STE WILLIAMS

After fingers, the iris of the eye, ears and even lips, it was probably inevitable that someone would propose the human heart as the next big thing in biometric security.

Given that the heart’s electrical signals measured by electrocardiograms (ECGs) are already known to be individual to each person, this isn’t as far-fetched as it sounds.

But uniqueness isn’t the only requirement for authentication – the chosen method (in this case heart ECGs) must also be invariable enough over time and be practicable in terms of the equipment needed to measure it.

And while consumer-level ECG monitors can be bought quite cheaply, that doesn’t mean they are also accurate and easy enough to use correctly by a security application.

As explained in A Key to Your Heart: Biometric Authentication Based on ECG Signals, researchers Nikita Samarin from University of California Berkeley, and Donald Sannella from Edinburgh University decided to put the idea to the test experimentally.

First, they twice collected ECGs from 49 healthy men and women over a four-month period, using a $99 home monitor and smartphone app setup.

Comparing the two readings, the researchers established that error rates over a short period of time – a single reading – were an encouraging 2.4%, a result better than most previous studies making the same measurement.

That’s also in line with the upper error rates of fingerprint readers:

The results presented in this work provide a positive perspective on ECG-based biometrics, by showing that individuals can be authenticated by using their ECG trace.

However, the authors acknowledge that ECG biometrics “degrade” or change over time, for which they suggest:

Improving the performance of ECG over longer periods of time could be done by synchronizing the stored biometric with the new signal after each successful authentication.

In other words, using the heart as an authentication mechanism is feasible but only if the subject re-enrols their ECG at regular intervals to counter natural changes.

That doesn’t rule out the idea but perhaps hints that ECGs might be appropriate for high-security environments when used in conjunction with other biometric identifiers such as fingerprints.

ECGs also face the same worries as any biometric security systems in that the data they collect represents a target that criminals are bound to be interested in stealing.

Once compromised, biometrics cannot be easily revoked, as they depend on persistent physiological or behavioral characteristics of an individual.

Adding someone’s ECG to this would meet opposition from privacy campaigners who might point out that the tech industry doesn’t exactly have a spotless reputation for defending valuable data – and that’s before considering potential abuses by governments.

Or perhaps biometrics are just an inevitable part of the dawning era of smart authentication and people should acclimatise themselves to risks that are offset by the benefit for cybersecurity.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/yAhnfqBFIbk/

Comment Iran claims that recent surges in electricity demand, leading to blackouts and brownouts, were caused by too many cryptocurrency miners’ power-hungry machines being hooked up to the national grid – though all may not be as it seems.

Radio Free Europe reported that Iranian energy ministry spokesman Mostafa Rajabi blamed alt-coin miners for making the Middle Eastern nation’s electrical grid “unstable,” blaming them for a seven-per-cent jump in power demand during most of June.

“Rajabi said the power for mining each Bitcoin equaled the power used by 24 residential units for an entire year,” reported RFE. The news outlet added that Iran is a hot destination for cryptocurrency mining thanks to cheap electricity and official tolerance for Bitcoin as a way of bypassing US-led sanctions on Iran.

“Mining these currencies inside Iran will not only prevent money from leaving the country, it will also create currency under the difficult conditions of sanctions,” Mohammad Shargi of Iran’s Bitcoin Society reportedly said.

The electrical spike, however, comes just a week after Iran shot down a US RQ-4 Global Hawk spy drone, which was being flown either very close to or within Iranian airspace depending on whose version of events you believe. Although the Trump administration claimed to have planned a retaliatory military strike and called it off at the last minute, America does maintain what militaries call an “offensive cyber capability” – aka hacking.

Iran is doing to our networks what it did to our spy drone, claims Uncle Sam: Now they’re bombing our hard drives

READ MORE

Just 10 days ago Russia grudgingly admitted that news reports of US state-backed hackers planting backdoors into its electrical grid contained a “hypothetical” possibility. Unusually, American officials confirmed to the US New York Times newspaper that they were using offensive techniques against the Russian grid.

On the flip side, the US has also, in the past, accused the Russians of hacking their grid.

Given previous history that the US and Iran have over cyber warfare – including an American claim earlier this week that Iranian cyber-raiders were digitally trashing anything American and vulnerable that they could find, it’s not beyond the realms of possibility that the US has responded in kind. While power surge-inducing attacks have been theorised about for years, in the context of hacked IoT devices, there’s no particular reason why an attack aimed at maxing PC power draw couldn’t have disruptive effects at national scale if timed right.

Even if Iran’s lights don’t go out, keeping the nation’s chiefs occupied with domestic matters may be a handy foreign policy tool for the US.

While Iran has only blamed Bitcoin miners for their grid power surge, electricity generation seems to be a topic of great national concern: on the same day as the Bitcoin miner story was reportedly first published by an obscure Iranian agency, state-controlled Iranian English-language channel Press TV boasted of new generation capacity coming online. ®

Sponsored:
Balancing consumerization and corporate control

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/06/28/iran_bitcoin_electricity_demand/

Health implant maker MedTronic is recalling some of its insulin pumps following the discovery of security vulnerabilities in the equipment that can be exploited over the air to hijack them.

Specifically, the manufacturer is recalling its MiniMed 508 and Paradigm insulin pumps, along with the CareLink USB control hub and some blood glucose monitoring devices used with the at-risk gear. America’s medical drug watchdog the FDA also issued an alert this week over the holes, which can be leveraged by nearby hackers to execute commands on the pumps.

These commands can, for instance, tell the pump to inject too much insulin, causing the patient to suffer hypoglycemia and pass out or enter a seizure, or too little insulin and cause the patient to develop serious life-threatening ketoacidosis. It’s a bizarre way to kill someone right by you, of course, when hitting them over the head with a wrench will do it, but you never know.

Don’t have a heart attack but your implanted defibrillator can be hacked over the air (by someone who really wants you dead)

READ MORE

Medtronic said the recall is voluntary, and has offered patients who send in their pumps replacement equipment: the newer MiniMed 670G models that do not suffer from the vulnerability, dubbed CVE-2019-10964. Those who cannot obtain a new pump for whatever reason are advised to avoid connecting their pump to any non-Medtronic devices and to unplug the CareLink USB device when not in use.

“The FDA has become aware that an unauthorized person (someone other than a patient, patient caregiver, or health care provider) could potentially connect wirelessly to a nearby MiniMed insulin pump with cybersecurity vulnerabilities,” the drug agency said of the flaw.

“This person could change the pump’s settings to either over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.”

Security researchers Billy Rios, Jonathan Butts, and Jesse Young found that the wireless radio communications used between a vulnerable MiniMed pump uses and its CareLink controller device was insecure. An attacker who was in close enough physical proximity to the pump could masquerade as a CareLink unit, and send potentially life-threatening commands to the insulin pump over the air using a software-defined radio or similar kit.

“The vulnerabilities affect the radio features,” Rios told The Register. “They use a custom radio protocol and the vulnerabilities were exploited through the use of software-defined radios.”

The research builds on concepts first outlined by legendary infosec guru Barnaby Jack back in 2011.

Jack, who died shortly before the 2013 Black Hat security conference, was among the first group of bug hunters, including Nathanael Paul and Jay Radcliffe, to describe how Medtronic and other medical implants were using insecure radio channels to transmit and receive patient data and commands, leaving the door open for miscreants to intercept and inject their own instructions to the devices with potentially catastrophic consequences. ®

Sponsored:
Balancing consumerization and corporate control

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/06/28/medtronic_insulin_pump_recall/

Key Biscayne is the third Florida town to be hit by hackers in June.

A third small Florida town has been hit with a June cyberattack. Key Biscayne, a village of some 13,000 residents, has confirmed that it suffered a “data security event” on Sunday, June 23.

According to reports in local media, all village government systems were running properly as of Wednesday morning. On Thursday morning, village council members voted to authorize funding for IT staff to engage with outside consultants to better understand how the attack happened and how a similar attack can be prevented. No details of the attack or its remediation have been given as of press time.

Key Biscayne’s attack follows ransomware attacks on Florida towns Lake City and Riviera Beach. In each of those cases, the city governments opted to pay the ransom demanded by attackers in order to retrieve data and return city systems to functioning states.

In each of these cases, the victim is small: Riviera Beach is a city of around 32,000 in the northern part of the Miami metropolitan area, while Lake City has a population of just over 12,000 in the northern part of the state.

For more, read here and here.

 

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

 

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/key-biscayne-hit-by-cybersecurity-attack/d/d-id/1335086?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A tool new to MageCart bolsters the group’s ability to evade detection and steal data.

MageCart, a loose group of individuals and organizations that specializes in JavaScript information skimmers used to compromise commercial websites, has a new offering for it customers — one that carries new dangers for website owners and customers.

According to researchers at Fortinet, MageCart is now licensing Inter. According to Inksit Threat Analysis, “Inter is a JS Sniffer (credit card sniffer) that Sochi has sold on Exploit forum since December 2, 2018. One license of Inter costs $1,300, which includes the sniffer (payload), a user manual, 24/7 customer support, and free updates.”

MageCart is offering Inter as a highly customizable payload along with JavaScript loaders and bundles of software that can ensure the malicious payload isn’t being executed in a debugger or sandbox.

One of the campaign’s unique qualities, according to Fortinet’s report, is that the software injects a fake card payment form on a targeted Web page and skims a victim’s entered card information, whether or not the page is a checkout form. This means the skimmer can be brought into the customer experience much earlier.

Changing the skimmer’s point in the process also means it might be able to avoid some security software intended to catch it on the checkout page. An additional feature helps Inter avoid detection by hiding the stolen information in plain site.

The Fortinet researchers show that the MageCart-customized version of Inter creates an “IMG” element — an image element often used on Web pages — and then puts the exfiltrated data as a parameter of the image.

Neither Inter nor MageCart are new. What is new is the criminal group’s use of this customizable, widely available tool. In the conclusion of their report, Fortinet researchers predict the success of the campaign means other groups are more likely to adopt Inter as well.

Related Content:

• Getting Up to Speed on Magecart
• New Software Skims Credit Card Info From Online Credit Card Transactions
• 7 Signs of the Rising Threat of Magecart Attacks in 2019
• Magecart Mayhem Continues in OXO Breach
• Study Exposes Breadth of Cyber Risk

 

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/magecart-launches-customizable-campaign/d/d-id/1335087?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Deepfakes: the convincing images created by sophisticated neural networks – an evolving technology that first came to light in 2017 – threaten to undercut the veracity of everything, including apparent videos of CEOs or any other public figure who can be made into an actor for the sake of fake news, undermining trust and reliability and, um…

Oh, who are we kidding? It’s all about boobs.

Motherboard reported this week on a $50 app called DeepNude that automatically undresses a photo of any woman with a single click, swapping the clothes for breasts and a vulva. And even though it sounds like it would make for a lucrative scam to simply cook up the name DeepNude, sit back and watch those $50 charges rack up, this was for real.

After Motherboard’s exposure, the site was swept offline by a tidal wave of drool:

Hi! DeepNude is offline. Why? Because we did not expect these visits and our servers need reinforcement. We are a s… twitter.com/i/web/status/1…

—
  (@deepnudeapp) June 27, 2019

Following the controversy that erupted, the anonymous creator of this app, going by the name Alberto, claimed he shut down the app.

Despite the safety measures adopted (watermarks) if 500,000 use it the probability that people will misuse it will be too high. […] The world is not yet ready for DeepNude.

After all, Alberto is “not a voyeur”, he’s a “technology enthusiast”:

I’m not a voyeur, I’m a technology enthusiast. Continuing to improve the algorithm. Recently, also due to previous failures (other startups) and economic problems, I asked myself if I could have an economic return from this algorithm. That’s why I created DeepNude.

Nasty ramifications for revenge porn victims-to-be

Despite the shuttering of DeepNude – for now at least – similar services will likely be hot on its heels. Motherboard talked to Katelyn Bowden, founder and CEO of revenge porn activism organization Badass, who found DeepNude “absolutely terrifying.”

Now anyone could find themselves a victim of revenge porn, without ever having taken a nude photo. This tech should not be available to the public.

Unfortunately for the portion of the public that doesn’t want to be unwillingly cast in nude photos, that horse left the barn long ago. The rinky-dink Photoshop precursors to deepfakes were more or less easy to spot. Deepfakes could still be spotted, at least by experts. But DeepNude kicks it up a notch… or two or three.

When Motherboard showed the DeepNude app and its fake nudes to Hany Farid, a computer-science professor at UC Berkeley and expert on the digital forensics of deepfakes, Farid told the publication he was shocked not only at the advances in deep fakery that its development demonstrates, but also how easy it makes it for anybody:

We are going to have to get better at detecting deepfakes, and academics and researchers are going to have to think more critically about how to better safeguard their technological advances so that they do not get weaponized and used in unintended and harmful ways.

In addition, social media platforms are going to have to think more carefully about how to define and enforce rules surrounding this content. And, our legislators are going to have to think about how to thoughtfully regulate in this space.

Alberto told Motherboard that his software is based on pix2pix, an open-source algorithm developed by University of California, Berkeley researchers in 2017. Pix2pix uses a family of dueling computer programs known as generative adversarial networks (GANs): machine learning systems that pit neural networks against each other in order to generate convincing photos of people who don’t exist.

Experts believe that GANs were used to create what an AP investigation recently suggested was a deepfake LinkedIn profile of a comely young woman who was suspiciously well-connected to people in power.

Forensic experts easily spotted 30-year-old “Katie Jones” as a deepfake. This was recent: that story was published earlier this month. Now, we have DeepNude, which appears to have advanced the technology all that much further, plus put it into an app that anybody can use to generate a deepfake within 30 seconds (a time that will decrease as development and resources ramp up, Alberto said).

DeepNude was trained on more than 10,000 nude photos of women, its creator said.

Even clumsily Photoshopped images are still an “invasion of sexual privacy,” experts say. Those words come from Danielle Citron, professor of law at the University of Maryland Carey School of Law. According to Motherboard, Citron recently testified to Congress about the deepfake threat. What she told the publication:

Yes, it isn’t your actual vagina, but … others think that they are seeing you naked. As a deepfake victim said to me – it felt like thousands saw her naked, she felt her body wasn’t her own anymore.

DeepNude is supported on Windows and Linux. It makes a feeble stab at protecting the privacy of the women it’s exploiting: both the free and the premium versions have watermarks “that cover the face,” “clearly marking that it is a fake,” according to the site – although it does admit that on the premium version, watermarks are “reduced”.

That tenuous saving grace would be shredded quite easily by removing the watermark or “FAKE” sticker with Photoshop.

Why not just use a backscatter X-ray device, such as the ones used in airports that see through clothing very well? At least back when the technology first came out, the images produced by the technology were called a “virtual striptease.”

Nice, but not portable, and not affordable.

Why not just use X-ray Specs?

True, this American novelty, which doesn’t actually employ X-rays, doesn’t actually see through clothing. Long advertised with the slogan “See the bones in your hand, see through clothes!”, they instead use slightly offset images to create a visual illusion to make viewers think they’re seeing past exteriors.

Plus, you can get a pair for under $10.

That’s quite a bargain when it comes to paying for illusions!

In fact, Alberto told Motherboard, X-ray Specs were his inspiration. He saw ads for the novelty glasses while browsing magazines from the 60s and 70s, he said.

Like everyone, I was fascinated by the idea that they could really exist, and this memory remained. About two years ago I discovered the potential of AI and started studying the basics. When I found out that GAN networks were able to transform a daytime photo into a nighttime one, I realized that it would be possible to transform a dressed photo into a nude one. Eureka. I realized that X-ray glasses are possible!

Eureka. Hallelujah… for one cash-hungry programmer and his eager clientele, that is. For the rest of us? Not so much.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/KspqImFQfB4/

This year Black Hat USA is introducing special half-day programs focused on important topics that combine subject matter expertise with networking opportunities.

There’s something new debuting at Black Hat USA in Las Vegas this October: Micro Summits that are accessible to anyone with a Briefings Pass, and can be attended alongside the full lineup of Briefings at Black Hat USA. At each Micro Summit you’ll have the opportunity to learn from cybersecurity experts and connect with fellow attendees, speakers, and industry leaders to better understand critical issues and solutions.

For example, on Wednesday, August 3, you’ll have the chance to check out a special Micro Summit on cyber insurance. Chaired by experienced hacker Jeremiah Grossman, this is a great opportunity to learn what cyber-insurance policies cover and don’t cover; how claims are made, which are paid vs denied, and how carriers influence what security controls their clients implement.

Thursday August 4, there will be a special Bug Bounty Micro Summit which will quickly bring you up to speed on the culture and business of bug bounties. Chaired by open source security veteran Kymberlee Price, you will learn strategies and best practices for setting up and running an effective bounty program that protects your customers and improves your product quality.

Black Hat USA returns to the Mandalay Bay in Las Vegas August 3-8, 2019. For more information on what’s happening at the event and how to register, check out the Black Hat website.

Article source: https://www.darkreading.com/black-hat/black-hat-usas-new-micro-summits-deliver-focused-practical-security-insights/d/d-id/1335074?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Looking at underlying security needs means organizations are more likely to be in compliance with privacy regulations.

As we pass the one-year anniversary of the General Data Protection Regulation (GDPR) and look ahead to the upcoming enforcement of the California Consumer Privacy Act (CCPA) on January 1, 2020, what do privacy best practices look like? How should organizations approach compliance?

With the introduction of major, new regulatory rules and requirements, privacy has become an enhanced area of focus for many organizations. That focus has often focused on compliance-related activities, one regulation at a time. But when it comes to privacy, organizations often don’t realize that compliance shouldn’t be their sole focus — solving their underlying security and data problems should be the real goal. Approaching privacy via a top-down, checklist mentality simply to meet regulation provides a limited, perfunctory privacy stance that delivers little real security. Adjusting to a bottom-up approach — that is, shifting the focus to address underlying security needs and utilizing data management best practices — sets up organizations to achieve both regulatory compliance and a strong privacy posture.

A Bottom-Up Approach to Privacy
A bottom-up, security-driven, and data-focused approach is a better solution for meeting privacy requirements like GDPR. A bottom-up approach is tailored to an organization’s specific needs. It secures and manages data based on those unique needs as well as the requirements of a regulatory body: It can incorporate compliance while still prioritizing customers and their data over checking boxes. Part of the bottom-up approach to tailoring a privacy program is to thoroughly understand threats and risks as they relate to the security and management of underlying customer data. This facilitates identification of key privacy use cases, appropriate program design adjustments, and prioritization efforts. 

There are multiple elements to building an effective privacy program but the following considerations are commonly overlooked when chasing compliance: privacy by design, which supports bottom-up data protection and process automation.

Privacy by Design
Long before its incorporation into GDPR, the concept of privacy by design was developed by recognized privacy expert Dr. Ann Cavoukian. Privacy by design and its foundational principles involve embedding privacy into underlying processes, objectives, operations, and technologies by default. In an effort to make privacy by design more practical when designing and implementing solutions that meet GDPR requirements, a group of European privacy experts examined privacy-by-design concepts through privacy use cases, strategies, and implementation tactics. Their work provides a framework in terms that are more easily applied to data and processes and more relatable from software and engineering perspectives. 

Effective privacy by design explicitly serves customers and their privacy needs. It drives both data protection (such as security engineering, including pseudonymization) and process automation (such as data subject access requests, including “delete my data”) efforts.

Data Protection
Securing customer data from the bottom up requires a strong data security program as a foundation. This provides an overall direction and approach for data security and includes policies, standards, and procedures that align with the tenets of privacy by design. To implement these tactics, it is necessary to understand both the locations and types of data — you can’t protect what you don’t know exists. The utilization of technology should be one component of protecting data; it is important to use technology where necessary as part of a multifaceted of program instead of purchasing products and expecting them to deliver compliance and security singlehandedly.

Process Automation
Successful privacy programs require operationalized processes that are repeatable, auditable, and automated. As privacy demands increase from both internal and external customers, adding additional staff resources provides only limited scalability; automated processes become increasingly critical. In particular, data subject access requests are a common process to automate, but there are others that benefit from operationalization, such as:

• Data classification and mapping
• Data privacy impact assessment
• Third-party data management
• Data incident response

Even when automated, privacy-related processes should be treated as operational: They should be reviewed and maintained on a dynamic, day-to-day basis and not treated as a static, one-off set of procedures. Organizations should adopt operationalized privacy as part of their perspective and culture.

Privacy regulations such as GDPR will continue to be introduced in an effort to compel organizations to properly secure and handle customer data. But regulatory compliance alone doesn’t guarantee an organization has an effective privacy program. Regulations provide top-down mandates to meet but minimal guidance on how to achieve an effective privacy program that addresses the unique needs of a specific organization. To truly advance privacy, as well as compliance, organizations must dig deep to understand the root causes of their individual privacy challenges and implement approaches with a bottom-up mentality. 

Related Content:

• GDPR’s First-Year Impact by the Numbers
• A Rear-View Look at GDPR: Compliance Has No Brakes
• GDPR Drives Changes, but Privacy by Design Proves Elusive
• 3 Ways Companies Mess Up GDPR Compliance the Most
• With GDPR’s ‘Right of Access,’ Who Really Has Access?

Matthew Karnas is the Cybersecurity Risk Practice Lead at Sila and has over 18 years of experience providing professional services to Fortune 500 companies and the Federal government across multiple verticals and agencies. Matt brings a unique mix of technical and … View Full Bio

Article source: https://www.darkreading.com/endpoint/privacy/how-gdpr-teaches-us-to-take-a-bottom-up-approach-to-privacy-/a/d-id/1335058?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Attackers were reportedly able to compromise email and file-sharing systems for some of PCM’s customers.

Cloud solution provider PCM has been hit with a data breach in which attackers reportedly accessed the email and file-sharing systems for some of its clients, KrebsOnSecurity reports.

PCM, which has 2,000-plus customers and generated about $2.2 billion in 2018, detected the breach in mid-May, sources report. Those same sources say intruders were able to steal admin credentials the company uses to handle client accounts in Office 365. It seems the attackers want to use the stolen data in gift card fraud schemes at financial organizations and retailers, according to a security expert at a PCM client who was informed of the intrusion.

In this, security experts noticed a similarity between the attack against PCM and the data breach at Wipro, which was targeted in April. Attackers behind the Wipro breach reportedly collected gift card data from customers. It has not been determined whether the Wipro and PCM incidents are related or whether PCM is the victim of a separate attack.

PCM has confirmed it recently experienced a cyber incident that affected certain systems, KrebsOnSecurity says. Its own investigation indicates the company’s systems experienced “limited” impact and “minimal-to-no impact” on PCM customers. The incident has been remediated, PCM reports, and any affected customers have been made aware of it.

Earlier this week, Insight Enterprises announced plans to acquire PCM. It’s unclear whether this attack will affect the transaction.

Read more details here.

 

 

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/cloud-provider-pcm-suffers-data-breach/d/d-id/1335085?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Uh-oh! Car crash on Peña Boulevard leading up to Denver International Airport. Traffic jam-up’s going to make you late! What to do?!

Listen to the lady from Google Maps who tells you to take a detour and shave 20 minutes off your travel time, that’s what.

Sound too good to be true? Oh, indeed, it was. On Sunday, about 100 cars took the exit that Google Maps told them to take, drove where Google Maps told them to drive, and were led down a dirt road.

Actually, calling it a “road” is a bit of a stretch. As CNN tells it, one of the drivers, Connie Monsees, said that the road was more like a two-lane path that a farmer must have made by driving through his fields.

Well, Google said to go this way, so I’ll go this way, Monsees figured. Plus, everybody else is going this way, so surely it must be OK…?

There were a bunch of other cars going down [the dirt road] too, so I said, ‘I guess it’s OK.’

It was not OK.

The fact that it had rained over the weekend made it all a bit gluey. This did not bode well for the 100 or so cars that were following Google Maps’ instructions.

Monsees was fortunate enough to be driving a four-wheel drive. In fact, a few people who were trying to catch a flight asked her if she was going to the airport. They threw their bags into her car, and, according to UPI, they made their flights.

Others were not so fortunate. Their cars got stuck. In fact, the detour that was supposed to cut 20 minutes off the initial 43-minute arrival time wound up taking about 2 hours.

Google released this statement about the navigational glitch:

We take many factors into account when determining driving routes, including the size of the road and the directness of the route. While we always work to provide the best directions, issues can arise due to unforeseen circumstances such as weather. We encourage all drivers to follow local laws, stay attentive, and use their best judgment while driving.

Good judgment in such cases includes listening not just to the voice of a navigational aid speaking to you from your phone or any other GPS device. It means also listening to the voice of common sense in your own head.

Here’s Monsees:

It’s not always best to rely on technology. And it’s OK to wait.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/uIpyyZSUTI0/