Pete Recommends – weekly highlights on cyber security issues – April 9 2018

Subject: ProtonMail Launches a Shorter Email Domain and Other New Features for Encryption Lovers
Source: Gizmodo
https://gizmodo.com/protonmail-launches-a-shorter-email-domain-and-other-ne-1824216893

[h/t Elliott]

This is biggest update to ProtonMail, which uses end-to-end encryption and open source cryptography, since December, when it rolled out a new bridge tool that allowed users to integrate with Thunderbird, Microsoft Outlook, and Apple Mail, a change the company hoped would bring many new users into the fold—mostly those who haven’t learned PGP but remain interested in the security strong email encryption affords.


Subject: Facebook’s Cambridge Analytica problems are nothing compared to what’s coming for all of online publishing
Source: Doc Searls Weblog (Harvard)
https://blogs.harvard.edu/doc/2018/03/23/nothing/

Let’s start with Facebook’s Surveillance Machine, by Zeynep Tufekci in last Monday’s New York Times. Among other things (all correct), Zeynep explains that “Facebook makes money, in other words, by profiling us and then selling our attention to advertisers, political actors and others. These are Facebook’s true customers, whom it works hard to please.”

Irony Alert: the same is true for the Times, along with every other publication that lives off adtech: tracking-based advertising. These pubs don’t just open the kimonos of their readers. They bring readers’ bare digital necks to vampires ravenous for the blood of personal data, all for the purpose of aiming “interest-based” advertising at those same readers, wherever those readers’ eyeballs may appear—or reappear in the case of “retargeted advertising.”

Blog RSS feed – https://blogs.harvard.edu/doc/feed/


Subject: Chrome Cleanup Tool on Windows PCs is scanning for malware
Source: Motherboard via beSpacific
https://www.bespacific.com/chrome-cleanup-tool-on-windows-pcs-is-scanning-for-malware/

As the head of Google Chrome security Justin Schuh explained on Twitter, the [Chrome CleanupTool’s] “sole purpose is to detect and remove unwanted software manipulating Chrome.” Moreover, he added, the tool only runs weekly, it only has normal user privileges (meaning it can’t go too deep intothe system), is “sandboxed” (meaning its code is isolated from other programs), and users have to explicitly click on that box screen shotted above to remove the files and “cleanup.”

Subjects: Cybercrime, Cybersecurity, Internet, Privacy


Subject: This Is So Much Bigger Than Facebook Data misuse is a feature, not a bug—and it’s plaguing our entire culture (Ethan Zuckermann)
Source: The Risks Digest
http://catless.ncl.ac.uk/Risks/30/64/#subj5

Ethan Zuckermann, *The Atlantic*, 23 Mar 2018
https://www-theatlantic-com.cdn.ampproject.org/c/s/www

After five days of silence, Mark Zuckerberg finally acknowledged the massive data compromise that allowed Cambridge Analytica to obtain extensive psychographic information about 50 million Facebook users. His statement,which acknowledged that Facebook had made mistakes in responding to thesituation, wasn’t much of an apology—Zuckerberg and Facebook have repeatedly demonstrated they seem to have a hard time saying they’re sorry.

For me, Zuckerberg’s statement fell short in a very specific way: He’s treating the Cambridge Analytica breach as a bad-actor problem when it’s actually a known bug.


Subject: How to deal with life’s risks more rationally
Source: The Conversation US
https://theconversation.com/how-to-deal-with-lifes-risks-more-rationally-94366

In part, that’s because we’re all risk analysts, continually weighing the costs and benefits of every decision we make. The problem is, most of us aren’t actually that good at it. As an economist, I thought it would be interesting to explore how we weigh risk in our daily lives – and how we might be able to do it more accurately.

We spend a great deal of time making decisions with at least a little risk involved. Some of them are relatively ho-hum, such as what to wear to work with a minor risk of a colleague wearing the same outfit, while others are potentially fatal, such as whether to sprint across the street when the sign says “don’t walk.”

Scholars call the odds of something happening multiplied by the cost or payoff the “expected value” of a situation. This explains, for example, why so many people run red lights.

Expected value requires estimating the odds that something might occur. However, when behavioral science pioneers Daniel Kahneman and Amos Tversky studied how humans actually estimate probabilities they found people have poor judgment calculating actual probabilities. In general, humans overstate the likelihood of rare events occurring, underestimate the chance common events will happen, and overvalue certainty.

Kahneman and Tversky created a new model called “prospect theory,” which is more sophisticated than the expected value model. Prospect theory combines the ideas of loss aversion and over and underweighing odds to help people calculate the expected value of an impending decision that matches how people actually think.

tagged:

Explainer

Risk

risk taking

Risk assessment

Risks

Behavioral economics

Risk Perception


Subject: Is It Illegal to Trick a Robot?
Source: Slashdot
https://slashdot.org/story/18/03/31/1615245/is-it-illegal-to-trick-a-robot

Can you get into trouble under anti-hacking laws for tricking machine learning…? A new paper by security researchers and legal experts asks whether fooling a driverless car into seeing a stop sign as a speed sign, for instance, is the same as hacking into it.

NB RSS site feed:
http://rss.slashdot.org/Slashdot/slashdotMain


Subject: Rise in Ransomware Attacks Actually Led to Fewer Exposed Records, IBM Discovers
Source: Gizmodo
https://gizmodo.com/rise-in-ransomware-attacks-actually-led-to-fewer-expose-1824993483

Notwithstanding, 2017 also saw an unprecedented 424 percent increase in breaches caused by misconfigured cloud storage devices, which the researchers attributed mostly to human error. More often now, configuration mistakes by careless employees are doing hackers’ work for them.

Of the records tracked by IBM, nearly 70 percent were leaked due to the inadvertent activities of owners, reflecting a “growing awareness among cybercriminals of the existence of misconfigured cloud servers.”

Additionally, researchers found that roughly a third of all security incidents caused by “inadvertent activity” were driven by phishing attacks. The bulk of the attacks are not highly targeted, but launched en mass as spam. Over one four-day period, IBM reports, criminals sent 22 million emails using the infamous Necurs botnet, the largest purveyor internet botnet spam worldwide.


Subject: Practical Approaches to Big Data Privacy Over Time
Source: The Berkman Klein Center via beSpacific
https://www.bespacific.com/practical-approaches-to-big-data-privacy-over-time/

“The Berkman Klein Center is pleased to announce a new publication from the Privacy Tools project, authored by a multidisciplinary group of project collaborators from the Berkman Klein Center and the Program on Information Science at MIT Libraries. This article, titled “Practical approaches to big data privacy over time,” analyzes how privacy risks multiply as large quantities of personal data are collected over longer periods of time, draws attention to the relative weakness of data protections in the corporate and public sectors, and provides practical recommendations for protecting privacy when collecting and managing commercial and government data over extended periods of time.

Subjects: EU Data Protection, Intellectual Property, Knowledge Management, Privacy


Subject: Amazon customers are freaking out after their accounts were closed — and they say it reveals the dark side of the company’s ‘totalitarian power’
Source: Business Insider
http://www.businessinsider.com/amazon-account-closing-shows-dark-side-of-growth-2018-4

Over the last week, Amazon has closed hundreds to thousands of customers’ accounts with no warning. The outcry was immediate, with furious customers organizing online and threatening class-action lawsuits against the company.

The backlash may seem out of proportion to some. What’s the big deal about not being able to use one website in a massive retail market?

However, as many customers quickly realized, packages are just the smallest piece of what Amazon controls as the company’s tentacles extend throughout modern life.

Fall-outs of a deactivated account could include:

tagged:   Retail Amazon Amazon Prime

Posted in: Big Data, Cybercrime, Cybersecurity, Privacy
CLOSE
CLOSE