Five NHS trusts do DeepMind data deal with Google. One says no

Found on The Register on Friday, 20 September 2019
Browse Various

The agreement is controversial because DeepMind was handed 1.6 million patient health records by the Royal Free Hospital despite no patient having given their consent for their data to be shared or used in this way.

One of Google's first actions on borging DeepMind was to shut its independent ethics review panel.

"Handing 1.5m patients' records to Google was justified in 2015 as the only option – has the NHS under Matt Hancock made no progress on NHS tech?"

So saying "no" was not an option? Sorry, but nobody will believe that. Especially not the millions of people who now have their most personal information shared with Alphabet.

Booking.com still duping customers, says watchdog

Found on BBC News on Thursday, 19 September 2019
Browse Various

The sites had previously been found to be engaging in practices which included misleading discount claims, pressure-selling and hidden charges.

"We found clear evidence that Booking.com has not yet sufficiently cleaned up its act and is flouting the rules on pressure-selling, which could lead to millions of consumers being rushed into making a booking," she said.

A hotelier in Cornwall told BBC News: "I have a small B&B, which I have owned for three years, and have not yet made a profit, due to Booking.com.

Sadly his is common practice. "Only 1 left" is a common sight on all sorts of shops too.

Confidential patient data accessible on the internet – a massive global data leak waiting to happen

Found on Greenbone on Wednesday, 18 September 2019
Browse Various

Greenbone did not have to write any special code to see what patient data was accessible, nor did any software vulnerability have to be exploited, or a zero-day attack carried out. As such, you don’t need to be a hacker to gain access to this highly sensitive data, it’s all visible with the help of freely available tools. To view and – if desired – download this data, you only need a list of IPs and a corresponding viewer. Both are available for download on the net.

Altogether, we unearthed more than 24 million records which, combined linked to more than 700 million images. Of these scans, 400 million were actually downloadable.

Who will be responsible? Nobody, as usual.

Researchers uncover 125 vulnerabilities across 13 routers and NAS devices

Found on Help Net Security on Tuesday, 17 September 2019
Browse Internet

In a cybersecurity study of network attached storage (NAS) systems and routers, Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming an industrywide problem of a lack of basic security diligence.

In nearly all the devices (12 of the 13), ISE achieved its goal of obtaining remote root-level access.

Six of them can be remotely exploited without authentication: the Asustor AS-602T, Buffalo TeraStation TS5600D1206, TerraMaster F2-420, Drobo 5N2, Netgear Nighthawk R9000, and TOTOLINK A3002RU.

This will only change if manufacturers can be held responsible for neglecting security. Bugs can happen, but when 12 out of 13 are exploitable by default, something is wrong.

123-Reg and NamesCo decided to register millions of .uk domains for customers without asking

Found on The Register on Monday, 16 September 2019
Browse Internet

It wasn’t just 123-Reg either, another big registrar, NamesCo was doing the exact same thing: sending invoices to customers for names they had never requested.

These are just some of the thousands of UK domain holders who will soon be charged tens of millions of pounds for domain names they never ordered and in many cases do not want.

Nominet pushed for the creation of new .uk domains over two years ago, despite strong objections from the internet community. It stands to make tens of millions of pounds a year from the scheme.

So, in essence, it's a scam. You do not pay for a product you never ordered. Courts should clean up this mess very quickly.

Men arrested for breaking into Dallas County Courthouse after judicial branch hires them

Found on Des Moines Register on Sunday, 15 September 2019
Browse Legal-Issues

Authorities later found out the state court administration did, in fact, hire the men to attempt "unauthorized access" to court records "through various means" in order to check for potential security vulnerabilities of Iowa's electronic court records.

But, the state court administration "did not intend, or anticipate, those efforts to include the forced entry into a building," a Wednesday news release from the Iowa Judicial Branch read.

The fine print of the conract should offer a few more details; but if they were really hired, they should be let off the hook.

MoviePass will shut down for good on Sept. 14

Found on CNBC on Saturday, 14 September 2019
Browse Various

Shares of MoviePass parent company Helios and Matheson Analytics dropped 10% Friday afternoon, though the stock trades for a fraction of a penny.

Among the options it’s considering are a sale of the company in its entirety, a sale of the company’s assets, including MoviePass, Moviefone and MoviePass Films, as well as the possibility of a reorganization of the company.

It should have been obvious from the first day that this business idea would not work out.

Google to pay €1bn to end French tax probe

Found on BBC News on Friday, 13 September 2019
Browse Legal-Issues

Investigators said Google owed about €1.6bn in unpaid taxes amid a wider crackdown on tax planning of big firms.

The search giant, which is part of Alphabet, pays little tax in most European countries because it reports almost all of its sales in Ireland.

In March, the EU hit Google with a €1.5bn fine for blocking rival online search advertisers and last year the European Commission levelled a record €4.3bn fine against the firm over its Android mobile operating system.

Maybe this will help them to understand that creative tax manipulation is not just a little problem.

Report reveals no-deal Brexit impact – here's what you need to know

Found on New Scientist on Thursday, 12 September 2019
Browse Politics

Yesterday the UK government was forced to release a report describing the possible impact of the UK leaving the European Union without a deal at the end of October, which is looking increasingly possible. The plans had been codenamed Operation Yellowhammer.

Now it’s clear that civil servants, who are supposed to be impartial, expect there to be at least some harmful consequences of leaving the European Union without a deal. They predict that from day one the lorry flow rate through the Channel could roughly halve, for up to three months, with “significant disruption” for another three months.

In the past three years since the referendum nothing has been achieved. That was more than enough time to either make a deal, or prepare for a no-deal scenario, but nothing really happened. Except "we don't want that" replies to everything. So it's time for a hard cut, because then decisions have to be made.

281 Alleged Email Scammers Arrested in Massive Global Sweep

Found on Wired on Wednesday, 11 September 2019
Browse Internet

The action is the biggest of its kind yet against this type of digital scammer, and is a strong symbol of law enforcement's sense of urgency in trying to contain a rapidly growing threat.

"Will it make a dent? It's really hard to say," says Crane Hassold, senior director of threat research at Agari who previously worked as a digital behavior analyst for the FBI, of the arrests. "There are so many actors doing BEC and other types of social engineering scams—there could be thousands, especially in West Africa—that it's going to be difficult to make a significant impact overall."

Better than nothing. Hopefully those 281 will end up in jail for a long time.