Tuesday, July 25, 2017

I didn’t realize how big this was.
One in Ten U.S. Organizations Hit by WannaCry: Study
WannaCry stormed the world in mid-May by leveraging a previously patched exploit called EternalBlue, which hacker group Shadow Brokers allegedly stole from the NSA-linked Equation Group.  The ransomware mostly infected Windows 7 computers that hadn’t been patched in due time, and also revealed the destructive impact of a global outbreak.  NotPetya confirmed the risk in late June.
According to a survey (PDF) from software lifecycle automation solutions provider 1E, 86% of the organizations in the U.S. had to “divert significant resources” to safeguard themselves during the WannaCry attack.  Only 14% of the respondents revealed their organization was prepared for such an attack.
The study also shows that 86% of organizations don’t apply patches immediately after they are released, thus leaving endpoints and entire networks exposed to such attacks.  While 14% of respondents said they apply patches immediately, 36% apply them within one week after release, and 27% need up to a month for that, while 23% don’t apply patches within a month after release.


It’s the same with vampires.  You are only at risk when you invite them in. 
iRobot wants to sell Roomba-generated maps of your home
iRobot, creator of the Roomba, plans to sell the data the house-cleaning robot collects when it maps your house.  Potential buyers include smart home device manufacturers, such as Amazon, Apple and Google.
iRobot's business strategy hinges on regular updates [Because furniture moves, not walls.  Bob] and understanding the floor plan of your home, according to Reuters.
   Roombas have been mapping homes since 2015 using a camera and sensors or visual localisation and cloud-connected app control.  The Roomba uses these maps to avoid toppling over lamps and ramming into your furniture.  It was made compatible with Amazon's Alexa voice assistant in March.


Ubiquitous surveillance.  Is it possible to go unnoticed and unrecorded? 
Google snaps every search your phone makes – yes, even that one
Google’s latest update keeps a screenshot for later.  Much like how Google Maps remembers everywhere you’ve ever been so you can find your car, Google (the search engine app) keeps a snapshot history of what you’ve searched for in Google Search.  This search history does not make a significant impact on your smartphone’s data storage space as it’s all stored with Google on Google’s servers.


Did anyone check?  Were there any managers involved? 
Is this why United, TSA clashed on Twitter over comic books on planes?
Passengers flying with United Airlines UAL, out of San Diego — site of the popular Comic-Con event this weekend — were greeted by a message telling them to remove books from their checked luggage.  United then responded on Twitter to a post with a picture of the message saying the requirement was set by the Transportation Security Administration.
Subsequently, the TSA sent out its own tweet noting that there are no restrictions on checking books, which a spokesperson confirmed to MarketWatch.


Fodder for conspiracy theories.
National Archives Begins Online Release of JFK Assassination Records
by on
[At 8am on July 24, 2017] the National Archives released a group of documents (the first of several expected releases), along with 17 audio files, previously withheld in accordance with the JFK Assassination Records Collection Act of 1992.  The materials released today are available online only.  Access to the original paper records will occur at a future date.  Download the files online: https://www.archives.gov/research/jfk/2017-release.  Highlights of this release include 17 audio files of interviews of Yuri Nosenko, a KGB officer who defected to the United States in January 1964.  Nosenko claimed to have been the officer in charge of the KGB file on Lee Harvey Oswald during Oswald’s time in the Soviet Union.  The interviews were conducted in January, February, and July of 1964.  This set of 3,810 documents is the first to be processed for release, and includes FBI and CIA records—441 documents previously withheld in full and 3,369 documents previously released with portions redacted.  In some cases, only the previously redacted pages of documents will be released.  The previously released portions of the file can be requested and viewed in person at the National Archives at College Park (these records are not online).  The re-review of these documents was undertaken in accordance with the John F. Kennedy Assassination Records Collection Act of 1992, which states: “Each assassination record shall be publicly disclosed in full, and available in the Collection no later than the date that is 25 years after the date of enactment of this Act, unless the President certifies, as required by this Act, that continued postponement is made necessary” by specific identifiable harm.  The act mandated that all assassination-related material be housed in a single collection in the National Archives and defined five categories of information that could be withheld from release.  The act also established the Assassination Records Review Board to weigh agency decisions to postpone the release of records.  The National Archives established the John F. Kennedy Assassination Records Collection in November 1992, and it consists of approximately five million pages of records.  The vast majority of the collection (88 percent) has been open in full and released to the public since the late 1990s.  The records at issue are documents previously identified as assassination records but withheld in part or in full.  Federal agencies have been re-reviewing their previously withheld records for release, and will appeal to the President if they determine that records require further postponement.  Online resources:


For the toolkit.

Monday, July 24, 2017

An example of mismanagement.  Arrest some one trying to help, but fail to correct the security breach he discovered?
45,000 Facebook Users Leave One-Star Ratings After Hacker's Unjust Arrest
Over 45,000 users have left one-star reviews on a company's Facebook page after the business reported a security researcher to police and had him arrested in the middle of the night instead of fixing a reported bug.
   The young man discovered that he could access BKK's website, press F12 to enter the browser's developer tools mode, and modify the page's source code to alter a ticket's price.
Because there was no client or server-side validation put in place, the BKK system accepted the operation and issued a ticket at a smaller price.
   The teenager — who didn't want his name revealed — reported the issue to BKK, but the organization chose to contact the police and file a complaint, accusing the young man of hacking their systems.
   BKK management made a fatal mistake when they brazenly boasted in a press conference about catching the hacker and declaring their systems "secure."  Since then, other security flaws in BKK's system have surfaced on Twitter.  [This flags their system as ‘hackable’ and challenges hackers at the same time.  Probably not a wise decision.  Bob] 


Not very subtle.  A clear message from Big Brother, “I don’t trust you.”  Will hackers find a way to spoof this App? 
China forces its Muslim minority to install spyware on their phones
China has ramped up surveillance measures in Xinjiang, home to much of its Muslim minority population, according to reports from Radio Free Asia.
Authorities sent out a notice over a week ago instructing citizens to install a "surveillance app" on their phones, and are conducting spot checks in the region to ensure that residents have it.
   Android users were instructed to scan the QR code in order to install the Jingwang app that would, as authorities claimed, "automatically detect terrorist and illegal religious videos, images, e-books and electronic documents" stored in the phone.  If illegal content was detected, users would be ordered to delete them.
Users who deleted, or did not install the app, would be detained for up to 10 days, according to social media users.


How do we block/detect/mitigate these attacks?
RAND Report: The Russian “Firehose of Falsehood” Propaganda Model
by on
“Since its 2008 incursion into Georgia (if not before), there has been a remarkable evolution in Russia’s approach to propaganda.  The country has effectively employed new dissemination channels and messages in support of its 2014 annexation of the Crimean peninsula, its ongoing involvement in the conflicts in Ukraine and Syria, and its antagonism of NATO allies.  The Russian propaganda model is high-volume and multichannel, and it disseminates messages without regard for the truth.  It is also rapid, continuous, and repetitive, and it lacks commitment to consistency.  Although these techniques would seem to run counter to the received wisdom for successful information campaigns, research in psychology supports many of the most successful aspects of the model.  Furthermore, the very factors that make the firehose of falsehood effective also make it difficult to counter.  Traditional counterpropaganda approaches will likely be inadequate in this context.  More effective solutions can be found in the same psychology literature that explains the surprising success of the Russian propaganda model and its messages.”


Bashing companies with no underlying theory as justification seems to be a trend.  If a company competes globally, are they automatically too big because they are bigger than companies that do not go after global markets? 
Should America’s Tech Giants Be Broken Up?
As a former tour manager for Bob Dylan and The Band, Jonathan Taplin isn’t your typical academic.  Lately, though, he’s been busy writing somber tomes about market shares, monopolies, and online platforms.  His conclusion: Amazon.com, Facebook, and Google have become too big and too powerful and, if not stopped, may need to be broken up.


Very interesting.  References a University of Colorado Law Library study that suggests that even the best legal search engines are inadequate if used alone. 
New on LLRX – The Real “Black Box” Dilemma of Legacy Legal Research Tools
by on
Via LLRXThe Real “Black Box” Dilemma of Legacy Legal Research ToolsAndrew Arruda, CEO/Co-founder of ROSS Intelligence talks about how new artificial intelligent methods currently under development to leverage deep learning and neural nets will be game changers in the area of legal research.


Another “This is good for you” study.  Since I drink coffee in the morning, have a glass of wine in the evening, and read constantly, I might live forever!
Science concurs with librarians about value of reading actual books
by on
Mic.com – “It’s no secret that reading is good for you.  Just six minutes of reading is enough to reduce stress by 68%, and numerous studies have shown that reading keeps your brain functioning effectively as you age.  One study even found that elderly individuals who read regularly are 2.5 times less likely to develop Alzheimer’s than their peers.  But not all forms of reading are created equal.  The debate between paper books and e-readers has been vicious since the first Kindle came out in 2007.  Most arguments have been about the sentimental versus the practical, between people who prefer how paper pages feel in their hands and people who argue for the practicality of e-readers.  But now science has weighed in, and the studies are on the side of paper books.  Reading in print helps with comprehension.  A 2014 study found that readers of a short mystery story on a Kindle were significantly worse at remembering the order of events than those who read the same story in paperback.  Lead researcher Anne Mangen of Norway’s Stavanger University concluded that “the haptic and tactile feedback of a Kindle does not provide the same support for mental reconstruction of a story as a print pocket book does.” 

Sunday, July 23, 2017

Where were the thoughtful managers? 
Catalin Cimpanu reports:
The Swedish government has exposed sensitive details on millions of citizens in one of the biggest government screw-ups ever, and the official responsible for the whole fiasco was fined only half of her’s monthly salary, which is 70,000 Swedish krona — or around $8,500.
The leak happened in September 2015, when the Swedish Transport Agency (STA) decided to outsource the management of its database and other IT services to companies such as IBM in the Czech Republic, and NCR in Serbia.
Read more on BleepingComputer.
[From the article: 
It was only in March 2016 that the Swedish Secret Service realized what happened, and started an investigation, warning other government agencies that unauthorized foreigners were now in control of their IT systems after the STA had bypassed necessary security checks just to expedited the transition to the new IT system as they wanted to fire local IT staff.
According to several Swedish newspapers, the leaked data included:
- Data from all drivers licenses in Sweden
- Personal details of all persons in Sweden's witness relocation program
- Personal details of Sweden's elite military units
- Personal details of Sweden's fighter pilots
- Personal details of all of Sweden's pilots and air controllers
- Personal details of all Swedish citizens in a police register
- Details of all Swedish government and military vehicles
- Details about Sweden's road and transportation infrastructure


How do errors like this even happen?  Normal procedure would be to look at the entire dataset and copy selected records to a new file.  This looks like, “Give them a copy of the file.  The data they want is probably in there somewhere.” 
Wells Fargo Accidentally Releases Trove of Data on Wealthy Clients
When a lawyer for Gary Sinderbrand, a former Wells Fargo employee, subpoenaed the bank as part of a defamation lawsuit against a bank employee, he and Mr. Sinderbrand expected to receive a selection of emails and documents related to the case.
But what landed in Mr. Sinderbrand’s hands on July 8 went far beyond what his lawyer had asked for: Wells Fargo had turned over — by accident, according to the bank’s lawyer — a vast trove of confidential information about tens of thousands of the bank’s wealthiest clients.
The 1.4 gigabytes of files that Wells Fargo’s lawyer sent included copious spreadsheets with customers’ names and Social Security numbers, paired with financial details like the size of their investment portfolios and the fees the bank charged them.
   By Mr. Sinderbrand’s estimate, he has financial information for at least 50,000 individual customers. 
   The files were handed over to Mr. Sinderbrand with no protective orders and no written confidentiality agreement in place between his lawyers and Wells Fargo’s.
   The disclosure is a data breach that potentially violates a bevy of state and federal consumer data privacy laws that limit the release of personally identifiable customer information to outside parties.
State and federal regulations also require companies to notify customers when their information has been improperly released, as Wells Fargo may now do.
   Based on the fairly narrow subpoena that his lawyer submitted — it sought communications about Mr. Sinderbrand’s employment and compensation — there was no reason for the bank to turn over such information, especially without any redactions, Mr. Sinderbrand said.


Sounds like a “we gotta do something” law.
UK to bring in drone registration
It will affect anyone who owns a drone which weighs more than 250 grams (8oz).
   There is no time frame or firm plans as to how the new rules will be enforced and the Department of Transport admitted that "the nuts and bolts still have to be ironed out".
   "There will be people who will simply not be on the system, that's inevitable."
Similar registration rules in the US were successfully challenged in court in March 2017 and as a result are currently not applicable to non-commercial flyers.
Dr McKenna said there were also issues around how a drone's owner could be identified by police and whether personal liability insurance should also be a legal requirement in the event of an accident.

Saturday, July 22, 2017

Trademark infringement is one thing.  Could Microsoft act as an agent of US Cyber Command?  Can a corporation successfully battle a state-sponsored hacker group?  I shudder to think of the downside.  ALSO: This process will have to speed up.  These domains were used for at least a year. 
Microsoft Goes After Russian Election Hacker Group Fancy Bear Seizing Control Of 70 Domains
   To make their attacks seem as normal as possible, Fancy Bear uses a control center that heavily utilizes URLs meant to mimic Microsoft's own; eg: "livemicrosoft.net".  Often, control centers will use explicit IPs to avoid issue, but because Fancy Bear decided to infringe on Microsoft's trademarks, it screwed itself over.  Microsoft ordinarily wouldn't have had much control here, but when the domains use its trademarks, that changes everything.
   Ultimately, Microsoft severely disrupted [??? Bob] Fancy Bear's network by ceasing over 70 domains.  Microsoft will now be able to reconfigure these domains to route elsewhere, while at the same time gaining insight into the people or organizations Fancy Bear has been targeting.
Even with its trademarks being infringed upon, Microsoft's journey here has not been easy.  In total, it had to submit 52 subpoenas, 46 informal inquiries abroad, and had to go through the effort of tracking down domain names that are hugely obfuscated through the use of Tor and even Bitcoin.
The best part in all of this is how much it disrupts Fancy Bear's work.  The group will have to work around this severing, which won't happen quickly (or easily).  Microsoft is being proactive, too, seeking approval to seize 9,000 domain names that its algorithms believe Fancy Bear will register next.


For my Computer Security (and many other) students.
From the Federal Trade Commission:
As part of its ongoing efforts to help businesses ensure they are taking reasonable steps to protect and secure consumer data, the Federal Trade Commission is publishing a series of blog posts using hypothetical examples based on lessons from closed investigations, FTC law enforcement actions, and questions from businesses.  These new posts will build on the FTC’s Start with Security guide for businesses.
FTC Acting Chairman Maureen K. Ohlhausen pledged earlier this year to be more transparent about the lessons learned from the FTC’s closed data security investigations and to provide additional information for businesses about practices that contribute to reasonable data security, culminating in this “Stick with Security” Initiative.
In the first blog post published today, the FTC highlights some of the themes that have emerged from an examination of closed FTC data security investigations.  For example, while news reports might call attention to a data breach, they might not focus on the fact that the company that suffered the breach had encrypted the data, which substantially reduces the risk of consumer injury.  Another lesson gleaned is that security researchers’ valuable work can alert us to new vulnerabilities, but sometimes the risk of a vulnerability being exploited to cause consumer injury is more theoretical than likely.  Another key lesson is that in almost every closed case, the entities involved used the same common-sense security fundamentals outlined in the FTC’s Start with Security guide for businesses.
The FTC’s Business Blog will publish an additional post each Friday.
The Federal Trade Commission works to promote competition, and protect and educate consumers.  You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357).  Like the FTC on Facebook(link is external), follow us on Twitter(link is external), read our blogs and subscribe to press releases for the latest FTC news and resources.
PRESS RELEASE REFERENCE:


It’s a grey area and this doesn’t really clear this up, but they do offer some tips.
   if you want to keep their eyes off of your data, it’s a good idea to not have much data on your phone when you travel.  Switching your SIM over to a burner phone is easy, and keeps all of your private information elsewhere.  You can also backup and wipe your phone before you travel.  Fully encrypting your device will make copies less useful, and keeping sensitive documents and photos in the cloud instead of on your device makes them harder to get to.
Again, remember that these actions might raise the suspicions of border agents.  And that could cause you a lot of inconvenience.  That doesn’t mean it isn’t worth doing — just remember that you’re making a trade-off.


If not new law, at least new questions. 
Lawmakers push regulators on how Amazon's Whole Foods deal could affect 'food deserts'
   In a letter spearheaded by Rep. Marcia Fudge (D-Ohio) following her meeting Amazon, the lawmakers said the DOJ and FTC should look at the acquisition “beyond the normal antitrust process that only examines competitive impact.”
Lawmakers said the deals impacts could be far reaching and potentially affect “food deserts” or underserved communities that don’t have access to fresh, affordable groceries.  They want to know if the deal would contribute to this problem
Fudge and the other lawmakers clarified that they’re not opposed to the deal, but that they are concerned with its impacts on African-American communities across the country that are disproportionately affected by food deserts.  
   Many antitrust experts expect the acquisition won't run afoul of antitrust regulators.  Whole Foods and Amazon generally operate in different retail spaces, with Amazon dominating the digital market and Whole Foods serving mainly as a brick-and-mortar, high-end grocer.


Perspective.  How to predict the jobs AI (or other technology) will (and maybe should) replace?
When Jobs Become Commodities
We don’t typically think of the jobs that we perform as commodities.  The Merriam-Webster entry on commodity describes it as “a mass-produced unspecialized product.”  But most of us view our jobs as specialized or somehow differentiated.  We typically believe that we do them differently, and often better, than anyone else with the same job.  In fact, we’d probably argue that no one does exactly the same job we do — that we perform at least a slightly different set of tasks, or perform them in a slightly different way, than any coworker.  
We may well be right about that, but the world of business and management increasingly feels otherwise.  Jobs are increasingly viewed as undifferentiated and interchangeable across humans and machines — the very definition of a commodity.
   A recent Bloomberg Businessweek visual analytic suggests that jobs that disappeared in the first four months of 2017 compared with the same period in 2016 were not lost to automation, but were lost because fewer customers wanted to buy the products and services they produce.  They include jobs in wired telecommunications, department stores, and coal mining.
For many organizations today, the next big driver of job commoditization is automation driven by smart machines.  Simply put, if a job is viewed as a commodity, it won’t be long before it is automated.  My research on automation through artificial intelligence (AI) or cognitive technologies suggests that if a job can be outsourced, many of the tasks typically performed by the jobholder can probably be automated — even by relatively “dumb” technologies like robotic process automation.


I wonder how many of my students (all of whom have smartphones) know this?
   your smartphone probably has an FM radio receiver built right into it.  You just need to activate it, and we’re here to help you do just that.


Tools for my students.
   Reading the news today isn’t as simple as it used to be.  There is an information overload that you need to counter.  Plenty of sites have their own biases that you have to manoeuvre.  And lots of smaller news outlets have the most interesting articles.
So change how you read news: take small bites, track a single subject, or read the most trending articles. These sites and apps will give you an interesting way to consume news.
4. Gong
5. Top.st


For my Software Architecture students. 


I wish Amit posted to his blog more often.
How to Write a Twitter Bot in 5 Minutes
Twitter Bots can do interesting things.  For instance, a grammar bot can monitors tweets containing misspellings and tweet the correct spelling.  You can tweet questions to @DearAssistant and the Twitter bot  responds like Siri.  The @HundredZeros bot tweets links to eBooks that are free on Amazon.  @WhatTheFare will tell you the Uber fare between any two locations.
   Writing a Twitter bot is easy, you do not need any coding skills and you can make one live in under 5 minutes.  While most Twitter bots on the Internet require some understanding in Python, Node.js or Ruby, our bots are hosted on Google servers and require “zero” programming.
Visit digitalinspiration.com/bots to get started.  The Twitter Bots are internally written using Google Scripts.


Things all our students should know?
Survey says Python is tops with developers
Python … is used by nearly 20 percent of respondents, giving it the top spot.  The report echoes Python’s high rankings in language popularity indexes from Tiobe, PyPL, and RedMonk, which all have the language finishing in their recent top five rankings.
   The top 10 ranking tools according to the report were as follows:
  1. Python programming language
  2. The Git software version control system
  3. Microsoft’s Visual Studio IDE
  4. Eclipse IDE
  5. Java programming language
  6. The Notepad++ code editor
  7. Linux
  8. R statistical language.
  9. Docker container system
  10. Microsoft Excel 


Just an observation.  Note how many of these stories are about financial technology start-ups.  That seems to be the new “hot market.” 
These were the 10 biggest European tech stories this week

Friday, July 21, 2017

Vulnerabilities are where you find them.  On the Internet of Things, they don’t have to look like computers.
Selena Larson reports:
Hackers attempted to steal data from a North American casino through a fish tank connected to the internet, according to a report from security firm Darktrace.
Despite extra security precautions set up on the fish tank, hackers still managed to compromise the tank to send data to a device in Finland before the threat was discovered and stopped.
“Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network,” Justin Feir, director for cyber intelligence and analysis at Darktrace, explained to CNN Tech.
Read more on CNN Tech.


More for my students to read.
Defenders Gaining on Attackers, But Attacks Becoming More Destructive: Cisco
Cisco's just-released Midyear Cybersecurity Report (PDF) draws on the accumulated work of the Cisco Security Research members.  The result shows some improvement in industry's security posture, but warns about the accelerating pace of change and sophistication in the global cyber threat landscape.
Improvements can be demonstrated by the mean 'time to detect.'  When monitoring first began in November 2015, this stood at 39 hours; but it narrowed to about 3.5 hours in the period from November 2016 to May 2017.


“We’re your government.  We’re here to help you!” 
Morgan Chalfant reports:
A breach of a Kansas Department of Commerce system exposed more than 5 million Social Security numbers to hackers, according to a report from a local news outlet.
The Kansas News Service obtained information through a public records request that revealed that roughly 5.5 million Social Security numbers from individuals in 10 states were accessed in the data breach in March.
The data is managed by a division of the department called America’s Job Link Alliance-TS that helps job seekers across 16 states find employment.
Read more on The Hill.


May have some implications, but likely to be offset by the difficulty in proving that any government actions are intended to benefit citizens.
Michael Breslin, Christian Henel, Jon Neiditz, and Gunjan Talati of Kilpatrick Townsend & Stockton LLP write:
The United States District Court for the District of Columbia recently endorsed private citizens bringing data breach claims directly against a government contractor where the contractor failed adequately to safeguard the citizens’ personal information.  In McDowell v. CGI Federal Inc., No. 15-1157, 2017 WL 2392423 (D.D.C. June 1, 2017), the district court ruled a private party can survive a contractor’s motion to dismiss by claiming to be an “intended beneficiary” of terms commonly found in government contracts involving the storage or transmission of sensitive consumer information.  This ruling potentially expands class action liability exposure for government contractors who receive consumers’ personal information during the course of performing government contracts.
Read more on JDSupra.


“Hey!  They’re crooks!  Why should they have any privacy!”  (See the next article)
Adam Klasfeld reports:
With the Supreme Court bracing to decide whether the government needs a warrant to track cellphone location data, a New York federal judge behind one famous case involving mass surveillance answered that question in the negative.
The setback for privacy rights came in the case of Pedro Serrano, a New Yorker charged with hoarding 122 cartridges of ammunition and a bulletproof vest in his apartment in East Harlem.
Read more on Courthouse News.
[From the article:  
“It is almost as if cell phone users must relinquish some privacy interests — at least related to their location — as a prerequisite to using a device so embedded in everyday life,” Pauley wrote in an eight-page ruling.  “But current Fourth Amendment jurisprudence affords no privacy interest in records created by a third party based on information voluntarily provided.”


For all my students.
Paper – ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy
by on
Solove, Daniel J., ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy. San Diego Law Review, Vol. 44, p. 745, 2007; GWU Law School Public Law Research Paper No. 289. Available at SSRN: https://ssrn.com/abstract=998565
“In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the nothing to hide argument.  When asked about government surveillance and data mining, many people respond by declaring: “I’ve got nothing to hide.”  According to the nothing to hide argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private.  The nothing to hide argument and its variants are quite prevalent, and thus are worth addressing.  In this essay, Solove critiques the nothing to hide argument and exposes its faulty underpinnings.”


For my students.  This is the world you will have to endure.  In New York (and New Jersey) things frequently “fall off the truck.” 
Comptroller: New York City Schools Are Poor at Tracking Technology
New York City Comptroller Scott Stringer demanded the city school system fix the way its keeps track of its computers, saying Wednesday that auditors inspecting a small sample of buildings couldn’t find nearly 2,000 desktops, laptops and tablets that were supposed to be there.
The comptroller’s charges repeated claims he made against the Department of Education in December 2014.  Both times, the department countered that the audit’s methodology was deeply flawed.


The Founding Fathers were clearly ‘gamers.’ 
Judge Rules Milwaukee Flouted U.S. Constitution in Response to 'Pokemon Go' Craze
Life, liberty and the pursuit of pokemon. Not quite the ideals the United States were founded upon, but close enough.  On Thursday, a Wisconsin federal judge issued a preliminary injunction barring Milwaukee from enforcing an ordinance that was adopted in reaction to 2016's Pokemon Go phenomenon.  The ruling from the court is that the ordinance likely violates the First Amendment.
City officials were aghast at large numbers of individuals playing Pokemon Go who visited parks, littered, trampled grass and flowers, and stayed past park hours.  It cost the city tens of thousands of dollars in additional law enforcement and park maintenance services.  So in January, the Midwestern city decided to require permits for virtual and location-based augmented reality games.  Companies releasing games were told to go through a process that reviews the "appropriateness of the application," submit a "certificate of insurance" in the amount of $1 million of general liability coverage, and potentially pay other fees as well.


We can’t allow that to happen, so I want to create a fund to invest in AI start-ups.  Send me money and I’ll look for worthy investments. 
China announces goal of leadership in artificial intelligence by 2030
China's government has announced a goal of becoming a global leader in artificial intelligence in just over a decade, putting political muscle behind growing investment by Chinese companies in developing self-driving cars and other advances.
Communist leaders see AI as key to making China an "economic power," said a Cabinet statement on Thursday.  It calls for developing skills and research and educational resources to achieve "major breakthroughs" by 2025 and make China a world leader by 2030.


How to sneak spies into proximity to the President. 
During ‘Made in America Week,’ President Trump’s Mar-a-Lago Club applies to hire 70 foreign workers
President Trump's Mar-a-Lago Club in Florida has asked permission to hire 70 foreign workers this fall, attesting — in the middle of the White House's “Made in America Week” — that it cannot find qualified Americans to serve as cooks, waiters and housekeepers.


Impact out of proportion to the actual size of the deal?  Can Amazon enter a market in a small way? 
Amazon's latest assault wipes $12.5 billion off Home Depot, other appliance-seller stocks
   The market cap loss in Home Depot, Lowe's, Whirlpool and Best Buy was about $12.5 billion by the end of the day, after falling to more than $13 billion.  Amazon stock was up slightly, and Sears closed up about 10 percent.


This blogger writes for K-12 teachers.  Many posts (like this one) assume all students have  smartphones.
DIY VR Viewer
Expeditions is the mobile app that allows users to experience virtual reality tours when they place their phones into virtual reality viewers like the Google Cardboard viewers.  If you can't buy VR viewers for your classroom or you just like DIY projects, it is possible to make your own VR viewer with just a few common materials.  YouTube "celebrity" Roman UrsuHack offers the following video that provides an overview of making your own VR viewer.
The template that Roman UrsuHack follows in the video can be found here (link opens a PDF).


Clearly, I have biases.  I read this as, “Twits of Congress…” 
Tweets of Congress: Output from 1000+ accounts for any given day
by on
Data Driven Jounalism – “Tweets of Congress is a project collating the daily Twitter output of both houses of the United States Congress, encompassing the accounts of members, political parties, committees and caucuses (around 1,070 accounts in total).  There are two components to the project: a backend app for data collection and serialization and a frontend Github-hosted site offering JSON datasets for given days.  The App – The backend app, the Congressional Tweet Automator, is a light NodeJS program backed by a Redis data store for tracking tweets and users.  The app uses the Twit and Github modules, respectively, for interfacing with the Twitter and Github APIs.  There are also some utility functions to track time and the like…”

Thursday, July 20, 2017

This is either a very strange hacker or some really poor reporting.  Somehow, much of the detail seems to be missing from this story.  For instance, what was a “Homeland Security Agent” doing here? 
Montco man tells feds he stole $40M in bitcoin
Police on the trail of two missing laptops and a gold necklace followed it to the Montgomery County home of a self-described computer hacker who claims responsibility for what could be one of the largest virtual currency heists of all time, court documents say.
Theodore Price of Hatfield told a local detective and a Homeland Security agent investigating a burglary at the Holland Township, Bucks County, home of his girlfriend’s parents that he wrote software to steal between $40 million and $50 million in the online currency bitcoin, the documents say.
When the officers arrived at his door last week, he told them he had been preparing to flee to London on a chartered jet using a fake passport in the name of “Avengers” movie star Jeremy Renner, a complaint filed in federal court Wednesday says.
   A court document filed last week that charged Price with unauthorized access to a computer to commit a federal crime for personal financial gain listed the value of the stolen bitcoin at between $40 million and $50 million.
Assistant U.S. Attorney Lesley Bonney said the unauthorized access charge has since been withdrawn, but would not say why Price was not charged with the bitcoin theft he admitted to the agent.


Imagine overriding a self-driving car…  This is like that.
Segway miniPRO Flaws Put Riders at Risk of Injury
   IOActive researchers analyzed the miniPRO application and determined that an attacker could have intercepted unencrypted Bluetooth communications between the scooter and the mobile app.
While the app did require a PIN when launched, experts determined that the Bluetooth interface was unprotected at the protocol level, allowing an attacker to access it and remotely conduct various actions.


A warning for my students.
   LeakerLocker … locks your home screen but doesn’t encrypt everything you’ve got on your device.  It’s still ransomware, however, because it warns that it’s gathering your browser data, text messages, call history, location information, emails, social media messages, and photos.  It states that, without paying up, it will leak all this private data to your contacts.


“If it costs money or takes time, we’re against it!”  The DHS report is a “must read” for my Ethical Hacking students.
Telecom Lobbyists Downplayed ‘Theoretical’ Security Flaws in Mobile Data Backbone
   In May, the DHS published an in-depth, 125-page report on government mobile device security, which noted that SS7 "vulnerabilities can be exploited by criminals, terrorists, and nation-state actors/foreign intelligence organizations."  DHS noted that it currently doesn't have the authority to require carriers to perform security audits on their network infrastructure, or the authority to compel mobile carrier network owners to provide information to assess the security of these communication networks.
CTIA took several issues with the report.  In its own white paper responding to the DHS, CTIA told US politicians in May that focusing on some SS7 attacks is "unhelpful," said the report "focuses on perceived shortcomings" in the protocol, and claimed that talking about the issues may help hackers, according to the white paper obtained by Motherboard.  Specifics from the paper were discussed by Motherboard with CTIA officials.  


I’ve been discussing this with my students.  Does your organization know what CPU is in each machine?  Will security suffer if some of your computers can’t be updated? 
Confirmed: Windows 10 will cut off devices with older CPUs
After stories arose of failed attempts to upgrade such hardware to the Creators Update, Microsoft confirmed late Wednesday that any hardware device that falls out of the manufacturer’s support cycle may be ineligible for future Windows 10 updates.
   “Recognizing that a combination of hardware, driver and firmware support is required to have a good Windows 10 experience, we updated our support lifecycle policy to align with the hardware support period for a given device,” Microsoft said in a statement.  “If a hardware partner stops supporting a given device or one of its key components and stops providing driver updates, firmware updates, or fixes, it may mean that device will not be able to properly run a future Windows 10 feature update.”


Perhaps we do have a problem of “reading for comprehension.”  I assume the managers in this company could have read the law, or their lawyers warning about the law?  By the way, that fine is way too small.  Shouldn’t they get hit for at least 10 cents per email?  (£80,000 is $103,757.60 according to Google, which works out to .015 cents per email.) 
Price comparison website Moneysupermarket.com Ltd has been fined £80,000 by the Information Commissioner’s Office (ICO) for sending millions of emails to customers who had made it clear they didn’t want to be contacted in that way.
The company sent 7.1 million emails over 10 days updating customers with its Terms and Conditions. But all the recipients had previously opted out of direct marketing.
Moneysupermarket’s email included a section entitled ‘Preference Centre Update’ which read:
“We hold an e-mail address for you which means we could be sending you personalised news, products and promot¡ons.  You’ve told us in the past you prefer not to receive these.  If you’d like to reconsider, simply click the following link to start receiving our e-mails.”
Asking people to consent to future marketing messages when they have already opted out is against the law.


Legal exceptions to constitutional rights? 
From the ACLU:
Records obtained by the ACLU of Massachusetts reveal extensive, warrantless surveillance of Massachusetts residents’ communications records.  Under a law passed in 2008, prosecutors in Massachusetts may demand IP address logs, subscriber information, banking and credit card records, and call records revealing sensitive details about a person’s life—all without any judicial oversight or external accountability.  The Boston Globe reports:
“It’s a sanctioned fishing expedition tool,” said Kade Crockford, director of the Technology for Liberty Program at the ACLU of Massachusetts.  “It shouldn’t be easy for law enforcement to dig around in our communications records, and find out who we’re talking to, and for how long, and be able to strip us of our anonymity online, simply by signing a piece of paper.” …
Read more on The ACLU.


Would you cut of the President?  Imagine the downside! 
Twitter Crackdown on Abuse Raises Question: Do the Rules Apply to Trump?
Twitter Inc. said it has clamped down on harassment on its service, a campaign that is forcing the company to confront tricky questions about how it applies its standards.


A nightmare: Think of a Big Brother-like world where all devices switch to any appearance of President Trump to ensure that we never miss a second of his brilliance.  (I bet we could sell it to Kim Jung Un.)
Internet Archive Blogs: “Working with Matroid, a California-based start up specializing in identifying people and objects in images and video, the Internet Archive’s TV News Archive today releases Face-O-Matic, an experimental public service that alerts users via a Slack app whenever the faces of President Donald Trump and congressional leaders appear on major TV news cable channels: CNN, Fox News, MSNBC, and the BBC.  The alerts include hyperlinks to the actual TV news footage on the TV News Archive website, where the viewer can see the appearances in context of the entire broadcast, what comes before and what after.  The new public Slack app, which can be installed on any Slack account by the team’s administrator, marks a milestone in our experiments using machine learning to create prototypes of ways to turn our public, free, searchable library of 1.3 million+ TV news broadcasts into data that will be useful for journalists, researchers, and the public in understanding the messages that bombard all of us day-to-day and even minute-to-minute on TV news broadcasts.  This information could provide a way to quantify “face time”–literally–on TV news broadcasts.  Researchers could use it to show how TV material is recycled online and on social media, and how editorial decisions by networks help set the terms of public debate…”


Colorado will give only “data not shielded by law.”
States bristled but at least 30 will give personal voter data to Trump
Despite criticism from most states about the Trump administration’s request for voters’ personal information, half have said they will deliver some or all of that data to the White House election commission.
   According to the Brennan Center for Justice, which has collected public statements from all 50 states, 17 stateshave agreed to provide the commission with data allowable by state law —that includes Florida, North Carolina and Washington.  Another eight states have indicated they would release the information, if certain conditions are met, primarily paying a fee.
Most, if not all, will withhold Social Security numbers.


An interesting article.  How do we keep AI from repeating the flaws of our biased “intelligence?”
Technology Is Biased Too. How Do We Fix It?
Whether it’s done consciously or subconsciously, racial discrimination continues to have a serious, measurable impact on the choices our society makes about criminal justice, law enforcement, hiring and financial lending.  It might be tempting, then, to feel encouraged as more and more companies and government agencies turn to seemingly dispassionate technologies for help with some of these complicated decisions, which are often influenced by bias.  Rather than relying on human judgment alone, organizations are increasingly asking algorithms to weigh in on questions that have profound social ramifications, like whether to recruit someone for a job, give them a loan, identify them as a suspect in a crime, send them to prison or grant them parole.
But an increasing body of research and criticism suggests that algorithms and artificial intelligence aren’t necessarily a panacea for ending prejudice, and they can have disproportionate impacts on groups that are already socially disadvantaged, particularly people of color.  Instead of offering a workaround for human biases, the tools we designed to help us predict the future may be dooming us to repeat the past by replicating and even amplifying societal inequalities that already exist.


We do this to ourselves, and never correct our mistake.
The Myth and the Cost of Drug Expiration Dates
by on
Investigative research and report by PrpPublica and NPR’s Shots Blog: “Hospitals and pharmacies are required to toss expired drugs, no matter how expensive or vital.  Meanwhile the FDA has long known that many remain safe and potent for years longer…  The dates on drug labels are simply the point up to which the Food and Drug Administration and pharmaceutical companies guarantee their effectiveness, typically at two or three years.  But the dates don’t necessarily mean they’re ineffective immediately after they “expire” — just that there’s no incentive for drugmakers to study whether they could still be usable.  ProPublica has been researching why the U.S. health care system is the most expensive in the world.  One answer, broadly, is waste — some of it buried in practices that the medical establishment and the rest of us take for granted.  We’ve documented how hospitals often discard pricey new supplies, how nursing homes trash valuable medications after patients pass away or move out, and how drug companies create expensive combinations of cheap drugs.  Experts estimate such squandering eats up about $765 billion a year — as much as a quarter of all the country’s health care spending…”


Helping students pick a major/specialization?
In the simplest of terms, computer science is the study of information (“data”) and how it can be manipulated (“algorithms”) to solve problems, mostly in theory but also in practice.
Computer science is not the study of computers, nor does it strictly require the use of computers.  Data and algorithms are possible to compute using pen and paper, which makes “computer science” a misnomer.  Computer science is more akin to mathematics, which is why some now prefer to use the term “informatics” instead.
   Here’s a non-exhaustive list of the most common “types” of computer science you may encounter and what each one specializes in.  As you’ll see, computer science is one of the broadest fields today:
  • Artificial Intelligence — The development of machines that can display cognitive functions like thinking, speaking, reasoning, and solving problems. Incorporates other fields, including linguistics, psychology, and neuroscience. Machine learning is a subset that explores the ability of machines to learn, evolve, and recognize patterns in data on their own.
  • Bioinformatics — The use of computer science to measure, analyze, model, and understand the complexities of biology. Involves the large-scale analysis of data, high-performance computations, data simulations, molecular models, and more.
  • Computational Theory — The study of algorithms and mathematical proofs. Not only concerned with the creation of new algorithms or the improvement of existing algorithms, but also the methods and provability of theorems.
  • Computer Graphics — The study of how data can be manipulated and transformed in a way that’s intuitive for humans to view. Includes topics like photorealistic images, dynamic image generation, 3D modeling and animations, and data visualizations.
  • Game Development — The creation of PC, mobile, and web games for entertainment. Game engines are designed differently from business and research applications, and often involve unique algorithms and data structures optimized for real-time interaction.
  • Networking — The study of distributed computer systems and how communications can be improved within and between networks.
  • Robotics — The creation and development of algorithms used by robotic machines. Includes improvements to robotic kinematics, the interface between robots and humans, environmental interactions, robot-to-robot interactions, virtual agents, etc.
  • Security — The development of algorithms, methods, and software to protect computer systems against intruders, malware, and abuse. Includes cloud and network security, PC security, mobile security, email security, anti-virus software, and cryptography (the study of encryption and decryption).


Might become useful.
Apple launches machine learning research site
Apple just launched a blog focused on machine learning research papers and sharing the company’s findings.  The Apple Machine Learning Journal is a bit empty right now as the company only shared one post about turning synthetic images into realistic ones in order to train neural networks.


Helping my students find current articles?
Google’s new Feed will offer content Google thinks you want to see.  This will be based on your interactions with Google, as well as what’s trending in your area and beyond.  While Google will do most of the heavy lifting, you’ll be able to customize your feed by following certain topics after you’ve searched for them.
Google outlines the thinking behind the Feed in a blog post on The Keyword.  The company states that the Feed is designed to make it “easier than ever to discover, explore and stay connected to what matters to you, even when you don’t have a query in mind”.  And that last part of the sentence is key.
   U.S. readers should be able to access the Feed from today (July 19) just by updating the Google app on Android or on iOS.  It will then roll out internationally over the next couple of weeks.


Our bookstore will hate this.
For books that you have no desire to buy and keep forever, these sites can help.  They offer great rental prices and flexible terms, making them ideal for college students on a budget.


Is there a market for free, ad-sponsored apps?  How about birds, flowers, fish, etc.?
Tree Identification Field Guide
by on
Tree Identification Field Guide (this app has a small fee): “Our illustrated, step-by-step process makes it easy to identify a tree simply by the kinds of leaves it produces.  Begin identifying your tree by choosing the appropriate region…”