Mind Matters Natural and Artificial Intelligence News and Analysis

CategoryComputer Security

police-tactical-team-gathered-round-a-house-stockpack-adobe-stock
Police tactical team gathered round a house

Swatting Goes Into Politics — as Congresswoman Greene Discovered

Swatting — calling the police and pretending that a violent incident is taking place at a given address — can kill the victim

This has been a summer to remember for U.S. Congresswoman Marjorie Taylor Greene (R-Georgia). She was “swatted” twice. The first false report that brought the police to her home was Wednesday, August 23: According to the first Rome PD report, five officers responded to a call on Wednesday during the initial attempted swatting. The caller claimed that a man had been “shot five times in a bathtub” at Greene’s home, and there was a woman and possibly children still in potential danger. On the way to Greene’s house, police realized who the homeowner was, but “due to the nature of the call,” police “formed up” at a nearby intersection and made a “tactical approach.” Rome PD provided Ars with no…

ransomware-stockpack-adobe-stock
Ransomware

What To Do If Your Business Is Hit With a Ransomware Demand

A roundup of advice for small businesses and their employees and contract workers, on site or remote

Ransomware attacks have reportedly continued to grow in 2022, as criminals hone their skills in grabbing our data and wanting money to release it. Today, it’s not just government and large businesses that are at risk. Small to mid-size businesses are at greatest risk. That’s because a) they often don’t have enough security in place and b) let’s face it, today’s attacker might be content with $300,000 each from a cluster of them rather than $30 million from a giant firm. Attracts less attention, for one thing. Here’s Blackfog’s monthly list of publicly reported attacks in 2022. In the first 30 minutes… Don’t just panic and agree to pay: [Kevin] Epstein says international law enforcement and white hat hackers usually…

3d-rendering-of-binary-tunnel-with-led-leading-light-concept-for-data-mining-big-data-visualization-machine-learning-data-discovery-technology-customer-product-analysis-stockpack-adobe-stock
3D Rendering of binary tunnel with led leading light. Concept for data mining, big data visualization, machine learning, data discovery technology, customer product analysis.

Deep Web? Dark Web? What’s Dangerous? What’s to Know?

The Deep Web hosts information like bank statements and health records so a search on your name won't turn them up

The terms deep and dark sound glamorous and forbidding, maybe criminal. Both terms just mean that we can’t reach a site on that portion of the web via a conventional search engine. The Surface Web, the part that we can reach via a conventional search engine like Google, DuckDuckGo, or Brave, is estimated roughly to be 0.03% of the internet (Britannica). The Deep Web contains email accounts, bank statements, health records, and other services that can only be accessed by passwords. It’s the main reason that our private business can’t be accessed just by searching on our names. Both the Surface Web and the Deep Web are growing as more people go online. Now, about the Dark Web: By comparison,…

hacking-and-malware-concept-stockpack-adobe-stock
Hacking and malware concept

Largest Data Grab Ever Stole Shanghai’s Mass State Surveillance

The police, dutiful in monitoring everyone, flunked data security. Now it’s all for sale on the Dark Web

Beijing wants to create a centralized database with personal information on everyone living in China. To do that, the government saves massive amounts of data acquired through surveillance technologies such facial and voice recognition and cell phone monitoring. In a previous article, we saw that the Chinese government’s surveillance network is much more extensive than once thought. However, while the Chinese government has prioritized collecting massive amounts of data, it has not prioritized protecting it. Thus, a hacker has acquired police data files on 1 billion Chinese residents (approximately 23 terabytes of data) from the Shanghai National Police database. The files include name, national ID number, cell phone number, birthdate, birthplace, ethnicity, education level, marital status, and delivery records. They…

outpost-stockpack-adobe-stock
outpost

Three Simple Words Can Find Any Place on Earth

The “what3words system” of geolocation is easier to remember than many street addresses and may also work for passwords

What3words is an app and web-based service that can convert practically any location within 3 × 3 meters (or 10 × 10 feet) — the size of a typical small bedroom or den — to just three short English words if you can give it an address. Don’t believe that? Try it. The address of the Library of Congress is person.hotels.canny The address of the Louvre Museum in France is started.pelting.pops And … bluffs.alas.skater? That’s the address of a Canadian Tire store somewhere in Ottawa. Clicking Bing Maps at the What3Words site will give you that store’s street address, satellite image and tell you how to get there. So why do this? Math prof Mary Lynn Reed explains: This new…

new-strong-password-and-weak-ones-near-keyboard-stockpack-adobe-stock
New strong password and weak ones near keyboard.

Forget Your Password? Apple Wants To End Them for Good But…

Do you want to give Apple your face- and fingerprints, maybe other “biometrics” down the road…?

We’ve all heard the tales of woe about people whose password was “password” or “123456” or “BertJones”. Currently, Big Tech, tired of the flak and the fallout, is trying to end passwords. Here’s Apple’s approach: When Apple’s latest software updates for iPhones, iPads and Macs arrive this fall, they will include a way for users to log into various online accounts without entering passwords or relying on password managers to save and fill in credentials. The technology generates unique passkeys for each app or browser-based service in the place of characters. Those passkeys, a new type of identity authentication, prompt a scan of your face or fingerprints to log you in… Passkeys, like those from Apple, are made up of…

portrait-of-insidious-hacker-organizing-virus-attack-on-corporate-servers-in-hideout-place-serious-man-looking-at-camera-sitting-at-desk-with-multiple-displays-stockpack-adobe-stock
Portrait of insidious hacker organizing virus attack on corporate servers in hideout place. Serious man looking at camera sitting at desk with multiple displays.

At the Water Cooler: They’re Talking About Computer Hacks Again

Some people appear to know all the answers to the latest assaults on our finances and privacy. If only the government would listen… (?)

In 2020, hackers threatened to release thousands of Finnish psychotherapy patients’ records to the internet unless they paid a steep ransom. Meanwhile, just last month, U.S. authorities uncovered a ‘Swiss Army Knife’ for hacking industrial control systems. “The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries.” (Wired) So yes, we have a problem. Wired sums up last year’s hacking news: “As John Scott-Railton, senior researcher at University of Toronto’s Citizen Lab, puts it, ‘2021 is the year where we’re realizing that the problems we chose not to solve years or decades ago are one by one coming back to haunt us.”” (December 24, 2021) The…

big-data-futuristic-visualization-abstract-illustration-stockpack-adobe-stock
Big data futuristic visualization abstract illustration

How Software Makers Will Push Back Against Reforms

Software makers will grumble but insurers may force their hand. That, however, is NOT the Big Battle…

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. On Friday, we looked at the claim that human data collectors should own your data because it is too complex for you to manage. In this final installment, we look at how tech companies will try to avoid actually having to change anything. Preview of Coming Attractions If policymakers start to move towards implementing the policies suggested above, there will be a pushback from software makers that are not HDCs. They will be unhappy about additional software development costs, and they will play the “It’s the cyberattackers, not us!” card, saying it’s unfair to hold…

smart-technologies-in-your-smartphone-collection-and-analysis-of-big-data-stockpack-adobe-stock
Smart technologies in your smartphone, collection and analysis of big data

Is Your Data About Yourself Too Complex for You to Manage?

That’s the argument human data collectors (HDCs) make for why they should be allowed to collect and own your data

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. On Tuesday, we looked at how the current system punishes small businesses for data breaches that they could not have prevented. Today, we look at the claim that human data collectors should own your data because it is too complex for you to manage. The Easy Button The most common objection to data ownership is that self-management of owned data is overly complex. That view is based on the complexity of so-called “privacy controls” offered by big tech HDCs, controls which have every appearance of being deliberately obtuse. As a software developer and…

needle into eye
Danger for the eye

Cybersecurity: Why a Poke in the Eye Does Not Work

The current system punishes small businesses for data breaches they could not have prevented

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Yesterday, we looked at how online human data collectors get free from legal responsibility. Today we look at how the current system punishes small businesses for data breaches that they could not have prevented. A Poke in the Eye Furthermore, in the domain of unintended consequences, deterrence polices are based on the technological symptomatic point solution fallacy. Businesses are assumed to be negligent if they have a data breach. That’s correct in some cases, but in others, businesses, particularly small and medium-sized businesses, suffer increased compliance costs or have been bankrupted by data breaches that they…

close-up-businesswoman-collecting-data-information-converting-into-statistics-planning-strategy-gathering-resources-creating-visual-graphical-graphs-using-computer-laptop-and-smart-mobile-device-stockpack-adobe-stock
Close up businesswoman collecting data information converting into statistics, planning strategy gathering resources creating visual graphical graphs using computer laptop and smart mobile device

How Online Human Data Collectors Get Free From Responsibility

Cybersecurity expert David A. Kruger talks about the Brave Old World in which you have much less power than Big Tech does

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Last week, we looked at how search engine results can be distorted. This week, we look at how HDCs (human data collectors) free themselves from any responsibility for outcomes. Brave Old World HDCs’ licensing strategy is designed to free them from any vestige of fiduciary duty. Fiduciary law traces its roots back to the Code of Hammurabi in 1790 BC, through the Roman Empire, early British law, and up to the present day. The purpose of fiduciary law is to compensate for two sad facts of human nature. In unequally powered business relationships, 1) businesses with more…

close-up-man-hand-type-on-keyboard-laptop-to-use-search-engine-optimization-seo-tools-for-finding-customer-or-promote-and-advertise-about-content-online-for-marketing-technology-and-business-concept-stockpack-adobe-stock
close up man hand type on keyboard laptop to use search engine optimization (SEO) tools for finding customer or promote and advertise about content online for marketing technology and business concept

How Search Engine Results Can Be Distorted

Search providers such as Google are able to increase their ad revenues by distorting the search results delivered to users

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Last week, we looked at the way data is collected on us for and marketed. This week we look at how search engine results can not be what they seem: Off Target The promise and purpose of search technology is that with it a user can find what they are looking for, not what the search engine provider deems worthy of being found. That creates an inherent conflict of interest when search providers such as Google are able to increase their ad revenues by distorting the search results delivered to users. Distortion, in…

security-worker-during-monitoring-video-surveillance-system-stockpack-adobe-stock
Security worker during monitoring. Video surveillance system.

The Cybercriminal Isn’t Necessarily Who You Think…

Chances are, the “human data collector” is just someone who works for a company that makes money collecting data about you

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Yesterday’s discussion focused on ruining cybercriminals’ lives by making their businesses unprofitable. And now, let’s look at who the cybercriminal typically is… it’s more complicated than his iconic hoodie. And it’s way worse too. Close Encounters of the Third Kind We have been taught to think of cyberattackers as being one of two kinds, criminal cyberattackers who gain control of others’ data to make money, or military/terroristic cyberattackers who gain control of others’ data to project military or political power. There is a third kind: Software makers who systematically destroy privacy, so they can gain control…

business-technology-internet-and-networking-concept-young-businesswoman-working-on-his-laptop-in-the-office-select-the-icon-security-on-the-virtual-display-stockpack-adobe-stock
Business, technology, internet and networking concept. Young businesswoman working on his laptop in the office, select the icon security on the virtual display.

Computer Safety Expert: Start Helping Ruin Cybercriminals’ Lives

Okay, their businesses. Unfortunately, part of the problem is the design of programs, written with the best of intentions…

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Yesterday’s discussion focused on agile software development. Today’s discussion looks at making life somewhat less comfortable for the guy who wants to steal your credit card number. Ruining the Economics of Cyberattack Would fully implementing controllable data and full scope authentication prevent every cybersecurity failure? Of course not. There are scenarios, particularly those aided by human gullibility, ineptitude, and negligence, where cybersecurity can and will continue to fail. However, cyberattacks are carried out by human beings for the purpose of acquiring money and/or exercising power, and there is a cost/benefit analysis behind every attack. Controllable…

matching-keys-made-of-circuits-led-lights-encryption-crypto-stockpack-adobe-stock
matching keys made of circuits & led lights, encryption & crypto

New Clue in the Problem That Haunts All Cryptography?

A string that has no description shorter than itself is a good bet for cryptography. If the hacker doesn’t know it, he can’t use shortcuts to guess it.

A central problem in all computer security (branch of cryptography) is the one-way problem. Cryptography should function as a one-way street: You can go north but you can’t go south. So if a hacker doesn’t have the code to go north, he can’t go anywhere. Which is where the computer security expert would like to leave the hacker… Is there such a thing as a one-way function in mathematics? Mathematician Erica Klarreich says, probably yes, and explains what it looks like: To get a feel for how one-way functions work, imagine someone asked you to multiply two large prime numbers, say 6,547 and 7,079. Arriving at the answer of 46,346,213 might take some work, but it is eminently doable. However,…

computer-code-on-a-screen-with-a-skull-representing-a-computer-virus-malware-attack-stockpack-adobe-stock
Computer code on a screen with a skull representing a computer virus / malware attack.

The Sweet Science of Agile Software Development

Effective security, as opposed to partial security, increases costs in the short run but decreases them in the long run

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Yesterday’s discussion focused on putting a lid on risks. Today’s discussion looks at the sweet science of agile software development — proactive, not reactive responses. Agile Software Development, Known Art, and Updates to the Rescue The “get out of it one piece of software and data at a time” requirement seems daunting, if not impossible, but it isn’t as bad as it sounds due to agile software development, the availability of “known art,” and the speed at which large-scale software changes propagate via the Internet. A key attribute of agile software development is frequently…

propane tanks
Gas cylinders used welding Industrial in factory

Cybersecurity: Put a Lid on the Risks. We Already Own the Lid

Security specialist David Kruger says, data must be contained when it is in storage and transit and controlled when it is in use

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Last week’s discussion focused on the ingredients that cybersecurity needs to work. Today, the focus is on putting a lid on risks. Put a Lid on It Fortunately, we have at our disposal untold millions of man hours of safety engineering focused on safely extracting benefits from the use of hazardous things. For example, our homes and the highways we travel on are chock full of beneficial things that can easily kill us, such as high voltage electricity, flammable/explosive natural gas, and tanker trucks filled with flammable or toxic chemicals driving right next…

cyber-security-and-extortion-stockpack-adobe-stock
Cyber security and extortion

Ingredients That Cybersecurity Needs To Actually Work

Software makers continue to produce open data as if we were still living in the 50s, and the Internet had never been invented.

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Yesterday’s discussion made the point that the hacker’s target isn’t networks, computers, or users; they are just pathways to the target —gaining control of data is the target. Today, we look at the ingredients that cybersecurity needs to work. Necessary Ingredients Data in this context is digitized information. Digital information is physical, as in, it’s governed by the laws of physics. Data is the result of software converting (digitizing) human usable information into patterns of ones and zeros that are applied to “quantum small” physical substrates: microscopic transistors, electrical pulses, light, radio waves,…

online-security-technology-stockpack-adobe-stock
Online Security Technology

What’s Wrong With Cybersecurity Technology?

Know your enemy: The target isn’t networks, computers, or users; they are pathways to the target —gaining control of data

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here. He starts with “Root Cause Analysis 101” Now we’ll apply the lessons learned in yesterday’s discussion to cybersecurity: Lesson Learned 1: A pattern of multiple types of recurring related failures indicates the presence of an unidentified root cause. In cybersecurity, is there a pattern of multiple types of recurring failures that appear to be related? Yes! A cybersecurity failure occurs whenever a cyberattacker gains control of data and then:  1) views or plays it, 2) steals copies of it, 3) ransoms it, 5) impedes its flow, 5) corrupts it, or 6) destroys it. The lesson learned is that the…

a-computer-popup-box-screen-warning-of-a-system-being-hacked-compromised-software-environment-3d-illustration-stockpack-adobe-stock
A computer popup box screen warning of a system being hacked, compromised software environment. 3D illustration.

The True Cause of Cybersecurity Failure and How to Fix It

Hint: The cause and fix are not what you think

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here. He starts with “Root Cause Analysis 101” The classic line “I have a bad feeling about this” is repeated in every Star Wars movie. It’s become a meme for that uneasy feeling that as bad as things are now, they are about to get much worse. That’s an accurate portrayal of how many of us feel about cybersecurity. Our bad feeling has a sound empirical basis. Yearly cybersecurity losses and loss rates continually increase and never decrease despite annual US cybersecurity expenditures in the tens of billions of dollars and tens of millions of skilled cybersecurity…