Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
NNSquad http://boingboing.net/2017/06/07/watering-holes.html A new analysis by Eset shows that Turla is solving its C&C problems by using Britney Spears' Instagram account as a cut-out for its C&C servers. Turla moves the C&C server around, then hides the current address of the server in encrypted comments left on Britney Spears's image posts. The compromised systems check in with Spears's Instagram whenever they need to know where the C&C server is currently residing.
Federal authorities on Wednesday charged 31 people with roles in an organized-crime scheme that pursued old-fashioned and novel forms of racketeering. https://www.nytimes.com/2017/06/07/nyregion/russian-eurasian-organized-crime.html
"I'm going to show you one specific weapon in this war that's being used against you and me and the United States right now: Google. There are other information weapons, such as bots and fake news sites, but other stories have those pretty well covered. But before we get started, though, two things to keep in mind: First, most of us don't even know we're in this war yet. You don't know when you've been wounded, when you've been killed. And that's the whole point: You're not supposed to. Second, the attacks in this war aren't aimed at your enemies. You attack your own side."
NNSquad https://www.buzzfeed.com/craigsilverman/an-ad-network-that-works-with-fake-news-sites-just-launched?utm_term=.lm3aKGqzK#.xabvWQPXW An ad network launched a new initiative to "continue the fight against fake news" at the same time it was working with 21 websites that have published fake news stories, according to a review conducted by BuzzFeed News.
How The Intercept Outed Reality Winner http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html [See also: The easy trail that led the feds to Reality Winner ... https://www.washingtonpost.com/news/morning-mix/wp/2017/06/06/the-easy-trail-that-led-the-feds-to-reality-winner-alleged-source-of-nsa-leak/ The latest NSA leak is a reminder that your bosses can see your every move The case of Reality Winner, the 25-year-old woman arrested and accused of linking classified information, shows the limits of your privacy at work. https://www.washingtonpost.com/news/the-switch/wp/2017/06/07/the-latest-nsa-leak-is-a-reminder-that-your-bosses-can-see-your-every-move/ ]
The Internet Is Where We Share—and Steal—the Best Ideas https://www.nytimes.com/2017/06/06/magazine/the-internet-is-where-we-share-and-steal-the-best-ideas.html The schism between those driving cultural conversations online and those profiting from them has us questioning ownership in the digital age.
NNSquad https://www.eff.org/deeplinks/2017/05/while-eu-copyright-protests-mount-proposals-get-even-worse This week, EFF joined Creative Commons, Wikimedia, Mozilla, EDRi, Open Rights Group, and sixty other organizations in signing an open letter [PDF] addressed to Members of the European Parliament expressing our concerns about two key proposals for a new European "Digital Single Market" Directive on copyright. These are the "value gap" proposal to require Internet platforms to put in place automatic filters to prevent copyright-infringing content from being uploaded by users (Article 13) and the equally misguided "link tax" proposal that would give news publishers a right to compensation when snippets of the text of news articles are used to link to the original source (Article 11). If the EU proceeds with any of this nonsense, they risk being effectively cut off the Internet from the rest of the world as far as most popular services are concerned. EU citizens are being sold down the river by their own politicians. Presumably they'll be cutting off the electricity next, and bringing back The Plague.
This is the same guy who was fined by the Oregon Board of Examiners for Engineering for calling himself an engineer in letters that he wrote to them, based on an unusual and ambiguously worded Oregon law about licensing professional engineers. (It's not unusual to have a licensing law, it's unusual for the law to have broad restrictions on speech.) https://www.nytimes.com/2017/04/30/business/traffic-light-fine.html Järlström sued them in federal court, and it's not looking good for the state. In a preliminary injunction last week, the state agreed permanently not to try to prevent Järlström from speaking about engineering or traffic lights or calling himself an engineer: http://ij.org/wp-content/uploads/2017/05/Agreed-PI-signed-by-judge.pdf It appears that Oregon is a slow learner. Here's an article about a case 20 years ago where they did the same thing to an academic geologist who was testifying against a proposed project under a professional geologist licensing law. They lost that one, too: https://www.theatlantic.com/politics/archive/2017/05/license-to-speak/525450/
Oregon is one of the minority of states with a "restrictive yellow" traffic law. The driver is expected to stop at a yellow signal unless the driver "cannot stop in safety" in which case the driver must "drive cautiously through the intersection" and yet almost in contradiction to driving cautiously the driver must also be clear of the intersection before the red signal. The arguments in the case have to do with the definition of being able to "stop in safety" based on many factors-- how far the driver is from the intersection, how fast the driver might legally be moving, and even the type of vehicle and whether the driver intends to turn. The length of the yellow phase therefore is critical because of the requirement to be out of the intersection before the red signal. In the other 37 states, entering the intersection on yellow is permitted, and only *entering* on red is a violation. I have learned for the first time from looking things up just now that my own state of New Jersey is restrictive while New York where I learned to drive is permissive. On the road I have seen little sign that any driver in New Jersey knows about this! Here, Appendix A, pages 19-23 give the rules state by state http://www.jarlstrom.com/PDF/Exhibit_1_FINAL_An_investigation_of_the_ITE_formula_and_its_use_R14.pdf
If memory serves me correctly I heard MIT Prof Nancy Leveson say that one of the reasons she rarely takes a flight on an Airbus plane is that Airbus and Boeing have different philosophies about what to do when Automation and pilots have opposite views of what the controls should make the plane do. Dr. Leveson said that in the end Boeing will have the plane do what the pilots want it to do, but they might have to use all their strength to oppose the automation. Airbus gives automation the last say about what the plane should do, sometimes with disastrous results. I believe that Dr. Leveson said she took an Airbus flight once, when the alternative was spending a night in downtown Chicago. [Second prize was Two nights in downtown Chicago? PGN]
There's another option than those four: vendors can arrange for the software to stop working when its support period ends, and tell the customer to arrange for an upgrade as necessary; whether that means buying a new lightbulb, plugging a USB stick into their car, or just clicking the button for "yes, ok, I give in, I will upgrade". You might think this is dangerous; but then, so is the current state. So which is the greatest danger? How bad would the state need to be before this last option starts looking good?
"The risk? Second Officer Robo Pilot not having been programmed for an unusual and very bad situation. Say, a bird strike on both engines leaving NYC's LaGuardia Airport or an incapacitated human pilot. Nice corporate goal, "reduced crew operations while ensuring that aircraft performance and mission success are maintained or improved"—and it does mention safety—but I wonder about handling those occasional oddities where human experience shines.experience. Aren't some aircraft designated two-crew for good reasons?" Right—the pilots are there to deal with the designers' mistakes and inadequate assumptions. Shawn Coyle, a very experienced helicopter test pilot, wrote that of all the many emergencies he had had to deal with, not one was like those that the designers had told him to prepare for. Without him, the machine would have crashed, expensively. Automation enthusiasts have for decades been saying that pilots should be abolished; but in a recent blog, an air transport pilot said that “Yes, the aircraft can fly itself, but the crew have their hands near the controls the whole time, to take over when the automatic system messes up - and it does mess up.'' The greatest problem is over-confidence by the designers. The Airbus Chief Test Pilot was killed because he did not understand how the Alpha Floor, which is supposed to prevent stalls, actually worked - which means it had not been properly explained to him. And Air France 447, for example, need not have crashed; but the designers and Air France assumed that pilots no longer needed to be taught how to fly the aircraft when the automatic system does not cope correctly. This is found in other fields too, when it is assumed that complex logic must be right; but the more complex the logic, the less likely it is to be correct, usually because the input assumptions are inadequate or false (as the Lockheed rep was quoted as saying about an F-22 problem, “There are millions of lines of code in there and you can't check everything.'' None of this is dealt with just by saying that complex logic is now to be called Artificial Intelligence. And two-valued logic in itself has many limitations. [But it might be safer and faster than Trans-Turing computations with conceptually unbounded precision! PGN]
Bruce Schneier states > It's only older unpatched systems on your computer that are vulnerable. and then goes on to state > Most people have set up their computers and phones to automatically > apply these patches, and the whole thing works seamlessly. Much of that is quite true. The problem is that the latest patched Windows 10 was still vulnerable to the WannaCrypt ransomware. Worse, patches often contain bugs that can make things worse instead of better. For that reason, many of the more knowledgeable Windows 7 users block automatic patches (a capability denied to Windows 10 users). They wait a week or more to see what other experience with new patches before accepting them. Since the end of 2014, Microsoft's record of patches has been dismal. At least 39 patches issued since then were defective and had to be replaced. That is more than one defective patch a month. Three replacement patches themselves were also defective and had to be replaced.
Please report problems with the web pages to the maintainer