; it's a head-scratching idea to wrap one's brain around, but its crucial to harnessing the power of quantum computing. Designing algorithms that take advantage of the mysterious properties of qbits can bring "billions of years of compute time to seconds or hours or days," Svore said. ...so let's see the algorithms—they should be available before quantum hardware is built, yes?
Video https://www.nytimes.com/video/nyregion/100000005550602/subway-status-emergency.html
The attorney general, reopening the conversation on security vs. privacy, said that encryption and other measures effectively turned devices into "law-free zones." https://www.nytimes.com/2019/07/23/us/politics/william-barr-encryption-security.html?smid=nytcore-ios-share [Unfortunately, law-enforcement-only backdoors are likely to be subvertible by many unauthorized folks. Emphatic assertion keeps resurfacing, despite the wisdom of the Keys Under Doormats report, by folks who reject the risks of misusing systems that are likely to be already unsecure, despite the desire for backdoors. The RISKS motto seems to be: Everything is likely to be compromised, if not already broken. By the way, it is not `security vs privacy'. It is `insecurity and nonprivacy'. PGN]
https://www.channelfutures.com/mssp-insider/dark-web-consequences-increase-from-global-rise-of-police-friendly-laws
https://www.newyorker.com/tech/annals-of-technology/the-hidden-costs-of-automated-thinking
https://theintercept.com/2019/07/26/europe-border-control-ai-lie-detector/
[From Geoff Goodfellow] AI experts from top universities SLAM `predictive policing' tools in new statement and warn technology could 'fuel misconceptions and fears that drive mass incarceration'. - AI experts say pre-crime algorithms are more magic than reality - Algorithms designed to predict violent crime may come with consequences - Experts say they may vastly overstate the likelihood of pretrial crime - They warn its use could fuel mass incarceration and lead to harsher sentences EXCERPT: Prominent thinkers in the fields of artificial intelligence say that predictive policing tools are not only 'useless,' but may be helping to drive mass incarceration. In a letter published earlier this month the experts, from MIT, Harvard, Princeton, NYU, UC Berkeley and Columbia spoke out on the topic in an unprecedented showing of skepticism toward the technology. <https://dam-prod.media.mit.edu/x/2019/07/16/TechnicalFlawsOfPretrial_ML> 'When it comes to predicting violence, risk assessments offer more magical thinking than helpful forecasting,' wrote AI experts Chelsea Barabas, Karthik Dinakar and Colin Doyle in a New York Times op-ed. <https://www.nytimes.com/2019/07/17/opinion/pretrial-ai.html?utm_source=The+Appeal> Predictive policing tools, or risk assessment tools, are algorithms designed to predict the likelihood of someone committing crime in the future. With rapid advances in artificial intelligence, the tools have begun to find their way into the everyday processes of judges, who deploy them to determine sentencing, and police departments, who use them to allot resources and more. While the technology has been positioned as a way to combat crime preemptively, experts say its capabilities have been vastly overstated. Among the arenas most affected by the tools they say, are pretrial sentencing, during which people undergoing a trial may be detained based on their risk of committing a crime. 'Algorithmic risk assessments are touted as being more objective and accurate than judges in predicting future violence,' write the researchers... https://www.dailymail.co.uk/sciencetech/article-7287341/AI-experts-release-statement-slamming-predictive-policing-digitizing-stop-frisk.html
The data economy has too often betrayed its customers, whether it's Facebook sharing data you didn't even realize it had, or invisible trackers that follow you around the web without your knowledge. But a new app launching in the iOS App Store today wants to help you take back some control”without making your life harder. The Guardian Firewall app runs in the background of an iOS device, and stymies data and location trackers while compiling a list of all the times your apps attempt to deploy them. It does so without breaking functionality in your apps or making them unusable. Plus, the blow by blow list gives you much deeper insight than you would normally have into what your phone is doing behind the scenes. Guardian Firewall also takes pains to avoid becoming another cog in the data machine itself. You don't need to make an account to run the firewall, and the app is architected to box its developers out of user data completely. https://www.wired.com/story/guardian-firewall-ios-app/ Was tempting until $100/year cost.
While it is always a good idea to install security updates as soon as they become available, the availability of proof-of-concept code means users should install the iOS 12.4 release with no further delay. https://www.zdnet.com/article/google-researchers-disclose-vulnerabilities-for-interactionless-ios-attacks/
https://lauren.vortex.com/2019/07/30/another-breach-what-capital-one-could-have-learned-from-googles-beyondcorp Another day, another massive data breach. This time some 100 million people in the U.S., and more millions in Canada. Reportedly the criminal hacker gained access to data stored on Amazon's AWS systems. The fault was apparently not with AWS, but with a misconfigured firewall associated with a Capital One app, the bank whose customers were the victims of this attack. Firewalls can be notoriously and fiendishly difficult to configure correctly, and often present a target-rich environment for successful attacks. The thing is, firewall vulnerabilities are not headline news -- they're an old story, and better solutions to providing network security already exist. In particular, Google's "BeyondCorp" approach ( https://cloud.google.com/beyondcorp ) is something that every enterprise involved in computing should make itself familiar with. Right now! BeyondCorp techniques are how Google protects its own internal networks and systems from attack, with enormous success. In a nutshell, BeyondCorp is a set of practices that effectively puts "zero trust" in the networks themselves, moving access control and other authentication elements to individual devices and users. This eliminates the need for traditional firewalls (and in most instances, VPNs) because there is no longer a conventional firewall which, once breached, gives an attacker access to all the goodies. If Capital One had been following BeyondCorp principles, there would be 100+ million less of their customers who wouldn't be in a panic today.
Charlie Osborne for Zero Day | 26 Jul 2019 A data breach forced this family to move home and change their names Sometimes a free credit report in recompense is nowhere near enough. https://www.zdnet.com/article/a-data-breach-forced-this-family-to-move-home-and-change-their-names/ selected text: In the London Borough of Hackney, a recent case emerged when a data breach had far more devastating consequences than most of us would ever experience. As reported by the Hackney Gazette, a family in the area adopted a child and the details of who they were and where they lived were meant to be withheld from the birth parents. However, during the adoption process in 2016, a solicitor appointed by Hackney Council mistakenly included an unredacted copy of the application form. The publication says that the exposed, sensitive data included the couple's names, addresses, phone numbers, dates of birth, and occupations. The scope of the breach was serious enough that the couple spoke to both the council and police, and ultimately decided that moving home and changing their names was the safest option for their adopted child.
Four men have been arrested on suspicion of breaking into cellphones of hundreds of officials. https://www.washingtonpost.com/world/the_americas/brazilian-president-bolsonaros-cellphone-hacked-as-carwash-scandal-intrigue-widens/2019/07/25/faab2b86-aee5-11e9-9411-a608f9d0c2d3_story.html
https://www.zdnet.com/article/malicious-google-domains-used-in-magento-data-skimmer/
https://www.zdnet.com/article/mydoom-the-15-year-old-malware-thats-still-being-used-in-phishing-attacks-in-2019/
https://techcrunch.com/2019/08/03/stockx-hacked-millions-records/
https://www.straitstimes.com/singapore/ikea-says-sorry-for-customer-data-breach
If you paid for technical support services from Global Access Technical Support (GATS), you'll be getting a letter or an email from the Federal Trade Commission about a refund. You might have known the company as Global SConnect, Global sMind, Yubdata Tech, or Technolive. The FTC sued GATS, alleging that the company lied about partnering with well-known tech companies and tricked people into paying for unnecessary computer repairs. GATS has now paid $860,000 to settle the lawsuit. The FTC is sending refunds to people who paid money to GATS. If you get a check from us, cash it within 60 days. We will send refunds via PayPal to customers for whom we do not have a mailing address. Here's how the PayPal refunds work: the FTC will send the customer an email from subscribe@subscribe.ftc.gov. Then, within 24 hours, that customer will also get an email directly from PayPal about the refund. If you get those emails, all you have to do is type www.paypal.com into your browser, log in to your account (or create one), and review and accept the payment. Or accept payment by logging into the PayPal app. To avoid scammers who might pretend to be from the FTC or PayPal, follow these simple steps: * If you get a refund email that claims to be from the FTC or PayPal, don't click on any links in the email. Instead, visit the website by typing the right URL into your browser: www.ftc.gov/refunds and www.paypal.com. * Check out FTC refunds at ftc.gov/refunds. Each case on that page has a phone number you can call to check on refund payments. * Know that the FTC never asks people to pay money or give sensitive financial information to get a refund. People who say they are with the FTC and ask for money are scammers. https://www.consumer.ftc.gov/blog/2019/08/refunds-global-access-technical-support-customers
I have been a Japanese animation fan since I was a kid growing up in Japan. So this is a very prejudiced post in that direction. The arson of Kyoto Animation company (Kyoto Anime or KyoAni for short), almost a terrorist attack, which killed 35 people by now has had Kyoto Anime scrambling to recover what remains in the server computer in the building which burned down. The arson is now detailed in Wikipedia. https://en.wikipedia.org/wiki/Kyoto_Animation_arson_attack Since the night of July 29, it has been reported that Kyoto Anime, with the help of experts, could salvage the digital data from the server(s) that remained intact in the building that burned down. (In Japanese: https://www.asahi.com/articles/ASM7Y6H8ZM7YPTIL03K.html ) Luckily the server(s) was on the first floor and was housed in a small space surrounded by concrete walls in the four directions (CI's comment: I wonder where the door was...) and withstood the fire and the water sprayed by firefighters. cf. Due to the nature of the Japanese languages, I am not sure if the server referred to is actually a collection of servers (plural). An earlier Japan Times article in English mentioned that there *was* a server and the management hoped to recover the data *IFF* the server did not get wet during the firefighting effort. https://www.japantimes.co.jp/news/2019/07/29/national/kyoto-animation-hopes-recover-drawing-storyboard-data-server-arson-attack/ But to me it is hard to believe that 70+ people working on a few animation projects could work with only a single server, but it is not the major contention here. First of all, I am not sure if all the digital data of anime (animation, that is) held by that branch was recovered or not. The article mentioned digital data only, and inferred some animation digital drawings were recovered. An inquiry mind wants to know the answer to "Were all the relevant data transferred from individual PCs to the server each day?". Individual PCs went up in smoke literally. No hope of recovering data from them. One thing is crystal clear: ALL THE PAPER-BASED DRAWINGS IN THE BRANCH ARE GONE. PERIOD. (Except for a piece of paper with a hand-drawn illustration on it: it was n the backside of a whiteboard that remained in the building. I saw it in a news article.) When I read the article and some earlier articles, some computer-related risk keywords popped up in my mind: - off-site backup, - business continuity, and - human resources. Here, human resources *IS* actually the most valuable one in this case, and the loss is felt throughout the media industry all over the world. No amount of off-site backup or business continuity planning that is created for earthquakes or typhoons (Japan's two biggest natural disasters) will be enough to counter the type of human-resource damage sustained by Kyoto Anime this time. Nevertheless, some business schools may create a case study of disaster-recover planning for business continuity based on the incident. Yes, to my surprise and many others', Kyoto Animation obviously failed to perform off-site backup (and for that matter, distributed backup of paper-based illustrations). That is something to think about for the media company management types in the future. (So this post *IS* computer risk-related after all.) At the same time, I personally feel it is a tough time for the management indeed for recovering the business operation especially when I read the comments from the surviving members of the victims such as the one I quote later in this post. The impact of human toll is really devastating psychologically. Recovering from a crime-initiated disaster is not a purely a computer-risk issue, but wetware (people) issue too, especially so once the hardware, software and data are recovered. The following news contains comments regarding the color coordinator, Ms. Naomi Ishida, who has worked at Kyoto Anime for more than 20 years. A victim of the arson. The article is in Japanese: https://www3.nhk.or.jp/lnews/kyoto/20190725/2010004159.html (Ms. Ishida's background is explained in detail in English in the following URL:) https://www.animenewsnetwork.com/news/2019-07-25/kyoto-animation-colorist-naomi-ishida-passed-away-in-studio-fire/.149318 Since such Japanese news comments are unlikely to be translated into English any time soon, here is my rough translation of that part of the news article. (I searched for English article that may refer to the comments of Ms. Ishida's parent, but only ended up with the animenewsnetwork article above.) My rough translation: Ms. Naomi Ishida's mother mentioned "The police got in contact with us because the DNA identification has been over and they wanted to explain the result to us. When I looked at the remains, I noticed that only a piece of metal of my daughter's hair accessory remained and all else melted away. The fire was so severe. The whole ordeal could have been over in a short while. But it is a real pity she must have suffered a lot during that time." and she added "I have not known her whereabouts after the arson. The only consolation now is that I can bring her back home finally..." Her father said "I have tough time sleeping thinking about how she must have suffered in pain at the last moment. But now I am a bit relieved when I learned that so many anime fans placed flowers in many places in appreciation of works to which my daughter contributed. I am now very proud of her. I hope she will be drawing pictures together with her colleagues in the Heaven." Parents of other victims would have similar comments. Surviving victims need months or even years to heal from the wounds. The psychological damage is definitely large although hard to estimate. How can a company restart business operation amid such mental hardship? Personal comment: Ms. Ishida worked on animations such as Suzumiya Haruhi TV series and others which produced some interesting songs including the following one that has been played ALMOST 100 MILLION TIMES on youtube. https://www.youtube.com/watch?v=WWB01IuMvzA This particular song is in my favorite list and I play the list from time to time in random order during desk work. Next time the song comes up and I watch the animation images on PC screen whose color coordination Ms. Ishida produced, I would recall the words of her parents. What a pity. Not just an interesting BGM song anymore...
>From The Washington Post: https://www.washingtonpost.com/nation/2019/07/15/colorado-didnt-check-an-email-account-child-abuse-neglect-reports-years-five-cases-were-never-investigated/ Colorado didn't check an email account for child abuse reports for years. Five cases weren't investigated. By Hannah Knowles July 15 An email account set up by the Colorado government for reports of child abuse and neglect went unchecked for four years, leaving more than 100 messages about mistreatment concerns unanswered and allowing five cases that needed follow-up to go without investigation. The email account was set up in 2015 to support a phone hotline and then forgotten, allowing reports to slip through at a time when the state worked to increase reporting of child abuse and emphasized a speedy response to concerns through a 24/7 hotline. That phone number received a record number of calls last year, four years into a public awareness campaign aimed at teaching more Coloradans about the state's resources.... ...A May 15 internal audit discovered the problem. By the time the department looked at the neglected email account, 321 messages had piled up, including 104 about concerns that children were being abused or neglected, department spokeswoman Madlynn Ruble told The Washington Post. Many of those emails were duplicates or had already been addressed through other channels, Ruble said....
Item about a UK building society (mortgage provider) from this weekend's newspaper—summary follows with my comments. Sally Hamilton, The Mail On Sunday, 3 Aug 2019 Panic as Nationwide BS emails 1.3m customers to tell them they have no money! https://www.dailymail.co.uk/money/saving/article-7317645/Panic-Nationwide-BS-emails-1-3m-customers-tell-no-money.html Nationwide Building Society has come under fire for emailing 1.3million savers with a 'summary' of their accounts showing they all had balances of zero. ... data security rules meant it was unable to provide balances by email 'because it isn't 100 per cent secure'. The new summary simply shows the types of accounts savers hold along with the interest rates paid—and what balance is required to receive it. This showed... ISA accounts pay 1.1 per cent and 1.2 per cent—on balances of '0+ pounds'. [Looks like another casualty of data-protection laws, but more likely a case of a badly-worded message. CD]
Please report problems with the web pages to the maintainer