Security & Privacy


Facial recognition is here. The iPhone X is just the beginning Clare Garvie

#artificialintelligence

I'm a privacy lawyer who researches the risks of face recognition technology – and I will be buying the new iPhone. But as we grow accustomed to fast and accurate face recognition, we cannot become complacent to the serious privacy risks it often poses – or think that all its applications are alike. Social media applications increasingly integrate face recognition into their user experience; one application in Russia allows strangers to find out who you are just by taking your photo. At the festival in London late last month, the real-time face recognition system reportedly led to 35 misidentifications and only one "correct" match – an innocent person who was not wanted by the police after all.


apples-face-recognition-software-has-privacy-advocates-worried?utm_medium=RSS&utm_campaign=technology

NPR

Critics are concerned that the technology in the new iPhone X could be used -- and misused -- for other purposes.


CCleaner Malware Shows Software's Serious Supply-Chain Security Problem

WIRED

On Monday, Cisco's Talos security research division revealed that hackers sabotaged the ultra-popular, free computer-cleanup tool CCleaner for at least the last month, inserting a backdoor into updates to the application that landed in millions of personal computers. Three times in the last three months, hackers have exploited the digital supply chain to plant tainted code that hides in software companies' own systems of installation and updates, hijacking those trusted channels to stealthily spread their malicious code. Even Artificial Neural Networks Can Have Exploitable'Backdoors' According to Avast, the tainted version of the CCleaner app had been installed 2.27 million times from when the software was first sabotaged in August until last week, when a beta version of a Cisco network monitoring tool discovered the rogue app acting suspiciously on a customer's network. One month later, researchers at Russian security firm Kaspersky discovered another supply chain attack they called "Shadowpad:" Hackers had smuggled a backdoor capable of downloading malware into hundreds of banks, energy, and drug companies via corrupted software distributed by the South Korea-based firm Netsarang, which sells enterprise and network management tools.


Merriam-Webster adds 'alt-right' and 'sriracha' and 250 more words to its dictionary

Los Angeles Times

Sriracha, of course, is a delicious hot sauce. The dictionary also added a new, politically inspired definition to the word "dog whistle": "an expression or statement that has a secondary meaning intended to be understood only by a particular group of people." The technology-related words added by Merriam-Webster include "ransomware," defined as "malware that requires the victim to pay a ransom to access encrypted files," and "Internet of Things," which is "the networking capability that allows information to be sent to and received from objects and devices (such as fixtures and kitchen appliances) using the Internet." The tribute to Johnson features his famous definition of "lexicographer": "a harmless drudge that busies himself in tracing the original, and detailing the signification of words."


HP's Aruba announces 360 Secure Fabric analytics security solution

ZDNet

As part of the Aruba IntroSpect product family, 360 Secure Fabric uses User and Entity Behavioral Analytics (UEBA) to focus on how enterprise players can reduce the risk of insider-driven issues and lapses in security. Aruba 360 Secure Fabric includes a suite of network tools and attack detection software, including a set which use machine learning to detect suspicious behaviors or changes in user and device behavior, whether they be cloud applications or Internet of Things (IoT) devices. In addition, the suite includes Aruba ClearPass, Secure Core -- Wi-Fi, controller and switch security -- and IntroSpect Standard, a basic monitoring system for internal networks and starting point for the enterprise to utilize machine learning in attack detection. "By adding Aruba IntroSpect UEBA analytics and threat detection capabilities, we will be able to better protect our source code by automating anomaly detection and prioritizing security incidents for faster resolution."


Artificial Intelligence in Selection, the Future of Work and the New Generations, Key Topics at the 4th International HR Conference Barcelona

#artificialintelligence

On 6th October 15 top level speakers from companies such as Google, Gartner, Unilever, Global Future of Work Foundation and Ricoh USA will take part in this event which once again makes Barcelona the global centre for new game-changing and innovative trends in HR. All of these questions will be answered at the fourth edition of the International HR Conference Barcelona, organised by Advantage Consultores, which will take place on 6th October in the Telefónica Auditorium in Barcelona. In total 15 top level speakers from companies such as Google, Gartner, Unilever, Global Future of Work Foundation and Ricoh USA, among others, will participate in this year's international date for HR, at which debates will be introduced for the first time. The other speakers are: Donna Venable, Executive Vice President of Human Resources at RICOH USA; Fred Then, CEO, Co-Founder & Startup Coach at Tjaara; Isaac Hernández, Country Manager Iberia at Google for Work; Jordi Plana, CEO of Beezy; and Pau Sendra, CEO of Waynabox.


AI will change the face of security, but is it still the stuff of sci-fi? - Help Net Security

#artificialintelligence

While we wait for this sudden breakthrough to occur, the current role of AI in security is to make our own human intelligence more effective in finding evidence of cyber attacks, seen through the application of machine learning. The most important thing we can do is to make the tool invisible, enabling the user's brain to exist solely in the task space, not the tool space. This is exactly what a good machine learning or AI tool will achieve for a cyber security investigator – freeing them from having to manage the amount of data, and enabling them to concentrate on pure analysis. We expect this trend to continue into the future, persisting even when we do finally develop a true AI sophisticated enough to make complex decisions on its own, as true human intelligence will always have an edge in making intuitive leaps and spotting patterns that the more straightforward AI analysis will miss.


Artificial intelligence #CyberAttacks are coming – but what does that mean? #AI

#artificialintelligence

Hackers will start to get help from robots and artificial intelligence soon. The next major cyberattack could involve artificial intelligence systems.


Hackers Have Already Started To Weaponise Artificial Intelligence

#artificialintelligence

But make no mistake -- modern tools like machine intelligence and neural networks are a form of artificial intelligence, and to believe otherwise is something we do at our own peril; if we dismiss or ignore the power of these tools, we may be blindsided by those who are eager to exploit AI's full potential, hackers included. While it can be argued that automation is fundamentally unintelligent (conversely, a case can be made that some forms of automation, particularly those involving large sets of complex tasks, are indeed a form of intelligence), it's the prospect of a machine intelligence orchestrating these automated tasks that's particularly alarming. An AI can produce complex and highly targeted scripts at a rate and level of sophistication far beyond any individual human hacker. In addition to the criminal activities already described, AIs could be used to target vulnerable populations, perform rapid-fire hacks, develop intelligent malware, and so on.


The A.I. "Gaydar" Study and the Real Dangers of Big Data

#artificialintelligence

Was the computer model picking up on facial characteristics that all gay people everywhere shared, or merely ones that a subset of American adults, groomed and dressed a particular way, shared? Carl Bergstrom and Jevin West, a pair of professors at the University of Washington, in Seattle, who run the blog Calling Bullshit, also took issue with Kosinski and Wang's most ambitious conclusion--that their study provides "strong support" for the prenatal-hormone theory of sexuality, which predicts that exposure to testosterone in the womb shapes a person's gender identity and sexual orientation in later life. The latest version of Apple's Safari browser features "Intelligent Tracking Prevention," which makes it harder for advertisers to monitor your online activity; several ad groups wrote the company to complain that the technology would "sabotage the economic model for the internet." "The growing digitalization of our lives and rapid progress in AI continues to erode the privacy of sexual orientation and other intimate traits," Kosinski and Wang wrote at the end of their paper.