Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The network must be secure enough for the innovations it promises. https://www.nytimes.com/2019/01/21/opinion/5g-cybersecurity-china.html While I'm not so wild about some of Wheeler's detailed recommendations, he's correct that security should be a paramount goal for 5G. Some quotes from this article and referenced reports: "When 5G enables autonomous vehicles, do we want those cars and trucks crashing into each other because the Russians hacked the network?" "If 5G will be the backbone of breakthroughs such as remote surgery, should that network be vulnerable to the North Koreans breaking into a surgical procedure?" "Make the Internet safe and secure for the functioning of Government and critical services for the American people." "5G Communications and other next generation networks designed and architected at the outset with enhanced security, connectivity, and availability." "Decades of well-intentioned but disjointed activities have made the Internet progressively less safe for the critical services which depend upon it." "Embrace a 'secure to market' over a 'first to market' mentality" "Unfortunately, relying on market forces alone fails to adequately weigh the risks imposed on third parties who rely on the networks and services they provision." "Problems known as 'market failures' can discourage investment and contribute to the insecurity of the critical communications network." "Because of negative externalities (third parties affected by insecure IoT), the private sector may not have sufficient incentives to invest in cybersecurity beyond their own corporate interests." "5G will enable a massive expansion of IoT endpoints that lack the processing power and memory needed for robust security protections. Fortunately, 5G is at an early phase in its development and, if security is designed in, it may be able to mitigate the cyber risk from these IoT endpoints." "Firms make decisions that strike a balance between the costs and benefits of cybersecurity investments for themselves. But they do not consider the additional benefit to the public at large of investing in cybersecurity. The result is a gap in cybersecurity preparedness that the market, on its own, is unlikely to fill." "The attack surface offered by the IoT is growing rapidly, calling for concerted effort to improve security. Multiple network providers are impacted by the IoT, rendering a consistent response difficult. In addition, the multiplicity of price-competitive vendors hinders concerted efforts to build in voluntary security by design into the IoT." More: The Trump administration's so-called "race" with China to build new fifth-generation (5G) wireless networks is speeding toward a network vulnerable to Chinese (and other) cyberattacks. ... We cannot allow the hype about 5G to overshadow the absolute necessity that it be secure. [...] Leadership in 5G technology is not just about building a network, but also about whether that network will be secure enough for the innovations it promises. And the 5G "race" is more complex and dangerous than industry and the Trump administration portray. When 5G enables autonomous vehicles, do we want those cars and trucks crashing into each other because the Russians hacked the network? If 5G will be the backbone of breakthroughs such as remote surgery, should that network be vulnerable to the North Koreans breaking into a surgical procedure? ... Nowhere in the president's directive, for instance, was there a word about protecting the cybersecurity of the new network. As the President's National Security Telecommunications Advisory Committee told him in November, "the cybersecurity threat now poses an existential threat to the future of the Nation." Last January, the brightest technical minds in the intelligence community, working with the White House National Security Council (NSC), warned of the 5G cybersecurity threat. ... https://www.dhs.gov/sites/default/files/publications/DRAFT NSTAC_ReportToThePresidentOnACybersecurityMoonshot_508c.pdf ... Shortly after taking office, the Trump FCC removed a requirement imposed by the Obama FCC that the 5G technical standard must be designed from the outset to withstand cyberattacks. For the first time in history, cybersecurity was being required as a forethought in the design of a new network standard—until the Trump FCC repealed it. The Trump FCC also canceled a formal inquiry seeking input from the country's best technical minds about 5G security, retracted an Obama-era FCC white paper about reducing cyberthreats, and questioned whether the agency had any responsibility for the cybersecurity of the networks they are entrusted with overseeing. https://docs.fcc.gov/public/attachments/DOC-343096A1.pdf The simple fact is that our wireless networks are not as secure as they could be because they weren't designed to withstand the kinds of cyberattacks that are now common. ...
https://theintercept.com/2019/01/24/computer-supply-chain-attacks/ >From the article: In October, Bloomberg Businessweek published an alarming story: Operatives working for China's People's Liberation Army had secretly implanted microchips into motherboards made in China and sold by U.S.-based Supermicro. This allegedly gave Chinese spies clandestine access to servers belonging to over 30 American companies, including Apple, Amazon, and various government suppliers, in an operation known as a "supply chain attack," in which malicious hardware or software is inserted into products before they are shipped to surveillance targets. [...] But while Bloomberg's story may well be completely (or partly) wrong, the danger of China compromising hardware supply chains is very real, judging from classified intelligence documents. U.S. spy agencies were warned about the threat in stark terms nearly a decade ago and even assessed that China was adept at corrupting the software bundled closest to a computer's hardware at the factory, threatening some of the U.S. government's most sensitive machines, according to documents provided by National Security Agency whistleblower Edward Snowden. The documents also detail how the U.S. and its allies have themselves systematically targeted and subverted tech supply chains, with the NSA conducting its own such operations, including in China, in partnership with the CIA and other intelligence agencies. The documents also disclose supply chain operations by German and French intelligence.
Currently automakers say they get customer permission before they use the individual data they collect for marketing or share it with third parties. Volvo said in a statement that its technology “takes full account of legal, security, and privacy obligations on a global scale'' and complies with a European Union law that lets residents control how their personal data is shared. An Amazon spokesman says that the company merely shares “anonymized, aggregated performance data to help automakers improve the customer experience'' and that it doesn't provide personally identifiable information to car companies or developers. BMW shares the data it collects but says it doesn't make money from it directly. "Let's say the person is listening to certain music, and we know there's a big concert," says Dieter May, senior vice president of digital products for BMW. "Then we would probably give that to our salespeople to make an offer for a special ticket." But even as governments and corporations begin to address security questions, it's unclear who will control the data that is collected. http://fortune.com/2019/01/24/the-spy-inside-your-car/ Hey, Siri—what could go wrong? I'm sorry Dave, I can't answer that.
A recently published study found the toilet seat's readings to align with those measured through more conventional means. https://www.mobihealthnews.com/content/toilet-seat-sensor-tracks-blood-pressure-stroke-volume-blood-oxygenation Risks? Privacy, multi-person households, guests...
*This year's World Economic Forum in Davos, Switzerland, where business leaders' public positions on automation's impact on workers did not match the views they shared privately.* EXCERPT: They'll never admit it in public, but many of your bosses want machines to replace you as soon as possible. I know this because, for the past week, I've been mingling with corporate executives at the World Economic Forum's annual meeting in Davos. And I've noticed that their answers to questions about automation depend very much on who is listening. In public, many executives wring their hands over the negative consequences that artificial intelligence and automation could have for workers. They take part in panel discussions about building `human-centered AI' for the “Fourth Industrial Revolution''—Davos-speak for the corporate adoption of machine learning and other advanced technology—and talk about the need to provide a safety net for people who lose their jobs as a result of automation. But in private settings, including meetings with the leaders of the many consulting and technology firms whose pop-up storefronts line the Davos Promenade, these executives tell a different story: They are racing to automate their own work forces to stay ahead of the competition, with little regard for the impact on workers. All over the world, executives are spending billions of dollars to transform their businesses into lean, digitized, highly automated operations. They crave the fat profit margins automation can deliver, and they see AI as a golden ticket to savings, perhaps by letting them whittle departments with thousands of workers down to just a few dozen. “People are looking to achieve very big numbers,'' said Mohit Joshi, the president of Infosys, a technology and consulting firm that helps other businesses automate their operations. “Earlier they had incremental, 5 to 10 percent goals in reducing their work force. Now they're saying, `Why can't we do it with 1 percent of the people we have?' '' Few American executives will admit wanting to get rid of human workers, a taboo in today's age of inequality. So they've come up with a long list of buzzwords and euphemisms to disguise their intent. Workers aren't being replaced by machines, they're being `released' from onerous, repetitive tasks. Companies aren't laying off workers, they're “undergoing digital transformation.'' A 2017 survey by Deloitte found that 53 percent of companies had already started to use machines to perform tasks previously done by humans. The figure is expected to climb to 72 percent by next year. The corporate elite's AI obsession has been lucrative for firms that specialize in `robotic process automation', or RPA. Infosys, which is based in India, reported a 33 percent increase in year-over-year revenue in its digital division. IBM's “cognitive solutions'' unit, which uses AI to help businesses increase efficiency, has become the company's second-largest division, posting $5.5 billion in revenue last quarter. The investment bank UBS projects that the artificial intelligence industry could be worth as much as $180 billion by next year. Kai-Fu Lee, the author of `AI Superpowers' and a longtime technology executive, predicts that artificial intelligence will eliminate 40 percent of the world's jobs within 15 years. In an interview, he said that chief executives were under enormous pressure from shareholders and boards to maximize short-term profits, and that the rapid shift toward automation was the inevitable result. The Milwaukee offices of the Taiwanese electronics maker Foxconn, whose chairman has said he plans to replace 80 percent of the company's workers with robots in five to 10 years. “They always say it's more than the stock price, But in the end, if you screw up, you get fired.'' Other experts have predicted that AI will create more new jobs than it destroys, and that job losses caused by automation will probably not be catastrophic. They point out that some automation helps workers by improving productivity and freeing them to focus on creative tasks over routine ones. But at a time of political unrest and anti-elite movements on the progressive left and the nationalist right, it's probably not surprising that all of this automation is happening quietly, out of public view. In Davos this week, several executives declined to say how much money they had saved by automating jobs previously done by humans. And none were willing to say publicly that replacing human workers is their ultimate goal. “That's the great dichotomy,'' said Ben Pring, the director of the Center for the Future of Work at Cognizant, a technology services firm. “On one hand,'' he said, profit-minded executives “absolutely want to automate as much as they can. On the other hand, they're facing a backlash in civic society.'' For an unvarnished view of how some American leaders talk about automation in private, you have to listen to their counterparts in Asia, who often make no attempt to hide their aims. Terry Gou, the chairman of the Taiwanese electronics manufacturer Foxconn, has said the company plans to replace 80 percent of its workers with robots in the next five to 10 years. Richard Liu, the founder of the Chinese e-commerce company JD.com, said at a business conference last year that “I hope my company would be 100 percent automation someday.'' One common argument made by executives is that workers whose jobs are eliminated by automation can be `reskilled' to perform other jobs in an organization. They offer examples like Accenture, which claimed in 2017 to have replaced 17,000 back-office processing jobs without layoffs, by training employees to work elsewhere in the company. In a letter to shareholders last year, Jeff Bezos, Amazon's chief executive, said that more than 16,000 Amazon warehouse workers had received training in high-demand fields like nursing and aircraft mechanics, with the company covering 95 percent of their expenses. [...] https://www.nytimes.com/2019/01/25/technology/automation-davos-world-economic-forum.html
Connected fitness started out with apps, says Tonal founder and CEO Aly Orady. “Then we went to trackers, and then connected cardio equipment. We're focused on the next layer, and that's intelligence.'' These devices also simulate a sense of togetherness you can't get from a video. Hop on the Peloton bike and you're not just slogging through a workout, you're joining a full-fledged party led by Alex or Cody or Jenn. One of them might ask a DJ to play records during their spin class. Another might wish you a happy birthday, or even send you a bouquet of flowers if you mention the recent passing of a loved one. (Yes, that actually happened.) Forget wearables. The next wave of exercise tech includes home fitness machines that respond directly to you. https://www.wired.com/story/smart-home-fitness-revolution/ The risk? Mistaking technology for intelligence?
No matter who you ask, the near-future of delivery seems to involve fleets of robots shuffling packages from stores, down sidewalks, and onto doorsteps. Robots will lug grocery bags <https://www.wired.com/story/nuro-grocery-delivery-robot/ from market to kitchen; they'll begin to replace humans delivering take-out <https://www.wired.com/story/postmates-delivery-robot-serve/ and dropping off parcels. And soon, your Amazon Prime packages may show up courtesy of Scout, Amazon's new six-wheeled autonomous delivery robot built to withstand the sidewalk. https://www.wired.com/story/amazon-new-delivery-robot-scout/ I'm in a DC suburb (VA) with spotty/inconsistent sidewalks. Is that a bigger or smaller risk than cities with funloving teenagers? Article didn't say what defensive weapons these things carry, whether they're self-righting if tipped over, and if they can signal distress.
Uber is looking to hire people to help it develop autonomous scooter and bike technology, according to Wired-editor-turned-robotics-entrepreneur Chris Anderson. The goal would be to allow bikes and scooters to "drive themselves to charging or better locations." People interested in joining the project can fill out this form <http://t.uber.com/micromobility_robotics>.. https://arstechnica.com/cars/2019/01/uber-wants-bicycles-and-scooters-that-can-drive-themselves-to-recharge/ The risks? If you have to ask...
Four Audi executives were indicted on Thursday. http://arstechnica.com/tech-policy/2019/01/need-for-a-large-trunk-and-a-high-end-sound-system-pushed-audi-to-cheat/
https://www.bloomberg.com/news/features/2018-07-25/the-world-economy-runs-on-gps-it-needs-a-backup-plan
https://www.runnersworld.com/uk/news/a25945315/mark-fellows-runner-hitman-murder/
Don't count on using spare quarters, dimes and pennies in this case, though. Bitcoin via Coinstar can only be purchased with paper money (as much as $2,500). Investors will go to one of the company's participating machines and select the `Buy Bitcoin' option on the screen, entering their phone number. http://fortune.com/2019/01/18/buy-bitcoin-grocery-store-coinstar/ Right next to lottery ticket vending machines. Coming next? Cash lottery winnings out as bitcoin?
For most adults, I do not see more than basic data stored on an implant itself—it would be a serial number/unique ID, which would be linked to the cloud provider, where encrypted user information would be stored or federated. This virtual wallet would contain credit cards, virtual ID cards for health insurance, corporate IDs, licenses, and permits. https://www.zdnet.com/article/the-internet-of-human-things-implants-for-everybody-and-how-we-get-there/ What could go wrong?
A spokesman for the Federal Aviation Administration said that two drones were spotted near Teterboro Airport. https://www.washingtonpost.com/transportation/2019/01/22/drone-activity-halts-air-traffic-newark-liberty-international-airport/
http://time.com/5512032/whatsapp-india-election-2019/ >From the article: Ahead of national elections in April and May, India's political parties are pouring money into creating hundreds of thousands of WhatsApp group chats to spread political messages and memes. Prime Minister Narendra Modi's ruling Bharatiya Janata Party (BJP) has drawn up plans to have three WhatsApp groups for each of India's 927,533 polling booths, according to reports. With each group containing a maximum of 256 members, that number of group chats could theoretically reach more than 700 million people out of India's population of 1.3 billion. [...] [A]ccording to researchers, as well as screenshots of group chats from as recently as January seen by TIME, these WhatsApp group chats frequently contain and disseminate false information and hateful rhetoric, much of which comes from forwarded messages. Experts say the Hindu nationalist BJP is fueling this trend, although opposition parties are using the same tactics.
The hack may have been the result of a compromised password. https://www.washingtonpost.com/technology/2019/01/23/family-says-hacked-nest-camera-warned-them-north-korean-missile-attack/
https://arstechnica.com/information-technology/2019/01/godaddy-weakness-let-bomb-threat-scammers-hijack-thousands-of-big-name-domains/
via NNSquad https://searchengineland.com/google-ordered-to-submit-search-index-to-state-sponsorship-in-russia-310533 Russian information agency Roskomnadzor is requiring Google and Bing to subject their results to government censorship. (Yandex has reportedly already complied.) A law passed last year in the country mandates that search engine results be filtered through the federal state information system (FGIS). Russia increases Internet censorship. The new Russian situation is comparable to Chinese rules requiring Internet companies to censor results to block officially undesirable or threatening information. In addition to censoring online content, China is using Internet and mobile technology to spy on its citizens.
http://fortune.com/2019/01/17/hackers-send-dna-test-kits/ The risk? Complex scams leveraging business/marketing practices...
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3313837 Abstract The duty to read doctrine is a well-recognized building block of U.S. contract law. Under this doctrine, contracting parties are held responsible for the written terms of their contract, whether or not they actually read them. The application of duty to read is especially interesting in the context of consumer contracts, which consumers generally do not read. Under U.S. law, courts routinely impose this doctrine on consumers. However, the application of this doctrine to consumer contracts is one-sided. While consumers are excepted to read their contracts, suppliers are generally not required to offer readable contracts. This asymmetry creates a serious public policy challenge. Put simply, consumers might be expected to read contracts that are, in fact, rather unreadable. This, in turn, undermines market efficiency and raises fairness concerns. Numerous scholars have suggested that consumer contracts are indeed written in a way that dissuades consumers from reading them. This Article aims to empirically test whether this concern is justified. The Article focuses on the readability of an important and prevalent type of consumer agreements: the sign-in-wrap contract. Such contracts, which have already been the focal point of many legal battles, are routinely accepted by consumers when signing up for popular websites such as Facebook, Amazon, Uber, and Airbnb. The Article applies well-established linguistic readability tests to the 500 most popular websites in the U.S. that use sign-in-wrap agreements. We find, among other things, that effectively reading these agreements requires, on average, more than 14.5 years of education. This result is troubling, given that the majority of U.S. adults read at an 8th-grade level. These empirical findings hence have significant implications for the design of consumer contract law.
The new research is raising concerns about how biased results could tarnish the artificial-intelligence technology's exploding use by police and in public venues, including airports and schools. https://www.washingtonpost.com/technology/2019/01/25/amazon-facial-identification-software-used-by-police-falls-short-tests-accuracy-bias-new-research-finds/
If you see a video of a politician speaking words he never would utter, or a Hollywood star improbably appearing in a cheap adult movie, don't adjust your television set—you may just be witnessing the future of "fake news." "Deepfake" videos that manipulate reality are becoming more sophisticated due to advances in artificial intelligence, creating the potential for new kinds of misinformation with devastating consequences. As the technology advances, worries are growing about how deepfakes can be used for nefarious purposes by hackers or state actors. "We're not quite to the stage where we are seeing deepfakes weaponized, but that moment is coming," Robert Chesney, a University of Texas law professor who has researched the topic, told AFP. Chesney argues that deepfakes could add to the current turmoil over disinformation and influence operations. "A well-timed and thoughtfully scripted deepfake or series of deepfakes could tip an election, spark violence in a city primed EXCERPTS: If you see a video of a politician speaking words he never would utter, or a Hollywood star improbably appearing in a cheap adult movie, don't adjust your television set—you may just be witnessing the future of "fake news." "Deepfake" videos that manipulate reality are becoming more sophisticated due to advances in artificial intelligence, creating the potential for new kinds of misinformation with devastating consequences. As the technology advances, worries are growing about how deepfakes can be used for nefarious purposes by hackers or state actors. "We're not quite to the stage where we are seeing deepfakes weaponized, but that moment is coming," Robert Chesney, a University of Texas law professor who has researched the topic, told AFP. Chesney argues that deepfakes could add to the current turmoil over disinformation and influence operations. "A well-timed and thoughtfully scripted deepfake or series of deepfakes could tip an election, spark violence in a city primed for civil unrest, bolster insurgent narratives about an enemy's supposed atrocities, or exacerbate political divisions in a society," Chesney and University of Maryland professor Danielle Citron said in a blog post for the Council on Foreign Relations. Digital manipulation may be good for Hollywood but new "deepfake" techniques could create a new kind of misinformation, according to researchers. Paul Scharre, a senior fellow at the Center for a New American Security, a think tank specializing in AI and security issues, said it was almost inevitable that deepfakes would be used in upcoming elections. A fake video could be deployed to smear a candidate, Scharre said, or to enable people to deny actual events captured on authentic video. With believable fake videos in circulation, he added, "people can choose to believe whatever version or narrative that they want, and that's a real concern." [...] https://www.afp.com/en/news/717/misinformation-woes-could-multiply-deepfake-videos-doc-1cn3in2
[Scammers everywhere] CNET Magazine: Don't get fooled like he was. The story doesn't end here, because Hal said he never had an eBay account. It turns out, he'd been scammed too. In his case, it was by an online "girlfriend" he'd never met ” not even through video chats. Hal was the unwitting victim of a well-known scheme to dupe people into forwarding items bought in their name outside the country. https://www.cnet.com/news/heres-how-you-can-stay-clear-of-online-scams/ Scammers are creative. Of course, old scams still work too—I just heard that friend-of-friend fell for "grandson kidnapped" routine—had never heard of it. Was told to wrap $2000/$3000 in separate bundles, send via FedEx, did. Fortunately, her son—a cop!—was able to intercept the package.
Zumigo, which sold the location data of American cell phone users, wanted the FCC to remove requirements around user consent. Another slide adds, "We strongly believe that if consumers understood the vulnerabilities they face, and their carrier's ability to help prevent it, they would want the carrier data to be shared in order to keep them safe." https://motherboard.vice.com/en_us/article/vbwgw8/zumigo-phone-location-data-sold-lobbied-fcc-consent For our own good, yes.
*Ran malware on own phones as test, uploading all their WhatsApp messages, other data.* At the Shmoocon security conference here on January 19, two researchers from the mobile security provider Lookout revealed the first details of a mobile surveillance effort run by a yet-to-be-named state intelligence agency that they had discovered by exploring the command-and-control infrastructure behind a novel piece of mobile malware. In the process of exploring the malware's infrastructure, Lookout researchers found iOS, Android, and Windows versions of the malware, as well as data uploaded from a targeted phone's WhatsApp data. That phone turned out to be one that belonged to one of the state-backed surveillance efforts -- and the WhatsApp messages and other data found on the server provided a nearly full contact list for the actors and details of their interactions with commercial hacking companies and eventual decision to build their own malware. [...] https://arstechnica.com/information-technology/2019/01/researchers-discover-state-actors-mobile-malware-efforts-because-of-yolo-opsec/
It's easier to RF hack an industrial crane than to hack a garage door opener. $40-60 of RF parts gives you control. Recommendation: off-the-shelf open source protocols rather than proprietary roll-your-own "security through obscurity" protocols. But you already knew that. Here are some selected paragraphs from a recent report. https://documents.trendmicro.com/assets/white_papers/wp-a-security-analysis-of-radio-remote-controllers.pdf A Security Analysis of Radio Remote Controllers for Industrial Applications Our research shows that there is a discrepancy between the consumer and industrial worlds. In the consumer world, the perceived risks have pushed the vendors to find reasonably secure, albeit imperfect, solutions such as rolling codes. In the industrial world, where the assets at risk are much more valuable than a fancy house or car, there seems to be less awareness. By exploiting various vulnerabilities that we discovered, we were able to move full-sized cranes deployed in production at construction sites, factories, and transportation businesses. In all of the cases, we were able to confirm and run the attacks very quickly. In each of the cases, we were able to switch on the controlled industrial machine even after the operator had issued an e-stop, which put the machine in a "stop" state. Apart from leaked schematics, the only available "technical" documentation is limited to user manuals, and we are unaware of any public research about the digital security risks in this space. We hope that our findings will inspire the RF- and hardware-hacking communities to continue looking at these protocols, and to encourage vendors to focus on open, standard RF protocols. In conclusion, given that the kind of machinery these remote controllers are managing can be dangerous if hijacked or disabled, manufacturers need to start thinking about moving to stronger open-source protocols rather than relying on security through obscurity. It could be challenging to balance the almost real-time requirements and secure RF transmission, but the hardware technology is there, ready to be used.
I don't particularly like to use Twitter threads as sources (all of them will go away when Twitter (hopefully soon) implodes), but this is quite on point: https://twitter.com/hacks4pancakes/status/1086000837615382529
https://www.bbc.com/news/business-47023003 New cars are more secure than ever, and the latest technology has helped bring down theft dramatically with, on average, less than 0.3% of the cars on our roads stolen. Criminals will always look for new ways to steal cars; it's an ongoing battle and why manufacturers continue to invest billions in ever more sophisticated security features—ahead of any regulation. However, technology can only do so much and we continue to call for action to stop the open sale of equipment with no legal purpose that helps criminals steal cars. Prohibition didn't work for booze; why should it be expected to succeed for {RFID, WiFi, or Bluetooth}-enabled vehicle heists? https://www.statista.com/statistics/859950/vehicles-in-operation-by-quarter-united-states/ estimates that ~263Mvehicles were in operation during 1st quarter of 2017. This implies, assuming they are equally vulnerable to RFID/Bluetooth access theft: ~789K thefts. https://ucr.fbi.gov/crime-in-the-u.s/2017/preliminary-report/cius-2017-preliminary-excel-tables.zip shows that for the 6 month period, an estimated 289K vehicle thefts were reported within the 50 US states with cities of 100Kpeople or greater; a vehicle theft each 50 seconds or so.
*With Rapid DNA machines, genetic fingerprinting could become as routine as the old-fashioned kind. But forensic experts see a potential for misuse.* ... many legal experts and scientists are troubled by the way the technology is being used. As police agencies build out their local DNA databases, they are collecting DNA not only from people who have been charged with major crimes but also, increasingly, from people who are merely deemed suspicious, permanently linking their genetic identities to criminal databases. [...] If the Rapid DNA system has flaws, now is the moment to address them, many experts argue. Peter Stout, president of the Houston Forensic Science Center, was left with concerns after completing a Rapid DNA pilot program with the Houston Police Department last February. “We need fast and cheap. It also needs to be right.'' https://www.nytimes.com/2019/01/21/science/dna-crime-gene-technology.html
I think regular RISKS readers might be interested in a new mailing list devoted to IoT security: http://www.firemountain.net/mailman/listinfo/dumpsterfire Initial message and administrivia: http://www.firemountain.net/pipermail/dumpsterfire/2019-January/000000.html
It's already illegal for domestic companies to use the content of users' e-mail. Government is now planning to apply this to foreign companies like Google and Facebook. Almost makes me want to move to Japan. http://the-japan-news.com/news/article/0005488933
RISKS readers are familiar with Facebook's Orwellian "real names" policy I didn't realise how poor the implementation is. I only discovered when my daughter wanted to sign up that it's so bad that many people will be forced to sign up with a fake name to get around it. When my daughter wanted to sign up Facebook decided that it didn't like her name. The help pages are pretty useless and their is no real indication of why. You have to guess why the name is rejected, but the solution appears to be to go through the name verification process. The "clever" bit is that there seems to be no way to start the name verification process until you create an account, so you have to make up a name that it will accept and use that to create the account. At this point I'm guessing that a lot of people don't bother to verify their real name and continue with the fake name. I can think of at least 2 of my Facebook friends using names that aren't "the name they go by in everyday life" (https://www.facebook.com/help/112146705538576) good guess that it's either not worth the effort of verifying their real name, or because their official documents use a different form of their name to the one they normally use in real life. As currently implemented the policy seems to prevent you signing up with an unusual name, but pretty much anybody can sign up as Paul Smith with no checks.
He writes: Perhaps I am a curmudgeon. In my view, the meme, which prompts people to post before-and-after photos of themselves on Facebook <https://click.email.fortune.com/?qs=449fa3686574c81be466f38d7c0cebbbe083520f6bf4d366ddb2482a4d929c0691638fbad4d87d593874c9eaaa6ffeb4c09fa97b64b0f52e> Instagram, and other social media sites, is no better than a data-siphoning social engineering attempt. The viral campaign exploits our vanity, encouraging us to surrender images of ourselves from a decade ago. People just happen to be packaging the chronology of their physiognomy in a usable format for machines to parse. https://view.email.fortune.com/?qs=0201bad8c93739fd5962676018096aced0f8602d66109218173392a5b675b1535d006a5a5b019814f916959e973fb36f41b44d801423e04d1e0e6b4a4119a8d65899f9866c6d8e60 The risk? Willingly feeding the beast.
In a blog post, Microsoft stated that Reserved Storage will be available only on devices that come with Windows 10 19H1 (version 1903) pre-installed or those where 1903 was clean installed. Those who upgrade to the next version will not utilize this feature. Problems with the current update process In Windows 10 October 2018 Update or older, if a user begins to run out of storage space, Windows may not run smoothly and many apps may not work as expected. Even worse, Microsoft has had a rough track record recently when it comes to updates and those who have no free space may not be able to install updates correctly. https://www.bleepingcomputer.com/news/microsoft/how-reserved-storage-works-in-the-next-version-of-windows-10/ It took 10 versions to notice?
Two new security and compliance packages are available at extra cost to protect enterprise Microsoft 365 users from wider threats. https://www.eweek.com/enterprise-apps/microsoft-bolstering-security-compliance-with-microsoft-365-add-ons
In a blog post, Microsoft stated that Reserved Storage will be available only on devices that come with Windows 10 19H1 (version 1903) pre-installed or those where 1903 was clean installed. Those who upgrade to the next version will not utilize this feature. Problems with the current update process In Windows 10 October 2018 Update or older, if a user begins to run out of storage space, Windows may not run smoothly and many apps may not work as expected. Even worse, Microsoft has had a rough track record recently when it comes to updates and those who have no free space may not be able to install updates correctly. https://www.bleepingcomputer.com/news/microsoft/how-reserved-storage-works-in-the-next-version-of-windows-10/ It took 10 versions to notice?
(Patent # 10,040,551 issued August 7, 2018) - Justia Patents Search Coffee or other drink, for example a caffeine containing drink, is delivered to individuals that would like the drink, or who have a predetermined cognitive state, using an unmanned aerial vehicle (UAV)/drone. The drink is connected to the UAV, and the UAV flies to an area including people, and uses sensors to scan the people for an individual who has gestured that they would like the drink, or for whom an electronic analysis of sensor data indicates to be in a predetermined cognitive state. The UAV then flies to the individual to deliver the drink. The analysis can include profile data of people, including electronic calendar data, which can be used to determine a potentially predetermined cognitive state. https://patents.justia.com/patent/10040551 https://www.inc.com/geoffrey-james/the-best-invention-of-2018-is-ibm-coffee-drone.html—note graphics https://www.popularmechanics.com/flight/drones/a22813997/ibm-patent-coffee-delivery-drone/ ...so this is how IBM wins the patents battle every year.
But politicians said the risk of encryption technology's being used by terrorists was too significant. Prime Minister Malcolm Turnbull of Australia said in July, "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." https://www.nytimes.com/2019/01/22/technology/australia-cellphone-encryption-security.html
A Chinese WeChat app displays the people in your vicinity who are in debt. Given the data publicly available (or via Facebook/Google/Twitter API's), consider the endless possibilities for future apps: * Find My Credit Scores - notifies you of the credit scores of those around you (thanks, Experian!!) * Find My Sugar Daddy / Find My Gold Digger - notifies you of the financial capacity of the people around you * Find My Real Daddy - utilizing 23&me DNA data, notifies you of genetic relationships of the people around you * Find My Sex Offender - notifies you if a registered sex offender is nearby * Find My Felon - notifies you of the arrest history of those around you and pulls up mugshots * Find My Ex's - notifies you if a previous lover is nearby * Find MeToo - notifies you if someone nearby was blacklisted as an *alleged* sexual harasser by someone * Find My Pwned - notifies you if someone nearby has been pwned and provides password(s) * Find My Echo Chamber - identifies the political party registration of those nearby * Find My Immigrant - check the E-Verify status of those nearby * Improve My Gaydar - obvious Once these apps surface, you'll probably never leave your house again! http://www.chinadaily.com.cn/a/201901/16/WS5c3edfb8a3106c65c34e4d75.html Hebei court unveils program to expose deadbeat debtors Zhang Yu in Shijiazhuang, chinadaily.com.cn, 16 Jan 2019: Deadbeat debtors in North China's Hebei province will find it more difficult to abscond as the Higher People's Court of Hebei on Monday introduced a mini-program on WeChat targeting them. Called "a map of deadbeat debtors", the program allows users to find out whether there are any debtors within 500 meters. The debtor's information is available to check in the program, making it easier for people to whistle-blow on debtors capable of paying their debts. "It's a part of our measures to enforce our rulings and create a socially credible environment," said a spokesman of the court.
https://www.nytimes.com/2019/01/21/opinion/covington-march-for-life.html Will the Covington Catholic High School fiasco change social media?
https://www.nytimes.com/2019/01/22/opinion/covington-teenagers-twitter.html Our hasty condemnation of these teenagers reveals the cold truth about hot takes.
Bug has been fixed.
Thank Apple for removing the jack from their iPhones. I carry around a lot of <$5 earbuds for my own use on airplanes & my digital audio player, so I'm happy to donate them to someone to listen privately. Cheap headphones for modern USB and Bluetooth never materialized, so I'm not about to carry around $100 earbuds to donate.
The Cyber Security Hall of Fame was on hiatus while stable funding was secured. That has happened, and nominations are open for the class of 2019. [Stable funding? Who's horsing around here while there is always room for more in the ever-growing stable of honorees? PGN] Current honorees are listed at http://www.cybersecurityhalloffame.com Help by nominating qualified candidates! See bit.ly/CSHOFNom http://bit.ly/CSHOFNom for details of nominations. Help spread the word.
Please report problems with the web pages to the maintainer