Send nexa mailing list submissions to
        nexa@server-nexa.polito.it

To subscribe or unsubscribe via the World Wide Web, visit
        https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa
or, via email, send a message with subject or body 'help' to
        nexa-request@server-nexa.polito.it

You can reach the person managing the list at
        nexa-owner@server-nexa.polito.it

When replying, please edit your Subject line so it is more specific
than "Re: Contents of nexa digest..."


Today's Topics:

   1. Re: "Unix 50" (Giacomo Tesio)
   2. Facebook must face $35B facial-recognition lawsuit following
      court ruling | Ars Technica (Alberto Cammozzo)
   3. NordVPN, TorGuard,        and VikingVPN VPN providers disclose
      security breaches (Giacomo Tesio)
   4. Tribute to the Life of Giovanni Buttarelli - YouTube
      (J.C. DE MARTIN)
   5. The Impact of Machine Learning & AI on Geomatics (Agata Lo Tauro)
   6. Inside the Phone Company Secretly Run By Drug Traffickers
      (Giacomo Tesio)
   7. Mind-reading tech: how private companies work to gain access
      to our brains (Alberto Cammozzo)


----------------------------------------------------------------------

Message: 1
Date: Wed, 23 Oct 2019 12:17:27 +0200
From: Giacomo Tesio <giacomo@tesio.it>
To: "J.C. DE MARTIN" <demartin@polito.it>
Cc: ego@atrent.it, Nexa <nexa@server-nexa.polito.it>
Subject: Re: [nexa] "Unix 50"
Message-ID:
        <CAHL7psGd6WeEUJXhEuiocvqWhO4t_xvDvMg5=jZZJzwW_ZCLoQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"

On 23/10/2019, J.C. DE MARTIN <demartin@polito.it> wrote:
> Preciso solo che - vista l'età - la sua partecipazione
> sarà da remoto.

Ops... scusate... l'entusiasmo mi ha evidentemente accecato.
Sto diventando vecchio... :-)

Rimane comunque una sessione molto interessante.


Giacomo


------------------------------

Message: 2
Date: Wed, 23 Oct 2019 12:46:29 +0200
From: Alberto Cammozzo <ac+nexa@zeromx.net>
To: Center Nexa <nexa@server-nexa.polito.it>
Subject: [nexa] Facebook must face $35B facial-recognition lawsuit
        following court ruling | Ars Technica
Message-ID: <badbff72-caa1-5cf3-70b2-bfd390616847@zeromx.net>
Content-Type: text/plain; charset=utf-8

<https://arstechnica.com/tech-policy/2019/10/35-billion-facial-recognition-lawsuit-against-facebook-moving-forward/>


Facebook's most recent attempt to extricate itself from a potentially
landmark lawsuit has come to a dead end, as a federal court declined to
hear another appeal to stop the $35 billion class action.

In San Francisco last week, the US Court of Appeals for the 9th Circuit
denied Facebook's petition for an en banc hearing in the case. Usually,
appeals cases are heard by a panel of three judges out of all the judges
who work in a given circuit. An en banc hearing is a kind of appeal in
which a much larger group of judges hears a case. In the 9th Circuit, 11
of the 29 judges sit on en banc cases.

Facebook had requested an en banc hearing to appeal the 9th's Circuit's
August ruling, in which the court determined that the plaintiffs had
standing to sue, even though Facebook's alleged actions did not cause
them any quantifiable financial harm. The class-action suit can now move
forward.
Further Reading
Facebook’s new facial recognition feature finds you in untagged photos

Three different Illinois residents filed suit against Facebook back in
2015. The suits, which were eventually rolled together into one single
class-action complaint, argue that Facebook's collection of users' faces
for tagging purposes violates the Illinois Biometric Information Privacy
Act, a law that requires businesses to gather consent from state
residents before their biometric data is collected or used.

The penalty Facebook would face for violating the Illinois law is up to
$5,000 for each knowing violation. There are about 7 million Facebook
users in Illinois, meaning Facebook could face a maximum fine of around
$35 billion if the case goes to trial and the company loses.
Facial recognition: Far from flawless

While one tech giant faces a lawsuit over facial recognition that works
too well, another is facing criticism over facial recognition that
doesn't work well enough.

The Massachusetts branch of the American Civil Liberties Union this week
released the results of a test it ran on Amazon's Rekognition software,
in which it mistakenly matched many New England professional athletes to
mugshots from a database. The ACLU compared images of 188 athletes from
the Boston Bruins, Boston Celtics, Boston Red Sox, and New England
Patriots teams against a database of about 20,000 public arrest photos.
The ACLU found that 27 of the athletes, more than 14%, were falsely
identified in the mugshots.

[...]


------------------------------

Message: 3
Date: Wed, 23 Oct 2019 17:30:48 +0200
From: Giacomo Tesio <giacomo@tesio.it>
To: nexa@server-nexa.polito.it
Subject: [nexa] NordVPN, TorGuard,      and VikingVPN VPN providers
        disclose security breaches
Message-ID:
        <CAHL7psH0DnHo7zeBEMdr5V_2M3_KaKHsLAfnKtvfp7N73mypgQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"

https://securityaffairs.co/wordpress/92808/hacking/nordvpn-torguard-vikingvpn-hack.html

NordVPN and TorGuard VPN firms were hacked, threat actors leaked the
private keys used to secure their web servers and VPN configuration
files.

Hackers have breached the systems used by NordVPN and TorGuard VPN
companies and leaked the private keys used to secure their web servers
and VPN configuration files.

The information belonging to the NordVPN company that was leaked
online were stolen from the server of the VPN provider last year.
[...]


A bigger problem was that they weren't practicing secure PKI
management because the CA private key was stupidly on the same server.
With that private key, an attacker could easily generate their own
server cert/key and MiTM any other server. [...]


The keys could be used for a man-in-the-middle attack. In addition, it
can be assumed that the attacker was able to access traffic during the
hack. [...]


“A few months ago, we became aware that, on March 2018, one of the
datacenters in Finland we had been renting our servers from was
accessed with no authorization.” reads the statement published by the
VPN provider. “The attacker gained access to the server by exploiting
an insecure remote management system left by the datacenter provider.
We were unaware that such a system existed. [...]


The incident also impacted other VPN providers using the same data
center, such as VikingVPN and TorGuard.

TorGuard was the only VPN provider of the three impacted by the
incident to be implementing secure PKI management this means that its
main CA key was not on the affected VPN server.



Giacomo


------------------------------

Message: 4
Date: Wed, 23 Oct 2019 19:54:14 +0200
From: "J.C. DE MARTIN" <demartin@polito.it>
To: Center Nexa <nexa@server-nexa.polito.it>
Subject: [nexa] Tribute to the Life of Giovanni Buttarelli - YouTube
Message-ID: <3193909C-A6F5-4BDA-8102-B7A4F86A31C9@polito.it>
Content-Type: text/plain; charset=us-ascii


https://www.youtube.com/watch?v=4dUgrN9Vqow


(Sent from my wireless device; please excuse brevity and typos (if any))


------------------------------

Message: 5
Date: Wed, 23 Oct 2019 20:58:52 +0200
From: Agata Lo Tauro <agatalotauro@gmail.com>
To: nexa@server-nexa.polito.it
Subject: [nexa] The Impact of Machine Learning & AI on Geomatics
Message-ID:
        <CAF0XQCSDU6N3OAutTFmiXPp7RLcBJW=Ff6G+5YPOT8TKTYCUsg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

The Impact of Machine Learning & AI on Geomatics

https://gogeomatics.ca/the-impact-of-machine-learning-ai-on-geomatics/

PS_perdonate, spesso scrivo velocemente e non faccio caso agli orrori di
spelling... etc, sorry! :-)

Cari saluti a voi tutti,
Agata
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://server-nexa.polito.it/pipermail/nexa/attachments/20191023/470e8578/attachment-0001.html>

------------------------------

Message: 6
Date: Thu, 24 Oct 2019 01:28:54 +0200
From: Giacomo Tesio <giacomo@tesio.it>
To: nexa@server-nexa.polito.it
Subject: [nexa] Inside the Phone Company Secretly Run By Drug
        Traffickers
Message-ID:
        <CAHL7psGmTQ8TgoiWV21H31Vyt9hCobu7719SXQVWc81kVVo+rQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"

All over the world, in Dutch clubs like the one Kok frequented, or
Australian biker hangouts and Mexican drug safe houses, there is an
underground trade of custom-engineered phones. These phones typically
run software for sending encrypted emails or messages, and use their
own server infrastructure for routing communications.

Sometimes the devices have the microphone, camera, and GPS
functionality removed. Some also have a dual-boot mode, where powering
on the device as normal will show an innocuous menu screen with no
sensitive information. But if certain buttons are held down when
turning the phone on, it will reveal a secret file system containing
the user’s encrypted text messages and other communications.

With these tweaks, the ordinary methods for law enforcement to
intercept messages are cut-off—police can’t simply get an ordinary
phone tap or subpoena messages from a company; the texts are typically
only available in a readable form on the users’ devices. [...]

For MPC, the process of setting up the devices was relatively simple:
MPC would take a Google Nexus 5 or Nexus 5X Android phone, and then
add its own security features and operating system, according to
social media posts from MPC and a source with knowledge of the
process. MPC then created the customer’s messaging accounts, added a
data-only SIM card (which MPC paid about £20 a month for), and then
sold the phone to the customer at £1,200. Six-month renewals cost
£700, the source added. MPC only sold around 5,000 phones, the source
said, but that still indicates the business netted the company some £6
million. At one point, a version of MPC's phones also used code from
an open-source, security-focused Android fork called CopperheadOS,
three sources said. [...]

Initially, The Brothers were clients of the encrypted phone industry,
and used to buy their specialized BlackBerry devices from a company
called Ennetcom, according to a source with knowledge of their
operations. Dutch police say they have linked Ennectom, run by a man
called Danny Manupassa, to cases of assassination, armed robbery, and
drug trafficking.

The Brothers, not wanting to trust others with their security, decided
to create their own devices. They hired developers to make a custom
operating system. Motherboard confirmed the name of one of those
developers with three sources in the secure phone industry; the
developer did not respond to multiple requests for comment.



Continua su http://web.archive.org/web/20191023140835/https://www.vice.com/en_us/article/wjwbmm/inside-the-phone-company-secretly-run-by-drug-traffickers


Giacomo


------------------------------

Message: 7
Date: Thu, 24 Oct 2019 06:47:08 +0000
From: Alberto Cammozzo <ac+nexa@zeromx.net>
To: Nexa <nexa@server-nexa.polito.it>
Subject: [nexa] Mind-reading tech: how private companies work to gain
        access  to our brains
Message-ID: <87B305C9-E1F3-4AA2-B96B-DF9DA8CF27F3@zeromx.net>
Content-Type: text/plain; charset="utf-8"

<https://www.theguardian.com/technology/2019/oct/24/mind-reading-tech-private-companies-access-brains>


It’s raining on your walk to the station after work, but you don’t have an umbrella. Out of the corner of your eye, you see a rain jacket in a shop window. You think to yourself: “A rain jacket like that would be perfect for weather like this.”
'You're trying to help drug dealers': Zuckerberg faces angry lawmakers at Libra hearing.

Later, as you’re scrolling on Instagram on the train, you see a similar-looking jacket. You take a closer look. Actually, it’s exactly the same one – and it’s a sponsored post. You feel a sudden wave of paranoia: did you say something out loud about the jacket? Had Instagram somehow read your mind?

While social media’s algorithms sometimes appear to “know” us in ways that can feel almost telepathic, ultimately their insights are the result of a triangulation of millions of recorded externalized online actions: clicks, searches, likes, conversations, purchases and so on. This is life under surveillance capitalism.

As powerful as the recommendation algorithms have become, we still assume that our innermost dialogue is internal unless otherwise disclosed. But recent advances in brain-computer interface (BCI) technology, which integrates cognitive activity with a computer, might challenge this.

In the past year, researchers have demonstrated that it is possible to translate directly from brain activity into synthetic speech or text by recording and decoding a person’s neural signals, using sophisticated AI algorithms.

While such technology offers a promising horizon for those suffering from neurological conditions that affect speech, this research is also being followed closely, and occasionally funded, by technology companies like Facebook. A shift to brain-computer interfaces, they propose, will offer a revolutionary way to communicate with our machines and each other, a direct line between mind and device.

But will the price we pay for these cognitive devices be an incursion into our last bastion of real privacy? Are we ready to surrender our cognitive liberty for more streamlined online services and better targeted ads?
[...]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://server-nexa.polito.it/pipermail/nexa/attachments/20191024/da8f25f6/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
nexa mailing list
nexa@server-nexa.polito.it
https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa


------------------------------

End of nexa Digest, Vol 126, Issue 39
*************************************