Pete Recommends – Weekly highlights on cyber security issues, April 27, 2024

Subject: Why Microsoft is a national security threat
Source: The Register[h/t Sabrina]

Interview Microsoft has a shocking level of control over IT within the US federal government – so much so that former senior White House cyber policy director AJ Grotto thinks it’s fair to call Redmond’s recent security failures a national security issue. [extortion? /pmw1]

Grotto this week spoke with The Register in an interview you can watch below, in which he told us that exacting even slight concessions from Microsoft has been a major fight for the Feds.

Youtube Video

“If you go back to the SolarWinds episode from a few years ago … [Microsoft] was essentially up-selling logging capability to federal agencies” instead of making it the default, Grotto said. “As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach.”

That illustrates, Grotto said, that “they [Microsoft] just have a ton of leverage, and they’re not afraid to use it.”

“At the end of the day, Microsoft, any company, is going to respond most directly to market incentives,” Grotto told us. “Unless this scrutiny generates changed behavior among its customers who might want to look elsewhere, then the incentives for Microsoft to change are not going to be as strong as they should be.” ®

+ comments

Filed: Public Sector

Subject: Cerebral to Pay $7 Million Fine and Limit Health Data Use for Ads Under Federal Order
Source: The Markup

Telehealth company Cerebral will pay a $7 million fine and limit the consumer health data it uses for advertising purposes under a new FTC order

Cerebral, a startup best known for dispensing counseling services and prescriptions for conditions like anxiety and depression, has also agreed to pay $7 million to resolve charges that it disclosed customers’ personal health information to third parties for ads, and that it did not honor its promise to make cancellation easy for customers.

This is just the latest in a series of federal actions cracking down on health data privacy online. The current commissioners have pledged to shore up gaps between federal privacy laws governing providers and payers and those protecting consumer services. Two weeks ago, the FTC filed a complaint against Monument, a telehealth company that treats alcohol use disorder with therapy and medications.

While OCR directly enforces the longstanding privacy protections in health care, the FTC has gone after companies for falsely claiming their HIPAA compliance.

Subject: How to change your Social Security Number
Source: Malwarebytes

[mostly info though sponsored] After seeing their Social Security Number (SSN) leaked in the AT&T breach, some US citizens are wondering if and how they can change their SSN.

The good news is that even though it’s a challenging process, it is possible. But if you’ve ever had to abandon an email address that you used for years, imagine all of the hassle that came with that, and then imagine it being about 10 times worse. Governments, your employer, and everyone else that identifies who you are by your SSN will have to be notified. And since it doesn’t happen very often, most of them will not have a streamlined process in place. It will take a lot of time and effort to set every record straight.

All that said, this process is not impossible, and in some cases, it is worth the effort. When do I qualify?

Subject: It’s the End of the Web as We Know It
Source: The Atlantic

The Atlantic [unpaywalled] – A great public resource is at risk of being destroyed. By Judith Donath and Bruce Schneier: “The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming to an end. The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences. To understand why, you must understand publishing. Its core task is to connect writers to an audience. Publishers work as gatekeepers, filtering candidates and then amplifying the chosen ones. Hoping to be selected, writers shape their work in various ways. This article might be written very differently in an academic publication, for example, and publishing it here entailed pitching an editor, revising multiple drafts for style and focus, and so on…The arrival of generative-AI tools has introduced a voracious new consumer of writing. Large language models, or LLMs, are trained on massive troves of material—nearly the entire internet in some cases…
See also via The Atlantic – Read: What to do about the junkification of the internet – What to Do About the Junkification of the Internet. Social-media companies define how billions of people experience the web. The rise of synthetic content only makes their role more important. By Nathaniel Lubin….
Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.

Subject: Oracle approved to handle government secret-level data
Source: FedScoop

Oracle has added its name to the short list of cloud vendors approved to handle classified, secret-level data for the federal government. The company on Monday announced that three of its classified, air-gapped cloud regions received accreditation from the Department of Defense to handle workloads at the secret level — what the department refers to as Impact Level 6 (IL-6).

The achievement comes after Oracle last August also earned a Top Secret/Sensitive Compartmented Information accreditation from the intelligence community. With both that and the latest secret-level cloud authorization, Oracle is approved to handle government information at any classification level in the cloud.



Subject: Cops Are Now Using AI to Generate Police Reports
Source: Gizmodo

Axon, the public safety contractor that popularized the Taser, has launched a new product that is less actively terrifying but still vaguely concerning: an AI-powered software program that lets cops automate their police reports.Axon calls its new product Draft One. According to a press release published on Tuesday, Draft One is a “revolutionary new software product that drafts high-quality police report narratives in seconds.” The software is powered by the powerful large language model GPT-4, and can supposedly write reports by auto-transcribing audio from the police body cameras that Axon sells. Forbes was the first to report on the new product launch.Axon is pitching its new software as a way to reduce police office work so that cops can spend more time in their communities. In its press release, the company frames the benefits of its technology like this…

However, some critics have been quick to note that this product, which was designed to solve problems for the police, could also cause a host of problems for everyone else. Forbes’ article quotes Dave Maass, surveillance technologies investigations director at the Electronic Frontier Foundation, who called the new product “kind of a nightmare.” Maass noted that most cops are not trained in using AI and therefore may not be used to recognizing its foibles. Daniel Linskey, a former Boston Police Department Superintendent-in-Chief who was also interviewed by the news outlet, similarly urged caution in the tech’s deployment.


Subject: You Should Make Your Apple ID Recoverable Right Now
Source: How to Geek

How to Geek: “Your Apple ID is an account that’s worth guarding at all costs. Here are some simple steps you can take to secure it and make sure you can quickly recover it if the worst happens. Why You Should Do This – Let’s suppose for a moment that you lose access to your Apple ID. This could be as part of a deliberate attack or due to you not having access to your password or a trusted device. Remember that two-factor authentication requires that you not only know your password but also provide a code to log in. Suddenly, you lose access to any data you depend on in iCloud. This includes your iCloud Photos, Notes, Reminders, and iCloud Drive contents. You can’t make FaceTime calls or partake in iMessage conversations if you’re unable to log in. If you use an iCloud email account then your email is also out of action. Apple has a process called Account Recovery that is designed for use by anyone who has set up two-factor authentication.

Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.
Posted in: AI, Big Data, Criminal Law, Cybercrime, Cybersecurity, Healthcare, Privacy, Social Media