IT Security Professional
3402 stories
·
22 followers

First thing we do, let’s kill all the experts

3 Shares
Timeworn headstones in Donegal Cemetery.

Enlarge / Here lies an expert (maybe). (credit: Nicolas Raymond / Flickr)

There is a Climate Science Legal Defense Fund. Take a moment to consider the implications of that fact. The inhabitants of what, under other circumstances, would be an obscure academic backwater need legal defense. Non-scientists have convinced themselves so thoroughly that these experts have to be wrong that they claim the whole field is swimming in fraud and have engaged in legal assaults to try to confirm their beliefs. The scientists need legal defense because their opponents are convinced they can provide evidence of the fraud—if only they could see every email the scientists have ever sent.

Climate scientists may suffer from an extreme example of this sort of vilification, but they're hardly alone. The US has had a long history of mistrust in highly educated professionals, but we seem to have shifted to a situation in which expertise has become both a disqualification and a reason for attack.

That's the central argument of Tom Nichols' recent book, The Death of Expertise, which has recently come out in a paperback edition. Nichols is a professor at the Naval War College and an expert himself, having done graduate studies about the former Soviet Union. While he's gained some prominence as a never-Trump conservative, the arguments in his book are evenhanded at distributing blame. And they make disturbing reading for anyone in science who's interested in engaging the public—especially in the science arena.

Read 8 remaining paragraphs | Comments

Read the whole story
josephwebster
10 hours ago
reply
Denver, CO, USA
JayM
14 hours ago
reply
Atlanta, GA
Share this story
Delete

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

3 Comments and 4 Shares

From Kashmir Hill:

Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn't hand over at all, but that was collected from other people's contact books, a hidden layer of details Facebook has about you that I've come to call "shadow contact information." I managed to place an ad in front of Alan Mislove by targeting his shadow profile. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.

Here's the research paper. Hill again:

They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user's account, that phone number became targetable by an advertiser within a couple of weeks. So users who want their accounts to be more secure are forced to make a privacy trade-off and allow advertisers to more easily find them on the social network.

Read the whole story
josephwebster
13 days ago
reply
Like you need another reason to hate Facebook.
Denver, CO, USA
Share this story
Delete
2 public comments
sirshannon
13 days ago
reply
If you still use Facebook, you are an asshole.
lioman
17 days ago
reply
That's evil
Karlsruhe

7th Circuit Rules That Law Enforcement Needs a Warrant to Get Smart Electrical Meter Data

1 Share

TechCrunch reported on August 22nd that the 7th Circuit had issued its ruling in Naperville Smart Meter Association v. Naperville requiring a warrant in order for law enforcement to access smart water meter data.

Let's walk back a few steps. Traditional spinning meters are read perhaps once a month by your local utility- that reading isn't going to tell you a whole lot. It might tell you that the house was had abnormally high electricity use – potentially useful information if you suspected a pot farm was in the basement.

Smart meters send exact meter readings at short intervals, as often as every 15 minutes, and these readings may be kept for years. With that much detail you could not only tell whether someone lives in a house, but whether they're home, what room they're in, how often they do laundry, and on and on.

That data is revealing enough that the court ruled that people with smart meters have a reasonable expectation of privacy and that law enforcement will require a warrant to acquire that data. What if law enforcement wants to prove that someone was at home at a certain time in a criminal investigation? Citizens in Naperville, Illinois were concerned about their constitutional rights.

So a group of those citizens sued the city, which mandated smart readers several years ago, alleging that collection of the data was unconstitutional as an unreasonable search.

An earlier court decision found that by voluntarily sharing electricity consumption data with a third party, residents surrendered their right to privacy. If they have no privacy rights, the court concluded that it was not a "search" to ask for the data.

But as the 7th Circuit pointed out, there isn't really isn't a third party: the city collects the data, and city authorities want to use the data. And even if there were a third party, "a home occupant does not assume the risk of near constant monitoring by choosing to have electricity in her home." So it is a search.

Collecting the data is not an unreasonable search, however, when it is done with no "prosecutorial intent," the court ruled. That means that when the city is acting in its own interest in administrating and improving the electrical grid, it's perfectly reasonable for them to collect this information without a warrant. But if law enforcement wants the data, a warrant would be required.

In an increasingly IoT world, this is a very good decision.

E-mail: snelson@senseient.com Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Read the whole story
josephwebster
53 days ago
reply
Denver, CO, USA
Share this story
Delete

IEEE Statement on Strong Encryption vs. Backdoors

1 Comment and 2 Shares

The IEEE came out in favor of strong encryption:

IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as "backdoors" or "key escrow schemes" in order to facilitate government access to encrypted data. Governments have legitimate law enforcement and national security interests. IEEE believes that mandating the intentional creation of backdoors or escrow schemes -- no matter how well intentioned -- does not serve those interests well and will lead to the creation of vulnerabilities that would result in unforeseen effects as well as some predictable negative consequences

The full statement is here.

Read the whole story
josephwebster
91 days ago
reply
The old "we need this to stop terrorists" never made sense. Especially with the mitigating caveat "we're law enforcement, you can trust us". Glad to see IEEE making this statement.
Denver, CO, USA
christophersw
82 days ago
reply
Baltimore, MD
Share this story
Delete

New and Updated Azure Course for .NET Developers

1 Share

I completely re-worked my Developing with .NET on Microsoft Azure course earlier this year, and the new videos are now available.

Here are some of the changes from the previous version of the course:

- I show how to use the Azure CLI for Azure automation from the command line. The CLI works across platforms and the commands are easy to discover.

- I show how to setup a local Git repository in an Azure App Service and demonstrate how to deploy ASP.NET Core apps from the repo.

- The Azure Functions module uses the new 2.0 runtime to develop a function locally.

- The Azure Function is a function using blob storage, Cognitive Services, and Azure CosmosDB. 

- Numerous other changes to catch up with new features in Azure and VSTS

Enjoy!


image

Here are some other topics you'll see covered in the course:

- Develop and deploy an ASP.NET Core application to Azure App Services

- Manage configuration settings for an App Service

- Monitor and scale an App Service

- Work with input and output bindings in Azure Functions

- Create a git repository with a remote in VSTS or Azure App Services

- Setup a build and release pipeline using VSTS for continuous deployment

- Connect to Azure storage using the Portal, C# code, and Azure Storage Explorer

- Save and retrieve files from blob storage

- Configure alerts

- Monitor performance metrics using Application Insights

- Choose an API for CosmosDB storage

- Create and read documents in CosmosDB

- Create and read records in Azure SQL using Entity Framework Core

Read the whole story
josephwebster
132 days ago
reply
Denver, CO, USA
Share this story
Delete

All the people Apple just pissed off to better protect your privacy

2 Comments and 3 Shares

Apple is turning its oft-expressed stance on privacy into features that are bad news for everyone from other tech companies to government agencies.

When Apple previewed the upcoming iOS 12 and MacOS Mojave at this week’s WWDC keynote, the killer new features that got both developers and users most excited were the ones you’d would expect: the visually stunning Dark Mode on MacOS, the insanely customizable Memojis on iOS, FaceTime group-calling features on both platforms, massive improvements to Siri, and Apple’s all-new Screen Time digital health tracking tools.

Read Full Story



Read the whole story
josephwebster
133 days ago
reply
One wonders how "hard line" Apple will be about enforcing these great privacy features. Is the blocking of trackers applied to everyone or everyone else?
Denver, CO, USA
JayM
134 days ago
reply
Atlanta, GA
Share this story
Delete
Next Page of Stories