Pete Recommends – Weekly highlights on cyber security issues, December 9, 2023

Subject: Outdated Password Practices are Widespread
Source: Georgia Tech via ACM TechNews viaRISKS Digest
https://catless.ncl.ac.uk/Risks/33/95/#subj24.1

ACM TechNews <[email protected]> Wed, 22 Nov 2023 10:48:11 -0500 (EST)

Georgia Tech Research, 17 Nov 23). via ACM TechNews A majority of the world’s most popular websites are putting users and their data at risk by failing to meet minimum password requirement standards, according to researchers at the Georgia Institute of Technology (Georgia Tech). The researchers analyzed 20,000 randomly sampled websites from the Google Chrome User Experience Report, a database of 1 million websites and pages. Using a novel automated tool that can assess a website’s password creation policies, they found that many sites permit very short passwords, do not block common passwords, and use outdated requirements like complex characters. Georgia Tech’s Frank Li said security researchers have “identified and developed various solutions and best practices for improving Internet and Web security. It’s crucial that we investigate whether those solutions or guidelines are actually adopted in practice to understand whether security is improving in reality.”

NB see also: https://www.usenix.org/conference/usenixsecurity23/presentation/al-roomi

Subject: Social media gets teens hooked while feeding aggression and impulsivity, and researchers think they know why
Source: CBC News
https://www.cbc.ca/news/health/smartphone-brain-nov14-1.7029406

Kids who spend hours on their phones scrolling through social media are showing more aggression, depression and anxiety, say Canadian researchers.Emma Duerden holds the Canada Research Chair in neuroscience and learning disorders at Western University, where she uses brain imaging to study the impact of social media use on children’s brains.

She and others found that screen time has fallen just slightly from the record 13 hours a day some Canadian parents reported for six- to 12-year-olds in the early months of the COVID-19 pandemic. “We’re seeing lots of these effects. Children are reporting high levels of depression and anxiety or aggression. It really is a thing.”

When parents said their children spend more time on screens and the grownups are stressed, then anxiety and depression scores in the kids also increase. “Absolutely, I think this is a public health issue,” Duerden said when asked about her findings and those of others.

Just as serotonin dips when we’re hangry — hungry and angry at the same time — screen time can also strongly influence the brain’s reward system that is key to decision-making. “It could be that there’s an actual depletion in serotonin,” Duerden explained. “There’s this imbalance and that’s how it could be mediating aggression in children.” Levels of other neurotransmitters like dopamine also matter.

Struggle to focus…Constant stimulation – “They can’t focus during exams because they’re so used to scrolling on TikTok or looking through their phone,” Kent said. “They’re so used to having that constant stimulation that when it comes to focus, they really struggle.”

Related Stories

Filed: https://www.cbc.ca/news/health

Subject: Privacy First: A Better Way to Address Online Harms
Source: EFF
https://www.bespacific.com/privacy-first-a-better-way-to-address-online-harms/

EFF: “State, federal, and international regulators are increasingly concerned about the harms they believe the internet and new technology are causing. The list is long, implicating child safety, journalism, access to healthcare data, digital justice, competition, artificial intelligence, and government surveillance, just to name a few. The stories behind them are important: no one wants to live in a world where children are preyed upon, we lose access to news, or we face turbocharged discrimination or monopoly power. This concern about the impact of technology on our values is also not new—both serious concerns and outsized moral panics have accompanied many technological developments. …Contents

Executive Summary
Breaking it Down: What Does Comprehensive Data Privacy Legislation Look Like?
Sketching the Landscape: What Real Privacy Protections Might Accomplish
Protecting Children’s Mental Health
Supporting Journalism
Protecting Access to Healthcare
Fostering Digital Justice
Alleviating Generative AI Anxiety
Inhibiting Foreign Government Surveillance
Clearing Space for Competition
Conclusion

Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.

Subject: Teen girls are being victimized by deepfake nudes. One N.J. family is pushing for more protections
Source: AP via WHYY
https://whyy.org/articles/teen-girls-victimized-deepfake-nudes/

The disturbing cases have put a spotlight yet again on explicit AI-generated material that overwhelmingly harms women and children and is booming online at an unprecedented rate. According to an analysis by independent researcher Genevieve Oh that was shared with The Associated Press, more than 143,000 new deepfake videos were posted online this year, which surpasses every other year combined. Desperate for solutions, affected families are pushing lawmakers to implement robust safeguards for victims whose images are manipulated using new AI models, or the plethora of apps and websites that openly advertise their services. Advocates and some legal experts are also calling for federal regulation that can provide uniform protections across the country and send a strong message to current and would-be perpetrators.

Several states have passed their own laws over the years to try to combat the problem, but they vary in scope. Texas, Minnesota and New York passed legislation this year criminalizing nonconsensual deepfake porn, joining Virginia, Georgia and Hawaii who already had laws on the books. Some states, like California and Illinois, have only given victims the ability to sue perpetrators for damages in civil court, which New York and Minnesota also allow. …

Subject: Gmail is now much better at detecting spam following major upgrade
Source: Android Central
https://www.androidcentral.com/apps-software/google-improves-gmail-spam-detection

What you need to know

  • Gmail now features a new text vectorizer called RETVec, which results in 38% better spam detection.
  • Text vectorizers help identify letters and symbols in emails and are sorted as spam accordingly.
  • Some spam senders manipulate letters and symbols, use homoglyphs, add invisible characters, and use keyword stuffing to try and bypass spam filters.

Filed: https://www.androidcentral.com/apps-software

Subject: Automakers’ data privacy practices “are unacceptable”
Source: Ars Technica
https://www.bespacific.com/automakers-data-privacy-practices-are-unacceptable/

Ars Technica: “US Senator Edward Markey (D-Mass.) is one of the more technologically engaged of our elected lawmakers. And like many technologically engaged Ars Technica readers, he does not like what he sees in terms of automakers’ approach to data privacy. On Friday, Sen. Markey wrote to 14 car companies with a variety of questions about data privacy policies, urging them to do better. As Ars reported in September, the Mozilla Foundation published a scathing report on the subject of data privacy and automakers. The problems were widespread…

Ars filed: https://arstechnica.com/cars/

RSS: https://arstechnica.com/cars/feed/

Other RSS: https://arstechnica.com/rss-feeds/

Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.

Subject: A Bold New Plan for Preserving Online Privacy and Security
Source: IEEE Spectrum
https://spectrum.ieee.org/data-privacy

Decoupling our identities from our data and actions could safeguard our secrets.

Whether we like it or not, we all use the cloud to communicate and to store and process our data. We use dozens of cloud services, sometimes indirectly and unwittingly. We do so because the cloud brings real benefits to individuals and organizations alike. We can access our data across multiple devices, communicate with anyone from anywhere, and command a remote data center’s worth of power from a handheld device.

But using the cloud means our security and privacy now depend on cloud providers. Remember: The cloud is just another way of saying “someone else’s computer.” Cloud providers are single points of failure and prime targets for hackers to scoop up everything from proprietary corporate communications to our personal photo albums and financial documents.
The risks we face from the cloud today are not an accident.

We’re all hoping that companies will keep us safe, but it’s increasingly clear that they don’t, can’t, and won’t. We should stop expecting them to.

Our message is simple: It is possible to get the best of both worlds. We can and should get the benefits of the cloud while taking security back into our own hands. Here we outline a strategy for doing that.

What is decoupling?

The decoupling principle applies that idea to cloud services by making sure systems know as little as possible while doing their jobs. It states that we gain security and privacy by separating private data that today is unnecessarily concentrated.

“We’re all hoping that companies will keep us safe, but it’s increasingly clear that they don’t, can’t, and won’t. We should stop expecting them to.”

This article appears in the December 2024 print issue.

From Your Site Articles
Related Articles Around the Web

Tags:
cloud computing
computer security
data privacy

LinkedIn
Posted in: Cyberlaw, Cybersecurity, Education, Email Security, Healthcare, Pornography, Privacy, Social Media