Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
https://www.washingtonpost.com/technology/2018/07/31/facebook-says-it-has-uncovered-coordinated-disinformation-operation-ahead-midterm-elections/ Facebook said Tuesday that it had discovered a sophisticated coordinated disinformation operation on its platform involving 32 false pages and profiles engaging in divisive messaging ahead of the U.S. midterm elections. The social media company that it couldn't tie the activity to Russia, which interfered on its platform around the 2016 presidential election. But Facebook said the profiles shared a pattern of behavior with the previous Russian disinformation campaign, which was led by a group with Kremlin ties called the Internet Research Agency.
Zach Dorfman, Politico, 27 Jul 2018 The West Coast is a growing target of foreign espionage. And it's not ready to fight back. https://www.politico.com/magazine/story/2018/07/27/silicon-valley-spies-china-russia-219071
Sam Levin, *The Guardian*, 26 July 2018, via ACM TechNews, 1 Aug 2018 A test of Amazon's facial recognition software incorrectly matched the faces of 28 U.S. legislators to images in a mugshot database, with people of color misidentified disproportionately, according to the American Civil Liberties Union (ACLU). The organization assembled a face database and search tool from 25,000 public arrest photos, then cross-referenced that data with public photos of every member of Congress. Eleven of the misidentified lawmakers were people of color, representing nearly 40% of those wrongly matched, even though minorities comprise only 20% of those in Congress. Says the ACLU Foundation of Northern California's Jacob Snow, "Our test reinforces that face surveillance is not safe for government use." Amazon said the test's results could "probably be improved" by increasing "confidence thresholds." http://orange.hosting.lsoft.com/trk/click%3Fref%3Dznwrbbrs9_6-1c33ax21689cx072376%26 [Lillie Coney reported: Amazon's facial-recognition tool misidentified 28 lawmakers as people arrested for a crime, study finds https://www.washingtonpost.com/amphtm/technology/2018/07/26/amazons-facial-recognition-tool-misidentified-lawmakers-people-arrested-crime-study-finds/ PGN]
Robert Chesney and Danielle Keats Citron (SSRN) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=3213954 "Harmful lies are nothing new. But the ability to distort reality has taken an exponential leap forward with *deep fake* technology. This capability makes it possible to create audio and video of real people saying and doing things they never said or did. Machine learning techniques are escalating the technology's sophistication, making deep fakes ever more realistic and increasingly resistant to detection. Deep-fake technology has characteristics that enable rapid and widespread diffusion, putting it into the hands of both sophisticated and unsophisticated actors." Academic paper, very in-depth exploration of the underlying issues.
https://www.bbc.co.uk/news/uk-scotland-44872432 "When the robot had been trained for about 10% of all the tasks, it then was able to predict, without the human being, which experiments it should do next. "Writing in the journal Nature, Prof Cronin's team say the robot has already synthesised more than 1,000 new chemicals and reactions, including one with a distinctive 3D structure that is among the top 1% most "peculiar" molecules yet known. "The team says the robot's predictions have so far proved 80% accurate. It'll learn to do better." Wonder if the chembot can determine if a hypergolic reaction will arise, and safely abort? [hyperbolic? hyperlogic? hypergolem? PGN]
via NNSquad https://motherboard.vice.com/en_us/article/a3q7mz/hacker-allegedly-stole-millions-bitcoin-sim-swapping California authorities say a 20-year-old college student hijacked more than 40 phone numbers and stole $5 million, including some from cryptocurrency investors at a blockchain conference Consensus.
IoT devices hijacked crypto-currency mining purposes. https://www.scientificamerican.com/article/how-cryptojacking-can-corrupt-the-internet-of-things/
Still need convincing that cyberinsurance (computer loss insurance, data breach insurance, whatever) is a bad idea? Talk to National Bank of Blacksburg. https://slate.com/technology/2018/07/cyberinsurance-company-refuses-to-pay-out-full-amount-to-bank-after-hacking.html or https://is.gd/PTbH3F Executives had had the foresight to purchase insurance, actually a rider, against computer and electronic crime. The bank had two breaches, one in 2016, and one again the following year, for a total loss of 2.4 million dollars. The insurer, Everest National Insurance Co., offered $50,000 as settlement. The insurer claims that the loss was a debit card loss, even though malware was installed on a bank server via a phishing attack. ATMs and cards were used, but only a lawyer could make that kind of claim. That's why insurance companies employ lots of lawyers. If you read the details of the article, it sounds very likely that the insurer will win and the bank will lose. I'm unsurprised: this kind of weaseling by insurance companies is exactly the type of thing I've been thinking in regard to cyberinsurance since I first heard of the idea thirty years ago.
https://www.nytimes.com/2018/07/30/health/vaginal-laser-fda.html "The F.D.A. said the full extent of the risks is unknown, but that the agency has found cases of vaginal burns, scarring, and lasting pain following the treatments. The agency has received 14 report of adverse events related to the treatments, including burning sensations and significant pain." Off-label use of an infra-red laser (probably CO2) for cosmetic surgery. Not a "Therac-25," but a nasty 3rd-degree burn can arise if the dosage editor malfunctions, or if treatment is improperly administered.
U.S. District Judge Robert Lasnik in Seattle issued the order Tuesday. Several state attorneys general on Monday filed a lawsuit in the Western District of Washington against Defense Distributed, the Second Amendment Foundation, the State Department and other federal agencies regulating weapons. The filing requested a nationwide injunction. [...] https://www.washingtonpost.com/news/morning-mix/wp/2018/07/31/in-last-minute-lawsuit-states-say-3-d-printable-guns-pose-national-security-threat/
The blackmailing scam consisting on hacking a user's webcam while he or she is involved in interacting with pornographic material and threatening with the publication of the recordings unless a payment is made has not only been reported in the past ([1, 2]) but has inspired some recent fiction works (Black Mirror - "Shut up and dance"). We have also seen the next iteration of this scam, in which, while no recording is available, the attacker tries to fool the victim by offering a recognizable password, and implying that a hacking operation took place ([3]). I wonder if we are yet to see another step further: from having the recording, to pretending to have the recording, to be able to fool the victim's contacts and make *them* believe a recording is available. I can only expect this to happen as the skills and technologies for this attack to become readily available at a scale: 1. Find victim. 2. Obtain pictures and videos from the public Facebook database. 3. Generate a *deepfakes* video of the kind mentioned above. 4. Proceed with the blackmailing scam as before, now armed with a recording that, while not legit, might look as such to third parties. [1] https://www.computerweekly.com/news/2240209018/US-teen-hacker-pleads-guilty-to-webcam-blackmail [2] https://arstechnica.com/tech-policy/2016/11/webcam-blackmail-cases-double-uk-suicides/ [3] https://www.schneier.com/blog/archives/2018/07/reasonably_clev.html
"When the vehicle is parked, businesses can display advertisements on the plate, even targeting a vehicle's particular location because the plate is connected to GPS." Let me get that right: This device enables third parties (possibly without the owner's control) to change the car's license plate—which is essentially its legal identity! If you thought license-plate readers were a problem, how about remote license-plate writers? (Beside GPS tracking, which is a rather old issue by now) This is not a matter of "What could possibly go wrong" any more; everything just did!
About 5-10 years ago I was deluged by annoying junk telephone calls, so did what a lot of people do and got a simple answering machine and let this take all calls. If I want to speak to the caller I pick up the phone, and if not, I don't; my regular callers know this. It's also handy for taking messages if I can't get to the phone. :o) I have to declare an interest here as I used to work in telecomms, so those **** are at least paying for their calls answered by my machine and thus helping to support my previous employer's pension fund... Strangely, the number of calls has greatly reduced in recent years; I don't know if this is due to stricter regulations nowadays (junk callers have to maintain opt-in lists), or if it's just a symptom of landline phones no longer being considered as mainstream communications.
> Dmitri Maziuk says "I'm not quite sure what makes med AI coders so > different" from medical researchers, No, I didn't. I never said that and I would like this and every subsequent RISKS issue referencing that thread to prominently feature the phrase 'Dmitri Maziuk never said "I'm not quite sure what makes med AI coders so different from medical researchers".' Because while I have said and done plenty of seriously dumb things in my life, this one is way too idiotic even for me.
Please report problems with the web pages to the maintainer