Pete Recommends – Weekly highlights on cyber security issues April 13, 2019

Subject: Social media gets thumbs-down in new US poll
Source: AFP via Yahoo

Washington (AFP) – Americans are fearful about the impact of social media firms such as Facebook and Twitter, with many saying they spread misinformation and divide the country, even though most people still use these networks, a new poll showed Friday.

The NBC News/Wall Street Journal poll found 57 percent of Americans believe social media sites do more to divide the country, and 55 percent said the networks are more likely to spread “lies and falsehoods” than genuine news and information.

“Social media — and Facebook, in particular — have some serious issues in this poll,” said Micah Roberts of the Republican firm Public Opinion Strategies, which conducted the survey with the Democratic firm Hart Research Associates.

“If America was giving social media a Yelp review, a majority would give it zero stars.

Subject: Amazon plunges deeper into healthcare with HIPAA-compliant Alexa
Source: Business Insider

This is an excerpt from a story delivered exclusively to Business Insider Intelligence Digital Health Briefing subscribers. To receive the full story plus other insights each morning, click here.

Amazon released new software that makes its Alexa voice assistant compliant with the Health Insurance Portability and Accountability Act (HIPAA), opening the door for the tech giant to strengthen its foothold in healthcare.

Business Insider Intelligence

For now, the software required to build HIPAA-compliant Alexa skills is accessible via invite only, though Amazon plans to make the software more broadly available. This announcement has been in the works for some time: Amazon carved out a health team within its Alexa division at least a year ago, and was reportedly seeking to hire a HIPAA expert.

Here’s what it means:

The bigger picture: A HIPAA-compliant Alexa lays the groundwork for Amazon to expand its enterprise and consumer-facing healthcare play.

SEE ALSO: THE DIGITAL HEALTH ECOSYSTEM: An in-depth examination of the players and tech trends reshaping the future of healthcare

other stories filed under:

Subject: The Robocall Crisis Will Never Be Totally Fixed
Source: WIRED

Years into the robocalling frenzy, your phone probably still rings off the hook with “important information about your account,” updates from the “Chinese embassy,” and every bogus sweepstakes offer imaginable. That’s despite promises from the telecom industry and the US government that solutions would be coming. Much like the firehose of spam that made email almost unusable in the late 1990s, robocalls have made people in the US wary of picking up their cell phones and landlines. In fact, email spam offers a useful analogy: a scourge that probably can’t be eliminated, but can be effectively managed.

Finding the right tools for that job remains a challenge. The Federal Trade Commission has had a strong track record in its 140 robocall-related suits, including a recent victory at the end of March that targeted four massive operations. Bipartisan anti-robocalling legislation is gaining traction in Congress. Apps that flag or block unwanted calls have matured and are solidly effective. And wireless carriers—in part facing pressure from the Federal Communications Commission—have increasingly offered their own anti-robocalling apps and tools for free.

Yet the number of robocalls continues to hit new highs. The anti-robocalling company YouMail estimates that March 2019 saw 5.23 billion robocalls, the highest volume ever. And other firms recorded similar highs. But those numbers don’t take into account calls that were successfully blocked. A more useful measure might be the number of complaints filed per month to the FCC and FTC, which remained mostly static in 2018 and the beginning of 2019.

filed under:

Subject: AI Chatbot Helps People Find Info on Scams and Frauds
Source: Bleeping Computer®, the official online portal of the U.S federal government, launched an artificial intelligence (AI) powered chatbot named Sam to automate the process of helping people find information on scams and frauds.

The idea behind the AI-based Sam came from the need to make the process of providing’s users with access to all the information the platform has stored in its database using an automated solution.

According to Jelks, scam and fraud were the topics chosen as Sam’s main focus because questions regarding these two subjects have been within the top tasks on the platform and one of the most asked questions in the contact center. is an online platform created to improve the way the general public interact with the U.S. Government by steering its users to the information or government services they’re looking for quicker.

Sam is not the only chatbot working for the U.S. Government seeing that, four years ago during December 2015, the U.S. Citizenship and Immigration Services (USCIS) also launched their own virtual assistant dubbed Emma, a chatbot which answers user questions just as Sam does and leads visitors to the page they’re looking for on the USCIS website.

other Security news:

Subject: Major Browsers to Prevent Disabling of Click Tracking Privacy Risk
Source: Bleeping Computer

A HTML standard called hyperlink auditing that allows sites to track link clicks is enabled by default on Safari, Chrome, Opera, and Microsoft Edge, but will soon have no way to disable it. As it is considered a privacy risk, browsers previously allowed you to disable this feature. Now they are going in the opposite direction.

Hyperlink auditing is a HTML standard that allows the creation of special links that ping back to a specified URL when they are clicked on. These pings are done in the form of a POST request to the specified web page that can then examine the request headers to see what page the link was clicked on.

To create a hyperlink auditing URL, you can simply create a normal hyperlink HTML tag, but also include a ping=”[url]” variable as shown below.

Most browsers wont let you disable in the future

With privacy and online tracking being such a large problem and major concern for many users, you would think that browser developers would give you the option to disable anything that could affect your privacy.

Unfortunately, this seems to be going in the reverse direction when it comes to hyperlink auditing.

According to developer Jeff Johnson, Safari enabled hyperlink auditing by default, but allowed you to disable it by using the following hidden preference.

[I use Chrome and tested the disable of the flag … it seemed to work /pmw1]

Subject: EPIC Warns Appellate Court of Google’s Flawed, Secretive, Massive File Scanning Program
Source: EPIC

EPIC has filed an amicus brief in United States v. Wilson, a case concerning Google’s scanning of billions of personal files for suspected unlawful content, at the behest of the federal government. EPIC argued that “because neither Google nor the Government explained how the image matching technique actually works or presented evidence establishing accuracy and reliability, the Government’s search was unreasonable.” EPIC also explained that “the lower court made a key mistake” by confusing file hashing, which uniquely identifies a file, and image matching, which is prone to false positives. Last year, EPIC filed an amicus brief in a similar case, United States v. Miller. EPIC has promoted algorithmic transparency for many years. EPIC routinely submits amicus briefs on the application of the Fourth Amendment to investigative techniques.


algorithmic transparency amicus EPIC Amicus Filing Wilson Fourth Amendment US v. Wilson

Subject: UK to introduce world first online safety laws
Source: UK Gov via beSpacific

Gov.UK – The Government today unveiled tough new measures to ensure the UK is the safest place in the world to be online.

“In the first online safety laws of their kind, social media companies and tech firms will be legally required to protect their users and face tough penalties if they do not comply. As part of the Online Harms White Paper, a joint proposal from the Department for Digital, Culture, Media and Sport and Home Office, a new independent regulator will be introduced to ensure companies meet their responsibilities. This will include a mandatory ‘duty of care’, which will require companies to take reasonable steps to keep their users safe and tackle illegal and harmful activity on their services.

beSpacific Subjects: E-Records, Government Documents, , Legal Research, Privacy, Search Engines, Social Media

other UK Gov B&I:

Subject: New privacy assistant Jumbo fixes your Facebook & Twitter settings
Source:  Jumbo via beSpacific

So now we need an app to fix our apps. Ok – here is the latest via TechCrunch: “Jumbo could be a nightmare for the tech giants, but a savior for the victims of their shady privacy practices. Jumbo saves you hours as well as embarrassment by automatically adjusting 30 Facebook privacy settings to give you more protection, and by deleting your old tweets after saving them to your phone. It can even erase your Google Search and Amazon Alexa history, with clean-up features for Instagram and Tinder in the works. The startup emerges from stealth today to launch its Jumbo privacy assistant app on iPhone (Android coming soon). What could take a ton of time and research to do manually can be properly handled by Jumbo with a few taps…The full list of what Jumbo can adjust includes Who can see your future posts?, Who can see the people?, Pages and lists you follow, Who can see your friends list?, Who can see your sexual preference?, Do you want Facebook to be able to recognize you in photos and videos?, Who can post on your timeline?, and Review tags people add to your posts the tags appear on Facebook? The full list can be found here…”

beSpacific Subjects: Privacy, Social Media

Subject: Protecting Against Ransomware
Source: DHS via US-CERT

What is ransomware?

Ransomware is a type of malware threat actors use to infect computers and encrypt computer files until a ransom is paid. (See Protecting Against Malicious Code for more information on malware.) After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.

If the threat actor’s ransom demands are not met (i.e., if the victim does not pay the ransom), the files or encrypted data will usually remain encrypted and unavailable to the victim. Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access. The Federal Government does not support paying ransomware demands. (See the FBI’s ransomware article.)

How does ransomware work?…

Subject: Eyes on the Road! (Your Car Is Watching)
Source: The New York Times

Automakers understand that tracking technology raises privacy issues, so BMW does not record or store the driver monitoring information, Mr. Wisselmann said.

Perhaps still smarting from lessons learned in the past, G.M. also does not record what transpires inside the car’s cabin, the company said. In 2011, G.M. tried to change the user agreement in its OnStar service to allow it to share driver information with third-party companies. The backlash from owners was so swift and severe that the Supreme Court cited the episode as proof that people had an expectation of privacy in their cars.

Affectiva, a Boston company developing technology for measuring emotions, has been conducting such research for several years to assess driver behavior. On a closed test track peppered with distractions — people dressed as construction workers, a security vehicle with flashing lights, pedestrians, fake storefronts — Affectiva demonstrated how the company’s program works in tandem with a “collaborative driving” system made by the Swedish auto supplier Veoneer. Veoneer’s technology can control steering and braking on its own, with the occasional intervention of a human driver.

Posted in: Cybercrime, Cybersecurity, Privacy, Social Media