Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
AUSTIN, TX — Calling it a terrible tragedy that could and should have easily been avoided, investigators slammed SpaceX Thursday after an autonomous rocket veered off course and struck a pedestrian. “At approximately 11 a.m. CST, a SpaceX Falcon9 rocket launched itself into traffic at 17,000 mph, hitting and subsequently killing a man who was crossing the street,” read a statement from the National Transportation Safety Board, adding that despite being programmed with the latest self-guiding software, the rocket entered traffic, ignored several red lights, and failed to disengage several high-speed booster rockets at the time of impact. “After striking and killing the pedestrian, the spaceship continued to accelerate, until it ultimately flew off of a cliff and collided with a tree, creating an enormous mushroom cloud visible from the entire city. Sadly, until we can enter the several hundred foot crater and find the rocket’s data logs, we may never know what truly happened.” At press time, SpaceX responded that while they were sorry for the loss of life, they were proud that no cars were harmed in the accident.
https://www.theonion.com/spacex-under-fire-after-autonomous-rocket-hits-pedestri-1847946787
Maureen Dowd interviews Eric Schmidt about the future of artificial intelligence.
The first time I interviewed Eric Schmidt <https://www.nytimes.com/2009/04/15/opinion/15dowd.html?timespastHighlight=eric,schmidt,maureen,dowd>, a dozen years ago when he was the C.E.O. of Google, I had a simple question about the technology that has grown capable of spying on and monetizing all our movements, opinions, relationships and tastes.
“Friend or foe?” I asked.
“We claim we're friends,” Schmidt replied coolly.
Now that the former Google executive has a book out Tuesday on “The Age of AI <https://www.littlebrown.com/titles/henry-a-kissinger/the-age-of-ai/97803162 73800/> ,” written with Henry Kissinger and Daniel Huttenlocher, I wanted to ask him the same question about A.I.: “Friend or foe?”
https://www.nytimes.com/2021/10/30/opinion/eric-schmidt-ai.html
Fake Polls and Tabloid Coverage on Demand: The Dark Side of Sebastian Kurz
The downfall of Austria’s onetime political Wunderkind put a spotlight on the cozy, sometimes corrupt, relationship between right-wing populists and parts of the news media.
https://www.nytimes.com/2021/10/17/world/europe/austria-sebastian-kurz-scandal-chancellor.html
https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/
Normally a scare headline like this would lead me to ignore it. But this has Ross Anderson's name on it.
https://www.trojansource.codes/
I've run across an interesting way some websites have found to deliver traffic to themselves. I was searching for a recipe and one of the Google search results appeared to have what I needed. However when I clicked on the link to ckbk.com<https://app.ckbk.com/> I found that while it was indeed the recipe I wanted, the actual contents were behind a paywall and I had to subscribe to see the actual recipe. It appears the website has found a way to recognize the Google spider and allow it to index their site but then lock out those using the search link from Google.
Risks here start with persuading people to give credit card info for information that was seemingly provided openly on the web. Who knows what happens once they have that info. And if this website can give the spider one view of their website and the public something else, putting the promised content behind a paywall is going to be child's play compared to the other exploits possible.
[Mike Smith alias Mike Thompson?]
I've had another of my (infrequent) CoVID dreams. (I don't remember a lot of details, but the gist is there.) Somebody (possibly me) is supplying cleansers, unguents, and potions to the Royal Family. They are full of random ingredients, none of them particularly effective. So, somebody (possibly me) suddenly, and without warning, insists upon changing the formulations of the cleansers, unguents, and potion so that they are, at least minimally, effective. (High- handed, I know, but probably useful.)
In recent days the IT systems underlying the Newfoundland and Labrador health ministry, and hospitals, and diagnostic services, have ceased to work. This, particularly in the middle of a pandemic, could be a problem, since nothing of a health nature, aside from direct emergency services, is happening. Nobody is saying much about it. The relevant minister, and law enforcement leaders, have, after more than a day of pretty much useless pronouncements, finally admitted that the situation is a result of a “cyberattack.” This is a singularly unhelpful piece of information, given that it could describe almost anything. “Sources” are wildly speculating that it might be “ransomware,” with no indication that any of those “sources” actually knows what “ransomware” is, beyond “something that's recently made problems for a lot of enterprises.” (Similar “sources” are now saying that the “cyberattack” is the worst in Canadian history, despite not knowing what it is or how bad.) The lack of information may result from embarrassment (if, in this day and age, I had to admit that I'd suffered a ransomware attack and didn't know how to recover within a day or so, I'd certainly be embarrassed), or, probably more likely, a complete lack of understanding of what happened.
My mother died recently. (No, I'm not changing the topic.) (Yes, thank you; it was not unexpected; she'd been going downhill; it was a relief; she'd had a “good innings.”) Lots of people were very grateful to my mother, for a number of things. And she gave me one very great gift. Many years ago, I read an article from someone who said that everyone, these days, insisted that they worked in “high tech.” And, not everyone could. So, he provided a guideline for determining whether you actually worked in high tech. If your mother understood what you did, you didn't work in high tech. My mother, very definitively, never, EVER, understood what I did. In fact, most of my bosses never understood what I did.
I think I have this in common with most of you in information security. Most of us work for managers, supervisors, directors, and ministers who have only the vaguest notion of what we actually do, and the principles that drive us.
Since information, and information processing, now basically drives almost all of the world, this creates a dangerous situation. There are many threats to that information, and that processing, and if you don't understand the threats, you can't take precautions.
Take my original field of research. The fact that malware has exploded into myriad different forms makes it more important to know and define the various forms, not less. Different precautions and controls are effective against different types of malware. Some are best handled by security awareness training of staff (and, sometimes, customers). Some are addressed by very specific types of application level proxy firewalls. Some are addressed by having a backup. (Remember backups?) You need to know, specifically, what the threats are in order to protect against them.
We, in information security, have always been faced with the problem of “training up.” We are managed, and our budgets and resources are controlled, by those above us, in the org chart, who do not understand what we do. We need to take every opportunity (often when the metaphorical building next door metaphorically catches fire) to explain the risks facing the enterprise, and the precautions that need to be taken against those many risks. (And why “cloud” or “blockchain” is not the answer to every security question.)
(I have a great problem understanding why senior management does not understand risk management. After all, if you are a manager, at any level, of whatever type, you manage two things: people and risk. But, then again, the pandemic has demonstrated, over and over again, with a huge number of illustrations, that we, as a species, are really and utterly terrible at assessing and managing risk. It's a wonder we've survived as long as we have.)
We, in information security, need to step up our efforts to train managers, media, and the general public about the real risks that we, as a society, face every day.
Now go make a backup. (Maybe more than one.) (Maybe more than one type.) It'll keep you safe from “ransomware” “cyberattacks.”
(Although not from breachstortion. But that's another story. Or attack.)
Happy Halloween! Remember to drive carefully in your neighborhood tonight. With all the kids out in their costumes, hurrying for that next piece of candy, it is amongst the deadliest days of the year for younger pedestrians. And that’s true even if no one is testing self-driving car technology in your community.
We recently sat down with National Public Radio’s Marketplace to discuss what the status of self-driving car regulations are, and how the current testing set-up works. As we noted, manufacturers are “just putting vehicles out on public roads, public highways, neighborhood streets, across the country, and collecting data and seeing how it goes. That is obviously something that most people aren’t aware of, and no one really signed up for.” Happy Halloween! Remember to drive carefully in your neighborhood tonight. With all the kids out in their costumes, hurrying for that next piece of candy, it is amongst the deadliest days of the year for younger pedestrians. And that’s true even if no one is testing self-driving car technology in your community.
We recently sat down with National Public Radio’s Marketplace <https://www.autosafety.org/the-road-ahead-what-about-regulation-for-self-driving-cars/> to discuss what the status of self-driving car regulations are, and how the current testing set-up works. As we noted, manufacturers are “just putting vehicles out on public roads, public highways, neighborhood streets, across the country, and collecting data and seeing how it goes. That is obviously something that most people aren’t aware of, and no one really signed up for.”
https://mailchi.mp/autosafety.org/october-safety-update?e=91e5c03d94
Check out the full interview here: The road ahead: What about regulation for self-driving cars? <https://www.autosafety.org/the-road-ahead-what-about-regulation-for-self-driving-cars/>
It's always interesting what goes on. Like Rob Slade, the organization I worked for for quite a while (Communications Research Centre, Ottawa) “did” Internet stuff.
Way back in the mid '90s, us Canadians could participate in EU FP projects. Could not claim funds, but could participate. One fun one was the UCL-led MICE and MECCANO projects, “doing” Multicast Audio/Video conferencing, amongst other things.
Two things came to light:
I can remember Roy Bennett, the UCL-based facilitator asking on Audio “I see lots of conversations on the white board, but does anyone want to say anything?”
I did have fun, as a side project, creating a VRML-based 3D front end to the audio tool, proximity based, so one could group with like minded people (Avatars) and talk, could see and hear other groups walk by, audio if they were close, just like real life. I led a little group doing fun things like that - I think we all enjoyed creating 3D interfaces for all sorts of things.
Now, in 2021, it appears that:
With Video; the main feature is to have a background (preferably animated, and of zero relevance) going in the background, which is imperfect at stitching the user onto the background;
Audio - people are getting better, but the mute button gets ignored too much, so focus often changes to the coffee-slurpers (like me!) from the main presenter.
Saying that, the video quality is definitely better than we had back in the mid 90s but the whole experience has not really progressed much.
Point of order! Paula and Dave Knight, who received the fine, had nothing at all to do with sweater lady, and in particular Mr Knight is not her husband. Readers may also have noted the rather feeble attempt at a personalised number plate, approximating to KNigT.., which is pretty much as good as it gets for most UK car owners, given the rules by which our plates are assigned.
Please report problems with the web pages to the maintainer