[Via Dave Farber] After two speakers were banned, a third says organisers tried to edit his presentation. 9 Oct 2019 https://www.theguardian.com/technology/2019/oct/09/melbourne-cyber-conference-organisers-pressured-speaker-to-edit-biased-talk Organisers at a cyber conference in Melbourne dropped two speakers from the line-up and asked a third to edit a speech on Australia's anti-encryption legislation saying it was `biased'. Photograph: Dave Hunt/AAP Organisers at the Australian Cyber Conference in Melbourne asked a speaker to edit his speech on Australia's anti-encryption legislation, after they had dropped two other speakers, who were delivering talks related to whistleblowing, from the line-up at the last minute. Guardian Australia has learned that Ted Ringrose, partner with legal advice firm Ringrose Siganto was told to edit his speech, and conference organisers had sent him an edited version of his slide pack on his talk stating that the original version was “biased''. He said they took issue with a comparison between Australia's encryption laws and China's, despite the fact that his talk points out that while Australia's look worse on the surface, in reality it is “just about as bad''. n Ringrose said he pushed back at the attempted censorship and the conference organisers agreed to let him present his talk as planned. This is in contrast to the decisions made regarding speeches by US whistleblower Thomas Drake and University of Melbourne researcher Dr Suelette Dreyfus. On Tuesday it was reported former national security agency executive turned whistleblower Drake, along with Dreyfus, were kicked off the conference agenda in what Drake described as an “Orwellian'' move by the conference partner, the Australian Cyber Security Centre (ACSC). The move was criticised as “super weird'' by a key speaker at the event, Bruce Schneier, as Drake and Dreyfus set up a website detailing their now-banned speeches. At the second day of the conference attended by 3,500 people in Melbourne on Thursday, Security technologist Schneier said it was a “super weird story'' for Drake and Dreyfus to be banned from speaking at the event, because the speeches themselves were not particularly controversial. “[Drake] was going to talk about basically surveillance. It's the sort of talk I would do—government corporate surveillance and everybody is spying on all of us—nothing we don't know,'' he said. “[Dreyfus] was going to talk on work she did for the EU on building whistleblower platforms to reduce corruption in third world countries - kind of mundane.'' Schneier blamed someone within Australia's peak cyber security agency for being concerned about the content of the talks. “My guess is someone at the ACSC saw the word `whistleblower' and because that word is sensitive here, kind of freaked,'' he said. Schneier read out the URL for the website set up overnight hosting the abstracts of the two talks, as well as the slides from Drake's proposed speech, and drew cheers from the crowd when he said they were “morally obligated'' to go read them. “The other lesson is if you make noise and ban something you'll get more press than if you just ignored it.'' Alex Woerndle, deputy chair of the Australian Information Security Association (AISA), which organised the conference, said questions about the two speakers being removed should be directed to ACSC but said: “AISA supports and encourages diversity of views however it's important to note we work with a number of partners, including government, and as such need to manage a variety of views to deliver an event catered for all our stakeholders.'' ACSC did not initially respond to requests for comment on Tuesday. Guardian Australia directly approached officials at the agency's booth at the conference on Wednesday, and was later told that no comment would be provided on the matter. The conference also banned media from attending a session where an official from Home Affairs explained the development of the government's 2020 cyber security strategy. Non-media attendees said the talk contained nothing that wasn't already public knowledge. It comes at a time of public debate in Australia on whistleblowing laws and press freedom, following Australian federal police raids on News Corp journalist Annika Smethurst and the ABC over stories politically damaging for the government. Former spy Witness K decided to plead guilty to breaching secrecy laws by revealing Australia's spying on Timor-Leste while his lawyer, Bernard Collaery, is fighting charges.
Facebook chief Executive Mark Zuckerberg said in an interview he worries "about an erosion of truth" online but defended the policy that allows politicians to peddle ads containing misrepresentations and lies on his social network, a stance that has sparked an outcry during the 2020 presidential campaign. "People worry, and I worry deeply, too, about an erosion of truth," Zuckerberg told The Washington Post ahead of a speech Thursday at Georgetown University. "At the same time, I don't think people want to live in a world where you can only say things that tech companies decide are 100 percent true. And I think that those tensions are something we have to live with."... https://www.sfgate.com/news/article/Zuckerberg-fears-erosion-of-truth-but-defends-14542091.php https://www.washingtonpost.com/technology/2019/10/17/facebook-ceo-mark-zuckerberg-says-interview-he-fears-erosion-truth-defends-allowing-politicians-lie-ads/ https://www.washingtonpost.com/podcasts/post-reports/facebooks-mark-zuckerberg-struggles-to-balance-truth-and-free-speech/
https://www.cpomagazine.com/cyber-security/citizen-data-of-92-million-brazilians-offered-for-sale-on-underground-forum/ This massive trove of citizen data is a mystery at present. There have been no public announcements of data breaches recently that would correspond to this information. Research by BleepingComputer indicates that the data is legitimate, however, and may have been stolen from the Department of Federal Revenue of Brazil and consist of information on employed taxpayers in the country. Brazil's population is estimated to be about 210 million, so this would mean that nearly half of the residents of the country have been exposed. The 92 million entries in the database would also match census estimates that put the working population of the country at about 93 million people. The database contains full names, dates of birth, home province, driver's license and taxpayer ID numbers. Some records contain additional details such as business registration information, phone numbers, license plate numbers, familial relations and dates of death. BleepingComputer confirmed that the information available through the hacking forums was in an SQL database of about 16 GB in size, and that accurate information about known individuals could be looked up.
Excerpts from https://doi.org/10.1063/PT.3.4267 by Alex Lopatka The fight is on over 5G. Telecommunication companies and the US government promote the latest mobile broadband because it will provide faster data-transfer rates. Faster, more reliable digital communication is needed for the newest technologies—autonomous vehicles, Internet-of-things devices, and smart energy grids. But meteorologists, US science agencies, and other countries worry that strong 5G signals, may interfere with satellites that are crucial to weather forecasting. Widespread 5G deployment will depend on building a new infrastructure of antennas that operate in high-frequency radio bands. Telecom companies and US regulators support 24 GHz for 5G networks because of its greater bandwidth and because the 1--6 GHz radio spectrum is already crowded with 4G, digital TV, radar, and other applications. (The 24 GHz band spans 24.25--24.45 GHz and 24.75--25.25 GHz.) Spectrum is a finite resource, and the Federal Communications Commission (FCC), which coordinates the commercial use of spectrum in the US, is racing to allocate as much higher-frequency spectrum as possible for 5G technology. The FCC “5G FAST'' plan is bringing more spectrum to market, updating infrastructure policy, and modernizing regulations. Other bands are being considered, including 28, 37, 39, and 47 GHz. In October at the United Nations International Telecommunication Union Radiocommunication Sector (ITU-R) conference, member countries will discuss and vote on how to regulate the 5G signal in the 24 GHz band. The US is poised to push for a higher maximum 5G signal power than what European countries favor. Lower signal power would decrease the range of the 5G signal. “The precipitating issue here is the potential for what's called out-of-band interference,'' says Jordan Gerth of the University of Wisconsin Madison. Water-vapor molecules emit electromagnetic radiation at 23.8 GHz, and instruments such as the Advanced Technology Microwave Sounder aboard NOAA's Joint Polar Satellite System infer atmospheric air-temperature and moisture data from the 23.6--24.0 GHz emission band. The measurements are used to calibrate numerical weather-prediction models, such as NOAA's Global Forecast System. A 5G signal could leak across the 250 MHz gap between the water-vapor emission band and the 24 GHz 5G band, which could make it nearly impossible for microwave instruments to differentiate between water vapor and emissions from 5G smartphones. Microwave instruments have no other frequencies they can use to sense water vapor. Filtering for noise from a 5G network would be difficult says Joel Johnson of the Ohio State University. “If there's thousands of these little transmitters all over the place, then it's very hard to correct for them.'' Neil Jacobs, a NOAA assistant secretary of commerce, explained that using the 24 GHz band for 5G with the signal strength proposed by the FCC, 20 decibel watts per 200 MHz, would decrease the data collected from microwave instruments by 77%. Jacobs said that such data loss would return the US weather prediction capability to “somewhere around 1980.'' Citing an unpublished NOAA study, he further testified that a lower signal strength of 40 or 50 dBW per 200 MHz “would result in roughly zero data loss.'' That range, one-hundredth to one-thousandth of the FCC's proposed limit, was determined with guidance from the ITU-R and industry.
Liam Tung | October 7, 2019 Drivers should not rely on automatic braking tech, and pedestrians must be wary of drivers. https://www.zdnet.com/article/does-your-car-have-automated-emergency-braking-its-a-big-fail-for-pedestrians/ selected text: A new study by the American Automobile Association (AAA) shows that automated emergency braking cannot be trusted when it comes to preventing running over a person crossing the street. Tests carried out at just 20mph (32kph) showed that the braking system only avoided running over an adult-sized dummy 40% of the time. However, somewhat encouragingly, during an additional 35% of the time, the vehicle automatically lowered its speed by 4.4mph, but nonetheless still crashed into the dummy. The results were much worse when testing the systems for children crossing the road. Using a child-sized dummy, vehicles only avoid running over the child 11% of the time, but in an additional 25% of cases slowed down by 5.9mph. AAA comments that "evaluated pedestrian detection systems were ineffective during nighttime conditions". The results for Tesla, which is pushing the boundaries of autonomous driving, don't look good either. Automatic braking cutting speed by an average of 2.8mph in three test runs and did not slow down at all in two runs. However, in five test runs with the vehicles traveling around a right curve, all of them ran over the pedestrian. "When a pedestrian target was located immediately after a right curve, all test vehicles failed to apply any degree of automatic braking," the AAA writes. All the vehicles' automatic braking systems were useless at avoiding crashing into a child who darts out into the road from between two parked cars. The key message from the AAA is that drivers cannot and should not rely on automatic braking systems until they're proven to work consistently in all situations and conditions.
Gas or electric, all cars need to be refueled in some way, the police in Fremont, Calif., said. https://www.nytimes.com/2019/10/03/us/tesla-police-car-chase.html
Julia Buckley, CNN • 15 Oct 2019 (CNN) ” Unspoilt beaches at the foot of steep cliffs, romantic winding roads, and plenty of mountain wilderness—Italy's Mediterranean island of Sardinia has it all. But some tourists are finding the combination a little too difficult to take. Authorities in Baunei, in Sardinia's eastern province of Ogliastra, have launched an appeal to visitors, telling them not to rely on Google Maps to get around the area. Tourists are routinely following their GPS down lanes that are unsuitable for cars and onto off-road tracks in a bid to make their way to "hidden" beaches, needing to be rescued by the local fire brigade when they get stuck. The move follows 144 emergency call-outs for both cars and hikers in the province over the past two years. The emergency services are effectively funded by the local community. Tourists do not have to pay for their rescue.
As hard as it is to believe, artificial intelligence (AI) was rarely mentioned in the discussions related to digital transformation that began almost a decade ago. Now, no mention of transformation would make sense without how AI is making it all possible. The intertwining of digital transformation and AI is the subject of an upcoming book by Marco Iansiti and Karim Lakhani, both Harvard University professors. In their new book, *Competing in the Age of AI*, they look at successful digitally savvy enterprises across the globe, and how they do things differently. <https://amzn.to/2otTLLl>, Success in today's digital economy comes from cloud, data science, and nurturing a well-networked ecosystem of partners and contributors. “The new breed of digital firm is all about innovation in the business model, experimenting and recombining various aspects of value creation and value capture,'' according to Iansiti and Lakhani. Previously, value creation was usually achieved through simple transactional processes with customers in traditional organizations. In the digital world, things are more multi-dimensional. Iansiti and Lakhani describe the common traits of enterprises taking the lead with AI-powered digital capabilities:... https://www.forbes.com/sites/joemckendrick/2019/10/10/theres-an-art-to-artificial-intelligence/
https://www.nbcnews.com/tech/tech-news/robocop-park-fight-how-expectations-about-robots-are-clashing-reality-n1059671 The city of Huntington Park, California, is evaluating a (some?) gherkin-building-shaped "robocop". A woman witnessed an altercation and decided to use the robot to summon actual police. Upon pushing the emergency alert button she was told to "step out of the way" and otherwise ignored. The robot's alert button is not yet connected to the police department, said Cosme Lozano, chief of police of Huntington Park [...] The calls are instead directed to Knightscope, the company that creates and leases the robots. Instead people are supposed to just call 911 themselves, a message the robot eventually spoke aloud. Not sure what good the robot is then except for security theatre.
Interesting. Even if the tech representative says he has referred the problem to higher levels, and I should be patient and wait for his reply... But the system expects the customer to still reply, else... "If you missed our previous reply, please check your Junk/Spam folders. If we do not hear back from you within 7 business days, your ticket will be closed automatically. Thank you, Logitech Support" So the user had better reply each time, even if only "OK."
The U.S. Department of Housing and Urban Development (HUD) recently released a proposed rule that will have grave consequences for the enforcement of fair housing laws. Under the Fair Housing Act, individuals can bring claims on the basis of a protected characteristic (like race, sex, or disability status) when there is a facially-neutral policy or practice that results in unjustified discriminatory effect, or disparate impact. The proposed rule makes it much harder to bring a disparate impact claim under the Fair Housing Act. Moreover, HUD's rule creates three affirmative defenses for housing providers, banks, and insurance companies that use algorithmic models to make housing decisions. As we've previously explained, these algorithmic defenses demonstrate that HUD doesn't understand how machine learning actually works. https://www.eff.org/deeplinks/2019/10/tell-hud-algorithms-are-no-excuse-discrimination
https://www.theguardian.com/world/2019/oct/11/japanese-assault-suspect-tracked-down-pop-star-via-eye-reflection-in-selfie Police have charged a man in Tokyo with assaulting a pop star, saying he tracked her down through the reflection in her eyes on a selfie she posted, according to local media reports. I haven't seen the selfie to check for myself, but at this point I'd place this in the "plausible" section. [Also noted by Yvo Desmedt. PGN] This seems a new risk of selfies to me:
https://www.ft.com/content/e8a177d4-dfae-11e9-9743-db5a370481bc The digital payments revolution was meant to make things better for the consumer. No more banknotes falling out of your back pocket; no more waiting days on end for cheques to clear; no more missing your train because the tourist at the front of the queue doesn't know how to use the ticket machine. Or it was for me, anyway ” I'm fully signed up to the digital revolution, you see. Not only do I rarely carry cash, but I hardly ever leave the house with my wallet. I'm one of the estimated 8m Britons who use their smartphones to make contactless payments. But smart though my phone is, it is not infallible. And like many new technologies, digital payments solve some problems, but they also create new, unforeseen ones. A paper ticket might be inherently easier to lose than a phone, but at least it doesn't just die on you whenever it feels like it. It all started one October afternoon last year, when a bus inspector asked to see my £1.50 ticket. I had tapped into the bus with my iPhone using Apple Pay, but alas, in the five minutes since I'd boarded, my phone had run out of juice, so I had no means of proving that I had paid. [Different item noted by Gene Wirchenko. PGN]
The Manhattan District Attorney's office uses subscription software from Israeli digital forensics firm Cellebrite that enables it to break into "all iOS and high-end Android devices" using computers in its offices.* The Manhattan DA is one of the biggest prosecutors in the U.S., and it has had this capability since January 2018. Its contract with Cellebrite was worth $200,000 over three years, covering software licensing and installation, personnel training, and a set number of device cracks. The contract also requires the software be used in a "secure room" with no recording devices. (ONEZERO) https://onezero.medium.com/exclusive-inside-new-yorks-partnership-with-israeli-iphone-cracking-company-cellebrite-12a2252c3ebf
Dustin Volz and Byron Tau, *The Wall Street Journal*, 8 Oct 2019 https://www.wsj.com/articles/fbis-use-of-foreign-surveillance-tool-violated-americans-privacy-rights-court-found-11570559882 U.S. discloses ruling last year by Foreign Intelligence Surveillance Court that FBI's data queries of U.S. citizens were unconstitutional WASHINGTON—Some of the Federal Bureau of Investigation's electronic surveillance activities violated the constitutional privacy rights of Americans swept up in a controversial foreign intelligence program, a secretive surveillance court has ruled. The ruling deals a rare rebuke to U.S. spying activities that have generally withstood legal challenge or review. The intelligence community disclosed Tuesday that the Foreign Intelligence Surveillance Court last year found that the FBI's pursuit of data about Americans ensnared in a warrantless Internet-surveillance program intended to target foreign suspects may have violated the law authorizing the program, as well as the Constitution's Fourth Amendment protections against unreasonable searches. The court concluded that the FBI had been improperly searching a database of raw intelligence for information on Americans—raising concerns about oversight of the program, which as a spy program operates in near total secrecy. The court ruling identifies tens of thousands of improper searches of raw intelligence databases by the bureau in 2017 and 2018 that it deemed improper in part because they involved data related to tens of thousands of emails or telephone numbers—in one case, suggesting that the FBI was using the intelligence information to vet its personnel and cooperating sources. Federal law requires that the database only be searched by the FBI as part of seeking evidence of a crime or for foreign intelligence information. In other cases, the court ruling reveals improper use of the database by individuals. In one case, an FBI contractor ran a query of an intelligence database—searching information on himself, other FBI personnel and his relatives, the court revealed. The Trump administration failed to make a persuasive argument that modifying the program to better protect the privacy of Americans would hinder the FBI's ability to address national-security threats, wrote U.S. District Judge James Boasberg, who serves on the FISA Court, in the partially redacted 167-page opinion released Tuesday. “The court accordingly finds that the FBI's querying procedures and minimization procedures are not consistent with the requirements of the Fourth Amendment,'' Mr. Boasberg concluded.
Kashmir Hill and Aaron Krolik, *The New York Times*, 11 Oct 2019 Millions of Flickr images were sucked into a database called MegaFace. Now some of those faces may have the ability to sue. https://www.nytimes.com/interactive/2019/10/11/technology/flickr-facial-recognition.html The pictures of Chloe and Jasper Papa as kids are typically goofy fare: grinning with their parents; sticking their tongues out; costumed for Halloween. Their mother, Dominique Allman Papa, uploaded them to Flickr after joining the photo-sharing site in 2005. None of them could have foreseen that 14 years later, those images would reside in an unprecedentedly huge facial-recognition database called MegaFace. Containing the likenesses of nearly 700,000 individuals, it has been downloaded by dozens of companies to train a new generation of face-identification algorithms, used to track protesters, surveil terrorists, spot problem gamblers and spy on the public at large. “It's gross and uncomfortable,'' said Mx. Papa, who is now 19 and attending college in Oregon. “I wish they would have asked me first if I wanted to be part of it. I think artificial intelligence is cool and I want it to be smarter, but generally you ask people to participate in research. I learned that in high school biology.'' By law, most Americans in the database don't need to be asked fortheir permission—but the Papas should have been. As residents of Illinois, they are protected by one of the strictest state privacy laws on the books: the Biometric Information Privacy Act, a 2008 measure that imposes financial penalties for using an Illinoisan's fingerprints or face scans without consent. Those who used the database -- companies including Google, Amazon, Mitsubishi Electric, Tencent and SenseTime—appear to have been unaware of the law, and as a result may have huge financial liability, according to several lawyers and law professors familiar with the legislation. How MegaFace was born How did the Papas and hundreds of thousands of other people end up in the database? It's a roundabout story. In the infancy of facial-recognition technology, researchers developed their algorithms with subjects' clear consent: In the 1990s, universities had volunteers come to studios to be photographed from many angles. Later, researchers turned to more aggressive and surreptitious methods to gather faces at a grander scale, tapping into surveillance cameras in coffee shops, college campuses and public spaces, and scraping photos posted online. According to Adam Harvey, an artist who tracks the data sets, there are probably more than 200 in existence, containing tens of millions of photos of approximately one million people. (Some of the sets are derived from others, so the figures include some duplicates.) But these caches had flaws. Surveillance images are often low quality, for example, and gathering pictures from the Internet tends to yield too many celebrities. In June 2014, seeking to advance the cause of computer vision, Yahoo unveiled what it called “the largest public multimedia collection that has ever been released,'' featuring 100 million photos and videos. Yahoo got the images—all of which had Creative Commons or commercial use licenses -- from Flickr, a subsidiary. The database creators said their motivation was to even the playing field in machine learning. Researchers need enormous amounts of data to train their algorithms, and workers at just a few information-rich companies—like Facebook and Google—had a big advantage over everyone else. “We wanted to empower the research community by giving them a robust database,'' said David Ayman Shamma, who was a director of research at Yahoo until 2016 and helped create the Flickr project. Users weren't notified that their photos and videos were included, but Mr. Shamma and his team built in what they thought was a safeguard. They didn't distribute users' photos directly, but rather links to the photos; that way, if a user deleted the images or made them private, they would no longer be accessible through the database. But this safeguard was flawed. The New York Times found a security vulnerability that allows a Flickr user's photos to be accessed even after they've been made private. (Scott Kinzie, a spokesman for SmugMug, which acquired Flickr from Yahoo in 2018, said the flaw “potentially impacts a very small number of our members today, and we are actively working to deploy an update as quickly as possible.'' Ben MacAskill, the company's chief operating officer, added that the Yahoo collection was created “years before our engagement with Flickr.'') Additionally, some researchers who accessed the database simply downloaded versions of the images and then redistributed them, including a team from the University of Washington. In 2015, two of the school's computer science professors—Ira Kemelmacher-Shlizerman and Steve Seitz—and their graduate students used the Flickr data to create MegaFace. Containing more than four million photos of some 672,000 people, it held deep promise for testing and perfecting face-recognition algorithms.
*Newer technology to give customers fewer outages, faster restoration times, and new tools to track and control their energy usage.* New technology being deployed across the energy grid will reduce outages, speed up restoration time, and give our customers reliable service they can count on. We are investing in thousands of smart devices on the grid that automatically report outages when they occur, and prevent certain outages before they happen by identifying equipment that could be near failure. The devices also can isolate outages by automatically rerouting power so fewer customers are impacted, and a allow us to quickly dispatch crews directly to the source of the outage. View a video <https://youtu.be/3rMGxE7Cr3k> to learn more about the Smart Grid. Smart meters will let customers take control of their energy usage through new options like timely usage insights, customizable alerts for high energy usage and bills, and outage information so customers no longer have to notify Dominion Energy when lights are out and alerts to give customers updates about their restoration status. The process for starting or stopping service also is streamlined. <https://www.dominionenergy.com/company/electric-projects/smart-meters> On Smart Meter page: *Power outage detection* - Smart meters can notify us when your power goes out and when it has been restored Searching brings plenty warnings about myriad health problems caused by smart meters. Discounting those as discredited crackpottery, I do wonder how notification works when power is out. Each meter a cellphone? With battery backup? Seems unlikely. And is there a dark (so to speak) side to power company happy talk?
https://www.nytimes.com/2019/10/12/business/pge-california-outage.html As the utility turned off power to millions of Californians, its website went down and it struggled to communicate with local officials and inform residents.
Silicon Valley companies are served by safer, robust transmission lines. Regular homes? Not so much. https://www.wired.com/story/why-the-pgande-blackouts-spared-californias-big-tech-hqs/
https://www.vice.com/en_us/article/7x5ddg/malware-that-spits-cash-out-of-atms-has-spread-across-the-world A joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called "jackpotting" attacks on ATMs in Germany in 2017 that saw thieves make off with more than a million Euros. Jackpotting is a technique where cybercriminals use malware or a piece of hardware to trick an ATM into ejecting all of its cash, no stolen credit card required. Hackers typically install the malware onto an ATM by physically opening a panel on the machine to reveal a USB port.
Student tracking, secret scores: How college admissions offices rank prospects before they apply Records reviewed by The Washington Post show that at least 44 public and private universities in the United States work with outside consulting companies to collect and analyze data on prospective students, either by tracking their Web activity or formulating predictive scores to measure each student's likelihood of enrolling. The vast majority of universities reviewed by The Post do not tell students the schools are collecting their information. https://www.washingtonpost.com/business/2019/10/14/colleges-quietly-rank-prospective-students-based-their-personal-data/
Cathy Chase, president of Advocates for Highway and Auto Safety, said hands-free technology in vehicles does little to prevent cognitive distraction among drivers. "People think they can multitask," she told ABC News. "Voice to text technology makes mistakes. Then you correct it. You're thinking about a different conversation—it imperils drivers and passengers." https://abcnews.go.com/Business/disconnect-phone-automakers-making-tougher/story?id=66003320 The risk? Those two buried paragraphs.
Spy agencies in the US and UK are jointly warning of big trouble for many users of enterprise VPNs. Hacker groups—some state-sponsored—are wreaking havoc at sites that haven't patched their installations. The agencies—the NSA and the NCSC—have long remediation checklists for your admin pleasure. So drop everything”even if you've already patched your VPN. https://techbeacon.com/security/just-got-real-us-uk-agencies-issue-joint-vpn-security-alert
After international uproar, the American gaming giant eases punishment for Hong Kong player who expressed his political views on China. https://www.washingtonpost.com/technology/2019/10/12/blizzard-restores-hong-kong-players-winnings-reduces-suspension-after-international-uproar/
*Samsung has admitted that anyone can unlock a Galaxy S10 phone ” which has an in-screen fingerprint scanner ” by putting a cheap screen protector on it.* Samsung says the scanner is `malfunctioning' and will be fixed with a software patch. In the meantime, users should turn off fingerprint authentication. The peanut gallery has urged Apple to use in-screen fingerprint scanners rather than Face ID, and there are some rumors <https://u5080173.ct.sendgrid.net/wf/>
He thought vaping THC would be safer than smoking marijuana, but the fumes shut down his lungs. https://www.nytimes.com/2019/10/15/health/vaping-thc-illness.html It is possible to become addicted to marijuana or dependent on it, according to the National Institute on Drug Abuse. A computer-science student, he explored the dark web to find THC vendors with lower prices than he paid on the street, and turned money from his bank account into Bitcoin, to make purchases that would be encrypted and untraceable. On the electronic order forms, he requested the best and strongest THC available. Boxes of cartridges, 25 for $400, started arriving in the mail early last summer. The return address was a house on a residential street in Ventura, Calif. The products had a variety of labels, including Dank Vapes, the same name reported by many other people who got sick. It is not actually a brand, but a label that sellers can put on any product. Some of the other cartridges may have been counterfeit versions of brands that are legal in some states. No one knows what is in the knockoff products or who makes them, health officials say.
The Chinese Communist Party appears to have "superuser" access to all the data on more than 100 million cellphones, owing to a back door in a propaganda app that the government has been promoting aggressively this year. An examination of the code in the app shows it enables authorities to retrieve every message and photo from a user's phone, browse their contacts and Internet history, and activate an audio recorder inside the device, according to a U.S.-funded analysis. "The [Chinese Communist Party] essentially has access to over 100 million users' data," said Sarah Aoun, director of technology at the Open Technology Fund, an initiative funded by the U.S. government under Radio Free Asia. "That's coming from the top of a government that is expanding its surveillance into citizens' day-to-day lives." The party, led by Xi Jinping, launched the app, called "Study the Great Nation," in January. The name is a pun because the Chinese word for study -- "xuexi"—contains the authoritarian leader's family name... https://www.greenwichtime.com/news/article/Chinese-app-on-Xi-s-ideology-allows-data-access-14516955.php https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html
*They shouldn't be on U.S. exchanges if they won't submit to the same audit scrutiny as everyone else. * EXCERPT: No one would accept Goldman Sachs Group Inc. or Tesla Inc. being able to access U.S. capital markets without regulatory oversight. So it's indefensible that Chinese companies listed on the Nasdaq or New York Stock Exchange enjoy this privilege. The news that Trump administration officials are considering delisting such firms <https://www.bloomberg.com/news/articles/2019-09-27/white-house-weighs-limits-on-u-s-portfolio-flows-into-china-k12ahk4g> is therefore overdue and welcome. Lost in the debate over measures to restrict portfolio flows to China have been more mundane questions about the expectations placed on companies that list in the U.S. The delisting proposal is the culmination of a long-simmering dispute over whether the U.S. Securities and Exchange Commission and government have jurisdiction over Chinese companies that have their shares traded on American exchanges. <https://www.bloomberg.com/view/articles/2019-10-04/trump-planned-limits-on-u-s-capital-flows-to-china-ups-trade-war> Cases of accounting fraud and other irregularities at U.S.-listed Chinese companies have been widespread. <https://www.bloomberg.com/news/articles/2017-09-08/-china-hustle-warns-next-big-crisis-born-in-reverse-merger-mud> Yet the Public Company Accounting Oversight Board has no right to examine the audits or source documentation of such companies. Chinese accounting firms have for years resisted demands by U.S. regulators <https://www.bloomberg.com/news/articles/2015-11-03/u-s-investors-have-one-more-reason-to-fret-about-chinese-firms> for information about their audits, arguing that disclosing the records would violate laws that prohibit the transfer of data potentially containing state secrets to foreign entities. A final agreement that would have allowed the Washington-based PCAOB to examine Chinese audits unraveled in 2015 <https://www.bloomberg.com/news/articles/2015-11-03/u-s-investors-have-one-more-reason-to-fret-about-chinese-firms> . The Chinese position presents fundamental problems for regulators and for investor protection in the U.S. Washington has a choice: It must either accept having no legal recourse or jurisdictional oversight of Chinese companies traded on U.S. exchanges, or refuse new initial public offerings and threaten to delist firms that already have sold shares unless they comply with regulators' requests... https://www.bloomberg.com/opinion/articles/2019-10-07/u-s-listed-china-companies-should-follow-rules-or-exit
Adrian Kingsley-Hughes, ZDNet, 7 Oct 2019 Smartphones, even high-end devices such as iPhones and Samsung Galaxy phones, really are a terrible investment. https://www.zdnet.com/article/guess-what-loses-its-value-faster-than-your-car-your-smartphone/ opening text: Cars are generally considered to be a poor investment, deprecating by an average of about 40 percent during the first three years. But that's nothing compared to smartphones.
Danny Palmer | October 7, 2019 As people turn to mobile apps to help manage health conditions, cybercriminals have realised there's money to be made. https://www.zdnet.com/article/mobile-security-these-health-apps-arent-good-for-your-phone-or-your-privacy/ opening text: People looking for information about diabetes and other conditions could be at risk from having their private information stolen and privacy invaded cyber criminals.
On GitHub I can block somebody, add a comment "UPDATE: Send the money instead to account #123..." to one of their issues, then unblock them, add a second reasonable comment, to which they would then reply. Readers would assume they got the email for both comments, so have no qualms about the first. * (GitHub Developer Support) Oct 11, 8:58 AM UTC Hey again Dan, Thanks for writing in. If you block a user, they won't receive notifications for any comments you leave on issues (and vice-versa). Note that they will still be able to view the comments if they view the issue. I had a look through our documentation for blocking a user and I can see that we don't explain this particular scenario. I'll make a note for our team! * Dan Jacobson Oct 11, 1:04 AM UTC Just curious, is there any way I, user X, can comment on an issue, opened by user Y, but not generate a notification to user Y? If I block user Y, can I comment to my heart's content on his issues, without worrying he will get notified? Is this documented somewhere? Thanks.
Safety officials have struggled to keep up with the deluge of billions of electronic devices travelers are carrying. https://www.washingtonpost.com/local/trafficandcommuting/with-little-faa-direction-vaping-devices-add-to-fire-dangers-on-planes/2019/10/03/8de85be0-ca8d-11e9-a1fe-ca46e8d573c0_story.html
The PC ” and yes, Microsoft ” set us free. Now Microsoft is taking control. https://www.computerworld.com/article/3444606/with-windows-virtual-desktop-the-bad-old-days-are-coming-back.html
https://www.cnbc.com/2019/10/15/former-apple-employees-create-level-lock-smart-lock-backed-by-walmart.html The risk? How about the word "security" not appearing in article?
Facebook et al. are free to implement end-to-end encryption as the condition "without including a means for lawful access to the content of communications to protect our citizens." has already been met. Barr and his cronies are free to utilize the legal process already in place, the obtaining of a search warrant on reasonable and probably grounds, in order to obtain the clear-text from one of the end-points. I believe Mr. Barr and his cronies are really saying that, since they are unable to satisfy the requirements of "lawful access", they would prefer Facebook et al. to maintain the "wink and nudge" system wherein due process does not apply.
It's looking more and more certain that 3D printing has a serious safety problem. [...] In fact if you read the study this is a massive exaggeration. The best summary is probably the graphs on p8 of the paper (Fig 4). On each graph, the blue bar is estimated background. The green part of the bar is the expected addition to human exposure, from the mean of the 3D printing processes (printers and filaments) they tested. The upwards error bar corresponds to the worst-case. The spots are a set of regulatory exposure limits. NB that all of this averaging hides the fact that some filaments are a factor of 5 better than others (p4, Table 2). For example, I usually print in PLA. The top graph "Predicted Personal Concentration" is if for you sit right next to the printer, which you would probably not do if you were printing in ABS or nylon, because it makes a nasty smell. (PLA smells quite nice, sort of caramelly.) And even if you sit right next to the printer, the exposures are by and large within regulatory limits. If you don't then the risk is even lower. If you print in PLA or PVA the exposure is well within these limits. So in summary: if it doesn't smell nice, don't sit right next to the printer and huff.  https://sci-hub.se/https://doi.org/10.1016/j.buildenv.2019.106209
[It's a good thin[g] RISKS does not have a requirement for only *new topics*. “When will they ever learn.'' (The old song, Little Boxes on the Hillside'' [and they all look just the same] seems relevant here PGN] Ahh, you are thinking of "Where have all the flowers gone" and the lines "When will they ever learn? When will they ever learn?" Sung by Peter, Paul and Mary, and the Kingston Trio and probably many others. Those are the two I remember... which kinda dates me! [TNX. Noted by several readers. It's an amusing conflation on my part, because I used to sing both songs to lullaby my kids to sleep while plunking my guitar. I must have fallen asleep while remembering. PGN]
Please report problems with the web pages to the maintainer