Subject: Walmart Employees Are Out to Show Its Anti-Shoplifting AI Doesn’t Work
They told WIRED they were dismayed that their employer—one of the largest retailers in the world—was relying on AI they believed was flawed. One worker said that the technology was sometimes even referred to internally as “NeverSeen” because of its frequent mistakes. WIRED granted the employees anonymity because they are not authorized to speak to the press.
But the Concerned Home Office Associates said their worries about Everseen long predate the pandemic. Emails obtained by WIRED show that other corporate employees raised issues about the technology failing to prevent theft in both 2017 and 2018. The employees said they were particularly vexed by Walmart’s continued investment in Everseen because NCR Corporation, which makes the majority of Walmart’s registers, had acquired an Everseen competitor called StopLift. They considered the acquisition an endorsement, and were confused as to why StopLift’s technology wasn’t being further explored.
Everseen’s technology was designed in part to help solve a persistent problem with self-checkout. While allowing customers to scan and pay for their own items cuts down on labor costs for retailers, it has also led to more inventory loss, or “shrinkage,” due to shoplifting, employee theft, and other problems. “Theft through self-checkout lanes is exponentially higher than through traditional checkout lanes,” says Christopher Andrews, a sociology professor at Drew University and the author of The Overworked Consumer: Self-Checkouts, Supermarkets, and the Do-It-Yourself Economy.
Subject: Choosing 2FA authenticator apps can be hard. Ars did it so you don’t have to
The experience shows the double-edged sword of multi-factor authentication. Requiring users to enter a password that’s pseudorandomly generated every 30 seconds makes account takeovers significantly harder, even when an attacker has phished or otherwise obtained the password. But in the event that second factor (in this case, the “something you have,” that is, the phone) isn’t available, that same protection can block legitimate users from logging in for unacceptably long periods of time.
The two authenticators that stood out were Duo and Authy. Both made backups easy, and gave me a reasonable level of confidence that they would keep the secret seeds secure and confidential under my threat models. Both authenticators focus primarily on enterprise customers, who pay to use them to log large numbers of employees into corporate portals and private networks.
There are two main aspects of digital surveillance to be concerned about while at a protest. One is the data police could potentially obtain from your phone if you are detained, arrested, or they confiscate your device. The other is law enforcement surveillance, which can include wireless interception of text messages and more, and tracking tools like license plate scanners and facial recognition. You should be mindful of both.
After all, police across the country have already demonstrated their willingness to arrest and attack entirely peaceful protestors as well as journalists observing the demonstrations. In that light, you should assume that any digital evidence that you were at or near a protest could be used against you. “It’s clear the government is bringing the full force of the surveillance state to monitor these uprisings,” wrote Evan Greer, the deputy director of the activist organization Fight for the Future, in a Twitter thread laying out digital security advice. “Remember that taking these steps isn’t just about protecting yourself, it’s about protecting others who may be more at risk than you because they are undocumented, have a criminal record, [or] have an underlying health condition that would make an arrest life threatening.”Protect Your Smartphone
The most important decision to make before leaving home for a protest is whether to bring your phone—or what phone to bring. A smartphone broadcasts all sorts of identifying information; law enforcement can force your mobile carrier to cough up data about what cell towers your phone connected to and when. US police have also been documented using so-called stingray devices, or IMSI catchers, that impersonate cell towers and trick all the phones in a certain area into connecting to them. This can give cops the individual mobile subscriber identity number of everyone at a protest at a given time, undermining the anonymity of entire crowds en masse.
“The device in your pocket is definitely going to give off information that could be used to identify you,” says Harlo Holmes, director of newsroom security at the Freedom of the Press Foundation,
Allen Look, former CISO of the SI Group suggested that while user awareness was a big deal and training programs were key, a lot of organizations did not have a follow-up to training.
Perhaps employees should be frequently tested to ensure they’re up-to-date on policies, or be rewarded when they spot phishing scams.
While the survey data may suggest that there was some fatigue caused by excessive training, Jim Gumbley, cyber security principal at technology consultancy ThoughtWorks, suggested this may not be the case and that there are many factors in play at the same time.
“From experience, quality can be more important than quantity. If training is dry and carried out for compliance purposes only, it will not have much effect. To change behaviour, the training needs to be engaging and lock into the things which influence how folks think about security and act around sensitive data – this includes highlighting ‘why’,” he says.
Source: Popular Science via beSpacific
[filed under The Countries That You Don’t Want to PO … ]
Subject: Drug Safety: COVID-19 Complicates Already Challenged FDA Foreign Inspection Program
Source: U.S. GAO
The outbreak of COVID-19 has called greater attention to the United States’ reliance on foreign drug manufacturers. Much of the drug manufacturing for the U.S. market happens overseas—and drugs for treating COVID-19 are no exception.
Food and Drug Administration inspections of foreign and domestic drug manufacturers are critical to ensuring drug safety and effectiveness.
But FDA began to postpone almost all inspections of foreign manufacturing establishments in March 2020 due to COVID-19. We testified that this lack of foreign inspections removes a critical source of information about the quality of drugs manufactured for the U.S. market.
Most Foreign Drug Manufacturing Establishments Shipping to the United States Are in 10 Countries
Source: Reuters via beSpacific
filed Reuters Tech News:
Subject: USPS Provides Recommendations for Successful 2020 Election Mail Season
Source: SPS General Counsel via beSpacific
Subject: Keeping water and energy secure
Technologically advanced, or “smart,” cities often integrate water and energy systems, which are controlled automatically by sensors and remote monitoring systems, according to Khazaei. If hackers gain access to these advanced metering infrastructures and inject false data readings, they can cause failures without detection.
To examine the feasibility of such attacks and understand cyber attackers’ strategies, the researchers will use multi-objective mathematical formulations to create an attack model like one a hacker would use to carry out an attack. The models will be critical in identifying the vulnerability of interlinked water and energy systems and understand what would cause blackouts or water cutoffs.
In tandem with the attack models, the researchers will develop two big data analytics-based detection methodologies — a recursive least-square estimation method and a machine learning-based bad data detection strategy that can detect stealthy attacks.
“Cybersecurity for water treatment and supply networks is only loosely monitored at the federal and state levels, where the primary focus is often on water quality,” she said. “There is an urgent nationwide need for cybersecurity expertise. Javad’s research will provide needed background information for officials at both the federal and state level to make reforms and protect the nation’s critical infrastructure.”