86% Of All Passwords Are Already Compromised. Are Yours?


Weekly Axis Of Easy #48


In this issue:
 
  • Facebook using AI to remove “bad stuff” before it’s even reported
  • Cambridge Analytica bytes the dust
  • NSA warrantless data collection soars in 2017
  • Amazon threatens to shutdown Signal over censorship workaround
  • Chinese factories using brain scanners on workers to preempt mistakes
  • France.com seized by France in domain name dispute
  • Spectre-NG: Multiple new CPU flaws found
  • 86% of all passwords are already compromised. Are yours?

Facebook using AI to remove “bad stuff” before it’s even reported

A posting from Facebook VP or Product Management, Guy Rosen reveals that Facebook is now using AI to proactively find “bad content” before it’s even reported or flagged by users. This enables them to “remove bad content faster” and thus remove more of it. Bad content includes: Nudity and graphic violence, “hate speech”, fake accounts, spam, terrorist propaganda and suicide prevention. Unleash the bots.

Cambridge Analytica bytes the dust

After ousting their CEO and denying any wrongdoing (a la “but everybody is doing it!”) Cambridge Analytica, the company that set Facebook’s latest crises in motion, is shutting down. Remember, the patsy always dies, but pay attention to exactly who ends up buying the carcass.  The IP, patents and the data will surely be of interest to someone upon liquidation.

NSA warrantless data collection soars in 2017

Last year the NSA collected mass surveillance on over 540 million calls, that’s three times the amount of “meta data” they collected in 2016.  As Gizmodo reports, all that data was collected in connection with orders to target 40 individuals. Talk about low signal-to-noise.

Amazon threatens to shutdown Signal over censorship workaround

Signal is a secure messaging app of choice (the other is Telegram) for political dissidents and demonstrators in places like Egypt, Oman, Qatar and UAE, where those countries actively try to suppress and block the app. Signal’s response to this has been to use a technique called “domain fronting” which makes the traffic appear as if it’s coming from some other domain, rather than from Signal. Alas, as an Amazon AWS customer, they were fronting though an Amazon cloudfront domain and Amazon has issues with this. So much so that they are threatening to shut down Signal’s AWS account over it.

Chinese factories using brain scanners on workers to preempt mistakes

According to the South China Morning Post “Government-backed surveillance projects are deploying brain-reading technology to detect changes in emotional states in employees on the production line, the military and at the helm of high-speed trains”. Workers are wearing caps which monitor their brainwaves, and when anomalous “emotional states” are detected, like stress, or fatigue (I wonder if it can detect cognitive dissonance or ennui?), managers can take action such as moving the worker to another role.

France.com seized by France in domain name dispute

Thanks to everybody who sent me this one. TL,TR: a French guy has owned France.com since 1994, where he bought it from web.com. He’s been building a business on it ever since and even works with numerous French agencies. At some point, France’s Ministry of Foreign Affairs (whom he even worked with) filed suit in France alleging that he was violating French trademark law, after numerous legal maneuvers the registrar (web.com) locked the domain, and then transferred the name to France.

Many of the people emailing me asked my opinion on it, and what would easyDNS do? Our response: The mechanism that is supposed to be used for handling domain disputes is the UDRP. We are contractually obligated to comply with any UDRP process. That isn’t what happened here, which was a court order in France. In that case, if it were us, then the French government would be required to obtain valid letters rogatory here, to have the order enforced in the Province of Ontario.

In other words: absent the outcome of an UDRP or URS proceeding, we need any foreign court order to be enforced in our jurisdiction.

Spectre-NG: Multiple new CPU flaws found

Intel’s CPUs are still vulnerable to a next generation of Spectre style vulnerabilities. That’s the word out of a German computing magazine. I haven’t seen many references to this here yet (but then again, I had no power for most of the weekend because I live in frickin’ Toronto and it was windy on Friday). The German site released an English translation:

https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html

86% of all passwords are already compromised.  Are yours?

 

People re-use their passwords. That’s what we all figure and security researcher Troy Hunt, who operates HaveIBeenPwned.com has written a blog post supporting that assumption. In his estimates, 86% of passwords being used have already been leaked elsewhere and thus are already floating around the dark web and obtainable by those who know where to look. In other words, as we’ve observed before, you may have the world’s single most unguessable, secure password, but if you used it with a vendor who stored it in clear text (like, I dunno, Twitter maybe?) who eventually gets breached, it’s out there for all to see.


From now until May 31st, get 6 months free web hosting when you register or transfer in a new domain. Click here for more info


Leave a Reply

Your email address will not be published. Required fields are marked *