Why the crypto-backdoor side is morally corrupt

Crypto-backdoors for law enforcement is a reasonable position, but the side that argues for it adds things that are either outright lies or morally corrupt. Every year, the amount of digital evidence law enforcement has to solve crimes increases, yet they outrageously lie, claiming they are “going dark”, losing access to evidence. A weirder claim is that  those who oppose crypto-backdoors are nonetheless ethically required to make them work. This is morally corrupt.

Card Data Stolen From 5 Million Saks and Lord & Taylor Customers

Hudson’s Bay said on Sunday that data from card payments in some of its Saks and Lord & Taylor stores in North America had been compromised. From a report: A well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor, according to a cybersecurity research firm that specializes in tracking stolen financial data. The data, the firm said, appears to have been stolen using software that was implanted into the cash register systems at the stores and that siphoned card numbers until last month. The Hudson’s Bay Company, the Canadian corporation that owns both retail chains, confirmed on Sunday that a breach had occurred.

“We have become aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America,” the company said in a statement. “We have identified the issue, and have taken steps to contain it. Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring.”

President of France Emmanuel Macron Talks About Nation’s New AI Strategy

Earlier this week, Emmanuel Macron, President of France, pledged to spend $1.9 billion over the next five years and allow expanded data-sharing to help make France a leader in artificial intelligence. In an interview with Wired, Emmanuel Macron, President of France, explained why he is making big investments to bring France into the “winner takes all” race with the U.S. and China on artificial intelligence. An interesting quote, “At some point, as citizens, people will say, ‘I want to be sure that all of this personal data is not used against me, but used ethically, and that everything is monitored. I want to understand what is behind this algorithm that plays a role in my life.” An excerpt from the story: AI will raise a lot of issues in ethics, in politics, it will question our democracy and our collective preferences. For instance, if you take healthcare: you can totally transform medical care making it much more predictive and personalized if you get access to a lot of data. We will open our data in France. I made this decision and announced it this afternoon. But the day you start dealing with privacy issues, the day you open this data and unveil personal information, you open a Pandora’s Box, with potential use cases that will not be increasing the common good and improving the way to treat you.

In particular, it’s creating a potential for all the players to select you. This can be a very profitable business model: this data can be used to better treat people, it can be used to monitor patients, but it can also be sold to an insurer that will have intelligence on you and your medical risks, and could get a lot of money out of this information. The day we start to make such business out of this data is when a huge opportunity becomes a huge risk. It could totally dismantle our national cohesion and the way we live together. This leads me to the conclusion that this huge technological revolution is in fact a political revolution.

The most true-to-life horoscope

Most would admit that astrology is not an exact science. First, it dates back to the Stone Age. Second, all these “rams” and “archers” are figments of the imagination, created by drawing invisible lines between stars.

Atlanta Still Struggles To Recover From Ransomware Attack

An anonymous reader quotes Reuters: Atlanta’s top officials holed up in their offices on Saturday as they worked to restore critical systems knocked out by a nine-day-old cyber attack that plunged the Southeastern U.S. metropolis into technological chaos and forced some city workers to revert to paper… Police and other public servants have spent the past week trying to piece together their digital work lives, recreating audit spreadsheets and conducting business on mobile phones in response to one of the most devastating “ransomware” virus attacks to hit an American city. Three city council staffers have been sharing a single clunky personal laptop brought in after cyber extortionists attacked Atlanta’s computer network with a virus that scrambled data and still prevents access to critical systems. “It’s extraordinarily frustrating,” said Councilman Howard Shook, whose office lost 16 years of digital records…

City officials have declined to discuss the extent of damage beyond disclosed outages that have shut down some services at municipal offices, including courts and the water department. Nearly 6 million people live in the Atlanta metropolitan area… Atlanta police returned to taking written case notes and have lost access to some investigative databases, department spokesman Carlos Campos told Reuters… Meanwhile, some city employees complained they have been left in the dark, unsure when it is safe to turn on their computers. “We don’t know anything,” said one frustrated employee as she left for a lunch break on Friday.

Is It Illegal to Trick a Robot?

An anonymous reader writes: Can you get into trouble under anti-hacking laws for tricking machine learning…? A new paper by security researchers and legal experts asks whether fooling a driverless car into seeing a stop sign as a speed sign, for instance, is the same as hacking into it.The original submission asks another question — “Do you have inadequate security if your product is too easy to trick?” But the paper explores the possibility of bad actors who deliberately build a secret blind spot into a learning system, or reconstruct all the private data that was used for training. One of the paper’s authors even coded DNA that corrupts gene-sequencing software and takes control of its underlying computer, and the researchers ultimately warn about the dangers of “missing or skewed security incentives” in the status quo.

“Our aim is to introduce the law and policy community within and beyond academia to the ways adversarial machine learning alter the nature of [cracking] and with it the cybersecurity landscape.”

Security Experts See Chromebooks as a Closed Ecosystem That Improves Security

The founder of Rendition Security believes his daughter “is more safe on a Chromebook than a Windows laptop,” and he’s not the only one. CNET’s staff reporter argues that Google’s push for simplicity, speed, and security “ended up playing off each other.” mspohr shared this article: Heading to my first security conference last year, I expected to see a tricked-out laptop running on a virtual machine with a private network and security USB keys sticking out — perhaps something out of a scene from “Mr. Robot.” That’s not what I got. Everywhere I went I’d see small groups of people carrying Chromebooks, and they’d tell me that when heading into unknown territory it was their travel device… “If you want prehardened security, then Chromebooks are it,” said Kenneth White, director of the Open Crypto Audit Project. “Not because they’re Google, but because Chrome OS was developed for years and it explicitly had web security as a core design principle….” Drewry and Liu focused on four key features for the Chromebook that have been available ever since the first iteration in 2010: sandboxing, verified boots, power washing and quick updates. These provided security features that made it much harder for malware to pass through, while providing a quick fix-it button if it ever did.

That’s not to say Chrome OS is impervious to malware. Cybercriminals have figured out loopholes through Chrome’s extensions, like when 37,000 devices were hit by the fake version of AdBlock Plus. Malicious Android apps have also been able to sneak through the Play Store. But Chrome OS users mostly avoided massive cyberattack campaigns like getting locked up with ransomware or hijacked to become part of a botnet. Major security flaws for Chrome OS, like ones that would give an attacker complete control, are so rare that Google offers rewards up to $200,000 to anyone who can hack the system.

North Korean Malicious Cyber Activity

Original release date: March 28, 2018

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as SHARPKNOT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.