A team of researchers from Microsoft and Harvard's Berkman Center have published a taxonomy of "Failure Modes in Machine Learning," broken down into "Intentionally-Motivated Failures" and "Unintended Failures." Read the rest

DMARC is an anti-email-spoofing tool that mail-server administrators can enable; it's designed to reject emails with forged return addresses. Read the rest

The most on-brand name since “Fraud Guarantee.” Read the rest

The Firefox extensions store removed four plugins from Avast/AVG, including two that are supposed to keep users safe from malicious activity because they appeared to be stealing browser histories and other user data. Read the rest

In a decision released late Tuesday night, a federal judge ruled that up to 29 million Facebook users whose personal info was stolen in a September 2018 data breach are not entitled to sue Facebook as a group for damages -- but the users may be entitled to demand better personal data security at Facebook. Read the rest

China-based technology company ByteDance is on a charm offensive, reports Reuters, ramping up efforts to distance its popular social app TikTok from the rest of its Chinese operations. Read the rest

In TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents, a group of Boston University researchers demonstrate an attack on machine learning systems trained with "reinforcement learning" in which ML systems derive solutions to complex problems by iteratively trying multiple solutions. Read the rest

154 pounds of 'prohibited bologna' from Mexico was seized by U.S. Customs and Border Protection agents at a Texas border crossing point, according to a zesty CBP news release that's making the news rounds today. Read the rest

Every year around this time, our friends at Sparrow Lockpicks (previously) come out with a incredibly clever, giftable addition to your locksport arsenal; I always buy a few of these for Christmas gifts (often for younger people on my list) and they're universally well received. Read the rest

T-Mobile today admitted that a recent "criminal hack" accessed personal data of some prepaid wireless customers' accounts. Read the rest

Consumer Reports' Digital Lab does groundbreaking privacy research: they're hiring for eight positions including technologists ("resident hacker," "digital standard manager," "information security researcher," "program manager, security and testing," and "privacy testing project leader"); journalists ("digital content manager"); policy and comms ("senior researcher, digital competition" and "associate director, strategic communications — technology and privacy"). Most of the positions are NYC or SF or DC based, several allow for remote workers. (Thanks, Ben)!) Read the rest

Ship's captains and outside monitoring firms have reported waves of GPS jamming around Shanghai's ports, on a scale and of a severity never seen before: the jamming causes ships' locations to be incorrectly displayed and to jump around; the observations were confirmed via an anonymized (sic) data-set from a short-hire bike firm, whose bikes are also mysteriously appearing and disappearing at locations all through the region. The spoofing has created a massive local shipping hazard and has led to spectacular shipwrecks. Read the rest

I love what iOS 13 has brought to my iPhone's party. I'm not attached, however, to how frigging buggy it's been. Read the rest

Wired security reporter Andy Greenberg's latest book is Sandworm (previously), a true-life technothriller that tells the stories of the cybersecurity experts who analyzed and attributed as series of ghastly cyberwar attacks that brought down parts of the Ukrainian power grid, and then escaped the attackers' control and spread all over the world. Read the rest

Daniel Moghimi, Berk Sunar, Thomas Eisenbarth and Nadia Heninger have published TPM-FAIL: TPM meets Timing and Lattice Attacks, their Usenix security paper, which reveals a pair of timing attacks against trusted computing chips ("Trusted Computing Modules" or TPMs), the widely deployed cryptographic co-processors used for a variety of mission-critical secure computing tasks, from verifying software updates to establishing secure connections. Read the rest

The privacy-focused web browser Brave has finally launched a 1.0 version, bringing it officially out of beta. Read the rest

A number of popular health-related websites in the UK are reported to be actively sharing sensitive user data with dozens of third parties, including Google and Facebook, but also various adtech firms and data brokers. Read the rest