Pete Recommends – Weekly highlights on cyber security issues February 2, 2019

Subject: Facebook’s ‘Friendly Fraud Scandal’: What Parents Need to Know
Source: Consumer Reports

Facebook knowingly allowed children who played games on its platform to rack up big credit card charges, even after staffers warned about the problem and proposed solutions for the practice someemployees referred to as "friendly fraud," according to a report from the Center for Investigative Reporting.

This story is shocking, but the details are sadly not surprising to anyone who has been following the industry over the past several years,” says Anna Laitin, director of financial policy for the advocacy arm of Consumer Reports. "If this report is accurate, Facebook knew that kids and their parents were being ripped off, but consciously decided to continue the practices anyway and keep as much money as it could. This is just another indication of how Facebook has prioritized growth and revenue over the welfare of its users." An easy way to limit your child’s spending is to use a pre-paid gift card for your child’s in-game purchases. Facebook Gift Cards are available at retailers such as Amazon, Best Buy, and Walmart. But
you can also use the pre-paid cards supplied by credit card companies at grocery stores and pharmacies.

And, finally, smartphones include parental controls that can help you oversee your children’s in-app purchases. Android users with a family account on the Google Play store can require a password or other form of authentication for all in-app purchases. The step-by-step instructions for doing that are available here . Apple users can utilize the parental controls in the company’s Screen Time feature. The step-by-step instructions for that are here.

More for Parents

Subject: 7 cybersecurity startups to bet your career on in 2019
Source: Business Insider

Enter a growing roster of cybersecurity startups, aiming to help companies fight these threats and secure their digital perimeters. Investors have identified cybersecurity as one of the biggest trends to watch, making a move into the field potentially a good career decision.

We looked at a variety of factors when selecting this list including the experience of leaders and founders, the reputations of investors and the amount of funding raised along with valuations, based on data from online finance database Pitchbook, the keeper of such records. We also selected startups at a variety of stages from just starting out to well-established. Here are the seven cybersecurity startups to bet your career on in 2019…

Subject: Illinois Supreme Court rules in favor of biometric privacy
Source: Fast Company

A unanimous ruling by the Illinois Supreme Court says that companies that improperly gather people’s data can be sued for damages even without proof of concrete injuries, opening the door to legal challenges that Facebook, Google, and other businesses have resisted.

“The decision is a victory for consumers across Illinois over Facebook and other tech giants, who argue in courts that consumers do not face ‘harm’ from privacy violations and have pushed legislation in recent years to undermine the Illinois law,” the Illinois Public Interest Research Group said in a statement to the blog Capitol Fax.

In essence, the decision establishes that having your biometric data used without your knowledge or consent impacts you adversely, period, and that companies who do so are liable for damages. After all, you can’t get your fingerprints back once a company has taken them. And once a company has taken them, your data is open to all sorts of untold privacy harms, from abusive data mining to cybertheft.

Related: A New York City lawmaker is taking on companies that mine your face

Subject: Vint Cerf sees a big danger from the internet of things
Source: Business Insider

  • One of the biggest problems facing the internet is coming from smart, connected devices, said Vint Cerf, Google’s chief internet evangelist.
  • Such devices often have software that’s buggy or has security vulnerabilities.
  • Frequently those flaws go unfixed and sometimes they are exploited by hackers.
  • Researchers are looking into ways to fix bugs on devices that are in use and to create tools that highlight flaws in software to developers before gadgets go on the market, Cerf said.

What makes the so-called internet of things such a particular problem are both the sheer range and number of new devices connecting to the network , and the large collection of companies making them. Gartner, for example, has forecast that 14.2 billion connected devices will be in use this year and 25 billion by 2021.

More: Vint Cerf Internet of Things Cybersecurity Botnets

Subject: Lawmakers warn of ‘deepfake’ videos ahead of 2020 election
Source: CNN

New York (CNN Business) – An increasing number of lawmakers are warning that a form of video manipulation, known as deepfakes, could be the next stage of information warfare ahead of the 2020 US Presidential election.

Deepfake video is hyper-realistic manipulated video made using artificial intelligence technology. Deepfakes can be so convincing it can be difficult to determine what has been manipulated and what has not.

The Department of Defense, through the Defense Advanced Research Projects Agency (DARPA), has commissioned researchers across the United States to begin developing ways to detect when a video is a deepfake. CNN spoke to some of those working on the project for a special report published Monday.

Other CNN articles about Business Tech:

Subject: Your Data For Sale
Source: StopDataMining.Me

[thx, Elliott … ]

Our Mission – is the central source for consumers to learn what kinds of information data brokers have about them and how to exercise their opt-out choices. The mission of is to serve as the “Do Not Call” list for data broker companies.

To the extent data brokers currently offer consumers choices about their data, the choices are largely invisible and incomplete. In 2012, a report by the Federal Trade Commission recommended that the industry set up a public Web portal that would display the names and contact information of every data broker doing business in the United States, as well as describe consumers’ data access rights and other choices. But, for years the data brokers have been too busy to build a centralized Web portal for consumers. So, we decided to help them out and was born!


Site feed:

Subject: Facebook Moves to Block Ad Transparency Tools
Source: ProPublica

A number of organizations, including ProPublica, have developed tools to let the public see exactly how Facebook users are being targeted by advertisers. Now, Facebook has quietly made changes to its site that stop those efforts.

ProPublica, Mozilla and Who Targets Me have all noticed their tools stopped working this month after Facebook inserted code in its website that blocks them.

“This is very concerning,” said Sen. Mark Warner, D-Va., who has co-sponsored the Honest Ads Act, which would require transparency on Facebook ads. “Investigative groups like ProPublica need access to this information in order to track and report on the opaque and frequently deceptive world of online advertising.”

For the past year and a half, ProPublica has been building a searchable database of political ads and the segments of the population advertisers are paying to reach. We did this by enlisting thousands of volunteers who installed a web browser extension. The tool shared the ads users see as well as Facebook’s details on why the users were targeted.

In a statement to ProPublica, Facebook said the change was meant to simply enforce its terms of service. (The Guardian also published a story Sunday flagging the change.)

Filed under:


Site RSS feed:

Subject: Newly-Discovered Bug Allows Eavesdropping Through iPhone FaceTime
Source: CNN via CBS Pittsburgh

(CNN) — A newly-discovered bug in Apple’s FaceTime software lets Apple users listen in on the people they are calling, and even see through their front-facing camera, without them picking-up the call.

The bug, flagged by 9to5Mac on Monday, was quickly recreated by people across social media. CNN Business confirmed the bug multiple times in its own tests.

Apple said in a statement Monday night that it has identified a fix for the problem and will release it in a software update later this week. In the meantime, Apple’s website indicates Group FaceTime is unavailable, and the company confirmed it has started disabling the Group FaceTime feature for all users.

Subject: Hundreds of keyless cars are vulnerable to high-tech theft, new report says
Source: WPMT FOX43

More than 200 car models that offer keyless entry are susceptible to theft, a report from British consumer group Which? has revealed. The models at risk include four of the five bestselling cars in the UK, produced by Ford, Volkswagen and Nissan.

The vehicles can be stolen using “cheap electronic equipment” purchased online, Which? said. Of the top five most popular cars in the UK — the Ford Fiesta and Focus, the Volkswagen Golf, the Nissan Qashqai and the Vauxhall Corsa — only the Corsa cannot be stolen using this technology, because it does not offer a model with keyless entry.

While these systems require a fob to be within a certain proximity of the car to unlock and start it, thieves can use relay boxes to boost the fob’s signal. This tricks the system into believing the fob is near the car, Which? explained — even if it’s actually inside the owner’s house.

[not clear if USA distributed models are also affected /pmw1]

Subject: Democrats worry hackers exploited the shutdown

Warning that the longest government shutdown in U.S. history may have opened the U.S. up to new national security risks because of undetected cyberattacks, Democratic lawmakers on Tuesday pressed the Trump administration to explain how furloughs disrupted efforts to defend federal computer systems from hackers.

Six Senate Democrats sought answers from senior administration officials about how the government will overcome delays in contracts with firms that safeguard U.S. networks. They also worried that, during the shutdown, agencies weren’t able to quickly implement an emergency Department of Homeland Security order to secure web traffic.

…other Cybersecurity articles:

Subject: Chaos has reportedly erupted inside Facebook as employees find themselves unable to open the company’s apps on their iPhones
Source: Markets Insider

  • Apple has blocked Facebook’s internal apps from working on employees’ phones, The Verge reports.
  • The move is in response to recent revelations that Facebook was misusing Apple’s enterprise app program, meant for internal use, to run a research app that gathered consumer’s phone activity in exchange for payment.
  • Facebook said it’s shutting down the app, which paid people (including teens) up to $20 a month to install a VPN used to track data and activity.
  • Apple later contradicted Facebook’s statement with one of its own, which said that it had removed Facebook’s security certificate after it found the company had violated its developer policies.
  • The move has big ramifications for Facebook, as employees are reportedly locked out of internal company apps. Some Facebook employees told Cheddar they think the company is being “unfairly targeted” by Apple.

Subject: Cyberattacks in Medicine: Is Radiology the Weakest Link?
Source: Medscape

Cybersecurity in radiology is a concern, informatics experts warn. With health networks and patient information increasingly digitized and networked, the potential for damage by hackers is tremendous, and imaging is especially vulnerable, they say.

According to research presented at the 2018 Radiological Society of North America (RSNA) and experts interviewed by Medscape, hackers could potentially wreak havoc by controlling machines using ionizing radiation. Advancing artificial intelligence could scan through a network’s database of images, altering mammograms or prostate scans and potentially causing chaos. Malware can lay dormant, and cause a misdiagnosis of a prominent figure at the most opportune moment for cybercriminals.

“The weakest link is still the healthcare employee duped by a ‘phishing attack,’ ” Nabile M. Safdar, MD, MPH, associate chief medical information officer and vice chair of informatics at Emory University in Atlanta, Georgia, told Medscape.

[continued on page 2 and 3 of the original posting; includes blockchain discussion /pmw1]

Cite this article: Cyberattacks in Medicine: Is Radiology the Weakest Link? – Medscape – Jan 30, 2019.


Posted in: Congress, Courts & Technology, Cybercrime, Cybersecurity, Email Security, Legal Research, Legislative, Privacy, Social Media