Saturday, August 14, 2010

Another self-serving “spin” of the facts.

Loma Linda offers help after desktops stolen in June

August 13, 2010 by admin

Darrell R. Santschi reports:

Loma Linda University’s dental school has hired a credit monitoring and repair firm to help potential identity theft victims. Kroll Inc. will offer assistance to any of the 10,100 patients whose personal information was contained in three desktop computers stolen from the school the weekend of June 12, university spokesman Dustin Jones said.

Patient treatment records were not stored on the computers, he said, but they did contain names, social security numbers, dates of birth and other health and personal information. Two people were arrested in connection with the case last month.

Jones said computer memory had been erased [“memory” is wiped when the power is turned off. Do they mean they re-formatted the hard drive? Bob] by the thieves, who he said were unable to crack password firewalls. [One of the first thing I teach my Computer Forensic students is to pull the hard drive from the target computer and attach it (via a “Write Blocker”) to another computer. If you don't boot from the target drive, it's operating system never gets control and thus never asks for a password. Bob] He said the university has not yet heard any reports of identity theft. [Now that victims know a probable source, that could change. Bob]

Source: Press-Enterprise, via ESI.

This appears to be Loma Linda’s second breach in recent months. In April, the medical center reported that a desktop stolen from the surgical administrative office contained PHI on 584 patients.

I'm sure this isn't viewed as “caving in” to Big Brother, but simply “complying with local laws and regulations.” The effect is the same.

Update: BlackBerry assures India on access to services

August 13, 2010 by Dissent

Bappa Majumdar reports:

Research In Motion has promised India a technical solution for decoding encrypted BlackBerry data, a senior official said on Friday, a step that could allay Indian security concerns about the smartphone and avert a shutdown.

Indian authorities, who met with RIM officials on Friday, also pledged to go after other companies — including Google and Skype — to protect the country from cyber-spying and attacks planned over the Internet.

RIM faces an August 31 deadline to give authorities the means to read email and instant messages sent over the BlackBerry. New Delhi says it will pull the plug if RIM won’t comply, threatening its future in the world’s fastest-growing telecoms market.


(Related) It must be okay, everybody's doing it!

RIM posts BlackBerry spying 'rules,' wants equal treatment

RIM today posted a set of guidelines that it said would dictate the limits of how countries such as India could monitor its services. The BlackBerry maker would refuse to grant access beyond what's legally required by a local government. Any monitoring would similarly have to be "technology and vendor neutral" and wouldn't grant any special access to a BlackBerry that isn't present on an iPhone or similar device.

Why buy flood insurance if you can convince the Army Corps of Engineers to move the river?

How not to address child ID theft

August 13, 2010 by admin

Over on Emergent Chaos, Adam disagrees with ITRC’s proposed Minors 17-10 Database to reduce child identity theft:

…. Unfortunately, this idea is totally and subtly broken.

Today, the credit agencies don’t get lists from the SSA. This is a good thing. There’s no authorization under law for them to do so. The fact that they’ve created an externality on young people is no reason to revise that law. The right fix is for them to fix their systems.

The right fix is for credit bureaus to delete any credit history from before someone turns 18. Birth dates could be confirmed by a drivers license, passport or birth certificate.

Here’s how it would work:

1. Alice turns 18.
2. Alice applies for credit and discovers she has a credit history
3. Alice calls the big three credit agencies and gets a runaround explains she’s just turned 18, and apparently has credit from when she was 13.
4. The credit agency asks for documents, just like they do today (see “when do I need to provide supporting docs”)
5. The credit agency looks at the birthday they’ve been provided, and substracts 18 years from the year field.
6. The credit agency removes the record from the report

It’s easy, and doesn’t require anything but a change in process by the credit bureaus. No wonder they haven’t done it, when they can convince privacy advocates that they should get lists of SSN/name/dob tuples from Uncle Sam.

The problem I see with Adam’s proposal is that it doesn’t prevent ID theft in the first place, which is what ITRC’s proposal at least attempts to do. Yes, his approach would clear Alice’s record, but there would still be all kinds of erroneous records circulating with her name and SSN attached to them in public record databases and other databases because the ID theft wasn’t prevented.

Of course, the new ID Analytics report on multiple SSNs per person and multiple persons per SSN does not inspire confidence in any approach that attempts to use SSA’s database for anything and raises questions in my mind about ITRC’s proposal.

But more importantly, perhaps: why are we still trying to make the system work with SSN? Hasn’t it become abundantly clear by now that the only thing SSN should be used for is for SSA benefits?

So is it any surprise that we have politicians who aren't sure what the definition of “is” is?

US Students Struggle With Understanding of the 'Equal' Sign

Posted by Soulskill on Friday August 13, @09:32AM

bickerd--- writes with news of research out of Texas A&M which found that roughly 70% of middle grades students in the US don't fully understand what the 'equal' sign means. Quoting:

"'The equal sign is pervasive and fundamentally linked to mathematics from kindergarten through upper-level calculus,' Robert M. Capraro says. 'The idea of symbols that convey relative meaning, such as the equal sign and "less than" and "greater than" signs, is complex and they serve as a precursor to ideas of variables, which also require the same level of abstract thinking.' The problem is students memorize procedures without fully understanding the mathematics, he notes. 'Students who have learned to memorize symbols and who have a limited understanding of the equal sign will tend to solve problems such as 4+3+2=( )+2 by adding the numbers on the left, and placing it in the parentheses, then add those terms and create another equal sign with the new answer,' he explains. 'So the work would look like 4+3+2=(9)+2=11.'"

My wife supplies some anecdotal support. When she brings her doberman to work, all the lawyers seem to spend more time in their offices and less time chatting in the halls.

August 13, 2010

Research: Dogs improve office productivity

The Economist: "There are plenty of studies which show that dogs act as social catalysts, helping their owners forge intimate, long-term relationships with other people. But does that apply in the workplace? Christopher Honts and his colleagues at Central Michigan University in Mount Pleasant were surprised to find that there was not much research on this question, and decided to put that right. They wondered in particular if the mere presence of a canine in the office might make people collaborate more effectively. And, as they told a meeting of the International Society for Human Ethology in Madison, Wisconsin, on August 2nd, they found that it could."

'cause you can never have enough tools. For my Intro to IT class.

Monitor What’s Really Going On With Your PC With System Explorer

System Explorer will return power over your own computer back to you.

The beauty of System Explorer is that it collects, organizes, and rearranges all of the information you need about your system into one central location.

Saikat covered how to troubleshoot Windows with MSConfig.

… it not only lists every single process running on your machine, as well as all of the details about each process – but if you see one that’s questionable, you don’t have to try and guess what it is. If you click on the “Check” link, you’ll go to an online database of file type explanations and reviews from experts regarding whether or not the file is considered safe or unsafe.

… If it appears that your Internet bandwidth has been hijacked, then click on the “Connections” option in the left menu and you’ll see every last process that’s accessing the Internet, the protocol being used, and the “to” and “from” domain addresses. This can help you identify applications that are sending traffic to questionable domains.

… Clicking “Startups” displays every program configured to launch up on startup. This include shortcuts in your Startup folder, and items in your registry. See one that you don’t want? Just right click and disable or delete.

… If you click “Additional Info,” you’ll find your processor speed, used and free memory, drivers, registered DLLs, and even every font that’s installed on your system!

Clever ideas...

10 Simple But Useful Ways To Use The Character Map & Your Lesser-Used Fonts

… Just to give you an example of using the lesser fonts creatively – you can take the ‘scissor’ character from Wingdings and put it next to a dotted line. It illustratively tells you on a printed sheet – cut along the dotted line.

Improving search?

Nibbo: Improved Way To Search Google

Nibbo is a search engine based on Google Search. The engine’s most prominent feature is how it integrates all types of search results within one page. For instance if you execute a search of “hippos” on Nibbo, the ‘web’ results will be shown in the center pane and to the right you can view results from images, videos, Wikipedia, news, and Twitter.

  • Also read related articles:

Also for my Intro to IT class.

How a 16-yo Kid Made His First Million Dollars Following His Hero, Steve Jobs

Friday, August 13, 2010

Companies are still ignoring basic security practices and their PR departments are still relying on the public's ignorance of technology to make their ignorance seem wise. Mailing an un-encryptrd DVD is slower and more expensive than transmitting encrypted data via the Internet. What manager makes a choice like that?

DVD with Walsh Pharmacy patient data disappears during mailing

By Dissent, August 12, 2010

When McKesson Pharmacy Systems mailed Massachusetts-based Walsh Pharmacy a DVD containing information on Walsh Pharmacy patients, the envelope arrived but the DVD was missing. Through its attorney, Walsh Pharmacy notified the New Hampshire Attorney General’s Office of the incident involving its business associate systems vendor.

Information on the DVD included pharmacy patients’ names, and in some cases, Social Security or health insurance numbers, driver’s license numbers, and prescription information. No credit card or financial information was on the missing DVD. Walsh reports that the envelope appeared intact, and that the files on it had been created using a UNIX system which would make the contents more difficult to extract in a comprehensible format. [Unless you actually had a UNIX system. (Cost: $0) Bob]

As a result of this incident, Walsh has changed its procedures and going forward, business associates will no longer return media with sensitive information, but will destroy it instead.

(Related) Relies more on the contract language than the security process.

EMI v. Comerica: Court Finds Commercially Reasonable Security — Bank Loses Motion for Summary Judgment

August 13, 2010 by admin

David Navetta provides a legal analysis of the court’s denial of the bank’s motion for summary judgment in the case.

An odd result — we know.

We previously reported on the lawsuit filed by Experi-Metal, Inc. (“EMI”) and the subsequent motion for summary judgment (and briefs) filed by Comerica Bank to have the case dismissed. As reported in July, the U.S. District Court for the Eastern District of Michigan has issued a ruling on Comerica’s motion for summary judgment. To make a long story short, the Court denied Comerica’s motion and this case appears headed toward trial (or potentially appeal or settlement). Ironically, in the course of its ruling the Court found that Comerica had utilized commercially reasonable security procedures. However, that ruling had more to do with the language in Comerica’s contracts than an actual substantive analysis of Comerica’s security procedures. In this blogpost, we take a closer look at the Court’s ruling.

Read more on Info Law Group.

[From the original report:

As you might recall this case involved a successful phishing attack that allowed the bad guys to get the EMI’s online banking login credentials and wire transfer about $560,000 from EMI’s account (the original amount was $1.9 million, but Comerica was able to recover some of that). The bad guys were able to foil Comerica's two factor token-based authentication with a man in the middle attack.

As far as I know, no one has a “when you die” procedure.

Can Twitter and Facebook Deal With Their Dead?

Posted by CmdrTaco on Thursday August 12, @10:40AM

"One and a half million Facebook users die each year. Twitter faces a similar mortality rate. Yet the social networks have been relatively slow to deal with the uncomfortable business of death. Only this week has Twitter finally unveiled a policy for handling the accounts of dead members. Yet the process for closing the accounts of deceased relatives is complicated, while reminders to follow the accounts of people who have long since passed away continue to arrive, adding to the pain of grieving friends and relatives."

Part of a growing collection of Privacy guidelines. Someone has to get something right some day, don't they?

DARPA Releases Privacy Guidelines For R&D

August 12, 2010 by Dissent

Elizabeth Montalbano reports:

The technology-research arm of the U.S. military has released a new set of privacy principles to guide all of its future R&D projects.

The Defense Advanced Research Projects Agency’s (DARPA’s) new principles are aimed at ensuring that any programs that may raise privacy issues are “designed and implemented in a responsible and ethical fashion,” according to a White House blog post attributed to Tom Kalil, deputy director for Policy at the White House Office of Science and Technology Policy He acknowledged that DARPA’s role “working at the technology and security frontiers” can inherently lead to “tension between the value of having access to information and the importance of respecting personal privacy.”

Read more on InformationWeek.

I'm not neutral...

EFF Reviews the Verizon-Google Net Neutrality Deal

Posted by CmdrTaco on Thursday August 12, @09:48AM

"The EFF has written an analysis of the Net Neutrality deal brokered between Verizon and Google. While the EFF agrees with substantial portions of it, such as giving the FCC only enough authority to investigate complaints, rather than giving them a blank check to create regulations, there are a number of troubling issues with the agreement. In particular, they're concerned that what constitutes 'reasonable' network management is in the eye of the beholder and they don't like giving a free pass to anyone who claims they're attempting to block unlawful content, even when doing so in such a way that they interfere with lawful activities. On balance, while there are some good ideas about how to get Net Neutrality with minimal government involvement, there are serious flaws in the agreement that would allow ISPs to interfere with any service they wanted to because there is no algorithm that can correctly determine which numbers are currently illegal."

I mentioned this earlier, but this is a better format. Again, not just for teachers, anyone can play.

Thursday, August 12, 2010

How To Do 11 Techy Things In the New School Year

Earlier this week I published a list of 11 Techy Things for Teachers To Try This Year. As promised at the end of that post, I have created a free how-to guide for the things I listed. The 58 page guide embedded below is intended as quick-start guide for teachers who want to try something new in the 2010-2011 school year. The guide is a available as a free download.

How would you like a (free) separate computer for each project/class/day of the week?

Turn Your Web Browser Into An Online Computer With icloud

What if your there was physical damage to your computer? All your backups would be on your hard drive an in the case it got damaged, all data would be lost. The best solution to secure your data therefore is by storing a backup online.

icloud lets you do just that. icloud is a web service that provides its users with a virtual desktop. After creating an account and signing in to it, you virtual desktop loads up.

This desktop operates within your web browser and similar to the desktop screen of regular computers. You can store files in your icloud account and use the desktop interface to browse through files and use them.

Currently icloud offers 3GB storage to its free users and 100GB storage to users who pay the $40 fee. The web service is neat service to try and a great way to secure your important data.

A “how are they doing that” tool for my website students. - Understanding Web Technologies

We could define Wappalyzer by saying it is an add-on for Firefox that can be used to analyze any site that you come across, and get a rundown of the different Web technologies that have been employed to put it together. As it stands right now, Wappalyzer can detect both CMS and e-commerce systems, as well as database managers and issue trackers. The full list of tracked applications can actually be read on the site, and the number is getting close to 150.

Tools & Techniques Something for the Swiss Army Folder...

Friday, August 13, 2010

GooReader - Read Google Books On Your Desktop

GooReader is a desktop application for locating, reading, and saving materials from Google Books. The visual interface of GooReader is much nicer and should be easier on the eyes for many people. If you choose to upgrade to a paid plan, GooReader will allow you to print titles. But if you don't upgrade, remember that you can print directly from Google Books for free. GooReader is currently only available for Windows. A Mac version is in development.

Thursday, August 12, 2010

Is this likely to spread to other government entities?

VA Data Breaches Go Live

August 11, 2010 by admin

Bob Brewin alerts us to another new resource on data breaches:

Today the Veterans Affairs Department started posting online its monthly data breach reports as part of its ongoing transparency thing, VA Chief Information Officer Roger Baker told a press briefing this morning. He said the latest report (for July) might not make it to the Web until Thursday

Read more on NextGov.

The reports make for interesting reading. Most of the incidents are relatively minor, but the VA has meticulously documented them and aggregated them by type of incident.

If they intended to make these public as part of a transparency initiative, the FOUO designation on the reports is somewhat confusing:

For Official Use Only/Limited Distribution

WARNING: This document is FOR OFFICIAL USE ONLY. It contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). This document is to be controlled, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO information and is not to be released to the public or other personnel without prior approval of the Veterans Affairs Chief Information Officer. Where appropriate, U.S. person identities have been removed. Should you have a requirement for particular U.S. person identity information, contact the VA-NSOC. No portion of this report should be furnished to the media, either in written or verbal form.

Posting it on their web site doesn’t count as furnishing it to the media, I guess.

Hey, that's a feature not a failure!”

Facebook bug could give spammers names, photos

August 11, 2010 by Dissent

Robert McMillan reports:

Facebook is scrambling to fix a bug in its website that could be misused by spammers to harvest user names and photographs.

It turns out that if someone enters the e-mail address of a Facebook user along with the wrong password, Facebook returns a special “Please re-enter your password” page, which includes the Facebook photo and full name of the person associated with the address.

Read more on Computerworld.

Start 'em young and Big Brother will be a familiar part of their lives.

Maine Schools Asking for Students’ Social Security Numbers

August 12, 2010 by Dissent

Reported by

With the start of school just weeks away, many parents are on edge about a new state law asking schools to collect students’ Social Security numbers.

The state plans to use the data to measure the efficiency of the current curriculum by tracking students’ progress from elementary school to their first place of employment. [Why stop there? Bob]

The Maine Department of Education says there will be no consequences for withholding the information.

This is an issue that goes beyond Maine and is actually a national issue in tracking students’ progress. However, I think it is a terrible idea for schools to be collecting Social Security numbers. In this day and age, and given the lack of security/IT in place in most public school systems, I see this as an invitation to more hacks and breaches that could lead to ID theft for minors who may not even discover the ID theft or compromise until they are much older.

If my kids were still of school age and I was asked for their SSN, I’d decline or fight it.

Here in the wild west, we believe is “shoot first, find your justification later.” Won't they be surprised when the owner of the “preemptive lawsuit patent” sues them!

Music Festival Producer Pre-Sues Bootleggers

Posted by samzenpus on Wednesday August 11, @05:03PM

"Apparently, if you even have been *thinking* about bootlegging the Mile High Music Festival this coming weekend in Denver you've already been sued. No joke. Event producer AEG has already filed trademark infringement claims against 100 John Does and 100 Jane Does in anticipation that they're going to bootleg the event. Since none of the sued parties have actually done anything yet, no one's showing up in court to protest the lawsuit either, so it moves forward... meaning that AEG can use it to get all sorts of law enforcement officials (US Marshals, local and state police and even off-duty officers) to go seize bootleg material."

Politicians will want this banned, if it actually works and can't be subverted. - Understanding Political Information

A very novel web-based tool, Poligraft can be used to discover all there is to know about the politicians and political organizations that are mentioned in any text. By copying and pasting a text into the box that is provided you will be able to have its every political connotation analyzed. You will know exactly who is who, and the way in which individuals relate to any of the organizations that are mentioned as part on that document. You will also learn about the connections between organizations, obviously.

Apparently, it is not illegal, but very, very irritating?

Obama Wants Allies To Go After WikiLeaks

Posted by CmdrTaco on Wednesday August 11, @12:04PM

"Coming on the back of human rights groups criticizing WikiLeaks, American officials are saying that the Obama administration is pressuring allies such as Australia, Britain, and Germany to open criminal investigations against WikiLeaks founder Julian Assange, and to try limit his ability to travel.[Even over the Internet? Bob] 'It's not just our troops that are put in jeopardy by this leaking. It's UK troops, it's German troops, it's Australian troops — all of the NATO troops and foreign forces working together in Afghanistan,' said one American diplomatic official, who added that other governments should 'review whether the actions of WikiLeaks could constitute crimes under their own national-security laws.'"

When you first thoughts are not about privacy...

UK: Personal details of thousands of 999 callers stored on ‘secret police database’

August 11, 2010 by Dissent

Rebecca Camber reports:

Tens of thousands of people who report crimes to police are having their personal details stored on a ‘secret’ police database.

Innocent members of the public who call 999 about an incident or witness a crime are routinely being asked for their ethnicity and date of birth, it has emerged.

The details are being kept on a ‘Big Brother’ police file where thousands of suspected criminals’ details are also held for years without their knowledge.

Read more in the Daily Mail.

Is it news or is it proof of guilt?

Prior Restraint Lives: Newspaper Blocked From Publishing Photo of Murder Suspect

We’re not sure what’s more alarming: that a local California judge has barred the Los Angeles Times from publishing lawfully obtained photos of a murder defendant, or that an appeals court has just decided not to immediately reverse this clear exercise of prior restraint.

Okay, I admit this has noting to do with my normal topics, but I sent this to everyone I know who find my driving (on mountain roads with no guardrails) less than inspiring. See? It could be worse. Check the handy data readout in the lower right.

Video: Climb Pikes Peak With The Monster

Stay cautious...

August 11, 2010

An Analysis of Private Browsing Modes in Modern Browsers

An Analysis of Private Browsing Modes in Modern Browsers, by Gaurav Aggarwal and Elie Bursztein, Stanford University; Collin Jackson, CMU; Dan Boneh, Stanford University

  • "We study the security and privacy of private browsing modes recently added to all major browsers. We first propose a clean definition of the goals of private browsing and survey its implementation in different browsers. We conduct a measurement study to determine how often it is used and on what categories of sites. Our results suggest that private browsing is used differently from how it is marketed. We then describe an automated technique for testing the security of private browsing modes and report on a few weaknesses found in the Firefox browser. Finally, we show that many popular browser extensions and plugins undermine the security of private browsing. We propose and experiment with a workable policy that lets users safely run extensions in private browsing mode."

Stay current...

August 11, 2010

Cisco 2010 Midyear Security Report

Cisco 2010 Midyear Security Report - The impact of global security threats and trends on the enterprise

  • "Web 2.0, mobility, virtualization, and other dramatic shifts in how we communicate and collaborate are carving out a new landscape for business and for enterprise security. The Cisco® Midyear Security Report examines these changes and their impact on the enterprise, and highlights other significant trends and threats creating security challenges for organizations worldwide. The report also includes recommendations from Cisco security experts designed to help enterprises strengthen their security."

Stay connected...

August 11, 2010

Pew Internet Report: Home Broadband 2010

Home Broadband 2010 by Aaron Smith, August 11, 2010

  • "After several years of double digit growth, broadband adoption slowed dramatically in 2010. African-Americans experienced broadband adoption growth in 2010 well above the national average After several consecutive years of modest but consistent growth, broadband adoption slowed dramatically in 2010. Two-thirds of American adults (66%) currently use a high-speed internet connection at home, a figure that is not statistically different from what The Pew Research Center’s Internet & American Life Project found at a similar point in 2009, when 63% of Americans were broadband adopters.
    The lack of growth in broadband adoption at the national level was mirrored across a range of demographic groups, with African-Americans being a major exception. Broadband adoption by African-Americans now stands at 56%, up from 46% at a similar point in 2009. That works out to a 22% year-over-year growth rate, well above the national average and by far the highest growth rate of any major demographic group. Over the last year, the broadband adoption gap between blacks and whites has been cut nearly in half."

Do we do or do we don't, that is the question.

The Case Against Net Neutrality

Posted by samzenpus on Wednesday August 11, @04:09PM

"While I certainly don't agree with it, this article tries to make the case that Net Neutrality may actually be bad for America. From the article: 'If the government regulates net neutrality, policies for internet access are set by one entity: the FCC. However, if the government stays out, each company will set its own policies. If you don’t like the FCC’s policies, you are stuck with them unless you leave the United States. If you don’t like your internet service provider’s policies, you can simply switch to another one. So which model sounds better to you?'"

(Related) Hummm...

Another Net Neutrality Option: Remove Financial Incentives

… The answer to all of this could be simple: let ISPs prioritize content where doing so makes its customers happy — just don’t let them charge when they do it. Removing financial incentives to mess with the internet could help mitigate the unseen consequences of whatever tampering is soon to happen, like it or not.

A Beta worth waiting for?

Meet Treesaver, a New HTML Magazine App

A startup called Treesaver has developed a slick presentation framework for digital magazines that runs in the browser. It has many of the features you’d expect from a clean, reader-friendly content wrapper (like Instapaper or Readability) but it couples that functionality with a way-cool user interface.

Pages can be navigated by swiping from side-to-side, and you get helpful ghost images on either side of the page you’re reading, which aid in signposting. Also, the pages within the web app dynamically resize for different screens — and it even resizes on the fly as you make the browser smaller and larger. It’s all HTML, JavaScript and CSS.

… Treesaver will be entering beta testing in a few weeks, and the code will be released under an open-source license soon after that.

[Sign up for the newsletter at:

Eight will get you five, my statistics students will jump all over this one.

Website Lets You Bet On Your Grades

Posted by samzenpus on Wednesday August 11, @08:15PM

"College students who expect to get good grades can get a good payoff, if they're willing to put their money where their mouse is. A website is taking wagers on grades from students at 36 American colleges. Students have to register, upload their schedule, and give the site access to official school records. The site, called Ultrinsic, then calculates odds and the students decide whether to place their bets. Ultrinsic's CEO Steven Woldf insists it's not online gambling, since these wagers involve skill. He says 'The students have 100 percent control over it, over how they do. Other people's stuff you bet on — your own stuff you invest in.'"

Wednesday, August 11, 2010

Ever wonder how those skimmers seem to be everywhere? It seems there is a madness to this method.

CO: Waitress charged with felony possession of skimmer

August 11, 2010 by admin

Making possession of tools a felony opens up new prosecutorial possibilities:

A Greeley waitress from China, arrested last week for allegedly “skimming” customers’ credit cards, has been charged with a felony — possession of identity theft tools.

Yu Lin, 22, was arrested last week and released on $5,000 bond. She was arrested after the owners of the Ambrosia Asian Restaurant in west Greeley first videotaped Lin, then reported the skimming incident to police.


This case has a bit of a twist to it, it seems:

Lin allegedly purchased the device from a company that promised to raise her credit limit if she used the device to copy credit card information and then return the device to the company.

Although police said she admitted copying 50 to 60 customers’ cards in July, none of the information was passed on to other devices.

Read more in the Greeley Tribune.

Even Psychologists are crazy sometimes... When you contemplate using an unfamiliar technology, you should also consider asking someone who is familiar how it should be used.

InPsych app is a privacy threat – psychologist

August 11, 2010 by Dissent

Psychologist John Grohol of Psych Central posts this warning on his site:

I’m off to attend the annual meeting of the American Psychological Association (APA) in San Diego today, but before I go, I do have two APA-related news items to post. The first is about the APA’s social networking application it deployed for this year’s convention, called InPsych. It’s a great idea with one fatal flaw that makes it not only something I suggest you avoid, but something I recommend the APA disable access to immediately.

The idea behind the social networking app is a good one — help people plan their convention schedule and meet up with other psychologists or psychology students while in San Diego. It’s a big convention with over 10,000 attendees every year, so it’s nice to have some way of keeping the information organized and at your fingertips.

Sadly, however, the APA outsourced this application to a third party. And in doing so, they apparently either didn’t review how the application handles security and logins, or reviewed the application and thought that exposing members’ personal information to anyone who’s interested in it is okay. That’s right — anyone can login to your account and view all of the personal information the APA has on file for you (your mailing address, phone number and email address). If you’ve already filled out the demographic form or talks you’d like to attend, they can view that information too.

All of which is readily available by using the 4- or 5-digit code (or any 4 or 5 digits) to login. That’s right — that’s the same 4- or 5-digit code that is helpfully displayed on the front of everybody’s convention badge.


Tomorrow, I’ll discuss how the APA is using an undisclosed technology to track your attendance at the convention.

Read more on PsychCentral.

Who gets to name these things anyway?

Touchscreens Open To Smudge Attacks

Posted by CmdrTaco on Wednesday August 11, @08:58AM

"The smudges left behind on touchscreen devices could be used to decipher passwords to gain access, according to researchers at the University of Pennsylvania. The report tested the idea out on Android phones, which use a graphical pattern that the user traces to unlock the handset. The researchers took photos of the smudge trails left on the screen and bumped up the contrast, finding they could unlock the phone 92% of the time. While they noted Android 2.2 also offers an alphanumeric password option, the researchers claimed such a smudge attack could be used against other touchscreen interfaces, including bank machines and voting machines. "In future work, we intend to investigate other devices that may be susceptible, and varied smudge attack styles, such as heat trails caused by the heat transfer of a finger touching a screen," they said."

Gags outlive the cause?

Plaintiff who challenged FBI’s national security letters reveals concerns

August 10, 2010 by Dissent

Ellen Nakashima reports:

For six years, Nicholas Merrill has lived in a surreal world of half-truths, where he could not tell even his fiancee, his closest friends or his mother that he is “John Doe” — the man who filed the first-ever court challenge to the FBI’s ability to obtain personal data on Americans without judicial approval.


On a cold February day in 2004, an FBI agent pulled an envelope out of his trench coat and handed it to Merrill, who ran an Internet startup called Calyx in New York. At the time, like most Americans, he had no idea what a national security letter was.

The letter requested that Merrill provide 16 categories of “electronic communication transactional records,” including e-mail address, account number and billing information. Most of the other categories remain redacted by the FBI.

Read more in the Washington Post. Kim Zetter of Threat Level also reports on an interview they obtained with Merrill.

[From the article:

Now, following the partial lifting of his gag order 11 days ago as a result of an FBI settlement, Merrill can speak openly for the first time about the experience, although he cannot disclose the full scope of the data demanded.

… The FBI withdrew its letter to Merrill in November 2006.

Surely there is more to this than a conviction for bragging?

Speeder convicted after bragging online

A 19-year-old man from a Toronto suburb has pleaded guilty to careless driving after boasting online that he drove 100 kilometres an hour over the speed limit on a residential street.

And interesting slide show full of quotable statistics.

August 10, 2010

News Consumption 2010: A portrait of "local news enthusiasts"

Understanding the Participatory News Consumer: Local News Enthusiasts - presentation by Kristen Purcell, Associate Director, Research/Pew Internet

  • "Roughly four in ten adults say there is currently not enough news coverage of their neighborhood or local community (38%) or that there is not enough coverage of their state (39%). These “local news enthusiasts” are slightly younger and more mobile than other adults, and are more engaged in social network site use and in commenting on and sharing news they find online."

Such a simple concept. How many years did it take us to figure out a “Secure AND temporary category?

New Toshiba Drives Wipe Data When Turned Off

Posted by CmdrTaco on Tuesday August 10, @04:51PM

"Toshiba on Tuesday introduced a new hard drive feature that can wipe out data after the storage devices are powered down. The Wipe feature in Toshiba's SED (Self-Encrypting Drives) will allow for deletion of secure data prior to disposing or re-purposing hard drives, Toshiba said. The technology invalidates a hard-drive security key when a system's power supply is turned off. The new Wipe capability will go into future versions of the SED drives, for which no timeframe was given. Beyond use in PCs, Toshiba wants to put this feature on storage devices in copiers and printers."

A useful tool for understanding risk.

Schneier's Revised Taxonomy of Social Data

Posted by CmdrTaco on Tuesday August 10, @10:41AM

Jamie noted that over at Schneier's blog, he has a worthwhile entry on the data in the social networks. He writes

"Lately I've been reading about user security and privacy — control, really — on social networking sites. The issues are hard and the solutions harder, but I'm seeing a lot of confusion in even forming the questions. Social networking sites deal with several different types of user data, and it's essential to separate them."

[From the article:

  • Service data is the data you give to a social networking site in order to use it. Such data might include your legal name, your age, and your credit-card number.

  • Disclosed data is what you post on your own pages: blog entries, photographs, messages, comments, and so on.

  • Entrusted data is what you post on other people's pages. It's basically the same stuff as disclosed data, but the difference is that you don't have control over the data once you post it -- another user does.

  • Incidental data is what other people post about you: a paragraph about you that someone else writes, a picture of you that someone else takes and posts. Again, it's basically the same stuff as disclosed data, but the difference is that you don't have control over it, and you didn't create it in the first place.

  • Behavioral data is data the site collects about your habits by recording what you do and who you do it with. It might include games you play, topics you write about, news articles you access (and what that says about your political leanings), and so on.

  • Derived data is data about you that is derived from all the other data. For example, if 80 percent of your friends self-identify as gay, you're likely gay yourself.

For students who have far more artistic talent than I do. (i.e. All of them)

DeviantArt’s Muro Drawing App Is Pure HTML5 Awesomeness

Muro works in all modern browsers, and you can dive in and start drawing on a blank canvas, all without Flash or any other plug-in. There are several brushes available to everyone, but to access the more advanced features, you’ll need to create a DeviantArt account and log in.

… Muro is reminiscent of other browser-based drawing tools like Odosketch, which uses Flash, and Sketchpad, which, like Muro, uses only web standards. But Muro is cleaner and more of a joy to use than any other HTML5-based sketching app I’ve seen.


Design & Build 3D Virtual Buildings & Objects With Google SketchUp

Tools & Techniques Occasionally I assign podcasts or videos as homework

How To Transcribe Audio & Video Files Into Text With The Help Of Express Scribe

Express Scribe can help

Not only can it slow down the audio files while maintaining constant pitch, it will also give you playback shortcuts that you can use from within your word processor. This amazing software is available for Mac, Windows and Linux; and it’s totally free.

Tools & Techniques For my Presentation students

PresentationMagazine: Free Presentation Speeches, Articles, Tips & Templates

  • Download over 300 power point templates.

  • Links to presentation utilities and tools.

  • Free clip-art images for several categories.

Similar tools: SlideServe, PresentationsETC, SlideSix and TemplatesWise.


Iorad: Easily Make Instruction Manual For Any App

Iorad is a web service that lets you create comprehensive instruction manual for any application. It is more like a web-based version of PowerPoint but with lots of extra features. You can capture and insert screenshots and video clips, insert text boxes, buttons, roll overs, mouse symbols, arrows and captions to images.

  • Totally web-based, no downloads or scripts needed.

  • Add screenshots and video clips.

  • Publish on the web or download as PPT, PDF or Doc.

Tools & Techniques Collect videos for later viewing? Now I have a single link to all those math videos I share with my students! - A Tool For Saving & Retrieving Videos

This is one for those who watch YouTube for hours on end. To put it in simple words, Radbox will empower them to store all the videos that they come across and like in one centralized location, and then recall them whenever they want.

This is accomplished through a bookmarklet that can be used at no cost, and which works with all the most popular video services available today - YouTube, Vimeo, Hulu, CNN, College Humor…

Tuesday, August 10, 2010

It could be worse, and likely will be.

August 09, 2010

DOE Estimates 10 Million Cyberattacks Daily

Forbes: "The U.S. Department of Energy is in a class by itself, though. The agency receives more than 10 million attacks every day, according to Tom Pyke, the DOE's former CIO. That includes everything from simple scans all the way up to phishing attacks that attempt to use malicious code to take over. And it can be as sophisticated as any attacker--think government--can make it."


Germany bans BlackBerrys and iPhones on snooping fears

Should be an interesting read...

Google Secret Privacy Document Leaked

Posted by CmdrTaco on Tuesday August 10, @08:50AM

"A confidential, seven-page Google Inc. 'vision statement' shows the information-age giant in a deep round of soul-searching over a basic question: How far should it go in profiting from its crown jewels—the vast trove of data it possesses about people's activities? Should it tap more of what it knows about Gmail users? Should it build a vast 'trading platform' for buying and selling Web data? Should it let people pay to not see any ads at all?"

[This is an interesting Interactive Graphic:

The economics of e-crime. Yes, I do share these little tidbits with my Ethical Hackers.

FTC Busts Domain Name Scammers

Posted by Soulskill on Monday August 09, @05:08PM

"The Federal Trade Commission said today it had permanently killed the operations of a group that it said posed as domain name registrars and convinced thousands of US consumers, small businesses and non-profit organizations to pay bogus bills by leading them to believe they would lose their Web site addresses if they didn't. As with so many of these cases however, the defendants get off paying back very little compared to what they took. With today's settlement order, entered against defendants Isaac Benlolo, Kirk Mulveney, Pearl Keslassy, and 1646153 Ontario Inc., includes a suspended judgment of $4,261,876, the total amount of consumer injury caused by the illegal activities. Based on what the FTC called the inability of the settling defendants to pay, they will turn over $10,000 to satisfy the judgment."

As it becomes ever more difficult to eek out that next percent of increased productivity, your efforts shift from the tactical (technology) to the strategic (law)

August 09, 2010

Google and Verizon offer joint policy proposal for an open Internet

Official Google Blog: "The original architects of the Internet got the big things right. By making the network open, they enabled the greatest exchange of ideas in history. By making the Internet scalable, they enabled explosive innovation in the infrastructure. It is imperative that we find ways to protect the future openness of the Internet and encourage the rapid deployment of broadband. Verizon and Google are pleased to discuss the principled compromise, Verizon-Google Legislative Framework Proposal, our companies have developed over the last year concerning the thorny issue of “network neutrality."

[From the NYT article:

The proposal, however, carves out exceptions for Internet access over cellphone networks, and for potential new services that broadband providers could offer. In a joint blog post, the companies said these could include things like health care monitoring, “advanced educational services, or new entertainment and gaming options.”

Define your criteria creatively enough (e.g. Best party school) and anyone can be ranked in the top ten.

August 09, 2010

ABA Report Examines U.S. News & World Reports Law School Rankings

Report of the Special Committee on the U.S. News and World Report Rankings Section on Legal Education and Admissions to the Bar

  • "On February 17, 2010, ABA President Carolyn Lamm asked the Section of Legal Education and Admissions to the Bar to examine rankings of law schools. She did so to follow through on a Resolution of the ABA House of Delegates that the ABA “examine any efforts to publish national, state, territorial, and local rankings of law firms and law schools.”... We commissioned a professional law librarian, Dorie Bertram of the Washington University School of Law, to prepare a comprehensive annotated bibliography on the ranking of law schools. We attach a copy of that extensive bibliography to this report to assist the ABA in considering this subject. As a review of that document shows, there is now a wide array of rankings of law schools in the United States. Each rankings scheme employs idiosyncratic criteria and methodology to compare law schools. No law school performs at the top or bottom of all rankings schemes. Nevertheless, the scholarship indicates that the U.S. News and World Report’s annual ranking of law schools overwhelmingly dominates the public discourse on how law schools compare to one another. As a result, U.S. News rankings have assumed ever increasing importance to any law school that wishes to attract students and faculty and to retain support from alumni and university leaders. The criteria U.S. News uses for rankings now has a powerful influence over the management and design of American legal education. That influence is not entirely benign, as is indicated in the scholarship."

[From the report:

J. Robert Brown, Of Empires, Independents, and Captives: Law Blogging, Law Scholarship, and Law School Rankings (Univ. of Denver, Legal Studies Research Paper No. 08-04, 2008), available at

Suggests that blogs can be useful in improving faculty reputations. [Told ya! Bob]

Who is in charge? What was their strategy? What senior manager was unable to put things in strategic context? “What we have here is a failure to communicate.”

Discovery Threatens Fan Site It Also Promotes

Posted by Soulskill on Monday August 09, @03:33PM

"It seems the lawyers and the marketing people at The Discovery Channel don't talk to each other much. The marketing people behind the show 'The Deadliest Catch' have been supporting a fan community called for a while now. They've regularly sent the site info, free clips, previews and information about the show. On top of that, they link to it from the official site, including it in a list of 'fan sites' as a part of the 'Discovery Network,' and even will frame the site with the show's own dashboard for those who click through. Discovery's lawyers, on the other hand, have threatened to sue the site out of existence and have demanded that the owner hand over the domain name — which he is going to do, because he doesn't have the money to fight this. While there may be a trademark issue (which could be easily resolved with a free license), the lawyers are also making the ridiculous argument that posting the videos Discovery sent him to post are copyright infringement. They're also claiming that embedding the official Discovery Channel YouTube videos (which have embedding turned on) is copyright infringement. This is exactly how you turn lots of fans into people who hate your entire channel."

(Related) In that here's another contradictory management of technology.

MP Wants Official Email Address Kept Private

Posted by Soulskill on Tuesday August 10, @01:42AM

"An MP in the UK has had his official email address removed from the parliamentary website, because he's tired of getting 'nuisance' emails via online campaign websites. MP Dominic Raab's email is currently not listed on the House of Commons' website following a spat with online campaigners 38 Degrees. 'Just processing the emails from your website absorbs a disproportionate amount of time and effort, which we may wish to spend on higher priorities, such as helping constituents in real need or other local or Parliamentary business,' he said, threatening to report the group to the government's data and privacy watchdog if they didn't remove the details from their own website. 38 Degrees says Raab gave them his personal email address during the election: 'it's only since he became a member of parliament with a taxpayer funded email address that he's now said he doesn't want to hear from people,' unless they're willing to shell out for a stamp to write him a letter. The lobby group said Raab likely averaged fewer than two emails from their site each day."

An interesting idea. - A Simple Way To Store Notes Online

Walnote is a free Internet tool that lets you store any quick note that you have taken but that has a certain sensitivity or personal poignancy, and that you can’t just leave lying in any old site that could be freely accessed by others.

Walnote guarantees the privacy of what you store by the use of state-of-the-art encryption coupled with the entire absence of names or emails in order to sign up. And the fact that the data is hosted at Amazon gives you the assurance that what you have written won’t be wiped out accidentally.

What are the main uses something like this will be put to? Well, that obviously depends. But I daresay that people who need to keep an online copy of all their usernames and passwords might give it a try. So will people who want to store sensitive information such as credit card details. These are two uses that spring immediately to mind, but I wouldn’t be surprised if people came up with others that are every bit as vital themselves.

Sounds like they found a niche... Since I'm unaware of a way to run this on a PC, it also suggests that a PC clone would find an instant market (as would an iPad emulator!)

When You Are the Editor

This tiny company (19 employees) launched its first iPad app in July, and so many people wanted to download it that within 20 minutes Flipboard’s servers were maxed out. Engineers scurried around trying to fix the problem, but after 36 hours, the only thing Flipboard could do was put people on a waiting list.

… What’s the big deal? Flipboard has found a way to take the news feeds that you get from friends on Facebook and Twitter and turn them into what McCue calls “the world’s first social magazine.” Instead of the ugly little links to articles you have on Twitter, on Flipboard you get a glimpse of the original articles and photos, laid out the way they might be in a magazine. To browse, you just flip with your fingertip, the way you would turn the pages of a magazine. I follow film critic Roger Ebert’s Twitter feed, for example. Ebert sends out a stream of links to eclectic articles and photos. Reading him on Twitter is a pain because you have to click on each link. But reading Ebert on Flipboard is amazing—suddenly you’ve subscribed to this wonderful little magazine run by a really smart, funny editor.

I think this has wider application than mere teachers...

Monday, August 9, 2010

11 Techy Things for Teachers to Try This Year

If you've set the goal of trying something new in your classroom this year (shouldn't that always be one of our goals), here are eleven techy things teachers should try this year.

4. Create Videos Without Purchasing any Equipment