Privacy – Page 12 – Maverisk / Étoiles du Nord

Commoditised exploits

What was first; the exploits or the use of them ..?
When now, we have this kind of reasoning, aptly, there already was this, too.

So, … What now ..?

20161025_163321
[This being the state of (the best of … ;-[ ) Duts design nowadays. Yes the rest is worse, much worse. Law of handicap of head start; Zuid-As]

Bring on the Future; it belongs to ME

Some say self-driving cars / autonomous vehicles will take over driving as if they will take over all driving. But the intermediate phase [where autonomous persons and autonomous masters with slave (!) persons] will see ‘driving’ turn into a pastime, a hobby, of thrill seeker persons. Yes, even with Insurance rates getting somewhat higher. Not much higher, let alone skyrocketing, because the lone drivers that hold out, will find more and more very defensively behaving autonomous tin cans opposite them, scaring the latter (to steer) off the road…! Hence, aggressive drivers will not (provably) cause many accidents, autonomous vehicles will in all their panic. Hence, autonomous humans will not have staggering Insurance rates

and will keep on driving because of the fun of it, the feeling of independence and self-control, the thrill sought and found…

After human chess players could no longer win against ‘computers’, humans still play chess. After humans were outpaced by cars of all kinds, humans still try to win gold medals at the very event. After humans lost Jeopardy against Watson, humans still compete on ‘intelligence’ everywhere; opportunistically retreating ever further on the definition of ‘intelligence’.
Hence, humans will not drive ‘cars’ en masse, in the near+ future. But they will upgrade the purpose of driving, and will drive.

I sure will, for fun. With so many ‘lectric autonomous thingies on the road moving the sheeple, I’ll have or get myself all the road space I need… The road will belong to ME ME ME ..!

And

[One perfect artist does NOT outdo others; Gemeentemuseum Den Haag]

Really Bad Life

The recent spat on (team, in particular) sports not being the character building they’re supposed to be, has a pendant in other realms of game as well. The former, here; the latter, here.

Where, similar to other areas of enticement (link and other posts on this blog), the idea of a level paying field not through the starting positions but through procedural justice, seems to want to jump over the weaving errors of our societies being the unevenness and inequality of the starting positions. Also eloquently explained (with a moral take-home) here. Typical in the RBC article above-linked, in the base (sic) of the great game of golf with its handicap system. But still; this doesn’t diminish the feelings of inequity, either on the non-compensated-for-bad-luck-starting-points side, or on the feeling-bad-for-having-lost-the-advantages-of-an-advantaged-starting-point side.

Wouldn’t wars be over and world peace break out when the problem that eluded some of the most eminent (economics- and others) thinkers, as here and certainly here and here, be solved ..? What transformation away from a bad one, would that require of the world society ..?

I’m seriously interested to hear any pointers and partial work already …

[On the edges of Nature and Appolonian order…, and perfection (in horizon balance) is boring; Ancy-le-Franc]

All Your Data Are Belong To Us

Or, in the form of a question: When
a. One has to notify authorities of any (possible!) data leak, per law, in Europe and soon maybe also in the USofA,
b. Even BIOSses aren’t secure anymore, baked in from the word Go and onwards,
Shouldn’t all organisations declare all of their infrastructure and hence all their data, possibly compromised ..?

Just asking.

[Edited to add this. Also relevant; this one deeper (?)]

And:

[Calm, not private; Museumplein Amsterdam]

You're So Smart

In a reference to a song about me:
Most ab-original humans wouldn’t pass a serious Turing test.
Most serious AI trying to pass, would.

You, the select elite of my blog readers … Well, elite by numbers, mostly, or ..? And select, as in ‘clicked by error’..?

Just kidding, of course, off course.
What I meant was: as originally intended, Turing tests have become a hypothetical mind game ‘only’. Now that we’re approaching ‘intelligence’ of machines, like, graduating from ANI to AGI and on to ASI without a blink — not all of society will change at one instant to the next level, and then after some prep all of society will move to the next! Much more creepy stuff is out there without general (public its) knowledge than you can imagine (if anything) — suddenly we return to the thought experiment.
Acknowledging that we have never been able to give a sort-of extentional definition of ‘intelligence’, only an intentional one. Which may indeed suffice. Now that we’re accustomed, and into ethics discussions rather than did/did-not type of things (ex the laggerds who still can’t stand being surpassed by ‘dumb’ machines — calling them that, calls yourself ‘below’ (quod non) that…), we’ve seem to have made the question irrelevant. When a few still say that this sort of thing is impossible, others are already doing it and hardly anyone seems to care.

The latter part being the scary bit. Wait and see just will not be enough here, in particular RE settling the Ethics elements. It’s not only self-driving cars where momentum is out of human hands and into Technology’s… It’s everywhere.

To not be afraid — or to be but be brave and conquer your fears and Act, this:

[Still recognisable as VR trompe l’oeil; Rijks Amsterdam]

New Normal Hacking

Errm, anyone still surprised about (not) new news on data being stolen, ransomware striking, or democracy perverted, anywhere, all the time ..?

Got a bit worried, and wondered whether there would be others the same, about the current Mehh impression of everyone in the loop, about even political parties [now openly], voting machines, etc., getting cracked and data stolen which combined with at last, at very last finally, the hackability of voting machines not, against all sane arguments, being tamper-resistant — which leads to the vulnerability and class broken-ness of fundamental human values.

And still, there’s hardly more than Mehhh.

Would anyone have a reason not to worry …?

Ah:

How you know that you are old in infosec: you remember when you were trying to get the world to care about improving security.

— Dino A. Dai Zovi (@dinodaizovi) October 6, 2016

Oh well, blue pills everywhere …? Plus:

[Sorry to say lads and lassies of the Royal Academy of Arts, but the Gemeentemuseum did beat you, on this one]
[Edited to add: No, this post was written before the NIST October 7 ‘news’ came out that (‘end’?) users are tired of hack-warnings (security fatigue), if that were a thing. Which is also not quite what I meant above, which is worse…]

Simply, stats

Just putting it down there.

With some discussion, OK, OK…:

Fubbuck still the largest, “of course”, but by less of a margin than previous (?);
Because FB ‘messenger’ oh horrendous thing, is listed separately. Prob with reason. At least, because reasons;
QQ and QZone still biggies, to grow ..!?
Tumblr’s big this time. Let’s dig for demographics, et al., to see whether some specific user group is biasing stats. The age-old subject that the Internet was invented and invaded for, may be a big one in this;
LinkedIn larger than Pinterest. A #first ..? And not by much. Cause? Sturdy growth, hanging in there, holding out and succeeding by others falling back; or has some take(n)-over played a role here …?
Insta quite big but maybe not living up to the hype (or what’s its growth), Snapchat rather flat. Is Millennialhyping a thing from the past already ..?

Contra Bruce, for once

For once, Bruce is not at the right end. Maybe not opposite of it, but.
As per this here blog post of his — a repeat of one of his, and others’, thread.

The argument: We make things, like, security, too difficult for users and hence (?) we shouldn’t try to change them into secure behaviour.
The contra: ‘Guns kill people’, or was it that the men (mostly) firing guns, kill people? And the many toddlers shooting their next of kin since, being at the approximate maturity of the Original gun pwner, they have no clue.

The Contra, too, and much more to the point when it comes to ‘information’ ‘security’: We should make cars run at maximum 5Mph … Since ‘users’ are waaaay too stupid to drive carefully.
Just don’t mention that ‘security’ is a quality not an absolute pass-or-fail thing, and that ‘information’ could not be more vague. [Except ‘cyber’, that’s so vacated of any meaning that it’s a black hole.] And don’t mentoin we still seem to let cars be used by any other moron that once, possibly literally decades ago before ‘chips’ were invented, passed some formal test — the American idea of the test coming very, dangerously, close to … was (sic) it the Belgian? system where one could pick up one’s driver’s license at the post office. Able, allowed, to buy cars that drive not just 5 but 250Mph, on busy roads, without protection against using socmed mid-traffic… One thing could be to introduce Finnish-style booking for unsafe behaviour (if caught, not when as per next paragraph [think that through…]), and/or huge fines for the producers of bad equipment (hw/sw) comparable to fines on car makers, or outright laws to build airbags in, etc.

And then, if we’d design ‘secure’ systems, e.g., the Apple way, we’d end up with even worse Shallows sheeple that have so much less clue than before… And all in the hands of … even in ultra-liberal countries one would suggest either Big Corp, or Big Gov’t, both options being Big Brother literally in such an atrocious Dystopia of humanity.

So, you want safe systems? You get the loss of humanity before actual safety.

[Yes I get the Humans Are The Cause Of Much Infosec Failure thing (including Human Flexibility Can (still!) Solve More Than Machines Can, Against System (!) Malfunction), but also I am completely in favour of both the Humans Must Through Tech Be Completely Shielded From Being Able To Do Anything Wrong and Humans Should Retain All Freedom To Act Responsibly solutions.]

Pick your stand. And:

[Use G Translate if you have to, from Dutch. Typifying the driver, probably, if only for picking the brand/car…; London]

Data Classinocation

I was studying this ‘old’ idea of mine of drafting some form of impact-based criteria for data sensitivity when, along with a couple of fundamental logical errors in some of the most formally adopted (incl legal) standards and laws, I suddenly realised:

In these times of easily provable easy de-anonymisation of even the most protective homomorphic encryption multiplied with the ease of de-anonymisation throught data correlation of even the most innocent data points, all even the most innocent data points/elements must (not should) be classified at the highest sensitivity levels so why classifiy data ..!?

This may not be a popular point, but that doesn’t make it less true.
In similar vein, in European context where one is only to process data in the first place if (big if) there is no alternative and one can process for the Original intent and purpose only,

To prevent data from unauthorised disclosure internally or externally, without tight need-to-know/need-to-use IAM implementation, one already does too little; with, enough.

That’s right; ‘internal use only’ is waaay too sloppy hence illegal — it breaks the legal requirement for due (sic) protection, and if the use of data is, ‘by negligence’ not changing a thing here, let possible, the European privacy directive (and its currently active precursors) do not allow you to even have the data. This may be a stretch but is still understandable and valid once you take the effort to think it through a bit.
Maybe also not too popular.

Needless to say that both points will not be understood the least by all the ‘privacy officer’ types that have rote learned the laws and regulations, but have no experience/clue how to actually use those in practice and just wave legal ‘arguments’ (quod non) around as if that their (song and) dance is the end purpose of the organisation but cannot answer even the most simple questions re allowablity of some data/processing with anything that logically or linguistically approaches clarity. [Note the ‘or’ is a logical one, not the sometimes interpreted xor that the too-simpletons (incl ‘privacy officers’) interpret but don’t know exists.]

OK. So far, no good. Plus:

[Not a fortress, nor a real maze once you see the structure; Valencia]

New! (RE yesterday's post)

Oh how appropriately timed, this…: A new version of l0phtcrack is here ..!

As I mentioned in the passing in yesterday’s post, defense-wise one would be hard-pressed to find anything that’s up to snuff qua being a step ahead of the Other Side, catching up is however still (if only just) feasible. Good to see that the tools once (we talk, like, ages ago, ages being circa 20) used offensively and having disappeared from view, return in all their sophisticated glory — be it as point solutions in a much evolved world but still.

All rejoice and ‘play around only to get to know it’…!

Remember… you may turn out to be such a toll all the same … And:

[Once, sufficient and hard to handle, for defense. Now, a model just for show]