Issue V2#48 represents the 100th publication of the column Pete Recommends – Weekly highlights on cyber security issues column here on LLRX.
Each posting is from my (longer) email security Newswire which is a LISTSERV-based distribution list. For the most part, each item is selected from various security, privacy, and cyber-related RSS feeds.
The postings for each weekly column are edited and curated by Sabrina I. Pacifici, solo founder/editor/publisher of LLRX.
The sources for each posting are referenced at the beginning of each summary and include information at the end of the summary that provides additional content and content – both on the web and via RSS feeds.
The full archives of Pete Recommends and some other topics including RSS usage can be found here: https://llrx.com/author/pete-
Of course it too, has an RSS feed: https://llrx.com/author/pete-
Regards,
Pete Weiss, Penn State, Systems Engineer for Teleprocessing, retired.
Source: NBC News
https://www.nbcnews.com/tech/
The accounts pushed anti-impeachment and pro-Trump messages while otherwise posing as everyday Americans. Sometimes the accounts featured obvious errors. One moderator of a popular “BL” page was named “Ellen Dancey,” but featured an AI-generated face of a man. Dancey’s sole post to his profile page read “Hello, wellcom to my face book.”
Gleicher said using the AI-generated faces was more likely to get the bad actors caught than to help mask their identities.
“We detected these accounts because they were engaged in fake behavior. Using AI generated profiles as a way to make themselves look more real doesn’t actually help them,” Gleicher said, adding the fake profiles were more likely to trip automatic sensors of fake accounts. “The biggest takeaway here is the egregiousness of the network in using fake identities.”
Stephen Gregory, publisher of the U.S. editions of The Epoch Times, said in a statement that Epoch Media Group has no connection to BL, noting that it is a part of Epoch Times Vietnam.
Source: WIRED
https://www.wired.com/story/
- The mad scientist who wrote the book on how to hunt hackers
- Why Ring doorbells perfectly exemplify the IoT security crisis. It’s beginning to look a lot like the end of the year in cybersecurity! In an interview with the Pentagon’s artificial intelligence honcho, we looked forward at how AI will intersect with warfare in the future—and the many unresolved questions that raises. And in an interview with venerated author Cliff Stoll, we took a look back a historic moment in cybersecurity.We detailed how popular conference room video displays can be hacked, and how WhatsApp group chat security still needs a little work.5G is coming, and while it’ll be more secure than 4G it’s still not perfect. Chrome will check your passwords to make sure they’re not already in some data breach somewhere. And set aside some time to read this tale of an Army veteran who thought he found romance on a dating site—but ran into a terrifying scam instead.And there’s still more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but think you should know about nonetheless. Click on the headlines to read them, and stay safe out there….
- Category: https://www.wired.com/
category/security/
https://www.wired.com/feed/security/rss
Source: The New York Times
https://www.nytimes.com/2019/
To what extent is gifting a DNA test also a present for law enforcement?
So what do these developments mean for that DNA kit sitting under your Christmas tree? Men’s Journal calls them “one of the hottest gifting ideas,” and US Weekly promises that “they’re going to love it, no matter how tough of a critic they are.” But is using one of these kits also opening the door to letting the police use your DNA to arrest your cousin?
The answer in this rapidly evolving realm depends largely on which sites you join and the boxes you check off when you do. And even if you never join any of these sites, their policies could affect you so long as one of your 800 closest relatives has.
Longer answer: Each of these databases is big enough to identify nearly all 300 million Americans’ DNA through their cousins, researchers have found. This makes them a tantalizing tool for law enforcement officials, who say the data could help them solve thousands of violent crimes and identify unknown victims if only they could put a name to associated DNA.
To identify a suspect’s blood, for example, investigators do not need to find the person who cut his hand smashing through a window. They just need to match to a couple of his second or third cousins in a DNA database. From there, a genetic genealogist can puzzle out how these cousins are related to one another and the suspect by building out a series of family trees. Often this leads to an arrest.
Source: Slashdot
Subject: Fake and dangerous kids products are turning up for sale on Amazon
Source: CNN Wire via WPMT FOX43
https://fox43.com/2019/12/23/
Under current US case law, Amazon is not liable when third-party products sold on its site directly infringe on intellectual property or have safety defects. The liability lies with the third-party seller. This is fundamentally different from how the law treats brick-and-mortar retailers like Target or Walmart or even your corner grocery. If you find a product at a physical store that infringes on your trademark, or you buy something defective there, you can sue the store even though they didn’t make the product. Counterfeits are a problem for many ecommerce platforms, not just Amazon, but Amazon is the world’s largest ecommerce platform and its dominance is growing.
Source: Gizmodo
https://gizmodo.com/rings-
At least two tech review sites are discussing whether to rescind their positive recommendations of Ring’s home surveillance cameras, a leading digital-rights organization announced this week. In the wake of reporting by Gizmodo and other outlets this year concerning Ring’s troubled security and privacy practices, Fight for the Future has launched a campaign calling on tech review sites, such as Consumer Reports and PC Magazine, to suspend recommending Ring products.
“Tech reviews and guides play an important role in people deciding which devices to buy,” said Evan Greer, deputy director of Fight for the Future.
Ring has placed the blame for these incidents on the device owners themselves, saying they failed to adopt unique passwords or make use of the two-factor authentication security feature offered by the company. Ring otherwise says its devices are helping to curb crime in neighborhoods by dissuading package thieves and would-be burglars.//
A group of U.S. senators—worried that control of Amazon’s vast surveillance network could fall into the hands of hackers and foreign spies—expressed their concerns about Ring to Amazon CEO Jeff Bezos in a letter last month. “Ring devices routinely upload data, including video records, to Amazon’s servers. Amazon therefore holds a vast amount of deeply sensitive data and video footage detailing the lives of Americans in and near their homes,” the letter said.
…
More from Gizmodo:
- Ring Sure Does Have a Lot of Password Leaks That Are Entirely Your Fault
- ‘I Slept With My Gun’: What It’s Like to Get Your Ring Camera Hacked
- Website Calls for Investigation of Ring, Gets Blocked by Facebook
- tagged https://gizmodo.com/tag/
surveillance-tech/rss
Source: Axios via beSpacific
https://www.bespacific.com/
Axios – Momentum for smart cities projects, which has been fed by big promises from industry and big hopes in government, is slowing down in the face of a wave of public skepticism.
Driving the news: Alphabet-owned Sidewalk Labs, which has proposed a futuristic smart-city development for Toronto’s waterfront, has pledged not to sell personal data collected at the project or use it for advertising to assuage privacy concerns. Instead, if the plan is approved, local government entities will take the lead on managing data.
Context: “The U.S. has a general optimism that technology can make our lives easier if used in right way. But that’s countered by mistrust of intentions or capabilities of state and local governments,” said Todd Daubert, chair of the communication and technology practice at Dentons, a law firm that works on smart city developments. There’s also distrust of the tech companies that see cities as a huge market for selling their data-guzzling tools.
…
beSpacific Subjects: E-Commerce, E-Records, Economy, Internet, Knowledge Management, Legal Research, Privacy, Social Media
Axios RSS: https://api.axios.com/feed/
Subject: Smart Home Tech, Police, and Your Privacy: Year in Review 2019
Source: ETF via beSpacific
https://www.bespacific.com/
EFF: “If 2019 confirmed anything, it is that we should not trust the microphones and cameras that large corporations sell us to put inside and near our homes. Thanks to the due diligence of reporters, public records requesters, and privacy researchers and activists, consumers have been learning more and more about how these “smart” home technologies can be hacked, exploited, or utilized by the police and other law enforcement agencies. Because many technologies that record audio and video store their data on a cloud maintained by the company, police can gain access to stored content by presenting a warrant to those companies—bypassing consumers altogether. For instance, in November, police in Florida obtained a warrant for the recordings from an Amazon Echo that may have overheard a crime. This means that whether people think their Alexa is listening or not, their Alexa could be listening. Because Amazon stores and maintains that data, things said in the device’s presence can be made accessible to police via a warrant presented to the company…”
Source: Business Insider
https://www.businessinsider.
- Home camera maker Ring and parent company Amazon have been sued in federal court in California over claims that they failed to protect users’ privacy and security.
- The lawsuit alleges that, as a manufacturer of security products, Ring failed to meet its “most basic obligation by not ensuring its Wi-Fi enabled cameras were protected against cyber-attack.”
- It also argues that Ring and Amazon sought to avoid responsibility by blaming users for not implementing proper security measures despite knowing the risks of not requiring things like two-factor authentication.
Home security camera maker Ring and parent company Amazon are facing a lawsuit in federal court that claims that they failed to implement proper security measures in their products, leaving users vulnerable to cyberattacks.
…
More: Ring Amazon Lawsuits Hacks
Source: Route Fifty
https://www.routefifty.com/
COMMENTARY | The growing use of artificial intelligence will offer cities more advanced methods to detect safety and security threats. In 2018, the Center for Homeland Defense and Security reported 110 K-12 school shooting incidents. That’s more than twice as many as the year prior and a record high since the center began compiling data on school shootings in 1970. Alarming statistics like these signal that it’s time to examine the old methods of detecting and mitigating danger in schools and other municipal infrastructure with a more critical eye.
Cities are beginning to recognize the need for newer, more technologically advanced methods of detecting both violent and nonviolent threats—and that also means reevaluating previous advances by asking how can we embrace new technology.
The revolution in artificial intelligence over the last few years has fueled the development of new security methods. Three new technologies, in particular, can help keep cities, residents and municipal buildings safer…
…
filed in: