Tuesday, March 28, 2017
Because laptops (or voters) have no value? At least they were encrypted.
Ng Kang-chung reports:
In what could be one of Hong Kong’s most significant data breaches ever, the personal information of the city’s 3.7 million voters was possibly compromised after the Registration and Electoral Office reported two laptop computers went missing at its backup venue for the chief executive election.
The devices also stored the names of the 1,200 electors on the Election Committee who selected Carrie Lam Cheng Yuet-ngor as Hong Kong’s new chief executive on Sunday.
Read more on South China Morning Post.
MIT – FBI’s Facial Recognition Program Is Sprawling and Inaccurate
by Sabrina I. Pacifici on Mar 27, 2017
Around half of all adult Americans are on the agency’s image database, and its software is incorrect 15 percent of the time, Jamie Condliffe, March 27, 2017.
“Last year, we learned about the remarkable scale of the FBI’s facial-recognition technology, with its access to nearly 412 million photos—many originating from sources unrelated to crime, such as ID documents. The intelligence agency has been trying to create a system that can accurately identify criminals in, say, CCTV footage—though it wasn’t then known how well the bureau’s software worked, nor whether it actually improved investigations. Now, we have at least a little more insight into the program. The Guardian reports that a House oversight committee hearing last week revealed some interesting new details about the proliferation and abilities of the FBI’s facial-recognition systems…”
The technology is working fine, it’s those dang humans that are slowing everything down!
Starbucks says that crowd of people waiting for their Frappuccinos is hurting sales
Mobile pay is speeding Starbucks customers through the checkout line, but a bottleneck is building for the baristas.
… While these transactions are a boon for the coffee giant, the increase in volume has hurt same-store sales. That's because congestion at the hand-off counter has caused incoming customers to leave without making a purchase, despite lines at the register being short, said Kevin Johnson, Starbucks' president and soon-to-be CEO, during an earnings conference call.
… Starbucks managers across the U.S. have designed their own solutions to this bottlenecking by employing additional staff members, redeploying already hired employees and adding mobile kiosks designed specifically for customers who used the company's mobile pay and ordering.
Keeping up with the competition. Of course, you would have to pass my test to graduate. So, not much risk.
Coding Schools Build Tuition-Back Guarantees Into Business Model
Guarantees may be a scary prospect for four-year colleges, but they are built into the business model of the new and rapidly growing for-profit coding boot camps, which depends on students seeing a solid return on their investment.
Udacity, a Silicon Valley-based online course provider last year launched a deal on a nano-credential—find a job in six months or get your tuition back. The program cost is between $2,000 and $3,000.
This would be funny if it wasn’t so sad.
Trump’s son-in-law, Jared Kushner, prepares for Cobol, cloud, mainframes
… The White House on Monday announced an "Office of American Innovation," which will be tasked with "modernizing the technology of every federal department," said Sean Spicer, the White House press secretary, at his daily briefing Monday.
… The House approved that funding after the Oversight and Government Reform Committee last year held a Cobol-bashing hearing.
The committee, in building support for modernizing federal IT, pointed out that there were at least 3,500 federal IT employees at work to maintain "legacy" languages, including 1,100 employees dedicated to Cobol.
AGI (Artificial general intelligence) resources.
Research – Open AI
(Related). Thinking about AI. Interesting graphic…
Elon Musk’s Billion-Dollar Crusade to Stop the A.I. Apocalypse
… most worthwhile React courses come with a hefty price tag. For example, the highly-acclaimed React for Beginners course is $89 (starter version) and $127 (master version). Free courses are rarely as comprehensive and helpful — but we’ve found several that are excellent and will get you started on the right foot.
You have got to really, really want something like this.
Giant Gold Coin Worth $4 Million Stolen in Berlin Museum Heist
Burglars stole a 100-kilogram (220-pound), solid-gold coin worth $4 million from a Berlin museum in a heist out of a Hollywood movie.
… The coin is as big as a car tire.
For my geeks.
The Gearhead Toolbox: Raspberry Pi tools
… The uses for ALPR, Automatic License Plate Recognition, cover a wide range from monitoring traffic and locating stolen vehicles, to controlling gates and parking access. Using a Raspberry Pi for this is a great opportunity to create a low-cost, easily deployed system and OpenALPR is one of the leading ALPR packages you can choose.
Ditto. Please, not in the halls.
It’s not every day that you’re surprised by tech. Usually, the outlandish ideas fail; but sometimes, they work. So, does the Vidius HD budget FPV/VR Streaming Drone — which streams images to a smartphone-powered VR headset — surprise, or disappoint?
The Aerix Vidius HD is available now for $95 with the headset, or $75 without.
… What you should do depends on whether the hard drive is working or dead. But surprisingly, a functional old HDD has fewer uses than a dead one.
Monday, March 27, 2017
This seems to be a good idea. Why didn’t we think of it?
Two companies have been fined a total of £83,000 for breaking the rules about how people’s personal information should be treated when sending marketing emails.
An investigation by the Information Commissioner’s Office (ICO) found Exeter-based airline Flybe deliberately sent more than 3.3 million emails to people who had told them they didn’t want to receive marketing emails from the firm.
… The airline has now been fined £70,000 for breaking the Privacy and Electronic Communication Regulations (PECR).
A separate ICO investigation into Honda Motor Europe Ltd revealed the car company had sent 289,790 emails aiming to clarify certain customers’ choices for receiving marketing.
The firm believed the emails were not classed as marketing but instead were customer service emails to help the company comply with data protection law. Honda couldn’t provide evidence that the customers’ had ever given consent to receive this type of email, which is a breach of PECR. The ICO fined it £13,000.
Would you like either device “always listening” in your hotel room?
Amazon’s Alexa takes its fight with Siri to Marriott hotel rooms
Amazon.com’s battle with Apple over digital assistants is moving to a new venue: hotel rooms, where Alexa and Siri are vying to be the voice-controlled platform of choice for travelers.
Marriott International, the world’s biggest lodging company, is testing devices from the two tech giants at its Aloft hotel in Boston’s Seaport district to determine which is best to let guests turn on lights, close drapes, control room temperature and change television channels via voice command. In December, Wynn Resorts Ltd. became the first hotel company to install Alexa-powered Echo devices, starting with suites at its flagship Wynn Las Vegas property.
“How much cheaper?” The first thing my students asked.
AI and insurance: Exchanging privacy for a cheaper rate
… you should pay particular attention to the fact that the global insurance industry is seeking to harness artificial intelligence solutions. While the use of AI technologies in insurance has the potential to streamline company operations and reduce consumer prices, it also raises unprecedented new issues related to personal privacy.
… What’s distinctive about the insurance industry’s adoption of AI is how these companies intend to collect their data. Insurers are turning to sensors to collect data directly from individuals, including technologies like in-home monitors and wearables. And whenever data collection intersects with a real person, privacy questions emerge. Do you want your healthcare provider receiving a real-time notification of your late-night snacking? Do you want your auto insurer to know every time you roll through a stop sign? These are no longer hypotheticals.
Using AI to take as much of your money as possible?
The High-Speed Trading Behind Your Amazon Purchase
… Just beneath the placid surface of a typical product page on Amazon lies an unseen world, a system where third-party vendors can sell products alongside Amazon's own goods. It's like a stock market, complete with day traders, code-slinging quants, artificial intelligence algorithms and, yes, flash crashes.
… It's clear, after talking to sellers and the software companies that empower them, that the biggest of these vendors are growing into sophisticated retailers in their own right. The top few hundred use pricing algorithms to battle with one another for the coveted "Buy Box," which designates the default seller of an item. It's the Amazon equivalent of a No. 1 ranking on Google search, and a tremendous driver of sales.
A tweak for my students. What (if anything) do they think?
US Supreme Court Hears Oral Arguments Over Your Right To Refill Ink And Toner Cartridges
… Lexmark offers a “shrink-wrap license” in which customers can purchase cartridges at a discounted rate if they agree to not resell or reuse them. The customer essentially accepts the agreement once they have opened the cartridge’s packing. Lexmark argues that customers cannot resell or reuse the cartridges because the item technically never belonged to the customer.
Impression Products is fighting back with the concept of “patent exhaustion”. This concept states that a manufacturer loses their rights to control the fate of their products once they have been sold to a customer. If a customer purchases an item, they may reuse or resell it.
They also have a Beta version for APA.
How Formatically Helps Students Format Essays in MLA Style
A couple of weeks ago I shared a new tool designed by college students to help other students properly format essays in MLA format. That tool is called Formatically. I've had a few people send me questions about how it works. It essentially gives students a template in Word format that they can then use to write their essays in. In the following short video I demonstrate how to use Formatically.
Sunday, March 26, 2017
Any excuse to claim that terrorists are uncatchable, but nothing about this guy’s earlier encounters with police?
London attack reignites encryption debate, as U.K. govt. says ‘there should be no place for terrorists to hide’
… reports have since surfaced that the perpetrator, British man Khalid Masood, was using WhatsApp minutes before he mowed down pedestrians on Westminster bridge and fatally stabbed a policeman. However, police so far have indicated that Masood was a so-called “lone wolf” killer, and there is nothing so far to suggest that WhatsApp played any direct part in the attack — all we know is that Masood had checked his WhatsApp account shortly before, according to a screenshot taken by the Daily Mail.
Yes, they are publicly available. Yes, it is the owners’ responsibility to protect sensitive data. This is what happens when owners don’t do their job!
Microsoft yanks Docs.com search after complaints of exposed sensitive files
Microsoft has quietly removed a feature on its document sharing site Docs.com that allowed anyone to search through millions of files for sensitive and personal information.
Users had complained over the weekend on Twitter that anyone could use the site's search box to trawl through publicly-accessible documents and files stored on the site, which were clearly meant to remain private.
Among the files reviewed by ZDNet, and seen by others who tweeted about them, included password lists, job acceptance letters, investment portfolios, divorce settlement agreements, and credit card statements -- some of which contained Social Security and driving license numbers, dates of birth, phone numbers, and email and postal addresses.
For my Computer Security students.
Windows 10 is recording everything you type - here's how to stop Microsoft tracking you
… It's emerged that Microsoft's latest computer friendly operating system has been recording everything you've typed since it first launched without you knowing.
… More than that, if you've made voice searches, all of your vocal commands and message dictations have been recorded too.
Cute! This may save time in my website class.
25 Features Every Business Website Must Have in 2017 (Infographic)
Saturday, March 25, 2017
I may ask my students to explain security on all the social media they use. Is this sufficient?
Facebook’s ubiquity makes it dangerous in so many ways. Aside from the threat of picking up malware, the ever-present risk of someone hacking your account — plus privacy issues from Facebook itself — mean you must be vigilant when using the service.
Thankfully, it only takes a few moments to make sure you’re not at risk for Facebook issues. Here are six easy ways to avoid becoming a victim on Facebook.
I don’t see much of a downside here if they do what they say they will do.
T-Mobile is rolling out scam warnings on incoming calls
T-Mobile is trying to help its subscribers dodge more spammy calls.
The carrier is going to begin warning subscribers when an incoming phone call appears to be from a scammer. If a scam call is detected, the caller ID will display as “Scam Likely,” giving subscribers a heads up before they answer or the chance to just ignore it outright.
T-Mobile will also let subscribers block all suspected scam calls so those calls never reach their phones in the first place. But subscribers will have to actively opt in to the blocking service, as there’s a chance the carrier could accidentally filter out legitimate numbers.
… T-Mobile says its service works by comparing phone numbers to a list of “tens of thousands” of known scammers. The database is constantly updated, the company says, by analyzing call patterns. So it sounds like T-Mobile might catch on to new scam numbers if it notices a bunch of subscribers immediately hanging up on a number they’ve never contacted before.
We’re still drawing the line between public and private.
Kelsi Loos reports:
A man charged with killing a Frederick County resident in an alleged MS-13 gang hit contended that police violated his rights when they seized his Facebook account and searched his apartment.
This month, Raul Ernesto Landaverde Giron joined co-defendants, other accused gang members. They asked the U.S. District Court of Maryland to disregard evidence collected from social media accounts, arguing that the Fourth Amendment protected the private communications against search and seizure.
Defense attorneys noted that the Maryland federal district court had not yet considered whether Facebook messages are protected under the law, but other federal courts had said private messages on the social media site are entitled to Fourth Amendment protection.
Read more on the Frederick News-Post.
There should be a “guide to paying for law school” and this should be in it.
There’s Money in Faxes—for Plaintiffs
In the annals of modern technology, the fax machine has nearly gone the way of the floppy disk.
But some enterprising plaintiffs’ attorneys are still turning faxes into money, using a decades-old federal statute aimed at protecting consumers from overzealous marketers.
The stakes are high: The law allows recipients of unwanted fax advertisements to recover at least $500 per message from a sender, an amount that can turn a proposed class-action lawsuit into a multimillion-dollar business threat.
Apparently, “Fake News” is anything you wish it to be. But (see yesterday’s blog) this is very much what Sloan said, except for the timeline.
Tech community "dumbfounded" by Mnuchin's dismissal of AI impact on jobs
Treasury Secretary Steve Mnuchin riled the tech community this morning when he told Axios' Mike Allen that displacement of jobs by artificial intelligence and automation is "not even on my radar screen" because the technology is "50-100 more years" away. Mnuchin also said he is "not worried at all" about robots displacing humans in the near future. "In fact, I'm optimistic."
… The annual survey, which had 64,000 developers participating worldwide in January and February, uncovered a wide range of experience levels. Thanks to online courses and coding boot camps, adults with little to no programming experience can now more easily transition to a career as a developer, Stack Overflow said. Slightly more than 50 percent of respondents had been coding professionally for about five years or fewer, while just 7.5 percent were coding for 20 years or more.
… If developers want to make the most money, the technology to learn worldwide is Clojure, a Lisp dialect for the JVM, the survey found. In the United States, Google's Go and Scala can yield the highest paychecks. "Globally, developers who use Clojure in their jobs have the highest average salary at $72,000," Stack Overflow said. Rust followed at $65,714. "In the U.S., developers who use Go as well as developers who use Scala are highest paid, with an average salary of $110,000."
[The survey: https://stackoverflow.com/insights/survey/2017/?utm_source=so-owned&utm_medium=hero&utm_campaign=dev-survey-2017&utm_content=hero-home
The last bastions have fallen.
The holiday is over: Amazon will collect sales taxes nationwide on April 1
Amazon, the online merchandise juggernaut, will collect sales taxes from all states with a sales tax starting April 1.
Tax-free shopping will be over as of next month in Hawaii, Idaho, Maine and New Mexico, the four remaining holdouts.
… After April, the only states in which Amazon won't collect taxes are Alaska, Delaware, Oregon, Montana and New Hampshire. These five states don't have sales levies.
For my next Statistics class.
3 ways to spot a bad statistic
Friday, March 24, 2017
Simple if not elegant. I wonder how many schools or companies have not noticed similar changes yet.
Lisa Gresci reports:
Coastal Carolina University continues to work to recover money that was stolen from the college in a phishing scam.
A release from CCU stated an individual who claimed to represent a company under contract with the university contacted its financial services via email and requested to change the company’s bank account information.
Thanks to quick action, university officials said they’ve recovered more than $564,000 of the more than $1 million taken. On campus, additional “cybercrime safeguards” will be installed to make sure nothing like this happens again.
Read more on WMBF.
Isn’t it strange that no one has noticed this until now? Makes me think that “offensive” was their target audience…
Advertisers Flee YouTube Over Offensive Ad Placements
I’ve been thinking about this. Actually, I asked my AI to think about this. It came to the same conclusion.
Will AI Create as Many Jobs as It Eliminates?
The threat that automation will eliminate a broad swath of jobs, across the world economy is now well established. As artificial intelligence (AI) systems become ever more sophisticated, another wave of job displacement will almost certainly occur.
It can be a distressing picture.
But here’s what we’ve been overlooking: Many new jobs will also be created — jobs that look nothing like those that exist today.
In Accenture’s global study of more than 1,000 large companies already using or testing AI and machine-learning systems, we identified the emergence of entire categories of new, uniquely human jobs. These roles are not replacing old ones. They are novel, requiring skills and training that have no precedents.
More specifically, our research reveals three new categories of AI-driven business and technology jobs. We label them trainers, explainers, and sustainers.
Interesting stuff. Another Chinese company crashes. Not the best way to encourage investment. Perhaps that is what is driving venture capital money to the US?
Huishan Dairy, Muddy Waters Target, Sinks 85% in Hong Kong
Shares of China Huishan Dairy Holdings Co. sank by a record 85 percent in Hong Kong before the company halted trading.
The sudden crash wiped out about $4.1 billion in market value. A record 779 million shares in the Shenyang-based company changed hands, the most on Hong Kong’s exchange.
… The move is also a vindication for Carson Block, whose Muddy Waters Capital LLC said in December it was shorting Huishan Dairy and the company was “worth close to zero.”
Perhaps a tool for my students.
Social Media Info Guide to Tumblr
by Sabrina I. Pacifici on Mar 23, 2017
The Social Media Information Blog Investigator’s Guide to Tumblr – “Founded in 2007, Tumblr is a microblogging and social networking website. The platform, which was acquired by Yahoo in 2013, allows users to share text, images, quotes, links, video, audio, and chats. Tumblr’s appeal is that it allows users to be creative and build independent content on a personalized page with little effort. How does Tumblr work? A large part of Tumblr’s appeal to its users is the simplicity and ubiquity of the features it offers. In fact, they claim on their website that “Tumblr is so easy to use that it’s hard to explain.” Despite that statement, we will give it a try anyway. Registering for Tumblr requires only a valid email address. After creating a username & password, users are provided a URL for their blog which is associated with “.tumblr.com.” Depending on how the user wishes to utilize Tumblr, they are now able to follow other users and post original content to their tumblelog. Social interactions between users may vary widely. While there is certainly overlap, most Tumblr users fall into one of two categories:
- Social Networking – These users are primarily interested in using Tumblr to curate content. Their usage is concentrated on interacting with other users and the content they’ve shared – commenting and connecting.
- Self-Publishing – These users value Tumblr’s low barrier to entry for microblogging. Their activities typically focus on publishing content to their personal pages.
Both categories of user share potentially valuable information on Tumblr. Investigators should be aware of the differences and temper their expectations based on which grouping their subject aligns themselves…”
Just a suggestion students. If you do this, be sure to shut off your phone before that job interview!
Thursday, March 23, 2017
This is a really bad idea. You do not want to get into a contest of skills with the world of hackers.
Proposed Legislation Would Give Legal Right to Hack Back
Hacking back is a perennial and contentious issue. Its latest instance comes in the form of a 'Discussion Draft' bill proposed by Representative Tom Graves (R-GA): The Active Cyber Defense Certainty Act. Graves claims it is gaining bipartisan support, and he expects to present it to the House of Representatives for vote within the next few months.
The Draft Bill (PDF) is an amendment to the Computer Fraud and Abuse Act (CFAA).
… It is discussed in detail and expanded in the study titled Into the Grey Zone: The Private Sector and Active Defense against Cyber Threats published by the George Washington University in October 2016.
… So, two immediate problems with allowing hacking back is that a lack of expertise could either compromise forensic evidence, or accidentally cause actual harm to the attackers' supposed computers. Without adequate expertise, the supposed servers might not even be the attackers' servers. "Because of (compromised) proxies," comments F-Secure's security advisor Sean Sullivan, "hacking back/active defense is complicated and it's quite unlikely that the US Congress would be able to properly define what should be allowed or not."
This would be interesting. “Cut off our hard currency with sanctions and we’ll just rob your banks?”
North Korea Said to Be Target of Inquiry Over $81 Million Cyberheist
Federal prosecutors are investigating North Korea’s possible role in the theft of $81 million from the central bank of Bangladesh in what security officials fear could be a new front in cyberwarfare.
The United States attorney’s office in Los Angeles has been examining the extent to which the North Korea government aided and abetted the bold heist in February 2016, according to a person briefed on the investigation who was not authorized to speak publicly.
… News of the criminal investigation into North Korea’s role in the Bangladesh bank attack was reported earlier on Wednesday by The Wall Street Journal. It was not clear whether any charges from the investigation were imminent.
JOHN MCCAIN: There's a 'crazy fat kid' running North Korea
I’ll have to find an article with more details, but the idea of government mandated minimum standards is interesting.
Dror Halavy reports:
The Knesset Law and Constitutional Committee has approved measures that will require companies and groups that collect data on Israelis to protect the information from hackers. The new rules, which supply specific criteria to organizations on the types of security needed, will apply equally to government and private sector organizations.
The measures are based on research done by the Justice Ministry, and recently completed at the behest of Justice Minister Ayelet Shaked. Under the measures, organizations will determine whether the data they hold is of low, medium, or high sensitivity for privacy; for example, medical information will be considered as part of the latter category, while membership in a store club might be listed in the former categories.
Each level of sensitivity will require more severe cyber-security strictures and standards. Organizations will have to apply specific approved solutions that meet standards described in the measures. Failure to do so could leave them subject to civil or criminal actions in the event of a security breach.
Read more on Hamodia.
Joe Cadillic writes:
Imagine driving down the road and being stopped by a Border Patrol agent for speeding. Imagine Border Patrol agents responding to domestic abuse calls at people’s homes. Imagine the Border Patrol responding to trespassing calls and detaining motorists with K-9’s.
You can stop imagining, because it’s happening in New York, Vermont, Maine and now New Hampshire. House Bill 1298 gives DHS’s Border Patrol agents police powers in NH.
Read more on MassPrivateI.
[From the article:
Americans can forget about DHS's 100 mile border zone inside the U.S., because now the Border
Patrol has arrest powers throughout entire states!
A boarder search going the other direction?
Mar. 20 – Cause of Action Institute (“CoA Institute”) today filed an amicus curiae brief in support of Defendant Hamza Kolsuz who in February, 2016 was arrested at a Virginia airport attempting to board a plane bound for Istanbul, Turkey.
… The brief states:
At the time of the search, neither Mr. Kolsuz nor his smartphone were in the process of crossing any border. The Government was not furthering any interest in prohibiting the entry or exit of contraband, enforcing currency control, levying duties or tariffs, or excluding travelers without the property documentation to enter the country…
The full brief is available here.
A different take. Why would this be illegal? Isn’t it similar to using a dashboard camera? They are looking at cars on a public road and using technology available at any high school (for measuring the speed of baseballs). The letter reads as if they were trespassing on state controlled land (the highway).
The state of Virginia is not happy that the Insurance Institute for Highway Safety (IIHS) set up speed cameras on Virginia highways without any authority to do so. State officials sent a warning letter to the industry lobbying group in October.
“We recently received a concern claiming your organization set up equipment on property controlled by the Virginia Department of Transportation (VDOT),” Northern Virginia District Administrator Helen Cuervo wrote. “In reviewing our records, it does not appear that your organization had a legal permit to do so.
Read more on TheNewspaper.com. So they get to keep the data they illegally obtained and then used to lobby for changes that would benefit their industry? They should be made to destroy the data.
If venture capital was easy to find, everyone would be entrepreneurs!
US Tech Startups’ China money spooks Pentagon
A new white paper commissioned by the US defense department says Beijing isn’t just investing in critical technologies at home, they are doing it in the US as well. The New York Times reports that some tech startups working on projects with military applications have received money from state-run Chinese firms. Lawmakers calling for stricter oversight of Chinese investments note that the scope of the interagency Committee on Foreign Investment in the US (Cfius) does not include smaller investments, such as those into tech startups. Despite the increased scrutiny, many firms say the Chinese investors are their only option.
Clearly, Tillerson does not like people looking over his shoulder. Apparently, they failed to inform the Records Retention people that he was using an alias. (But just for one year near the end of that period?)
Exxon admits it lost up to a year's worth of Rex Tillerson's 'Wayne Tracker' emails
Exxon Mobil lost up to a year's worth of emails sent by former CEO and current Secretary of State Rex Tillerson under the pseudonym "Wayne Tracker," court documents show.
Exxon is under investigation by New York State Attorney General Eric T. Schneiderman for allegedly misleading shareholders and investors about risk-management issues related to climate change.
Tillerson used the Wayne Tracker alias to communicate with Exxon officials about "risk-management issues related to climate change." Tillerson — whose middle name is Wayne — allegedly used the alias for a period of seven years, between 2008 and 2015, according to Schneiderman's office.