Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
This link will not open in Safari or Chrome but does work in Firefox. Please let the website maintainer know if you have any idea how to fix this as he is stumped! Copying the link and pasting it into the URL bar exhibits the same erroneous behaviour.
Experts have warned that deepfake technology is rapidly advancing at a rate far faster than the technology used to detect it, with one believing it could be too smart for humans to figure out. […] https://www.dailystar.co.uk/news/latest-news/deepfakes-turn-world-sci-fi-22715143
I'm reading the new Bob Woodward book, Rage, and came across this unsettling quote:
“The NSA and CIA had evidence, highly classified, that the Russians had placed malware in the election registration system in at least two counties in Florida—St. Lucie County and Washington County. There was no evidence yet that the malware had been activated. It was sitting there to be used. The voting system vendor used by Florida was used by state election registration systems all around the country. The Russian malware was sophisticated and could be activated in counties with particular demographics. For instance, in areas with higher percentages of Black residents, the malware could erase every tenth voter, almost certainly reducing the total vote count for Democrats. The same could potentially be activated to reduce Trump votes in Republican districts.”.
I've read lots of warnings about attempts to hack into American voting systems, but hadn't been aware of any successful penetrations.
This seems very serious to me. If it is determined, after the fact, that votes were miscounted or voters were not allowed to vote in a battleground state, what will we do?
Rage has been getting lots of publicity, but so far as I know no one has picked up on this passage, which even the author doesn't make a big noise about.
Hopefully the counties that have been hacked (and all others using that brand of voting software) have had their systems scrubbed clean—it doesn't say one way or the other in the book.
A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others.
The logging database, however, doesn't include any personal details such as names or addresses.
The data leak, discovered by Ata Hakcil of WizCase <https://www.wizcase.com/blog/bing-leak-research/> on September 12, is a massive 6.5TB cache of log files that was left for anyone to access without any password, potentially allowing cybercriminals to leverage the information for carrying out extortion and phishing scams.
According to WizCase, the Elastic server is believed to have been password protected until September 10, after which the authentication seems to have been inadvertently removed.
After the findings were privately disclosed to Microsoft Security Response Center, the Windows maker addressed the misconfiguration on September 16.
Misconfigured servers have been a constant source of data leaks <https://www.comparitech.com/blog/information-security/prison-phone-service-exposes-millions-inmate-records/> in recent years, resulting in exposure of email addresses, passwords, phone numbers, and private messages. […]
The mystery of why an entire village lost its broadband every morning at 7am was solved when engineers discovered an old television was to blame.
Broadband: Old TV caused village broadband outages for 18 months https://www.bbc.co.uk/news/uk-wales-54239180 https://www.bbc.com/news/uk-wales-54239180
[Also noted by Mark Bennison]
Proposition 24 is designed to make the California Consumer Privacy Act stronger. Why do so many privacy advocates oppose it?
When state senator Bob Hertzberg learned that an ambitious privacy initiative had gotten enough signatures to qualify for the ballot in California, he knew he had to act quickly.
“My objective was to get the damn thing off the ballot.”
The UK's Companies House comprises a core system of record that authenticates business ownership and persons of significant control (PSC) — corporate directors. Historically weak oversight enabled rampant criminal exploitation via money laundering enterprises.
“One estimate from Transparency International (TI), which investigates corruption, identified almost 1,000 front companies responsible for up to £137 billion of suspected criminal money flowing through the UK.“
See https://www.transparency.org/en/blog/gatekeepers-asleep-on-the-job for instance:
“Reporting of major corruption scandals usually puts the high-profile kleptocrats front and centre, and rightly so. But, more often than not, the criminal and corrupt couldn't launder their ill-gotten gains without a variety of professional services, including those of accountants, notaries, real estate agents and bankers.”
“These professions are subject to specific anti-money laundering obligations, and are meant to be the first line of defence protecting the global financial system against dirty money.”
Professionals routinely shirk ethical responsibilities.
Tightening oversight is key to suppress illegitimate commercial activities. This document details significant reform measures: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/919356/corporate-transparency-register-reform-consultation-government-response.pdf.
Lord Callanan, the UK Minister for Climate Change and Corporate Responsibility states in the forward, “Too often I see companies repeatedly set up and closed down to avoid paying debts—so called ‘phoenixing’. Shell companies have been set up for no other purpose than to launder the proceeds of crime—committed both here and overseas.”
The identified reforms close numerous loopholes that enabled money laundering enterprises to acquire legitimacy. The reforms rely heavily on digital document and identity authentication mechanisms. Agents performing registrations on behalf of candidates PSC are required to demonstrate comprehensive credential verification due diligence.
Third-party ID verification services will be enlisted to accelerate and vet the credentials of PSC candidates before they acquire Companies House bona fides. Cross-referencing government systems of record will establish candidate authenticity.
The new processes are scheduled to roll-out for user testing at the end of financial year 2020/2021. Wait and see what transparency.org reports about UK money laundering in the near future.
My guess is that another nation will see an incremental growth in money-laundering traffic as the UK strengthens controls.
For more than seven decades, (202) has been D.C.'s sole area code. But by the end of 2022, the city will have a new one: (771).
This month regulators started the 13-month process to implement the new (771) area code, a step that reflects the reality that the longstanding (202) area code—first unveiled in 1947 as one of the country's 86 original area codes—is running out of of available phone numbers.
Each area code can produce roughly eight million seven-digit phone numbers, and the North American Numbering Plan Administrator—the official regulator of area codes in the U.S., Canada and some Caribbean countries — says (202) is expected to run out of numbers within two years. In fact, the number of (202) phone numbers remaining declined at such a rapid pace this year that in August NANPA formally declared it was in jeopardy, kicking off a series of steps to slow its march towards extinction—including rationing numbers.
…another non-renewable resource. I wonder how many area codes NANPA has unallocated—and when we'll need four-digit area codes. Or hexadecimal phone keypads, or phone numbers including */#. (Yes, latter two are jokes — mostly)
So-called single sign-on options offer a lot of convenience. But they have downsides that a good old fashioned password manager doesn't.
No surprise here; I keep reminding people of this.
SARS-CoV2 exposure constitutes an occupational risk for healthcare professionals. Singapore commenced deployment of a prototype SwabBot to reduce this risk. Other countries have also deployed similar solutions.
“‘Our team felt that we had to find a better way to swab patients to reduce the risk of exposure of Covid-19 to our healthcare workers, especially when patients sneeze or cough during the swabbing process,’ said principal investigator Rena Dharmawan, associate consultant of head and neck surgery at NCCS' Division of Surgery and Surgical Oncology.”
From the US Center for Disease Control, https://covid.cdc.gov/covid-data-tracker/index.html#health-care-personnel (retrieved on 22SEP2020) reveals infections and deaths among healthcare professionals participating in the COVID-19 pandemic response.
“Data were collected from 5,043,006 people, but healthcare personnel status was only available for 1,213,744 (24.07%) people. For the 160,860 cases of COVID-19 acquired by healthcare personnel, death status was only available for 115,817 (72.00%).”
These values can be used to compute infection and mortality probabilities among US healthcare professionals during the pandemic.
Probability of infection acquisition: 160860/1213744 ~= 13.3%
Probability of mortality from infection: 709/115817 ~= 0.61%
Given Singapore's aggressive COVID-19 pandemic response campaign, these probabilities are likely to be substantially diminished compared to the US.
SwabBot Risks: SARS-CoV2 transmission from shared device reuse, injury from nasal probe malfunction during sample acquisition, cross-sample contamination.
The numbers don't seem to tally. 63% average with 60% maximum? Interestingly there is another independent report on the same study, which gives other, more differentiated numbers:
All other reports seem to be using the Reuters text.
Risk 1: The study itself is not available, so there is no way
to see which numbers are correct.
Risk 2: A big agency being parroted by all others, drowning out a differing opinion.
Andrew Appel <firstname.lastname@example.org> has just released his blog article “Vote-by-mail meltdowns in 2020?” on Freedom-to-Tinker:
This equates ‘considering’ with ‘supporting’. It would be difficult to form any view either way without ‘consideration’.
Please report problems with the web pages to the maintainer