Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Dan Sabbagh, The Guardian, 21 Jul 2020
Russia report reveals UK government failed to investigate Kremlin interference. <https://www.theguardian.com/world/2020/jul/21/russia-report-reveals-uk-government-failed-to-address-kremlin-interference-scottish-referendum-brexit>
British government and British intelligence failed to prepare or conduct any proper assessment of Kremlin attempts to interfere with the 2016 Brexit referendum, according to the long-delayed Russia report. <https://www.theguardian.com/politics/eu-referendum>
The damning conclusion is contained within the 50-page document from parliament's intelligence and security committee, which said ministers “had not seen or sought evidence of successful interference in UK democratic processes”.
The committee, which scrutinises the work of Britain's spy agencies, said: “We have not been provided with any post-referendum assessment of Russian attempts at interference”—and contrasted the response with that of the US. […] This situation is in stark contrast to the US handling of allegations of Russian interference in the 2016 presidential election, where an intelligence community assessment was produced within two months of the vote, with an unclassified summary being made public.”
Committee members said they could not definitively conclude whether the Kremlin had or had not successfully interfered in the Brexit vote because no effort had been made to find out. “Even if the conclusion of any such assessment were that there was minimal interference, this would nonetheless represent a helpful reassurance to the public that the UK's democratic processes had remained relatively safe,” the report added.
The cross-party committee noted that publicly available studies have pointed to “the preponderance of pro-Brexit or anti-EU stories” on the Russia Today and Sputnik TV channels at the time of the vote and “the use of ‘bots’ and ‘trolls’ on Twitter, as evidence of Russian attempt to influence the process.
Committee members complained that when they asked for written evidence from MI5 at the start of their inquiry, the domestic spy agency “initially provided just six lines of text” prompting criticism from the committee.
It accused MI5 of operating with “extreme caution” and said its “attitude is illogical” because the issue at hand was “the protection of the process and mechanism from hostile state interference, which should fall to our intelligence and security agencies”.
The keenly anticipated document was completed last October, but was sat on by Boris Johnson before the general election and only declassified and cleared for release by the prime minister in December.
It could not be released until No 10 had nominated Conservative members to the committee, although its nominee for chair Chris Grayling was ambushed by opposition members who voted instead for Julian Lewis.
Downing Street is expected to publish its own response shortly.
IBM researchers steal 40GB of data from group targeting presidential campaigns.
ATM maker is investigating the use of its software in black boxes used by thieves.
The current pace of human-caused carbon emissions is increasingly likely to trigger irreversible damage to the planet, according to a comprehensive international study <https://agupubs.onlinelibrary.wiley.com/doi/abs/10.1029/2019RG000678> released Wednesday. Researchers studying one of the most important and vexing topics in climate science—how sensitive the Earth's climate is to a doubling of the amount of carbon dioxide in the atmosphere—found that warming is extremely unlikely to be on the low end of estimates.
These scientists now say it is likely that if human activities—such as burning oil, gas and coal along with deforestation—push carbon dioxide to such levels, the Earth's global average temperature will most likely increase between 4.1 to 8.1 degrees Fahrenheit (2.3 and 4.5 degrees Celsius). The previous and long-standing estimated range of climate sensitivity, as first laid out in a 1979 report, was 2.7 to 8.1 degrees Fahrenheit (1.5 to 4.5 Celsius).
If the warming reaches the midpoint of this new range, it would be extremely damaging, said Kate Marvel, a physicist at NASA's Goddard Institute of Space Studies and Columbia University, who called it the equivalent of a five-alarm fire for the planet. […] https://www.washingtonpost.com/weather/2020/07/22/climate-sensitivity-co2/
Western societies tend to see nature and humanity as separate. But are there other ways of relating to the natural world? […] https://www.bbc.co.uk/ideas/videos/is-it-time-to-reassess-our-relationship-with-natur/p08l2xcb
https://www.acatech.de/wp-content/uploads/2020/07/aca_IMP_EPS_en_WEB_FINAL.pdf
Executive Summary
Europe can strengthen its digital sovereignty by creating a sovereign European digital ecosystem that is democratically accountable to its citizens. A digital ecosystem that observes European values such as transparency, openness and privacy protection, even in its technical design, can create a digital public sphere that offers fair terms of access and use, strengthens the public debate and safeguards the plurality that forms a key part of Europe's identity. This sphere would be open to everyone, both within Europe and beyond—the key to Europe's digital sovereignty lies not in isolationism but in the creation of ambitious alternatives.
The current coronavirus crisis has shone a light not only on how digital technology is increasingly penetrating every area of our lives, but also on just how dependent Europe has become on non-European platform operators. Europe is losing its influence over the digital public sphere at a time when it has taken on a central role in the continent's economic and social life. As well as diminishing Europe's economic competitiveness and thus the prosperity of European society, this poses a particularly serious threat to people's individual freedom and privacy and to Europe's democratic values. The time has come for both the member state and European Union levels to demonstrate the common political will to actively shape a digital public sphere that provides a basis for democratic debate, public opinion-forming and respect for European values, and to develop and establish an open European digital ecosystem that offers a genuine alternative. If incorporated into the special funding measures to overcome the coronavirus crisis, this European Public Sphere (EPS) can also provide a huge opportunity for European companies and start-ups, thereby helping to boost value creation in Europe.
This paper describes how a European Public Sphere can be established as an alternative European ecosystem, and sets out the concrete measures that will be necessary in order to do so. These include:
These measures will enable the establishment of a trusted digital public sphere for the citizens of Europe that puts European values first and that facilitates cross-border services and a dialogue between people who live in different countries and speak different languages.
Together with key partner France, and in conjunction with the European Commission and European Parliament, the Trio Presidency of Germany, Portugal and Slovenia can initiate the European Public Sphere as an ambitious, pan-European development project. Provided that they receive the necessary backing and financial support from government, stakeholders from the private sector, culture, civil society and academia are ready to create an alternative European digital ecosystem.
A unit of Warren Buffett's empire paid an inflated price for a pipe maker that used fake sales to look profitable, an arbitration panel concluded. The firm was close to bankruptcy.
https://www.nytimes.com/2020/07/01/business/berkshire-hathaway-fraud-germany.html
Ongoing attack hitting unsecured data leaves the word “meow” as its calling card.
It took days to resolve anti-spam concerns that halted a 4 July 2020 test run, costing Trump donations and raising GOP fears about November.
https://www.politico.com/news/2020/07/20/trump-massive-texting-program-suspended-372302
The new hardware-based attack, which has targeted machines across Europe, can yield a stream of cash for the attacker.
https://www.wired.com/story/thieves-are-emptying-atms-using-a-new-form-of-jackpotting/
Even recent unlocked phones like the Galaxy S10e or the Nokia 6.1 are affected
Amid an economy-crushing pandemic, AT&T has decided that now is the best time to send a scaremongering email to some customers, telling them that their device “is not compatible with the new network and you need to replace it to continue receiving service.” The email conveniently doesn't explicitly mention that this will only affect customers as late as February 2022, only linking to that information. […]
How does “unreasonable search” work when any agency can buy data from anywhere?
Wattpad Corp. has provided more details about a breach of user data provided to its online storytelling platform. The Toronto-based company has sent out a note to users that says hackers may have had access to email addresses, birth dates, the gender of members and encrypted passwords.
It says user stories, private messages, and phone numbers were not part of this incident.
https://www.cbc.ca/news/business/wattpad-data-breach-1.5657724
After taking a five-month break, the botnet returns with a short burst of activity.
Easy-to-miss script can give attackers a new access should they ever be booted out.
Uber said Monday that it had established a service to give public health officials access to data within hours on riders and drivers who are presumed to have come in contact with someone infected with Covid-19, helping to fill in a gap in the coronavirus response of the U.S., which does not have a federal contact tracing program.
https://www.washingtonpost.com/business/2020/07/22/face-mask-banks/
“There have already been ‘recent reports of face-covering-related robberies at bank branches…make clear that broadly applicable face mask requirements are not safe or sustainable on a permanent basis.’”
A new bank visitation protocol to deter the criminally inept:
Original article: https://www.vozpopuli.com/economia-y-finanzas/reconocimiento-facial-causas-pendientes_0_1375363234.html.
Automatic translation: https://translate.google.com/translate?sl=auto&tl=en&u=https://www.vozpopuli.com/economia-y-finanzas/reconocimiento-facial-causas-pendientes_0_1375363234.html
> The Ministry of the Interior wants a solution based on facial recognition > to be installed in large sporting or cultural shows football matches, > concerts … that allows detecting people with pending cases with the > Justice.
Safe harbor lets phone companies block all calls from bad-actor telecoms.
How does “unreasonable search” work when any agency can buy data from anywhere?
US Customs and Border Protection can track everyone's cars all over the country thanks to massive troves of automated license plate scanner data, a new report reveals—and CBP didn't need to get a single warrant to do it. Instead, the agency did just what hundreds of other businesses and investigators do: straight-up purchase access to commercial databases.
CBP has been buying access to commercial automated license plate-reader (ALPR) databases since 2017, TechCrunch reports, and the agency says bluntly that there's no real way for any American to avoid having their movements tracked. […]
[Re: High-profile Twitter accounts hacked (RISKS-32.11)]
Several people involved in the events that took down Twitter this week spoke with The Times, giving the first account of what happened as a pursuit of Bitcoin spun out of control.
OAKLAND, Calif. A Twitter hacking scheme that targeted political, corporate and cultural elites this week began with a teasing message between two hackers late Tuesday on the online messaging platform Discord.
“yoo bro,” wrote a user named Kirk, according to a screenshot of the conversation shared with The New York Times. “i work at twitter / don't show this to anyone / seriously.”
He then demonstrated that he could take control of valuable Twitter accounts — the sort of thing that would require insider access to the company's computer network.
https://www.nytimes.com/2020/07/17/technology/twitter-hackers-interview.html
For several years now, I have been an unpaid AARP (American Association of Retired Persons) volunteer doing U.S. and California income tax returns. Our clients do not pay for the service. Their returns are filed electronically over encrypted Internet connections. Even before the returns are filed, we print paper copies of their returns at the time of service for them to take home.
We retain NO client data when we do taxes, not one piece of paper brought by a client or generated by our volunteers. If a client forgets to take all paper, we contact that client to return to the facility to collect it. Otherwise, the paper is shredded.
We ask our clients whether they want to be contacted by AARP regarding other services, but we do not urge them to say “yes”. We ask our clients whether they want their tax returns made available electronically to other AARP locations the following year to simplify data entry, but we do not urge them to say “yes”. We ask our clients whether they want their tax returns made available electronically to other authorized free services authorized by the Internal Revenue Service the following year, but we do not urge them to say “yes”.
Overall, the AARP Tax-Aide service operates with strict rules protecting the client's data. Using those data for any purpose other than completing a tax return is prohibited.
On top of all that, the state of California's Franchise Tax Board has a Web site where taxpayers can enter their own data and file their returns electronically for free. California has very stringent laws protecting the privacy of its residents. The state is not in the business of selling personal data.
> “it relied entirely on an algorithm that had taught itself to drive by > watching a human do it.”
Does this mean that it learned about traffic lights, “Red = stop, Green = go, Yellow == charge forward at top speed to catch it before it turns red”?
> It seems that the old principle is still valid: “If you're not paying, > you're not the customer, you're the merchandise.”
The canton of Zurich provides free tax preparation software for private persons: you can do it online, with access to your previous tax records, or you can download the software and do it offline on your own computer — Windows, Mac, or Linux. There the software can pick up and use last year's data if you've kept it; and you generate PDF to print and mail the completed tax forms.
The name of the software is “Private Tax”. It works, and it saves time and money for the tax office as well as for individual taxpayers. I have a hard time thinking of any down side to this.
> It's also reviewed all 1 million lines of code in the spacecraft > “resulting in increased robustness of flight software”
That sounds reassuring, but is actually rather worrying. Boeing found problems with their software, then uncovered another problem when fixing the first. So they reviewed all 1 million lines of code which resulted in “increased robustness”.
If the review had not found any further problems then the result would have been “increased confidence”. “Increased robustness” on the other hand meant that even more problems were found!
As any software engineer knows, anyone who says “I have just fixed the last bug” is wrong.
Right. Also, what does “reviewed” mean? And by whom?
Original developer(s)? People see what they want/expect to see. (That's surely true trying to edit my own writing).
And if they don't like what they see—they “fix” it? How many times are new problems introduced when fixing (maybe) old ones?
Combine that with being rushed through the million lines. As you say, it's not reassuring.
Probably junior programmers get this boring grunt work: senior programmers get to do more interesting jobs, like writing new code!
I think it was IBM's OS/360 operating system that, after release, consistently had several thousand bug fixes per month. There are two possible explanations for this phenomena:
Tautologies often need to be pointed out. Mathematics textbooks from Euclid's Elements onward are full of them, but millions still buy them because they are useful.
Please report problems with the web pages to the maintainer