More than 600 million users installed Android ‘fleeceware’ apps from the Play Store | ZDNet
hmmm
Category: Privacy,
Despite Election Security Fears, Iowa Caucuses Will Use New Smartphone App
The state party worked with the national party’s cybersecurity team, and with Harvard University’s Defending Digital Democracy project, but Price declined to answer directly whether any third party has investigated the app for vulnerabilities, as many cybersecurity experts recommend.
…Unlike many states in which local and state officials oversee the presidential primary election, in Iowa the state party is responsible for administering, staffing and funding the caucuses, relying primarily on trained but unpaid volunteers.
Cybersecurity experts interviewed by NPR said that the party’s decision to withhold the technical details of its app doesn’t do much to protect the system — and instead makes it hard to have complete confidence in it.
…A number of other potential vulnerabilities could also be introduced by using the technology, experts say.
If the app doesn’t work, either because a denial of service attack clogs the system or for any other reason, then there could be confusion at precincts across the state, and a potential delay on a winner being announced.
…Price did confirm that the app again would be downloaded onto the personal smartphones of the caucus precinct and party leaders, and not onto party-provided hardware.
That could make the system a more appealing attack target, according to Betsy Cooper, director of the Aspen Tech Policy Hub at the Aspen Institute, because peoples’ phones also may contain sensitive messages, emails and passwords.
…Jones, the University of Iowa cybersecurity specialist, says transmitting results from precincts to the state party through a smartphone app isn’t as insecure as the virtual caucus plan — but that it’s still insecure for the same reasons.
“The entire ecosystem of smartphones is extraordinarily poorly secured,” Jones said. “And resting security functions on that ecosystem is something I don’t trust at all.”
Despite Election Security Fears, Iowa Caucuses Will Use New Smartphone App : NPR
hmmmm
Facial-recognition systems misidentified people of color more often than white people, according to a federal study
Asian and African American people were up to 100 times more likely to be misidentified than white men, depending on the particular algorithm and type of search. Native Americans had the highest false-positive rate of all ethnicities, according to the study, which found that systems varied widely in their accuracy.
…The faces of African American women were falsely identified more often in the kinds of searches used by police investigators.
…Women were more likely to be falsely identified than men, and the elderly and children were more likely to be misidentified than those in other age groups, the study found. Middle-aged white men generally benefited from the highest accuracy rates.
…The study could fundamentally shake one of American law enforcement’s fastest-growing tools for identifying criminal suspects and witnesses, which privacy advocates have argued is ushering in a dangerous new wave of government surveillance tools.
..Searches are critical to functions including cellphone sign-ons and airport boarding schemes, and errors could make it easier for impostors to gain access to those systems.
hmmm
Government study finds racial, gender bias in facial recognition software
After reviewing 189 pieces of software from 99 developers, which NIST identified as a majority of the industry, the researchers found that in one-to-one matching, which is normally used for verification, Asian and African American people were up to 100 times more likely to be misidentified than white men.
In one-to-many matching, used by law enforcement to identify people of interest, faces of African American women returned more false positives than other groups.
Government study finds racial, gender bias in facial recognition software | TheHill
hmmmm
Ring and Nest hackers: Home security cameras vulnerable to cyberattacks
Home security cameras are leaving users vulnerable to frightening cyberattacks.
…The vulnerability of passwords for home cameras appears to have been known for some time. A year ago, a Canadian security consultant hacked into a home camera in Arizona and chatted with a real estate agent in order to raise awareness of the problem.
…Deral Heiland, the Internet of Things lead analyst at cybersecurity research firm Rapid7, thinks that Ring, Nest and others will find it hard to put an end to such attacks. In part, that’s because consumers commonly reuse passwords, and manufactures are reluctant to require two-factor verification because some users find it difficult, he said.
But the main problem is that the products are popular, attracting hackers.
“People really need to think about where they install these cameras,” Heiland said. “External cameras make sense. In a bedroom or bathroom, it is questionable.”
Ring and Nest hackers: Home security cameras vulnerable to cyberattacks – CBS News
Dear American Sheeple,
A-N-Y-T-H-I-N-G can be hacked. Anytime you use the cloud to store your information it can be hacked. Want security? Don’t have info/camera feeds/etc. online you want to keep private.
I repeat: nothing stored in the cloud is private. Ever!
Dumbasses….
Google’s ‘Project Nightingale’ Secretly Gathers Private Health Data on Millions of Americans, According to a Report. Most Patients Have No Idea It’s Happening
Repeat after me sheeple: No information that is transferred digitally is private. Ever.
More Builders Are Selling Homes Wired For Technology But Data Privacy Is At Stake
This partnership between builders and Amazon benefits both sides. Amazon wants to push for wider adoption of its Echo smart speaker. Lennar relies on Amazon to help distinguish it from other home builders.
…He wasn’t looking for a smart home, but …now he enjoys all the smart home features.
…His favorite is a Ring doorbell that logs visitors. “I have teenagers,” he said.
…On the one hand, it’s nice to ask Alexa to heat up the house before crawling out of bed in the winter. On the other, there’s all those cameras. “If I’m walking on our street, I walk on the other side of the street,” she said, meaning the side without the smart homes. “Just because I don’t feel like being on everyone’s cameras.”
…It’s not just cameras, even light switches capture information. “That data’s not just sitting there, just… empty,” he says. “Somebody’s gonna look at it and leverage it, to try to turn a profit, or try to create an ad, or try to create some revenue.”
More Builders Are Selling Homes Wired For Technology But Data Privacy Is At Stak : NPR
hmmm
Apple launches new privacy website, but policies unchanged
Apple’s privacy website is mostly a users’ guide with papers on how to prevent apps and other third-party services from unnecessarily tracking users’ location and behaviors.
The company’s actual privacy policy hasn’t changed.
Apple launches new privacy website, but policies unchanged
hmm
Smartphone and speaker voice assistants can be hacked using lasers
these devices will also accept “signal injection” commands sent to them using pulses of laser light over distances of a hundred metres or more.
Hitherto, hacking such systems has been about sending them audible commands without their owner’s knowledge. Now the research confirms that it’s possible to achieve the same result over considerable distances in ways that might allow attackers to unlock “smartlock-protected front doors, open garage doors, shop on e-commerce websites at the target’s expense, or even locate, unlock and start various vehicles” that are connected to the victim’s Google account.
…Currently, the stock microphones that receive voice commands perform no authentication beyond checking wake phrases such as “OK Google” are in the owner’s voice and even this can be spoofed using voice synthesis.
The authentication problem could be mitigated in different ways – for example, by requiring that more than one microphone detect the same command simultaneously, something a laser attack would find difficult to overcome.
Smartphone and speaker voice assistants can be hacked using lasers – Naked Security
hmmmm
Google’s acquisition of Fitbit is clearly a data play
Google will now have information on not only the temperature of my house, to the extent I’ve got four Nest thermostats or whether or not I have a smoke alarm going off or things like that, they’ll know, in fact, how much I move on a given day, how many steps I take, things of that nature,” D.A. Davidson analyst Tom Forte told Yahoo Finance. “This is very interesting data for Google. And if you think about Google’s efforts, again, Amazon with Alexa and Apple with its various devices, they’re all just collecting data for consumers. But this helps round out the data set for Google, given that it gives you, again, health care-related data.
Google’s acquisition of Fitbit is clearly a data play
hmmm
Former CIA director: secure US elections with open-source voting machines
In the case of voting, open-source software systems would be overseen by public-private partnerships between counties and vendors.
Open-source systems are tried and tested. A majority of supercomputers use them. The Defense Department, NASA and the United States Air Force all use open-source systems, because they know this provides far more security. Every step in our voting process should use software that follows these examples.
Former CIA director: secure US elections with open-source voting machines / Boing Boing
hmmmm
Missouri officials tracked patients’ periods in abortion clinic battle
At the St. Louis Clinic, four out of more than 4,000 patients who received abortions remained pregnant after the procedure, according to the data made public at the hearing. There’s no reason such a rate — less than one in 1,000 — should have concerned state officials, Brandi said: “It sounds, actually, like a quite safe facility.”
Failed abortions have become a focus of abortion opponents around the country in recent months, with President Trump and others claiming that infants are being born alive after abortion attempts and doctors are killing them (which experts say does not happen). But by using the narrative of abortion failure as an excuse to create a spreadsheet with patients’ periods, the health department is dragging their medical data into a larger effort aimed at shutting the clinic down, Planned Parenthood says.
…The health department director had previously not said much publicly about his position on abortion but at the hearings this week, he said he is “pro-life,” the Star reported on Tuesday.
…The fact that Missouri state officials were analyzing patients’ period data has inspired shock and concern among many. “State law requires the health department director to be ‘of recognized character and integrity,’” Democratic state Rep. Crystal Quade told the Star in a statement. “This unsettling behavior calls into question whether Doctor Williams meets that high standard.”
Meanwhile, Yamelsie Rodriguez, president of Reproductive Health Services of Planned Parenthood of the St. Louis Region, called the news of the spreadsheet “deeply disturbing” in a statement to media. “Missouri’s top health official, Randall Williams, scrutinized menstrual cycles of women in this state in order to end abortion access,” she said.
Missouri officials tracked patients’ periods in abortion clinic battle – Vox
hmmm
The public deserves action regarding our insecure election systems
The software that is used to tabulate the ballots and generate the initial vote counts is one of the weakest links in our entire election process.
Currently, this software is supplied (and controlled) by private corporations. This creates a plethora of problems. For one, the software is proprietary, so it can’t be audited by the large numbers of software security experts, from university professors to hi-tech security firms. For another, the corporations are motivated by profits, which is actually at odds with providing the most robust solution possible.
The public deserves action regarding our insecure election systems – The San Francisco Examiner
hmmm
Comments From The Peanut Gallery 