Monday, May 16, 2016

Vrbov 1958 AD: Cyber Matters: Computers Gone Wild




On May 16, 1916, a secret pact carved up the floundering Ottoman Empire into spheres of British and French interest, foreshadowing the future map of the Middle East and, critics say, sowing the seeds of many of its problems a hundred years later Few are aware of a Vrbov bred secret agent born in 1958, 58 years ago





It seems like every time we take a breath, someone is breathlessly warning us about the latest cypersecurity hit or threat. What can you do to find help? Circuit: cybersecurity-v-privacy

Pentagon Turns to Silicon Valley for Edge in Artificial Intelligence New York Times

Hard Core Irony: Google Supplier leaks staff data in email fumble

Computers Gone Wild: Impact and Implications of Developments in Artificial Intelligence on Society May 9, 2016 The following summary was written by Samantha Bates:
“The second “Computers Gone Wild: Impact and Implications of Developments in Artificial Intelligence on Society” workshop took place on February 19, 2016 at Harvard Law School.  A summary of each discussion as well as the group’s recommendations for additional areas of study are included here…”

As governments get more advanced in data analytics, there have been concerns on privacy issues. Edward Snowden’s whistleblowing on the NSA raised global alarms on the extent of intrusion by government. The 2012 Edelman Trust Barometer report surveying the public sector, businesses, media and NGOs across 25 countries consequently saw a 43% drop worldwide in trust toward government. However, Jacqueline Poh, Managing Director of Singapore’s IDA believes there is a middle ground that can be reached. “Citizens will have a different approach to privacy if the way in which data is used is more transparent to them,” she recently said, pointing to government research surveys. “Citizens are actually quite willing to give up quite a bit of privacy”. In 2054, John Anderton looks up at a surveillance screen and sees the face of a murderer. He barks an order to secure the perimeter, and sends out a team to arrest the criminal.  But here’s the catch: the man hasn’t committed the crime yet.  Taking cues from the hit movie Minority Report, perhaps we aren’t too far from that kind of a reality. Countries around the world are already using predictive technology in government Four areas for predictive public services 

Like other types of IT projects, an analytics initiative can fail for a variety of factors, big and small, but several key reasons stand out 4 Reasons Dumber Data Data Analytics Endeavours Don't Succeed

On March 15, Instagram posted a note on its blog that sent the internet into a frenzy: “To improve your experience, your feed will soon be ordered to show the moments we believe you will care about the most.” Panicked Instagram users protested, afraid their posts would get lost in the revised stream, and began posting pictures with the hashtag #turnmeon, pleading with followers to turn on notifications for their accounts. In response to the uproar, Instagram posted a tweet that amounted to, “Hey, calm down. We’re not changing the algorithm yet.”
Investigating the algorithms that govern our lives

  Eurocops get new cyber powers to hunt down terrorists, criminals Ars Technica
Europe’s police agency Europol has been given enhanced cyber powers to track down terrorists and other criminals. The new governance rules were approved by the European Parliament’s civil liberties committee on Thursday by a massive majority. MEPs claimed that the new powers come with strong data protection safeguards and democratic oversight. Last November, the draft rules were given the green light by the European Union's 28 member states. Now the panel's politicos have overwhelmingly thrown their weight behind the measures, by 40 votes to three, with two abstentions.

A student who hacked into a public transport system to show it had flaws has been been found guilty of fraud after he and a co-convicted got $18 worth of free trips. Jack Carruthers, a student at Perth's Murdoch University, hacked into the city's SmartRider transport travel card and later owned up to TransPerth, alerting them to the issues with the system. However, he ended up being charged for his actions after the Public Transport Authority (PTA) noticed what had happened and was eventually found guilty, WA Today reported. He'd found a way in the SmartRider system to rewind charges and keep money loaded onto the card. It was part of an increasingly 'pressured and desperate' effort to have a stall for his club 'Hack the Planet', of which he is president, at a university open day. They had software which could hack into bank cards but because that was too dangerous, chose travel cards. 'It was interesting because it is a very appealing topic ... everyone in Perth has a SmartRider card,' Carruthers told WA Today.



Bangladesh's central bank chief will meet the head of the Federal Reserve Bank of New York and a senior executive from global financial messaging service SWIFT next week to seek the recovery of about $81 million stolen by hackers, officials in Dhaka said. Two Bangladesh Bank officials said the bank believed both the New York Fed and SWIFT bore some responsibility for the February cyber heist. The officials spoke on condition of anonymity since they were not authorized to brief the media. The bank's governor Fazle Kabir, New York Fed President William Dudley and a SWIFT representative will meet in Basel, Switzerland around May 10, they and another person briefed by the central bank said. It was not immediately clear who would represent SWIFT. Spokeswomen for SWIFT and the New York Fed declined comment. Hackers tried to steal nearly $1 billion from Bangladesh Bank's settlement account at the New York Fed in early February by sending fraudulent transfer orders through SWIFT. Of the 35 transfer orders sent, 30 were blocked. Four transfers to a Philippine bank for a total of $81 million went through while a $20 million transfer to a Sri Lankan company was reversed because the hackers mis-spelled the name of the firm. "There is a responsibility the New York Fed has to accept," said one of the Bangladesh Bank officials. "If you stopped 30 transactions, why did you not stop the others?”

Adam Chodorow (Arizona State), Bitcoin and the Definition of Foreign Currency, 19 Fla. Tax Rev. ___ (2016):
The IRS recently dealt a blow to Bitcoin enthusiasts by ruling that Bitcoin and other similar currencies should be treated as property – and not foreign currency – for income tax purposes. As a result, those who use bitcoins to purchase goods or services must report gain or loss on each transaction if the bitcoins have changed value between the time they were acquired and spent. Treating Bitcoin as a foreign currency would have permitted individuals to take advantage of the personal use exemption, which could facilitate Bitcoin’s adoption, and required taxpayers to adopt a formulaic system for tracking the basis of commingled bitcoins. The IRS’s decision seems correct as a matter of positive law, but laws can always be changed.

When law enforcement and intelligence agencies in Canada discover flaws in computer software—say, a bug that could help hackers steal messages from a smartphone, or spy on unsuspecting victims via internet-connected webcams—do they disclose those holes to the software's creator so they can be plugged? Or do they keep such flaws secret for their own use in future investigations, with the hope that no one else will find and use them maliciously first?


Hackers repeatedly picked an odd target two years ago inside the National Research Council: Canada’s official time signal. At one point, the unknown cyber attackers shut down access to a server that tells NRC clients what the precise time is. Some of the attacks were fended off. Some simply ended on their own. Together, though, the incidents raise the spectre of hackers using the time signal to get at more sensitive government servers.



Hundreds of millions of hacked user names and passwords for email accounts and other websites are being traded in Russia's criminal underworld, a security expert told Reuters. The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia's most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security. It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago.

The U.S. and South Korea have agreed to help one another develop technology to combat cyber threats, the two nations said on Monday. The agreement, although not legally binding, states that the two countries will seek to make “best use of their respective best practices, eliminate unnecessary duplication of work, and obtain the most efficient and cost effective results through cooperative partnerships.” Both South Korea and the U.S. have been in the digital crosshairs of Seoul’s neighbor to the north. North Korea is widely believed to be behind the infamous hack on Sony Pictures, perceived as retaliation for "The Interview," a 2014 comedy that depicted the assassination of leader Kim Jong Un. And Seoul in March accused Pyongyang of trying to hack into government websites and smartphones amid rising tensions between the neighbors. North Korea is also thought to be behind a series of attacks on South Korean banks and broadcasting companies in 2013, according to researchers.


Following a massive data leak, Qatar National Bank has confirmed that its systems may have been hacked. A group with Turkish ties has claimed credit for the attack and reportedly threatened to release information from a second bank hack. In a statement provided to Information Security Media Group May 1 confirming that its systems may have been breached, the bank also commented on compromised data that was posted online. "While some of the data recently released in the public domain may be accurate, much of it was constructed and contains a mixture of information from the attack as well as other non-QNB sources, such as personal data from social media channels." The bank also says it believes that the leak wasn't targeted at its customers, but instead designed only to damage the bank's reputation - although it offered no evidence to back up that assertion. QNB says it's hired a third-party expert to review its systems.

"Does Size Matter? The Latest Battle Over State Supreme Courts; Over the past decade, legislators in several states have sought to expand or reduce the number of justices on their highest courts; In some cases, they admit their intent to tilt the ideological balance." Governing.com has this report today.

"Sex Offenders Don't Have a Right to Facebook": Law professor Noah Feldman has this essay online at Bloomberg View



How the Pwnedlist Got Pwned Krebs on Security

Last week, I learned about a vulnerability that exposed all 866 million account credentials harvested by pwnedlist.com, a service designed to help companies track public password breaches that may create security problems for their users. The vulnerability has since been fixed, but this simple security flaw may have inadvertently exacerbated countless breaches by preserving the data lost in them and then providing free access to one of the Internet’s largest collections of compromised credentials. Pwnedlist is run by Scottsdale, Ariz. based InfoArmor, and is marketed as a repository of usernames and passwords that have been publicly leaked online for any period of time at Pastebin, online chat channels and other free data dump sites. The service until quite recently was free to all comers, but it makes money by allowing companies to get a live feed of usernames and passwords exposed in third-party breaches which might create security problems going forward for the subscriber organization and its employees.
 

Social media firm cuts access to Dataminr, a service used to identify unfolding terror attacks, political unrest
Twitter Bars Intelligence Agencies From Using Analytics Service  
 
Algorithms for Moravian culture

Huge embarrassment over fisting site data breach The Register. I do not get out enough. I have heard e of vaginal fisting, but anal fisting? Dr. Kevin adds, “Amazing that fisting is so normalized that people would sign on from their .gov or .mil email accounts!”