Cybersecurity

1 2 3 54

Friday: The End of the World


I wake up in the morning and I wonder
Why ev’rything is the same as it was
I can’t understand, no, I can’t understand
How life goes on the way it does


— excerpt, The End of the World, written by Arthur Kent and Sylvia Dee

Jazz version of this song first released by Skeeter Davis in 1962 performed here by Postmodern Jukebox’s Scott Bradlee and band with Niia’s vocals.

A few people in my timeline have asked over the last several months, “Is this the end of the world, or does it just feel like like it?”

It’s the end of something, that’s for sure.

Z is for Zika

I can’t make this clear enough to Congress: you’re playing with lives here, and it’s going to be ugly. It will affect your families if anyone is of childbearing age. I haven’t seen anything in the material I’ve read to date that says definitively studies are underway to verify transmission from Brazil’s Culex quinquefasciatus to humans. There’s a study on the most common U.S.’ Culex pipiens species which showed weak transmission capabilities, but once it’s proven quinquefasciatus can transmit, it’s just a matter of time before more effective pipiens pick up and transmit the virus, and they may already have done so based on the two cases in Florida. GET OFF YOUR BUTTS AND FUND ADEQUATE RESEARCH PRONTO — or risk paying for it in increased health care and other post-birth aid for decades.

Still Brexin’ it

Clean-up duty

  • Looking for MH370 in all the wrong places — for two years (IBTimes) — Bad suppositions? Or misled? Who knows, but the debris found so far now suggests the plane may have glided across the ocean in its final moments rather than plummeting nose first.
  • Enbridge settles $177 million for 2010 oil pipeline rupture (ICTMN) — Seems light for the largest ever oil spill inside the continental U.S., and their subsequent half-assed attempts to clean up the mess. Check the photo in the story and imagine that happening under the Straits of Mackinac between Lakes Huron and Michigan. How did it take them so long not to know what had happened and where?
  • Broadband companies now have a real competitive threat in Google Fiber (USAToday) — It’s beginning to make a dent in some large markets where Google Fiber’s 1Gb service has already been installed. But it is slow going, don’t expect it in your neighborhood soon. You’re stuck with your existing slowpoke carriers for a while longer.
  • Cable lobby counters FCC pressure on set-top boxes (Ars Technica) — Sure, they’ll yield to the FCC on set-top boxes, but they won’t offer DVR service and each cable provider with 1 million subscribers or more will be responsible for their own apps. Cable lobby claims copyright issues are a concern with the DVR service; is that a faint whiff of MPAA I smell?

Beach-bound longread
Check out this piece in WIRED: David Chang’s Unified Theory of Deliciousness. I’m hungry after reading just a portion of it.

Hasta luego, mi amigas. Catch you Monday if the creek don’t rise.

Thursday: Hotter than Hell

Have a little indie synthpop if your day isn’t hot enough. The artist Dua Lipa lives in London; she originally moved to the United Kingdom in the 1990s with her parents who are Kosovar-Albanian. Imagine a UK to which artists like Lipa cannot easily immigrate.

Money, money, money

  • HSBC’s global head of Forex trading in London arrested at JFK on Tuesday (Bloomberg) — Mark Johnson was picked up before his flight by the feds; his counterpart, Stuart Scott, HSBC’s former head of currency trading in Europe, has also been charged with Johnson for conspiracy to manipulate currency based on insider information. The transaction on which the case is based took place in 2011, earning HSBC $8 million on a $3.1 billion deal. Gee, I wonder if these guys worked the pre- and post-Brexit fall of the pound.
  • Mastercard snaps up UK’s VocaLink for $920M (Businesswire) — Should probably keep a tally of UK businesses bought while pound is still down from pre-referendum highs. VocaLink gives Mastercard huge reach in payroll and household bill processing across UK and access to a substantive majority of UK consumer data.
  • Subzero bond yields: who’d have predicted this? (Bloomberg) — Analysis of overall trends this year, including flights to safety and their effect on the market. Still trying to wrap my head around subzero bond yields; does this make sense to pay for safekeeping without expectation of increase in value at the end? What might this do to consumption and growth?

Daily dose of cyber

  • Forbidden Research: fixing “leaky” cellphones (MIT Media Lab) — Electrical engineer/hacker Andrew “bunnie” Huang and NSA whistleblower Edward Snowden published a paper presented at today’s MIT’s Forbidden Research event, outlining their work countering surveillance abuse by law enforcement. Journalists in particular are targets for surveillance; their cellphones “leak” all kinds of information about them and their location which airplane mode does not shield. Huang and Snowden propose a method for monitoring radio transmissions by a cellphone, including GPS, and a means for killing the transmissions. Abstract here, and the paper itself here. Very straightforward reads even for the non- to low-tech audience.
  • Dead man’s prints brought back from the dead (Fusion) — Law enforcement approached a Michigan State University professor Anil Jain and his PhD student Sunpreet Arora and asked them to recreate a dead man’s fingerprints in order to unlock his phone. There are few details disclosed about the case — not even which law enforcement agency made the ask — but the phone belonged to a murder victim and may contain information about his murderer. Or so the story says.
  • UK’s largest internet provider suffers two days of massive outages (TechRadar) — Outages have been blamed on power failures, but no additional information offered on reasons for power loss. Coincidentally, a C1 solar flare which began on July 17 caused radio disruption and aurora over the last 15-24 hours — might have made the situation worse.
  • France’s National Data Protection Commission says Microsoft Windows 10 operating system gathers too much personal data (Libération + BetaNews) — Surprised La Commission nationale de l’informatique et des libertés (CNIL) haven’t cuffed up Microsoft sooner given every version of Windows “phoned home” within information about its users and devices when patching and updating. Why is it Windows 10 in particular doesn’t comply with their Data Protection Act — is it the sniffing of users’ navigation data? Microsoft responded to CNIL’s complaint, not denying the claim but only saying it will work with CNIL on a solution. Right, then.

Tonight’s dinner and a movie: Jujubes and Ghostbusters. Yum. Stay cool, look after elderly neighbors and pets who need a reprieve from the heat.

Monday: Magic

You want some magic this Monday to start your week? Check this short film Vorticity by Mike Olbinski. If you can launch it in full screen or cast it to a television, even better, and I hope you have decent speakers for the sound. Mike’s wife is a saint, a wholly different kind of magic off screen to support a guy who does this stuff.

Under the gun here today, too much real world stuff to check off my To Do List. Only a quick list of stuff worth looking at.

Kudos
Bravo to Michigan’s Rep. Dan Kildee (D-Flint Township) who filed the Families of Flint Act last week to provide $1.5 billion in relief funding for water system repairs, additional health care, monitoring and education, as well as economic development to support the struggling city. Co-sponsors include U.S. Reps. Sander Levin (D-Royal Oak), Debbie Dingell (D-Dearborn MI), Brenda Lawrence (D-Southfield MI), and John Conyers (D-Detroit), along with 167 other House Dems.

Lean on House GOP members to do the right thing and support this bill when they are next in session in August.

Leftovers
Couple of things screwed up or left unfulfilled before Congress left town:

Quick List

Catch you tomorrow, gotta’ dash!

Thursday: Bad Girls

One thing before I go any further…look just above these words, below this post’s title and to the right of the date of publication. See the name ‘Rayne’? That’s me, that’s my byline. Please note there are multiple contributors here at emptywheel. The entire site is eponymously named for its owner, Marcy Wheeler, whose online name and byline is the same as this blog. Check the byline on our posts if you haven’t done so in the past. You’ll note we have different voices and opinions, different writing styles. I tend to be the most open about my dislike for what the Republican Party has become since 1978, when I last toyed with being Republican. Marcy and the rest of the crew tend to be more generous or less open in their vituperation. Take note of the byline when when you read and comment, thanks.

Still indulging in female artist K-pop, choosing this video for a very specific reason…

TWO DAYS
That’s it, what’s left of today and all day tomorrow — that’s all the U.S. House will be in session for July. Outstanding job this week trashing the EPA with bullshit riders, GOP members. Way to fucking go with extending your run serving corporations ahead of the people.

Tick-tock.

BAD GIRL (UK edition)
After today’s wash list of badness, I can hardly wait to hear what comes of May’s visit on Friday to Scotland.

BAD GIRL (domestic edition)

PokéGone
The list of accidents resulting from distraction by Pokémon GO grows by leaps and bounds. These are among the worst so far. Just a matter of time before a fatality occurs.

Wheels

Keep an eye on this topic

Catch you tomorrow for the last in-session day in U.S. House.

Wednesday: Dumb Dumb [UPDATE]

Let’s change the pace today with some K-pop — a little hyper-upbeat Korean pop music influenced by hip hop. You may already be familiar with K-pop if you are familiar with insanely popular tune Gagnam Style by the artist Psy, released in 2012. But K-pop isn’t just male artists like GOT7, Shinhwa, and BIGBANG. There are quite a few all-female groups like Red Velvet featured here, Girls’ Generation, Orange Caramel, and Girls’ Day. Americans may find a retro feel to female K-pop artists’ work, not only in content and performance, but production and presentation. They make hard work look like joy. For all the visual and audio effects, there are simple, unifying messages — love is everything, and girls just want to have fun.

So much that. We could really use some love and some fun.

THREE DAYS
*head-desk* Including today, that’s all the House will spend in session this month. Flint’s 8000 lead-poisoned kids still wait.

Carla Hayden, nominee for Librarian of Congress also waits. Some chickenshit anonymous Republican senator(s) have placed a hold on her confirmation. Why? Because she’s black. Swear to gods the GOP wants to become an irrelevant footnote in history; they certainly won’t win over minority voters this way, and they’re pissing off the publishing industry at the same time. UPDATE 5:00 P.M. EST — HAYDEN CONFIRMED Huh. Wonder what clued in the chickenshit anonymous Republican senator(s) who’d placed her on hold? Whatever, now the GOP can go back to focusing their normal obstructive intransigence on SCOTUS’ nominee Merrick Garland.

Don’t forget about China

Civil rights wronged

  • Cruel and unusual punishment continues on Rikers Island after four extensions granted for reforms (Village Voice) — Youths 18-21-years-old including some who are mentally ill remain locked up in solitary confinement. The glacial pace of reforms is repugnant, maintaining worse than third-world treatment. Fix this horror and quit dragging your feet, New York. You’re making this entire country look bad and worse.
  • Black ex-cop offers detailed analysis of race and policing (Vox) — One key problem is the propensity for 70% of police to cave into pressure from the 15% of cops who are outrageous racists — like the Milgram experiment run amok. Racists should be identified and removed from leadership positions; police departments must have open dialog about social pressure and expectations of ethical behavior in policing.

Breakit

Cyber-oddments

Okay, that’s quite enough self-abuse for one day. It’s downhill from here, see you tomorrow!

Tuesday: Trauma

A little neo soul, something to ease the day. If you like this bit by 20-year-old Doja Cat, check out more of her work at her YouTube channel.

FOUR DAYS
That’s all that’s left of in-session days in U.S. House this month, and nothing done yesterday to help Flint. Yet another report on Flint water crisis, this one featuring VA-Tech’s Dr. Marc Edwards on the lack of trust in water quality, governance and water science since the city’s transition back to Detroit’s water supply. But the necessity of filters means tap water is suspect; Flint residents never needed filters before the switch to Flint river water, and now much regularly take additional steps to check their filters and water quality. Just replace the damned lead pipes so they can take the filters off and they’ll trust the water system. They need assistance with speeding up pipe replacement, stat.

Oh, and deal with the collapse of property values in Flint. Who wants to buy a house there, let alone offer financing as long as the water system remains under suspicion?

Oh no, Pokémon GO
My kid has been playing this augmented reality game with his friends, driving around after dark to different ‘gyms’. We’ve had a few discussions about the application’s privacy problems as well as the game’s requirements for collecting points. This is NOT a game for kids to play by themselves without parent or guardian engagement if they aren’t old enough to drive. My son told me about running into creepy guys parked for hours late into the evening at key locations where Pokémon are found. Recipe for trouble, that.

Brexit means broken

TL;BRTLA (too long, but read this later anyhow)
Especially today — now that Bernie Sanders has endorsed Hillary Clinton — read how women were included in the Civil Rights Act as a joke. Hah. Funny. But very sad that 51% of the population is still not accorded their creator-endowed equal rights in spite of shrewd, dogged work by Michigan’s Rep. Martha Griffiths, and folks like Ida Phillips and attorney Reese Marshall.

Didn’t have enough time to cover China. Guess you now what I’ll tackle tomorrow, see you then.

Monday: Gotta’ Catch ‘Em All

[NB: Embedded video contains adult language NSFW]

I had a very disturbing conversation with some 18-to-20-somethings this weekend about privacy and networked communications. I can’t decide if I’m pissed off or terrified that these particular youngsters believed:

  • Most young people their age don’t care if their privacy has been compromised;
  • If they care at all, they believe it’s not a big deal, there’s little danger because they can just shut off the GPS/location and voice features on their phones;
  • This is the way it is with technology and there’s no way to change the status quo.

I know for certain not all youngsters in this age group feel this way, but what set this particular group apart is their privilege. They are going to school in business and education at some of the best schools in the country. Their educations are paid for in full and they know they have jobs waiting for them. Their political heritage is conservative — anti-tax, pro-business, with a Christian fundamentalist spin. They are the next generation of elected officials because they can afford to run for office.

They are what a well-to-do public school district created, and what will come out of a top ten business school: people who don’t give a shit about anybody else’s needs for privacy, because they simply don’t see any risks to their way of life.

The entire conversation began because they were questioning my opsec habit of covering my cellphone camera lenses. When I pushed back about their habit of waving their phones around without any respect for others’ privacy, the topic rapidly went south. It didn’t matter, nobody was following them, they didn’t need to worry; whoever wanted to track them already had all their information anyhow. And still not a lick of concern about anybody else’s privacy, safety and security, free speech, freedom from unwarranted seizure…

And now comes Pokémon Go, the augmented reality mobile device game which this particular cohort had yet to play with on their cellphones. I’m sure they’ve since loaded on their phones without a second thought about the gross failure of Pokémon Go’s privacy policy let alone its ridiculously broad request for device permissions.

Stay away from me, kids. Far, far away. Go ahead and give me a hard time again about protecting privacy rights. Treat me like an old lady yelling at you to stay off my lawn, and I’ll find somebody to tell your super-conservative mother what kind of porn you’ve surfed while you claim you’re at the library studying on her dime. I’m sure I can get somebody to do it for the price of a Pokéstop lure and a Clefairy water Pokémon.

Meanwhile, protesters documenting civil rights abuses by hyper-militarized police have risked their freedom and lives doing so. Like the protesters and reporters seen in the short video taken of Baton Rouge Police arresting protesters gathered peacefully on private property yesterday, forcing their way into a private home and pushing around its residents. Or Ramsey Orta, who videoed the chokehold death of Eric Garner, harassed repeatedly by NYPD since then and jailed, or Chris LeDay’s suspicious arrest after he posted video of Alton Sterling’s murder by Baton Rouge police. These citizens and the journalists who covered them are surely concerned about their privacy and the chilling effect on their free speech a lack of privacy protections will cause for them as individuals and as activist groups and news outlets.

And it’s these people those privileged 18-to-20-somethings I spoke with will never consider as they navigate their way through the rest of college and into the business world. It’s no wonder they believe there’s no way to change the status quo; they aren’t taught to think outside the tight confines of their safe little world nor do they face any threats inside their narrow groove.

I grieve for the future.

FIVE DAYS
That’s all that’s left for in-session days on the U.S. House calendar for July. I see nothing in the remaining schedule directly related to the Flint Water Crisis. Only California’s ongoing water shortage will have a hearing. While the House fiddles, Flint area nonprofits continue to raise money to buy bottled water for city residents. The city water system is allegedly safe, but we all know the entire city is riddled with damaged pipe causing one Boil Water Notice so far this summer. Lead pipes continue to service homes. The roughly 8000 children poisoned so far don’t need even a smidgen more lead from those water lines. But All Lives Matter, right?

I hope every journalist covering an incumbent’s House or Senate campaign will ask what the candidate has done while in office to address both Flint’s GOP-inflicted man-made catastrophe and future crises of a similar nature given underfunded EPA mandates for clean drinking water and equally underfunded infrastructure replacement.

Don’t even get me started on Congress’ weak gestures on Zika, especially after the first Zika-related death in the U.S. this past week and ~1133 patients who’ve tested positive for Zika, including ~320 pregnant women. Zero effort to encourage birth control among at-risk population, let alone adequate warning to the public that unprotected sex as well as mosquitoes spread the disease.

Po po no no

  • Suspect fires on Houston police during 7-hour showdown; SWAT team subdues him using gas (KTRK) — Look, ma, no deadly force! Gee, I wonder what the suspect’s race/ethnicity is?
  • Tiny study without peer review based on unreliable data claims whites shot as often as blacks by police (NYT) — Harvard researcher looked at 1,332 shootings by 10 police departments in Florida, Texas, and California across fifteen years to come up with this swagged conclusion. There was so much wrong with this I don’t even know where to begin. Even the lead researcher’s personal experience suggests there’s a problem with the data. The New York Times simply regurgitates this without any push back. After all the video evidence we’ve seen since Ferguson, should we really believe police-supplied data from such a small sample of nearly 18,000 police departments? We really need a mandatory collection of data from all police departments based on standardized methods combined with an audit. There’s more accountability in banking than there is in police use of force — and we all know how that turned out after 2008’s crash.
  • Dallas shooter was ‘changed’ by military service (The Blaze) — Once interested in becoming a police officer, formerly happy extrovert Micah Johnson became withdrawn, disappointed during his military service. Wonder if he suffered from untreated PTSD and depression after leaving the military? Wonder how many law enforcement officers likewise were former military who sublimated their post-service frustrations? Are we doing enough to help former service persons ease back into civilian life?

Enough. I’m already wishing for Tuesday.

Friday (somewhere): Why

More stuff broken and worse than I expected.

Rather an understatement, that. This week has been a massive case of broken.

Other broken things

Wishing us all a better weekend. Be kind to each other and fix something broken.

Wednesday: Mend

Repair Day here, can’t spend much time reading or writing as I’ll be tied up mending things. Enjoy a little mellow Foo Fighters’ tune — can’t handle metal rock today or I’ll end up HULK SMASHing things I’m supposed to fix.

Here’s a range of topics which deserve more attention:

UK’s Chilcot report released today (Guardian-UK) — [Insert lengthy string of epithets here, circa 2003] I’m sure one of the other team members here at emptywheel will elaborate more effectively on the ugliness in the report and on former Prime Minister Tony Blair‘s continued lies rationalizations for military intervention in Iraq over alleged 9/11 terrorists and non-existent nuclear weapons. His self-flagellation and tepid mea culpa are pathetic, like watching a wee gnat flailing on an elephant’s ass. Thirteen years later, Iraq has become a training ground for terrorists. Self-fulfilling prophecy, much?

The full Chilcot report can be found here. The Guardian is working on a collaborative evaluation of the same.

BreachedDataSweetSpot_06JUL2016Hookup site Ashley Madison under investigation by FTC (Reuters) — Not clear exactly what FTC’s focus is, whether they are looking primarily at the data breach or if they are looking into the misleading use of “fembot” AI to chat up potential customers. Though the article’s characterization of the business as a “discreet dating site” cracks me up, I’m still concerned about the potential risks involved with a breach, especially since other breached data make Ashley Madison’s data more valuable. Like in this Venn diagram; if you were a foreign agent, which breached data would you mine most carefully?

French Parliament released its inquiry into November terrorist attacks (20 Minutes) — Six months after the attack at the Bataclan and in the streets of Paris, representatives of the Parliamentary inquiry spoke yesterday about the inquiry’s findings:

  • Poor cooperation between intelligence functions — In spite of consolidation of General Intelligence and Directorate of Territorial Surveillance under the Central Directorate of Internal Intelligence in 2008 and then the Directorate General of Internal Security (ISB) in 2014, there were gaps in hand-offs between functions.
  • Ineffective collection and sharing of prison intelligence — The ISB did not have information from Justice (the prison service) about the relationships between incarcerated radical Islamists nor information about targets’ release from custody.
  • Poor cooperation between EU members and EU system gaps — Fake Syrian passports should have been caught by the EU’s Frontex at external borders to EU, and Frontex has no access to data collected by police and intelligence services internal to the EU.
  • Gaps in jurisdiction — Not all law enforcement was engaged as they should have been during the November attack, and when engaged, not where they should have been.
  • Victims and families treated inadequately — Some families were told they were “ineligible” to be notified of their relatives’ deaths. Forensic Institute was swamped by the volume of work. At least one victim tried to call the police; they hung up on the victim because she whispered on the phone.

It’s not clear what steps the French will take next to fix these problems identified after looking at 2015’s January and November terrorist attacks, though it is reassuring to see a relatively detailed evaluation. Some of the suspects involved in both the November attacks in Paris and in Brussels are still being rounded up and bound over for prosecution; two were handed over by Belgium to France just this week. The full Parliamentary inquiry report will be released next week.

NHTSA informed by Tesla of self-driving car accident 9 days later (Reuters) — The delay in reporting may have misled investors in advance of Tesla’s offer for SolarCity suggest reports, including one by Fortune magazine. To be fair, I don’t think all the details about the accident were fully known immediately. Look at the condition of the vehicle in the Reuters’ report and the Florida Highway Patrol report; the FHP’s sketch of the accident site doesn’t automatically lead one to think the accident was induced by distracted driving or by auto-pilot. Can’t find the report now, but a DVD player was found much later; it was this device which revealed the driver’s last activities. How did the FHP’s report make its way to Tesla? And as Tesla responded, with one million auto accidents a year, not every accident is reported to the NHTSA. Begs the question: should all self-driving car accidents be automatically reported to the NHTSA and their automakers, and why?

‘Zero Days’ documentary on Stuxnet out this Friday (Flavorwire) — If director Alex Gibney can make this subject exciting to the average non-technical schmoe, hats off. It’s a challenge to make the tedium of coding exciting to non-coders, let alone fluff process control equipment. This is a really important story with a very long tail; hope Gibney was able to do it justice.

EIGHT DAYS in session left in U.S. House of Representatives’ July calendar. Hearing about EPA scheduled this morning, but I don’t think it had anything to do whatsoever with Flint Water Crisis.

Okay, that’s enough to get you over the hump, just don’t break anything on the way down. I’m off to go fix stuff.

Tuesday: Rubbish

This won’t be everybody’s cup of matcha and may not offer an optimum listening experience for most business offices. Today’s kick-in-the-seat to start the week is a Japanese rock genre at the intersection of glam rock and black metal. Visual kei rock combines glam’s signature elements with black metal’s dark, heaviness. Some say punk influences visual kei but I really don’t see or hear it. Depending on the song, death metal is far more likely to leak through both in sound and appearance.

For a little lighter variant — more pure metal than glam or black — try this live performance from Vistlip. The relationship between visual kei and both anime and video games is quite obvious. Want a little estrogen-loaded visual kei? Try exist trace’s Daybreak; it, too, is not as dark and heavy, though the band can still hammer really black tunes.

Now that the kick in the ass has been locked and loaded…

NINE DAYS
Including today, that’s the total number of days booked as in session on the U.S. House of Representatives’ business calendar for July, of which only six days have events scheduled.

Can’t see anything farther out. And of the events booked so far, nothing appears for the benefit of the Flint Water Crisis. Roughly 8000 lead-poisoned kids completely forgotten.

Michigan’s state house has a mess of stuff on the calendar, but none of it clearly marked in reference to Flint Water Crisis. I imagine that hack Rep. Pscholka may have something buried in the items labeled “zero budget.”

Brexit buffoonery
Whenever I get really upset with the condition of our state and federal governance, I can just take a look across the pond. The back-stabbing drama surrounding the future leadership of the Conservative Party and the Prime Minister’s office looks like a mashup of House of Cards and Game of Thrones minus dragons. I’ll let Christoph Waltz speak for me about the resignation of Ukip’s Nigel Farage this weekend. I fear, though, that U.S. politics will take the Brexit debacle as a prompt going into the general election.

  • Pound fell to lowest level post-Brexit vote (France24) — The perceived inability for either the Conservatives or Labour parties to organize its leadership let alone steer out of Brexit weighs on business. Let’s say Marcy’s right and the Brits manage to put the brakes on this: when and how will that happen? The lack of direction and specificity between now and sometime after September’s next UK election costs money.
  • Apple stock could take a hit because of Brexit (Bloomberg) — Folks may update their iPhones more slowly due to economic pressures, says Citigroup analyst. IMO, it’s not the updates that will hurt Apple’s income as much as currency fluctuations. Was Apple able to hedge its financial holdings adequately against the abrupt drop in GBP value?
  • EU to spend $2B on public+private cybersecurity efforts (The Register) — Will UK be omitted from this spending plan altogether, AND will the EU begin to treat the UK as a potential cybersecurity risk in whatever plans it develops?

Automotive Uh-oh

Cyberia

  • Second “Fappening” hacker will plead guilty (NYMag) — Finally! It only took two years reach this point in prosecution of hacker who phished celebrities accounts for nude photos. But phishing corporations is a threat to the public’s security, while phishing women’s Gmail and iCloud accounts isn’t a threat to anybody, right? Because women’s bodies and personal information aren’t valuable nor is systematically invading their privacy terrorizing. Ugh. Gender bias in law enforcement.
  • Advocacy groups file rulemaking petition with FCC on automakers’ use of Direct Short Range Communication (DSRC) (PublicKnowledge.org) — Automakers are standardizing AI systems around DSRC; two groups want the FCC to

    • Limit DSRC to life and safety uses only. The auto industry plans to take spectrum allocated for safety of life and monetize it with advertising and mobile payments. This compromises cybersecurity and potentially violates the privacy of every driver and passenger.
    • Require automakers to file a cybersecurity plan before activating DSRC systems. This plan should not only show that auto manufacturers have taken appropriate precautions today, but explain how they will update security over the life of the vehicle.
    • Data transparency and breach notification. Auto manufacturers must inform purchasers of DSRC-equipped cars what personal information they collect and how they will use that information. In the event of a data breach, the manufacturer collecting the information must notify the customer.

  • Conficker malware found widely in internet-enabled medical equipment (Threatpost) — Medical facilities still aren’t taking adequate measures to ensure internet-enabled equipment remains unattached from the internet, safe from other forms of injection (like USB ports), and free of malware. Devices like dialysis pumps and diagnostic equipment for MRIs and CT scans are infected. Same security gaps also led to leak of 655,000 patients’ data over the internet two weeks ago.

Man, even in this heat this snowball just doesn’t want to stop once it starts rolling down the hill. At least it’s a short week. See you tomorrow!

1 2 3 54