Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Carolyn Said, San Francisco Chronicle, Business Report, C1, 7 Jul 2017 (PGN-ed) The original goal of some developers was to provide kits to enable owners to retrofit conventional cars to be self-driving. The article mentions Panda, OpenPilot, Chffr, Cabana, Comma, Neodriven, and more. “The adaptive cruise-control from Honda Sensing is almost embarrassing in bumper-to-bumper traffic; it drives just like a 16-year-old just learning.'' Fascinating article, but lacking in assurance that nothing bad is likely to happen. Risks (totally unmentioned, and often left to the imagination of RISKS readers) might include (for example), * Tinkering with (enhancing) the kits * Disabling kit-provided safety features, intentionally or unintentionally? * Providing new or augmented kits that can alter the hardware and software of off-the-shelf kit-based hand-tinkered conventional cars, or in emerging self-driving cars * Disrupting surrounding vehicles (e.g., passing in heavy traffic, or jamming communications of neighboring vehicles), circumventing rules and regulations, and lots more.
via NNSquad https://www.engadget.com/2017/07/14/kaspersky-in-the-crosshairs/ Kaspersky is in what you might call "a bit of a pickle." The Russian cybersecurity firm, famous for its antivirus products and research reports on active threat groups is facing mounting accusations of working with, or for, the Russian government. These accusations have been made in press and infosec gossip for years. In the past month there's been more scuttlebutt in the press, an NSA probe surfaced, and the Senate got involved by pushing for a product ban. This week things reached a peak with fresh accusations from Bloomberg and a surprising attack from the Trump administration. Which is odd, considering how eager the current regime is to please and grease the wheels of its Russian counterparts. Either way, Kaspersky is really in a tight spot this time. The hammer dropped Tuesday when Bloomberg published Kaspersky Lab Has Been Working With Russian Intelligence. It comes from the same reporters who started 2015's "banyagate," in which Kaspersky Lab Has Close Ties to Russian Spies alleged CEO Eugene Kaspersky colluded with Russian intel in secret sauna meetings.
John Wildermuth, *San Francisco Chronicle*, front page, 7 Jul 2017 The article caption tells it all for RISKS readers. "Kobach could be setting up a one-stop shop of personal information that would be a treasure trove not only for shady online entrepeneurs, but also for identity thieves and criminal hackers."
https://www.washingtonpost.com/local/public-safety/trump-voting-panel-tells-states-to-hold-off-sending-data-while-court-weighs-privacy-impact/2017/07/10/c4c837fa-6597-11e7-a1d7-9a32c91c6f40_story.html Trump voting panel tells states to hold off sending data while court weighs privacy impact President Trump's voting commission on Monday asked states and the District to hold off submitting the sweeping voter data the panel had requested until a federal judge in Washington decides whether the White House has done enough to protect Americans' privacy. The Electronic Privacy Information Center (EPIC), a watchdog group, has asked U.S. District Judge Colleen Kollar-Kotelly to block the commission's data request, arguing that the panel had not conducted the full privacy impact statement required by federal law for new government electronic data-collection systems. Separately Monday, two civil liberties groups filed lawsuits to prevent the commission from holding its first scheduled meeting next week, alleging that the panel had been working in secret and in violation of government regulations on public transparency. The two new lawsuits add to the potential roadblocks faced by the commission, whose request for voting information from more than 150 million registered voters has drawn bipartisan criticism across the states as an assault on privacy and states' rights and a stealth attempt at voter suppression. [...]
Lead generation firm earned millions by falsely promising to match consumers with low-rate loans https://www.ftc.gov/news-events/press-releases/2017/07/ftc-halts-operation-unlawfully-shared-sold-consumers-sensitive
WASHINGTON â Two former staff employees of a member of the U.S. House of Representatives have been indicted following an investigation into the circulation of private, nude images and videos of the member and the member's spouse, announced U.S. Attorney Channing D. Phillips and Matthew R. Verderosa, Chief of the United States Capitol Police. ... The indictment alleges that, during the course of his employment, McCullum offered in March 2016 to assist the House member in repairing the memberâs malfunctioning, password-protected cellular iPhone by taking the device to a local Apple store. According to the indictment, the House member provided McCullum with the device solely to have the iPhone repaired. McCullum was not given permission to take, copy, or distribute any of the contents of the iPhone. The iPhone contained the private, nude images and videos. https://www.justice.gov/usao-dc/pr/two-former-employees-house-member-indicted-federal-charges-cyberstalking-case Well, of course—what could go wrong?
INCOMPETENT and ILLEGAL! https://www.vox.com/policy-and-politics/2017/7/14/15973464/white-house-election-integrity-doxx The White House just responded to concerns it would release voters' sensitive personal information by releasing a bunch of voters' sensitive personal information. Last month, the White House's "election integrity" commission sent out requests to every state asking for all voters' names, party IDs, addresses, and even the last four digits of their Social Security numbers, among other information. The White House then said this information would be made available to the public. A lot of people did not like the idea, fearing that their personal information could be made public. So some sent emails to the White House, demanding that it rescind the request. This week, the White House decided to make those emails from concerned citizens public through the commission's new website. But the administration made a big mistake: It didn't censor any of the personal information—such as names, email addresses, actual addresses, and phone numbers—included in those emails. In effect, the White House just released the sensitive personal information of a lot of concerned citizens giving feedback to their government. That's made even worse by the fact that the White House did this when the thing citizens were complaining about was the possibility that their private information would be made public. As of Friday afternoon, the emails are still uncensored and available on the White House's website. They include all sorts of feedback, from concerns about privacy to outright insults of the Trump administration. One email just links to an image of the terrifying pornographic meme Goatse. (Do not Google this if you value your eyes.)
In a new twist on an old phone scam, criminals are preying on family ties by asking people to buy gift cards to help relatives they falsely claim are in trouble. http://www.cbsnews.com/news/beware-of-a-new-scam-involving-relatives-and-gift-cards/
Once upon a time, if you were operating a train service and you decided to extend its operating hours to run all night, your only concerns would be finding the staff to operate it, and what to do about maintenance that formerly occurred during the nightly downtime. Last year the London Underground began two nights per week of all-night operations on some lines, with continuous service from Friday morning through Sunday evening. And according to Mark Curran in the June issue of "Modern Railways" magazine: | The greatest single cost in implementing Night Tube has been | modifications to the signalling systems, which were not designed | to operate through the end/beginning of the traffic day at 03:00. | The next day's timetables are uploaded around this time and the | signalling and control systems undertake various test routines. | | The typical issues were self-tests bringing all trains to | a halt... loss of train control data... loss of any customer | information on the train or platform, and extended periods when | trains would need to be manually signalled. | | ...The ticketing system on the Underground was also not designed to | operate through the end/beginning of the ticketing day at 04:30... | a customer touching in at 04:15 and out at 04:45 would be charged | two incomplete single journeys... Of course the systems would not have been designed this way if overnight service had already been contemplated when they were introduced.
via NNSquad https://www.weforum.org/agenda/2017/07/why-fact-checking-fake-news-stories-is-a-waste-of-time A new study suggests that fact-checking has little influence on what online news media covers, and fact-checks of false news stories spreading online--"fake news"--may use up resources newsrooms could better use covering substantive stories. Don't bother fact checking them. When they're clearly false by reasonable objective measures, delete them—or alternatively, de-rank them into oblivion in search results and post surfacing algorithms.
via NNSquad https://www.engadget.com/2017/07/08/w3c-approves-built-in-web-copy-protection-hook/ Like it or not, the web is getting some built-in padlocks. The World Wide Web Consortium has decided to publish Encrypted Media Extensions, a standard for hooking copy protection into web-based streaming video, without making significant changes to a version agreed to in March. While it's not perfect, the W3C argues (you still need to deal with a vendor's content decryption module), it's purportedly better than the make-it-yourself approach media providers have to deal with right now. There do appear to be some improvements to the status quo for digital rights management. However, there are more than a few detractors—there are concerns that the W3C simply ignored concerns in the name of expediency. This really has become necessary.
[There is something to be said for understanding the basics of technology. GW] Harriet Sinclair, *Newsweek*, 11 Jul 2017 http://www.newsweek.com/teenager-madison-coe-killed-after-using-cell-phone-bath-635208 opening text: A teenager has been killed after using her cell phone in the bath and suffering an electric shock. Madison Coe, 14, died at her father's home in Lovington, New Mexico, on Sunday in an accident her family said took place when she either plugged in her phone or reached for a phone that was already plugged into the wall while she was in the bath.
https://www.linkedin.com/pulse/realizing-potential-blockchain-don-tapscott ...repeating "It's wonderful" with no details how it works. An encryption-savvy colleague has said this quickly gets into the weeds—but how about clues on how (for example (quoting): Realizing the Potential of Blockchain Innovators are programming this new digital ledger to record anything of value to humankind â birth and death certificates, marriage licenses, deeds and titles of ownership, rights to intellectual property, educational degrees, financial accounts, medical history, insurance claims, citizenship and voting privileges, location of portable assets, provenance of food and diamonds, job recommendations and performance ratings, charitable donations tied to specific outcomes, employment contracts, managerial decision rights and anything else that we can express in code. --- It's always proof by assertion with NO insight how these wildly different functions will be implemented. And regarding this idea—give me a break, put everyone's IoT online for sharing? What could go wrong with THAT? The emperor may actually have a fine wardrobe but I'm awaiting the fashion show. Paul Brody, principal and global innovation leader of blockchain technology at Ernst & Young, thinks that all our appliances should donate their processing power to the upkeep of a blockchain: âThanks to the smartphone business driving very low-cost systems, your lawnmower or dishwasher is going to come with a CPU that is probably a thousand times more powerful than it actually needs, so why not have the appliance mine? Not to make money, but to contribute to the security and viability of the blockchain as a whole,â he said.
Pamela Ng, Fox News, 14 Jul 2017 http://www.foxnews.com/tech/2017/07/14/womans-selfie-causes-200000-damage-to-la-art-exhibit.html A woman taking a selfie at a Los Angeles art exhibit sent shockwaves around the room after knocking over several displays, causing $200,000 in damage. The unidentified woman was at The 14th Factory for the "Hypercaine" installation when she appeared to crouch down in front of one of the displays for a photo and fall backwards, video of the incident shows.
The makers of cardiac defibrillators, insulin pumps, breast implants and other devices will be able to delay the reporting of malfunctions under an agreement headed to Congress. https://www.nytimes.com/2017/07/11/health/fda-medical-device-problems-rules.html
https://arstechnica.com/tech-policy/2017/06/appeals-court-public-defender-lacks-standing-in-dispute-over-court-software/
https://www.upguard.com/breaches/verizon-cloud-leak
Operation that hit thousands was âthoroughly well-planned and well-executed.â https://arstechnica.com/security/2017/07/heavily-armed-police-raid-company-that-seeded-last-weeks-notpetya-outbreak/
This is the third cybersecurity breach to hit the luxury hotel chain since 2014. https://www.washingtonpost.com/news/business/wp/2017/07/11/hackers-have-been-stealing-credit-card-numbers-from-trumps-hotels-for-months/
https://www.theguardian.com/technology/2017/jul/09/everybody-lies-how-google-reveals-darkest-secrets-seth-stephens-davidowitz
A colleague told me that the vehicle determines the distance to the object by the apparent height above ground from the camera's point of view, thus a mid-air roo appears to be further away than it really is. And when it lands... Dave Horsfall, Unit 13, 79 Glennie St, North Gosford NSW 2250, Australia
Unfortunately, formal methods also lead you to the proof that your formal proof is worthless ... to many people believe (Godel's proof to the contrary notwithstanding) that it is possible to guarantee that systems are bug-free. A formal proof is mathematics. It is only as good as its axioms (which by definition are unprovable). And, as we keep on discovering, all too often reality has a habit of saying "you've got the wrong axioms". To say nothing of Godel's proof that you can NOT get all your axioms right even within the world of logic, let alone align them correctly with reality. Then of course, there is the little problem that any program of any size will likely exhibit knapsack complexity, ie an automated proof would take longer than the universe has existed. That's not to decry formal proofs, or even the attempt thereat. They are a very useful tool, but you need to remember that they *guarantee* *nothing* in reality. [Reality guarantees nothing in reality either. It's the total system that counts, including squirrels, cosmic rays, and whatever might bite you. PGN]
Interesting comments on material distributed that way: (E.g., "Blue Cross wants you to insert this USB card into your computer. You'd be safer inserting it into your you-know-what.) https://plus.google.com/+LaurenWeinstein/posts/4TS3iRwjXuo ...of course, how do you check out shrink-wrapped commercial thumb drives products without potentially compromising your systems?
Please report problems with the web pages to the maintainer