Friday, October 29, 2010

How many other Universities “assume” their faculty web sites are secure? How did the Liberty Coalition access a “faculty” web site? (Why are all these security issues obvious only in retrospect?)

UH West O’ahu security breach affects Mānoa students

October 28, 2010 by admin

The University of Hawaii has just posted a breach notice concerning the incident described in an earlier blog entry:

The University of Hawai`i – West O`ahu (UHWO) is notifying approximately 40,000 individuals that their personal information may have been compromised.

The exposure occurred when a faculty member inadvertently uploaded files containing data including names, social security numbers, addresses, birth dates and educational information to an unencrypted faculty web server. Individuals potentially affected are students who attended the University of Hawai`i at Mānoa from 1990 – 1998 and during 2001. In addition, students who attended UHWO during Fall of 1994 or graduated from 1988 – 1993 may also be affected.

The faculty member, who is now retired from UHWO, was conducting a longitudinal study of UH students. The faculty member obtained the files from the University of Hawai`i System Institutional Research Office and placed the files containing the information onto the faculty web server in December 2009.

UHWO promptly removed the unintentionally exposed files and disconnected the affected server from the network, after Liberty Coalition, a non-profit group based in Washington D.C., notified University officials about the exposure on October 18. Different files had different information on some of the individuals, but it is believed that the aggregation of the exposed files could allow matching to create the potential for identity theft, which is highly unlikely to occur.

The FBI and Honolulu Police Department have been notified. At this time, UHWO has no evidence that anyone’s personal information was accessed for malicious intent. UHWO is also working with UH System to adopt more proactive security measures to ensure better privacy protection.

Notice what’s missing from the above? No mention that they didn’t discover the breach at all and it had to be pointed out to them.

Their full statement also includes reference to an FAQ on the incident, but it’s not available on the site at the time of this posting.

Interesting, but less that a single Computer Security lecture would provide...

Separating Cyber-Warfare Fact From Fantasy

Posted by timothy on Friday October 29, @08:04AM

"This week's New Yorker magazine has an investigative essay by Seymour Hersh about the US and its part in cyber-warfare that makes for interesting reading. Hersh talks about the financial incentives behind many of the people currently pushing for increased US spending on supposed solutions to network vulnerabilities and the fine and largely ignored distinction between espionage and warfare. Two quotes in particular stood out: one interviewee said, 'Current Chinese officials have told me that [they're] not going to attack Wall street, because [they] basically own it,' and Whitfield Diffie, on encryption, 'I'm not convinced that lack of encryption is the primary problem [of vulnerability to network attack]. The problem with the Internet is that it's meant for communication among non-friends.' The article also has some interesting details on the Chinese disassembly and reverse-engineering of a Lockheed P-3 Orion filled with espionage and eavesdropping hardware that was forced to land in China after a midair collision."

Another Facebook “Privacy invasion” tool?

Facebook launches quirky 'friendship pages'

Facebook today launched a feature called "Friendship Pages," which lets users load up the interactions between themselves and individual friends, or between any two friends, on the social network. You'll see their posts on one another's walls, events to which both RSVP'd, photos in which both are tagged, and other interactions that you would otherwise be able to access on either friend's profile (i.e. nothing that wouldn't otherwise be public)

This is the brainchild of a single Facebook engineer, Wayne Kao, who built the feature at one of the company's all-night "hackathons" along with a designer. "One of my favorite Facebook moments is browsing photos from friends in the News Feed after they've begun a new relationship, gotten engaged or gotten married," Kao wrote in a blog post. "It gives me a fun and meaningful glimpse of the friendship between two people I know. I realized that a similarly magical experience was possible if all of the photos and posts between two friends were brought together."


Facebook’s Dominance Leaves President No Choice

In an effort to increase voter turnout for next Tuesday’s Congressional Election, President Barack Obama has put out a call on Twitter for constituents to install a Facebook application called the “Commit to Vote Challenge.” Like a more noble version of Fast Company’s Influence Project, the Commit to Vote Challenge takes advantage of the “network effect” by using Facebook to spam your friends about voting. Facebook’s population is currently greater than that of the United States. [Which, to a Chicago politician is even more attractive than registering dead voters! Bob]

(Related) What do you do with 500 million users who have no privacy? Behavioral Advertising! (Or, “Your friends were dumb enough to buy this, so you probably will too!”

Facebook applies for ad-targeting patent

This is interesting: Earlier this month, Facebook filed for a patent to further hone its ad-targeting technology so that ads can be based on what a user's friends interests may be. The reason for this, it appears, is so that Facebook can better serve ads toward users who have not filled out their profiles with enough information for traditional ad targeting.

Facebook calls this second-degree targeting "inferential."

Continuing the theme of “Our security must be working, we haven't been attacked by a single Klingon since we started!” If you don't have a 'reasonable suspicion,' semantically isn't that the same as having an “unreasonable suspicion?”

UK: Over 100,000 stops-and-searches: zero terrorists

October 28, 2010 by Dissent

Jane Fae Ozimek reports:

When it comes to wasting police time, the biggest offenders appear to be…the police. That, at least, appears to be the conclusion of the Home Office. Its official statistics, published today, show that while police stopped over 100,000 individuals last year to “prevent acts of terrorism”, there was not a single arrest for a terror offence as a result of these stops.

This perhaps is the final nail in the coffin for the widely criticised section 44 of the Terrorism Act 2000, which gives police forces powers to stop and search individuals – in so-called “designated areas” – to prevent acts of terrorism without the need for reasonable grounds of suspicion. According to today’s report: “In 2009/10, 101,248 stops-and-searches were made under this power.

Read more in The Register.

(Related) Certainly not supported by the annual “Wiretapping Report” to congress...

October 28, 2010

EFF: Government Withholds Records on Need for Expanded Surveillance Law

News release: "The Electronic Frontier Foundation (EFF) filed suit against three agencies of the Department of Justice (DOJ) today, demanding records about problems or limitations that hamper electronic surveillance and potentially justify or undermine the Administration's new calls for expanded surveillance powers. The issue has been in the headlines for more than a month, kicked off by a New York Times report that the government was seeking to require "back doors" in all communications systems -- from email and webmail to Skype, Facebook and even Xboxes -- to ease its ability to spy on Americans. The head of the FBI publicly claimed that these "back doors" are needed because advances in technology are eroding agents' ability to intercept information. EFF filed a Freedom of Information Act (FOIA) request with the Federal Bureau of Investigation (FBI), the Drug Enforcement Agency (DEA), and the DOJ Criminal Division to see if that claim is backed up by specific incidents where these agencies encountered obstacles in conducting electronic surveillance."

Where does anonymity stop?

Sperm donors’ privacy rights should trump rights of offspring, Vancouver court told

By Dissent, October 28, 2010

Neal Hall reports:

The privacy rights of anonymous sperm donors should outweigh the constitutional rights of donor offspring, a government lawyer argued today.

Leah Greathead, the lawyer representing B.C.’S attorney general, told a B.C. Supreme Court judge that Olivia Pratten has a very sympathetic claim — she wants to know details of her genetic history from her biological father, a sperm donor.

“It is important to know your genetic history,” the lawyer conceded…]But, she added, “There is no right for everyone to know their genetic heritage.”


Pratten has filed a lawsuit — believed to be the first of its kind in North America — that seeks to strike down the B.C Adoption Act on the grounds that it is discriminatory and unconstitutional.

Read more in the Vancouver Sun

Replacing those bracelets with bar codes? How do they ensure that the person claiming to be Mr. Insured really is? If I arrive at the Emergency Room after an Identity Thief has used my information, how is my care impacted? (Am I presumed “innocent” or “indigent?”)

Wisconsin hospital adds hand scans to ID patients

Hospitals in New York and San Diego are using hand scans to identify patients. Now a Wisconsin hospital is too.

Patients with the same name even the same birthday are rare but it's one of things that a new system at UW Hospital and Clinics in Madison is designed to sort out. It's starting a database of hand scans to identify people through the vein patterns in their palms.

UW Health's chief information officer, Mike Sauk, says the $70,000 system links patients to their electronic health records. [So did (should) the bracelets. Bob] It could be used when a person is unconscious or to verify that the patient and their insurance match up. [No pay, no cure! Bob] Sauk says the system is to protect against instances where somebody steals a health insurance card or ID, and is able to use the victim’s insurance for their care.

… Some people have refused to have their palms scanned.

This looks like Boston is “doing something” without thinking through the outcomes. Is the goal to improve education, or identify potential excuses for their failure to educate? (Failing students didn't use the library” “Students who use public transportation are often late to class” “Students who don't eat a healthy lunch do poorly in Math”)

New student card: Big benefit or Big Brother?

City officials plan to launch a pilot program today to make it easier for some public school students to use city services by providing them with one card they can use to ride the MBTA, withdraw books from city libraries, play sports, attend after-school programs at community centers, and access meal programs at their schools.

The so-called BostONEcard will also be used to take attendance and may eventually serve as a debit card, among other potential uses.

… “This card will help make the assets of our city more accessible and remind each student every day that there are community centers and libraries for them to explore.’’ [Perhaps they will add a small speaker, allowing the card to 'nag' the students. Bob]

This program is starting at the Josiah Quincy Upper School in Chinatown, where all 530 students in grades 6 through 12 are being provided a card, which has multiple barcodes, a radio frequency device to use on the T, and their photos.

… Chris Osgood, cochair of the mayor’s office of New Urban Mechanics, said he hoped the information generated by the cards would allow city officials to develop a single picture of whether students use libraries, community centers, and other programs.

“We want to be able to use this data to look at the impact of, say, a homework or literacy program and how it affects student achievement,’’ Osgood said. “It will also help schools make sure attendance is up.’’ [Wishful thinking. It could be used to take attendance, but only if the students brings it with them. Bob]

… She questioned whether the information could be subpoenaed by law enforcement agencies or whether it could be surreptitiously slipped to marketing companies.

“There would need to be stringent privacy protections so that the librarian doesn’t have access to where a student took the T; the school police officer doesn’t know what books the student is reading; and a school principal doesn’t know how much lunch money students in have in their accounts,’’ she said. “The question is who has access to this database, which when combined reveals a treasure trove of personal information about our children, including what they read, what they eat, where they go, and how much money they have. That information is highly confidential.’’

City officials said they are developing the system and that it would take time before all the information is linked to any central database. [So, they have no way to use or validate the data they are collecting? I doubt that, but vast ideas with half-vast implementation is not uncommon. Bob] They said the cards are being donated by the MBTA and that the costs for now are minuscule. Completing the system and expanding it to the district’s 57,000 students would increase costs substantially.

In the past two years, the city has introduced a system of barcode readers that can track students when they swipe their cards at the Boston Public Library’s 28 branches and the Boston Centers for Youth & Families’ 38 community centers. They are installing card readers at schools citywide.

… At the Josiah Quincy Upper School, which volunteered to launch the program after 30 students last year had attendance rates below 80 percent, headmaster Bak Fun Wong called the cards “very smart.’’ He hopes they promote attendance and encourage students to use the library and after-school programs.

“When Spy-Apps are outlawed, only my Ethical Hackers will have Spy-Apps” Readers who believe this solves the problem are advised to visit to “” t

SMS Spying App Pulled from Android Market

October 28, 2010 by Dissent

Lucian Constantin writes:

A controversial application, which allows users to forward copies of all incoming SMS messages to a different phone, has been removed from the Android Marketplace for violating the service’s content policy.

The app, called the “Secret SMS Replicator,” was created by DLP Mobile, a software developer cattering for various platforms, including iOS, Android and BlackBerry OS.

In a blog post, the company describes the new application as “a tremendously useful and potentially insidious tool” and makes no effort to hide its intended purpose.

One potential use of this app might be the following: Grab your boyfriend’s phone while he is in the shower.

Download our app onto his Android phone and the app runs secretly, unable to be detected, BCC’ing you with all his incoming texts.

Find out salacious details and he’ll have no idea you’re on to him. Perfect. Perfectly cruel,” the company says.

Read more on Softpedia.

Who do they think they are, Republicans? Just shows how easily big donors/lobbyists can manipulate congress, no matter who is in the majority. (and like Animal House taught us, “double secret probation” is the way to go.)

Scholars Say International Property Accord Needs Senate Approval

More than 70 academics, mostly legal scholars, are urging President Barack Obama to open a proposed international intellectual-property agreement to public review before signing it.

The likely route for that is bringing the ACTA agreement to the Senate for ratification.

The deal, known as the Anti-Counterfeiting Trade Agreement (.pdf), according to many critics, favors big media at the expense of the general public. And the intellectual property accord, which Obama could sign by year’s end, has pretty much been hammered out in secret between the European Union, Japan, the United States and a few other international players, including Canada and Australia. Noticeably absent is China.

Geeky stuff

Set Up Multiple Monitors

Having two or three displays side-by-side doesn't just look cool, it can actually boost your productivity. … It's like having a larger digital desk.

Gee, they must be the best teachers ever!

High salaries cast doubt on Foothill-De Anza colleges' parcel tax

A photography teacher earns $208,169 a year. A computer instructor takes home $222,791 - more than his colleagues and even the college president. And a maintenance worker's annual paycheck is $93,706.

… But some voters wonder if the district is justified in holding out the hat while paying such high wages.

"It sounds like maybe they need to do a better job of controlling their payroll before going out and asking for a new tax," said Douglas McNea, president of the Silicon Valley Taxpayers Association and author of the No on E ballot argument.

At the same time, experts in college compensation - including a traditional critic of excess spending - say Foothill-De Anza's high wages may actually represent a cost savings

Another reason to use PowerPoint?

Thursday, October 28, 2010

Add Some Oomph to PowerPoint Slides

oomfo (yes, they spell it in all lowercase letters) is a free add-on to Microsoft PowerPoint. The purpose of oomfo is to enable users to insert animated charts and graphs into their PowerPoint slides. Using oomfo users can import data from spreadsheets to create their charts and graphs. Users can also export the charts they've created for reuse in other presentations. Watch the video below to see oomfo in action.

No comments: