Weekly Axis Of Easy #77
This week’s quote: “The most important product of science is knowledge. However, the most important product of knowledge is ignorance” …by ????
Last Week’s Quote was “We are almost entirely incapable of predicting the future, yet economics strangely purports to be exempt from this fact of life. ” …by George Gilder, winner was David Gordon-Brown
THE RULES: No searching up the answer, must be posted in the comments below:
The Prize: First person to post get their next domain or hosting renewal is on us.
- easyDNS introduces a new and improved account recovery mechanism
- Popular NPM package compromised
- Marriott discloses data breach spanning 4 years affecting 500 million customers
- Scientists propose massive centralized DNA database will protect privacy
- Amazon to data mine patient health records for profit
- Blockchain study find 0.00% percent of use cases are successful
- NBC to use AI to match ads to the content you’re watching
- These smart mattresses do not record the sounds you make while in bed (yet)
- Second genome-edited baby “in the oven”, as China yanks project
- Swedes abandon cash in favour of The Mark of the Beast
easyDNS introduces a new and improved account recovery mechanism
We’ve introduced a better way to handle account recovery in the new Enhanced Security Module (ESM). Under this system it generates a series of recovery phrases which you will store offline in a secure manner, right? And if you need to recover your account we’re going to key off those code words. There’s also a new numeric PIN to enable telephone authorizations.
The old, more dated “Secret question / secret answer” methodology is still supported for backward compatibility but you should really transition to the ESM.
Check your account security settings here: https://cp.easydns.com/manage/security/
Popular NPM package compromised
I swear we once included a piece in a previous issue of #AxisOfEasy by a security researcher who posited that one could compromise a lot of machines by introducing malware into an NPM package. Actually it’s this piece, but maybe we never actually put it in here (a lot of stuff ends up on the cutting room floor sometimes)
Anyway, somebody went and did it, offering to take over maintenance of a dormant software package called “event-stream” from a beleaguered dev who maintains 422 other open source packages, and then back-dooring it to inject code, appearing to target a specific bitcoin wallet.
Read: https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5
Marriott discloses data breach spanning 4 years affecting 500 million customers
In 2016 Marriott hotels purchased the Starwood Alliance group for $13 billion. I’m guessing the part where hackers had penetrated the Starwood reservations system and had access to it for 2 years prior to the deal somehow got under the radar of the due diligence process. It took another 2 years for Marriott to figure it out and the disclosure was made last week: the Starwood reservation system had been penetrated since 2014 and personal contact details, including passport numbers, addresses, emails for 500 million customers were breached. It is not known yet if credit card data was also breached because CC nums were encrypted separately.
Scientists propose massive centralized DNA database will protect privacy
“In a new paper published in the journal Science.., researchers suggest that the best way to protect genetic information might be for all Americans to deposit their data in a universal, nationwide DNA database. “ Of course, the thesis is that having one central database administered by some central authority that knows what’s best will do better than a fragmented assortment of databases operated by, say… Equifax and Marriott and all those other experts. But still. I don’t think so.
Amazon to data mine patient health records for profit
…or Amazon, for that matter. Who is now getting into the health records data-mining business. Amazon will be selling software that enables doctors and medical facilities to data mine patient health data in order to “improve treatment and cut costs”. What could possibly go wrong?
Read: https://www.wsj.com/articles/amazon-starts-selling-software-to-mine-patient-health-records-1543352136 (paywall)
Blockchain study find 0.00% percent of use cases are successful
According to The Register, a study of 43 blockchain use cases in “the international development sector” has yielded zero success stories of anything actually getting off the ground and working. Of course, this is The Register, who of late seem to specialize in hit pieces, so you have to take it with a grain of salt. Apparently creating a medium that enables one to protect their own savings from the machinations of interventionist technocrats doesn’t count for anything.
NBC to use AI to match ads to the content you’re watching
NBC Universal will be deploying a system that uses “machine learnings” to place contextually relevant commercials to better match what’s going on in the programs you are watching. The “Contextual Intelligence Platform” looks at programming scripts, closed captioning and visual description data “to find opportune moments for a given advertiser to appear as well as an emotional gauge for each scene determined by proprietary algorithms”.
What a time to be alive…
These smart mattresses do not record the sounds you make while in bed (yet)
After web designer Michael Farrell noticed an unusual reference in mattress manufacturer Sleepnumber’s privacy policy, namely that it may collect “Audio in your room to detect snoring and similar sleep conditions” the company quickly removed the clause and clarified that their mattresses do not contain listening devices. The explanation for why that clause would appear in their policy if that were the case was that they were testing a mattress that did listen for snoring, but did not move forward with the project.
It’s only a matter of time before somebody does. Imagine the possibilities once the hackers figure out the shodan search string to find wide open unprotected mattresses with default admin passwords…..
Second genome-edited baby “in the oven”, as China yanks project
Last week we reported how a Chinese scientist brought forth the first pair of genome edited babies (twins) who would be HIV immune (sort of). I got a very interesting reply from a reader about that which seems to imply the procedure may not be as tidy as reported and may have unintended side effects (gee, you mean if you genetically engineer babies something unexpected might happen? Who would have thunk it)
Now there’s another one on the way, the same doctor has engineered a second pregnancy but around the same time news came out that the hospital undertaking the trials had shut down or paused the project.
Read: https://www.yahoo.com/news/gene-edited-baby-trial-paused-china-scientist-070016806.html
That’s it for this week.
(We have a nice little community starting up on our mastodon node https://nojack.easydns.ca – head on over now and create yourself an account.)
Regards,
— mark
P.S Thanks to all of you who checked out my wife’s debut novel or better still bought a copy. Just a quick note that in Canada the paperbacks sold out and are currently on priority backorder. You can check her website for current status. Thanks again.
Gus says
Is it David Jonathan Gross ?
Tony Q. King says
“Is it”?
Well, of course it is David Gross, you ninny. Be more forthright! Stand up. Be a man.
Do not pose your answer in the form of a question. Or are we playing “Jeopardy” now?
Apparently, Gross “…set out to disprove quantum field theory – and the opposite occurred!”.
Well, this eventually happens to all of us, doesn’t it? In my case, sooner.