Tag: Reddit and LinkedIn will fix clipboard snooping in their iOS apps

NetHappenings @NetHappenings
https://twitter.com/nethappenings

THIS IS THE RULE!
LISTEN TO SCIENCE!
When you go out, wear a mask.
When you come home wash your hands.

• Identifying airborne transmission as the dominant route for the spread of COVID-19
• ‘We’ll be living with masks for years’: COVID-19 through the eyes of a pandemic expert
• Scientists warn of potential wave of brain damage linked to Covid-19

CREEPY TRUMP

👀 NETHAPPENINGS LESSONS FOR TODAY:
Supreme Court must support employer’s religious exemptions

👀 THE NEXT TIME ANY ANTI FEMINIST  MAN OR WOMEN SAYS YOU ARE BEING  HYSTERICAL BECAUSE …..
1) WOMEN HAVE A RIGHT TO CONTROL THEIR OWN BODY
2) WOMEN HAVE A RIGHT TO AN ABORTION
3) WOMEN HAVE OPINIONS !!

👀 COME BACK WITH THIS:
“Have you ever met a man who can enter into rational debate, without getting testerical?” ~ Claire, CEO

Defeat for the stable evil genius president!
TRUMP LEARNS Supreme Court ruled New York prosecutor can get Trump’s tax returns.

Major quote from the opinion that helps preserve the Republic: “We reaffirm that principle today and hold that the President is neither absolutely immune from state criminal subpoenas seeking his private papers nor entitled to a heightened standard of need.”

Deutsche Bank Fined $150 Million for Enabling Jeffrey Epstein

Where’s the Fine Against JPMorgan Chase?

Jay Sekulow, Trump’s Impeachment Lawyer, Collected $1-2 Million in a PPP Loan for his Scandal-Ridden Charity

NATIVE AMERICAN

SCOTUS rules broad swath of Oklahoma is Native American land for purposes of federal criminal law
The Supreme Court said Thursday that a large swath of eastern Oklahoma, including Tulsa, is Native American land for purposes of federal criminal law in a decision that the state argued could call into question thousands of state prosecutions for serious crimes.
Justice Neil Gorsuch penned the 5-4 opinion joined by the liberals on the bench.
“Today we are asked whether the land these treaties promised remains an Indian reservation for purposes of federal criminal law,” said Gorsuch, who was appointed by President Donald Trump. “Because Congress has not said otherwise, we hold the government to its word,” he said.
Under the law, crimes involving Native Americans on a reservation are under federal, not state, jurisdiction. The unique case represented the opportunity for the Supreme Court to weigh in on the limits of tribal sovereignty and revisit the country’s horrific history of displacing native tribes from their land.

THIS IS WHY MY FRIEND WAS LIVING IN ALASKA
From Assignment to Ally
A photographer learns what it means to be an ally while on assignment on Gwich’in lands.“A photographer learns what it means to be an ally while on assignment on Gwich’in lands.”
We walked closer to the animals and Gregory offered his prayer in Gwich’in, “Mahsi’ k’eegwaadhat gwinzii neechy’aareehee’aa” (Thank you God we’re going to eat good). I knelt on the soft tundra and watched Gregory gracefully field dress the caribou, with my camera down, fully present, witnessing this symbiotic relationship—I knew this moment was greater than an assignment. I felt what was at stake for the Gwich’in.
The Trump administration is taking aggressive steps to fast track plans to give oil and gas companies the right to drill in the Arctic National Wildlife Refuge. This will destroy intact wilderness and violate the human rights of the Gwich’in, who rely on this sacred place to sustain their culture and way of life.
The Gwich’in have been fighting for decades to protect the coastal plain of the Arctic National Wildlife Refuge, known to them as “Iizhik Gwats’an Gwandaii Goodlit” (The Sacred Place Where Life Begins). They can’t win this battle alone.
Take Action – Protect the Arctic and Stand with the Gwich’in

Help Wanted: Biden campaign hiring cyber professionals

Election Experts Warn of November Disaster
“The best-case scenario for us is that key elections are not close,” he said, “because we are going to have problems.” The troubles ahead of the presidential election include the inconsistent mail-in ballot system, voter safety at polling locations and lingering security gaps targeted by malicious foreign and domestic groups emboldened by the 2016 presidential election.

Post Office Delivery Trucks Keep Catching on Fire
[CAN’T DELIVER YOUR MAIL IN BALLOT]

EDUCATION

ICE says international students must take in-person classes or leave U.S.
ICE suggested the students transfer to a school offering in-person courses to maintain their legal status in the US.

Harvard, MIT sue Trump administration over international student visas
They argue the administration’s order was meant to pressure colleges to reopen.

EVIL GENIUS — TRANSPARENT THEFT by criminals Trump and DeVos.

DeVos and Trump reject the CDC proposed school reopening plans. This is Forcing parents to decide to send their children to school – get sick – maybe get well or maybe die. ALSO Forcing all personal to schools, get sick, maybe die, or recover and have brain damage for the rest of their life. Schools are being used as babysitting services not places of education. Trump thinks  schools are there to make parents  go to work which he thinks make the Trump economy to look as if that would get people to vote for this piece of shit.
Trump plans to steal Department of Education’s MONEY$$$$
The 1000.00s of dollars that follows every child in every state to the school district the where the child goes to school. If any governor —  of any state — decides to keep their public schools closed to protect the staff, kids and their families,  Trump will steal the child’s money and give it to Devoss. Disgusting Devoss will take your money and hand it out to all the religious charter schools that she owns and that her friends own.  DeVoss will tie any increased funding to school choice policies. A complete evil circle jerk!

Inside Betsy DeVos’ Billions: Just How Rich Is The Education Secretary?
Now Forbes has zeroed in on the root of the DeVos family fortune, Amway, to come up with what we believe is the most realistic estimate of the size of her fortune published so far. Together, Betsy DeVos, her husband and their four adult children are worth roughly $2 billion. Those documents indicate that Betsy’s husband Dick DeVos and his three siblings had equal interests in the subsidiary, an indication that they equally split their ownership of the rest of Amway. Ethics laws don’t require public officials like DeVos to break down their exact stake in an investment or what they have given to family members, for large, dynastic wealth like the DeVos fortune.

Pop-up wearable tent for COVID-19 protection in offices, schools, and medical facilities

In Hong Kong, a Proxy Battle Over Internet Freedom Begins
As the city grapples with new restrictions on online speech, American tech giants are on the front line of a clash between China and the United States over the internet’s future.

China’s Superpower Dreams Are Running Out of Money

ALERT NETHAPPENIGS READER:
DO THIS RIGHT NOW! NOW! NOW!
If you have not downloaded https://www.signal.org/ do it this minute don’t bother reading anything else until you DO this.
DO IT NOW !!! PROTECT YOURSELF – Nethappenings Orders!

DELETE FACEBOOK NOW – LEARN HOW TO DELETE FACEBOOK FOREVER
Facebook is out of control. If it were a country it would be North Korea

Facebook flaw let 5,000 developers gather personal data

Cambridge Analytica: Australia takes Facebook to court over privacy

A West Virginia woman who previously served in the Air Force planned to offer top-secret information from the National Security Agency to the Russian government, prosecutors said Monday in announcing her conviction in federal court.Elizabeth Jo Shirley pleaded guilty as part of a plea agreement to one count each of willful retention of national defense information and international parental kidnapping, the U.S. Justice Department said in a news release.
Shirley, 46, of Hedgesville, faces up to 10 years in prison and a $250,000 fine on the national security charge and up to three years and a $250,000 fine on the kidnapping charge. The statement did not say whether a sentencing date was set in federal court in Martinsburg.

Judge in trial of alleged LinkedIn hacker admits doubt in evidence
Just when U.S. attorneys may have thought they were free of obstacles in their case against an alleged Russian hacker, a new one has emerged: the judge presiding over the trial. Judge William Alsup openly criticized U.S. Attorney Michelle Kane on Tuesday, as the trial of Yevgeniy Nikulin resumed amid the coronavirus pandemic. Nikulin is charged with an array of hacking-related crimes in connection with 2012 breaches at LinkedIn, Formspring and Dropbox, in which he allegedly stole 117 million usernames and passwords, then tried to sell them to others.

Millions of records from dating sites found on misconfigured cloud storage
Information relating to millions of users of data sites have been found exposed online in yet another case of misconfigured cloud storage. Discovered late last week by security researchers at WizCase, the exposed records span up to 11 different dating services, with five identified: Catholic Singles, SPYKX, TESTIKI, the Blurry dating app and Charincharin/Kyuun-Kyuun. Data found on the exposed databases included real names, billing addresses, email addresses, phone numbers, private messages and more. In the cases of SPYKX, a South Korean dating site and CharinCharin from Japan the databases also included clear text passwords. The amount of data exposed across the identified sites ranged from 3,700 records for SPYKX through to 102 million records for CharinCharin. Six databases discovered by the researchers included similar data but were unable to be properly identified. The researchers note that the data could have been scraped from other sites, but some of the data does not appear to be from internet-facing pages. At least some of the data in these databases was linked to users on dating sites Zhenai, Say Love, Netease, Love Chat and Companion.

Magellan Health Data Breach Victim Tally Reaches 365K Patients
July 07, 2020 – The extent of the ransomware attack that hit Arizona-based Magellan Health in April became clear this week, with eight Magellan Health affiliates and healthcare providers reporting breaches stemming from the incident to the Department of Health and Human Services. The breach reporting tools shows about 365,000 patients were affected. In April, the Fortune 500 company was reportedly the victim of a sophisticated cyberattack, in which hackers first exfiltrated data before deploying the ransomware payload. By leveraging a social engineering phishing scheme that impersonated a Magellan client, the attackers were able to gain access to the system five days before the ransomware attack. The investigation determined hackers first installed malware able to steal employee credentials and passwords to gain access to the affected server. Patient data was also compromised in the event, including health-related information such as health insurance account data and treatment information. The attack was contained to a single corporate server, which compromised the data of current employees and a trove of sensitive patient data, from Social Security numbers and W-2 information, to taxpayer identification and employee ID numbers.[…]

Cops Seize Server that Hosted BlueLeaks, DDoSecrets Says
On Tuesday, Emma Best, the founder of Distributed Denial of Secrets or
DDoSecrets, a WikiLeaks-like website that has published the police data, said that prosecutors in the German town of Zwickau seized the organization’s “primary public download server.” “We are working to obtain additional information, but presume it is [regarding] #BlueLeaks,” Best added on Twitter. “The server was used ONLY to distribute data to the public. It had no contact with sources and was involved in nothing more than enlightening the public through journalistic publishing.” Best shared a screenshot of the email they received from DDoSecrets’ hosting provider informing of the server seizure. […]

Data breach exposes activities of Maine’s secretive police intelligence agency

Today is the Day I have Dreaded for the Last 5 Years
Without missing a beat the scammers responded, sent a bank account, and asked for us to transfer money to an account under their control. We published the research, and even referenced the FBI statistics of 2015 from Mr. Brian Krebs himself, FBI lost 1.2 billion dollars to Business Email Scams. OMG, a billion dollars? That’s a lot of money being lost, and we should probably start trying to figure this out.

Looks Like Russian Hackers Are on an Email Scam Spree
FOR YEARS, COSTLY email grifts have largely been the provenance of West African scammers, particularly those based in Nigeria. A newly discovered “business email compromise” campaign, though, appears to come from a criminal group in a part of the world better known for a different brand of online mayhem: Russia. Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Cosmic Lynx specializes in topical, tailored scams related to mergers and acquisitions; the group typically requests hundreds of thousands or even millions of dollars as part of its hustles. The researchers, who have worked extensively on tracking Nigerian BEC scammers, say they don’t have a clear sense of how often Cosmic Lynx actually succeeds at obtaining a payout. Given that the group hasn’t lowered its asks in a year, though, and has been prolific about developing new campaigns—including some compelling Covid-19–related scams—Agari reasons that Cosmic Lynx must be raking in a fair amount of money. “Most Eastern European and Russian hackers have been so entrenched in malware campaigns and technically sophisticated infrastructure that, as long as there are returns, they don’t need to adapt,” says Crane Hassold, senior director of threat research at Agari and a former digital behavior analyst for the Federal Bureau of Investigation. “But defenses against technically sophisticated attacks have gotten significantly better, and they’re realizing that the return on investment for these social-engineering-based attacks is much higher.” West African scammers typically run their BEC campaigns off of rented or free cloud infrastructure using free email accounts. They have increasingly branched out into utilizing off-the-shelf hacking tools like keyloggers and even backdoors into targets’ systems, but malware has typically not played a major role. Overhead is much lower when you don’t need to develop and maintain your own infrastructure and software. This may have been a selling point for Cosmic Lynx, which combines some of the technical chops of a Russian criminal hacking group with the cost savings of a classic, low-tech BEC attack. […]

Cyber Losses Snowballing Despite an Increase in Cyber Security Spending
Hiscox report shows increasing cyber losses for businesses targeted by various cyber risks. The study found losses stemming from cyber security threats had grown almost six-fold, jumping from a median cost of $10,000 to $57,000 per company within the reported period. However, firms also stepped up their cyber security spending by 39% to keep up with the increasing threats. Contrarily, the number of businesses targeted fell from 61% to 39% during the same period. The study analyzed 5,569 companies from both the private and public sectors in the U.S., UK, Germany, France, Belgium, Spain, Ireland, and the Netherlands.
Key findings of the Hiscox report […]

Researchers identify dozens of words that accidentally trigger Amazon Echo speakers
As voice assistants like Google Assistant and Alexa increasingly make their way into internet of things devices, it’s becoming harder to track when audio recordings are sent to the cloud and who might gain access to them. To spot transgressions, researchers at the University of Darmstadt, North Carolina State University, and the University of Paris Saclay developed LeakyPick, a platform that periodically probes microphone-equipped devices and monitors subsequent network traffic for patterns indicating audio transmission. They say LeakyPick identified “dozens” of words that accidentally trigger Amazon Echo speakers. Voice assistant usage might be on the rise — Statista estimated there were an estimated 4.25 billion assistants being used in devices around the world as of 2019 — but privacy concerns haven’t abated. Reporting has revealed that accidental activations have exposed contract workers to private conversations. The risk is such that law firms including Mischon de Reya have advised staff to mute smart speakers when they talk about client matters at home. LeakyPick is designed to identify hidden voice audio recordings and transmissions as well as to detect potentially compromised devices. The researchers’ prototype, which was built on a Raspberry Pi for less than $40, operates by periodically generating audible noises when a user isn’t home and monitoring traffic using a statistical approach that’s applicable to a range of voice-enabled devices. […]

Energy company EDP confirms cyberattack, Ragnar Locker ransomware blamed
EDP Renewables North America (EDPR NA) has disclosed a cyberattack in which ransomware landed on parent company Energias de Portugal (EDP)’s systems, potentially leading to information exposure. In a letter sent to customers (.PDF), the energy company apologized for the incident but insisted that there is “no evidence” that consumer information was compromised or stolen. The firm delivers energy to over 11 million customers and operates in 19 countries. EDP experienced a ransomware attack on April 13. EDPR NA learned of the ransomware infection “for the first time” from its parent company on May 8. […]

Need to secure industrial IoT more acute than ever
The need to address the threat posed by malicious actors exploiting the internet of things (IoT) to attack critical industrial infrastructure is becoming an increasingly urgent one, according to the Foresight review of cyber security for the Industrial IoT report published by charitable organisation the Lloyd’s Register Foundation. The report dives into the inherent risks surrounding the industrial IoT as it becomes a core part of network infrastructures across multiple critical sectors, such as energy, transport, the built environment, physical infrastructure and manufacturing, noting that the IoT exacerbates many of the security challenges that have existed for a long time. “Over the past few years, we have seen a rise in deliberate attacks aimed at critical infrastructures across the globe. As adoption of IoT in the industrial sector continues to grow, clear action and guidance is needed,” said Robert Hannigan, report co-author and international executive chairman at BlueVoyant, a New York-based managed security services provider (MSSP).“Our report frames the context of [the] industrial IoT, the imminent problems facing key infrastructure as they increasingly rely on connected systems, and possible solutions to safeguard against cyber incidents,” said Hannigan. […]

Don’t ask if artificial intelligence is good or fair, ask how it shifts power

Those who could be exploited by AI should be shaping its projects.
Pratyusha Kalluri

https://www.nature.com/articles/d41586-020-02003-2

Law enforcement, marketers, hospitals and other bodies apply artificial intelligence (AI) to decide on matters such as who is profiled as a criminal, who is likely to buy what product at what price, who gets medical treatment and who gets hired. These entities increasingly monitor and predict our behaviour, often motivated by power and profits.

It is not uncommon now for AI experts to ask whether an AI is ‘fair’ and ‘for good’. But ‘fair’ and ‘good’ are infinitely spacious words that any AI system can be squeezed into. The question to pose is a deeper one: how is AI shifting power?

From 12 July, thousands of researchers will meet virtually at the week-long International Conference on Machine Learning, one of the largest AI meetings in the world. Many researchers think that AI is neutral and often beneficial, marred only by biased data drawn from an unfair society. In reality, an indifferent field serves the powerful.

In my view, those who work in AI need to elevate those who have been excluded from shaping it, and doing so will require them to restrict relationships with powerful institutions that benefit from monitoring people. Researchers should listen to, amplify, cite and collaborate with communities that have borne the brunt of surveillance: often women, people who are Black, Indigenous, LGBT+, poor or disabled. Conferences and research institutions should cede prominent time slots, spaces, funding and leadership roles to members of these communities. In addition, discussions of how research shifts power should be required and assessed in grant applications and publications.

A year ago, my colleagues and I created the Radical AI Network, building on the work of those who came before us. The group is inspired by Black feminist scholar Angela Davis’s observation that “radical simply means ‘grasping  things at the root’”, and that the root problem is that power is distributed unevenly. Our network emphasizes listening to those who are marginalized and impacted by AI, and advocating for anti-oppressive technologies.

Consider an AI that is used to classify images. Experts train the system to find patterns in photographs, perhaps to identify someone’s gender or actions, or to find a matching face in a database of people. ‘Data subjects’ — by which I mean the people who are tracked, often without consent, as well as those who manually classify photographs to train the AI system, usually for meagre pay — are often both exploited and evaluated by the AI system.

Researchers in AI overwhelmingly focus on providing highly accurate information to decision makers. Remarkably little research focuses on serving data subjects. What’s needed are ways for these people to investigate AI, to contest it, to influence it or to even dismantle it. For example, the advocacy group Our Data Bodies is putting forward ways to protect personal data when interacting with US fair-housing and child-protection services. Such work gets little attention. Meanwhile, mainstream research is creating systems that are extraordinarily expensive to train, further empowering already powerful institutions, from Amazon, Google and Facebook to domestic surveillance and military programmes.

Many researchers have trouble seeing their intellectual work with AI as furthering inequity. Researchers such as me spend our days working on what are, to us, mathematically beautiful and useful systems, and hearing of AI success stories, such as winning Go championships or showing promise in detecting cancer. It is our responsibility to recognize our skewed perspective and listen to those impacted by AI.

Through the lens of power, it’s possible to see why accurate, generalizable and efficient AI systems are not good for everyone. In the hands of exploitative companies or oppressive law enforcement, a more accurate facial recognition system is harmful.

Organizations have responded with pledges to design ‘fair’ and ‘transparent’ systems, but fair and transparent according to whom? These systems sometimes mitigate harm, but are controlled by powerful institutions with their own agendas. At best, they are unreliable; at worst, they masquerade as ‘ethics-washing’ technologies that still perpetuate inequity.

Already, some researchers are exposing hidden limitations and failures of systems. They braid their research findings with advocacy for AI regulation. Their work includes critiquing inadequate technological ‘fixes’. Other researchers are explaining to the public how natural resources, data and human labour are extracted to create AI.

Race-and-technology scholar Ruha Benjamin at Princeton University in New Jersey has encouraged us to “remember to imagine and craft the worlds you cannot live without, just as you dismantle the ones you cannot live within”. In this vein, it is time to put marginalized and impacted communities at the centre of AI research — their needs, knowledge and dreams should guide development. This year, for example, my colleagues and I held a workshop for diverse attendees to share dreams for the AI future we desire. We described AI that is faithful to the needs of data subjects and allows them to opt out freely.

When the field of AI believes it is neutral, it both fails to notice biased data and builds systems that sanctify the status quo and advance the interests of the powerful. What is needed is a field that exposes and critiques systems that concentrate power, while co-creating new systems with impacted communities: AI by and for the people.

Nature 583, 169 (2020) doi: 10.1038/d41586-020-02003-2