Canada calls Clearview AI’s facial recognition ‘mass surveillance’
Canada’s privacy commissioners have told Clearview AI to stop offering its facial recognition services in the country, to stop scraping Canadians’ faces off social networking and other public sites, and to trash the images it’s already used to fatten its database. Clearview has already scraped more than three billion photos. Its app is used by over 2,400 law enforcement agencies in the US and by Canadian law enforcement agencies including the national Royal Canadian Mounted Police. Clearview stopped offering the app in Canada last July and says it’s eager to fight the Canadian orders in court.
Amazon pulls Big-Brother move, puts AI cameras in delivery vans
Amazon has begun rolling out always-on, AI-enabled surveillance cameras in its delivery vehicles. The cameras will flag safety infractions, including failure to stop at stop signs, speeding and distracted driving. The cameras, which are from Netradyne, will help the company improve safety in its delivery network, Amazon says. Prior investigations have, in fact, uncovered safety issues and poor working conditions reported by some drivers and former Amazon employees. But drivers are leery about the heightened employee surveillance and a lack of privacy, describing the cameras as “unnerving,” “Big Brother” and “a punishment system.”
(CNBC)
Myanmar blocks Facebook following military coup
As we reported yesterday, Facebook has pledged to protect posts critical of the Myanmar military coup and to track accounts hacked or taken over by the military. The new military government swiftly made that decision moot, ordering local telecoms to temporarily block Facebook until midnight on February 7. NetBlocks, a company that tracks global internet usage, reports that Messenger, Instagram and WhatsApp have also been blocked on the state-owned telecom operator that commands the market.
Firewall source code stolen in Stormshield hack
Hackers who attacked the French cybersecurity firm Stormshield have stolen sensitive customer information and source code for the company’s Stormshield Network Security (SNS) firewall, the company revealed this week. Stormshield said that the attacker gained access to a portal used by customers and partners, which may have given them access to support tickets and staff communications. As of Wednesday, the firm hadn’t discovered any modifications to the source code or seen any evidence of tampering with operational Stormshield products. But as Graham Cluley points out, the breach does raise the possibility of threat actors either uncovering security holes in the firewall that might be exploited in later attacks, or could conceivably lead to the creation of malicious updates.
Thanks to our episode sponsor HID Global
Free coffee!? … Thanks, outdated smart-card readers!
A Dutch researcher has hacked prepaid vending machines to provide all-you-can-drink Nespresso coffee by taking advantage of older commercial machines’ reliance on insecure smart cards. No, you can’t get yourself a bottomless cup. Fortunately for Nespresso, cybersecurity researcher Polle Vanhoof took the path of responsible disclosure. In the security vulnerability disclosure he published this week, he described how some older machines rely on outdated Mifare Classic smart cards that store value, rather than storing monetary value on a remote server. The hack only worked against older payment cards that were cryptographically defeated way back in 2008 and 2009.
Victims’ data is increasingly lost for good in bungled ransomware attacks
Ransomware attacks have skyrocketed, but so too have victims’ refusal to pay extortion. Instead, more and more victims prefer to rely on backups, regardless of attackers’ threats to leak their data. But increasingly, their data is destroyed by mistake, leaving companies unable to recover their data even if they pay. Ransomware remediation firm Coveware reports that in the last quarter of 2020, it received a growing number of reports about entire clusters of servers and data shares being wiped out. Coveware says that the “uptick in haphazard data destruction” could be a result of unskilled hackers flooding the ransomware business.
Apple’s parental controls equate ‘Asian’ to ‘porn’ in kids’ searches
If you turn on blockers for your kids’ iOS devices so they don’t see “adult content,” they won’t be able to search for Asian fusion, diaspora, communities, countries, politics, cultures or hairstyles. Swap the term “Asian” for “European,” “African,” “Indian” or “Arab”, and the searches will do just fine. The glitch isn’t news, but it’s still an issue: The Independent cites a recent tweet from iOS developer Steven Shen, who filed a report on the matter to Apple in late 2019. It was also flagged on Twitter by Charlie Stigler, a product strategist at Workday. Stigler wrote that the built-in adult content filter in iOS blocks all searches with the keyword “Asian,” assuming that they’re related to porn.
Israeli hackers breach KKK site, dox white supremacists
A group of Israeli hackers who identified themselves as an anti-fascist collective going by the name Anonymous Soldiers have broken into a Ku Klux Klan-affiliated website. They also doxxed the names, photos and other personal information about members of the KKK group, the Patriotic Brigade Knights. Anonymous Soldiers also replaced some of the site’s content with their own, including posting a banner saying: “Shabbat Shalom! Goodnight white pride.” In a statement to the Jerusalem Post, the group said that its aim is” to strike terror” into their hearts. “Neo-Nazi and other white supremacist groups believe that Jews have an all-seeing eye,” the statement said. “Our desire is to make their fantasies a reality.”