Saturday, October 16, 2010

Now you can be a parent and Big Brother at the same time! Unfortunately, there's an App for that.

3 Most Effective Cell Phone Surveillance Apps to Monitor Your Kids [Android]

Use M-Spy to Listen In

Have you ever heard those urban legends that the CIA or NSA can connect to any cellphone in the world and hear what’s going on in the room? Well, with M-Spy from the Android Market, you can do that too. After you download and install M-Spy to your phone, all you have to do is set up a PIN number, and the phone is immediately enabled to act as your own personal audio bug no matter where it is.

Use the Android as an IP Webcam

While audio is useful, it would be even more useful if you could position your Android phone to monitor your home while your kids are being cared for or home alone. Using the IP Webcam app on the Android Market, you can transform your Android into an IP webcam.

Remotely Sense Motion, Movement or Sound

One of the most advanced remote surveillance apps is RL Watcher. This application lets you enable your phone to remotely sense movement, sound or even just the slightest motion of your phone.

Each remote sensor can be individually enabled so that you can receive a notification any time each sensor is tripped. Notifications of any activity can be via SMS, e-mail or by phone. For example, you can set the phone up so that if it moves, it’ll call you at any phone number and you can listen in to whatever is going on where the phone is situated.

Did you ban your teen from using their car? Put your Android phone in the car while you’re at work, and it’ll call you if the car starts moving. Put it in an empty room, and it’ll email you when there’s movement in the room. The possibilities are endless.

A re-hash of the Wall Street journal articles. PeakYou worked no better than some others I've tried.

Data Miners Scraping Away Our Privacy

Posted by Soulskill on Friday October 15, @10:08AM

"Twig, writing for Corrente, reports on data scrapers. They are not looking for passwords and such; scrapers are looking at blogs and forums searching for material relevant to their corporate clients. We are assured that the information is 'anonymized' to protect the identities of forum participants. However, a tool called PeekYou permits users to connect online names with real world identities. No worries, though — if you have a week to spare, you can opt-out of some of the larger data banks."

If you advertise it, they will come.” Field of Madison Avenue Dreams.

Who would send Angie’s List their sensitive medical info??!

By Dissent, October 15, 2010

Danger, Will Robinson!

Angie’s List has reportedly started offering a new service to resolve complaints consumers/patients may have about their doctors. But to do so, it reportedly requires users to sign a release that is Very Bad News.

According to the Medical Justice Blog, which has called attention to this dangerous release, it says, in part:

[My doctor] is hereby authorized to discuss and disclose all protected health information about me in its possession (whether in oral, written, or electronic form) to Angie’s List….

I understand that this includes routine medical treatment information (such as admission records, doctors order sheets, progress and notes, surgical records, laboratory records, and office notes)…

[My doctor is authorized to send] records relating to communicable diseases – which may include hepatitis, sexually-transmitted diseases, H.I.V. and AIDS. …-)…

[My signature also authorizes my doctor] sending records relating to drug or alcohol abuse, or drug or alcohol related diseases (whether or not covered by 42 C.F.R. Part 2), and psychiatric, psychological or counseling records…


I understand that information that I provide to Angie’s List or information that is used or disclosed in accordance with this Authorization may be used by Angie’s List to provide content for Angie’s List publications such as magazines, websites, or other works…

Wow. Angie’s List is not a HIPAA-covered entity. While patients can waive their own privacy and confidentiality and send anyone their records, no HIPAA-covered entity should participate in this at all. And frankly, neither should any patient, in my opinion.

Patients: if you have a complaint that you can’t resolve with your physician or health care provider, there are professional boards to hear your complaint. And if you can’t convince them, see a lawyer about your legal options. Sharing your sensitive information with a business is just plain privacy-dangerous.

Smart, but a few years late?

How Cornell Plans To Purge Campus Computers of Personal Data

Posted by timothy on Friday October 15, @07:27PM

"Cornell lost a laptop last year with SSNs. Now, they've mandated scanning every computer at the University for the following items: social security numbers; credit card numbers; driver's license numbers; bank account numbers; and protected health information, as defined by HIPAA. The main tools are Identityfinder (commercial software for Windows and Mac), spider (Cornell software for Windows from 2008) and Find_SSN (python script from Virginia Tech). The effort raises both technical questions (false positives, anyone?) and practical issues (should I trust closed source software to do this?). Have other Universities succeeded at removing confidential data? Success, here, should probably be gauged in terms of diminished legal liability after the attempted clean up has been completed."

Note: this program affects the computers of university employees and offices, rather than students' personal machines.

[Software mentioned:


Identityfinder [There is a free home version Bob]

Cornell's “spider”

Interesting. They seem to be saying (again) that they are overselling their systems. “We want everyone to buy our unlimited data plans but we don't want them to use them. A few high volume users/applications can overwhelm our network, so we need to block them and charge more.”

Can Apps Really Damage a Cellular Network?

Posted by Soulskill on Friday October 15, @05:59PM

"In FCC filings earlier this year, T-Mobile described how the behavior of one Android IM app nearly brought their cellular data network to a breakdown in one city. Even more interesting, the US carrier describes how just the 300,000 unlocked iPhones on their network caused massive spikes in data usage. T-Mobile is using these anecdotes as evidence that mobile carriers should be able to retain control over the applications and devices on their network to ensure quality of service for all users. Do they have a point?"


Cell phone is 'gadget of choice' for Americans

U.S. consumers crave their gadgets, but the cell phone rules them all, according to a new Pew Internet study.

Among the 3,000 adults surveyed, 85 percent own cell phones. Mobile phones are especially in demand among younger adults, with 96 percent of 18- to 29-year-olds owning one. But even among those 65 and older, 58 percent have a cell phone.

Bad, but what can you expect when research is so carefully hidden (to protect patent rights?)

Meta-Research Debunks Medical Study Findings

Posted by Soulskill on Friday October 15, @03:48PM

"From The Atlantic comes the story of John Ioannidis and his team of meta-researchers, who have studied the overall state of medical research and found it dangerously and widely lacking in trustworthiness. Even after filtering out the journalistic frippery and hyperbole, the story is pretty disturbing. Some points made in the article: even the most respected, widely accepted, peer-reviewed medical studies are all-too-often deeply flawed or outright wrong; when an error is brought to light and the conclusions publicly refuted, the erroneous conclusions often persist and are cited as valid for years, or even decades; scientists and researchers themselves regard peer review as providing 'only a minimal assurance of quality'; and these shortcomings apply to medical research across the board, not just to blatantly self-serving pharmaceutical industry studies. The article concludes by saying, 'Science is a noble endeavor, but it's also a low-yield endeavor … I'm not sure that more than a very small percentage of medical research is ever likely to lead to major improvements in clinical outcomes and quality of life.' I've always been somewhat suspicious of research findings, but before this article I had no idea just how prevalent untrustworthy results were."

(Related) Let's hope that somewhere there is an aspiring garage-based inventor of the cure for the common cold.

The Spread of Do-It-Yourself Biotech

Posted by Soulskill on Friday October 15, @11:30AM

"Are you an electronics hobbyist or a garden shed tinkerer? If so, then move aside, because there's a new kid on the block: the DIY biotechnologist. The decreasing price of biotech instrumentation has made it possible for everyday folks (read: biotech geeks) with a few thousand dollars to spare to equip their garages and parents' basements with the necessary 'tools of the trade.' Some, like PCR machines, are available on eBay; other utensils are hacked together from everyday appliances and some creativity. For example: microscopes out of webcams and armpit E. coli incubators. Nature News has an article on the phenomenon, describing the weird and wonderful fruits of biotech geek ingenuity, like glow-in-the-dark yogurt. One could draw parallels with the early days of computer building/programming. It may be that we're looking at a biotech revolution, not just from the likes of Craig Venter, but from Joe-next-door hacking away at his E. coli strain. What are the Steve Wozniaks of biotech working on right now?"

I like Gertner a lot and this article is worth a read, but I had a chilling thought.. Do you suppose I could translate this curve to reflect how my students see the classes I teach?

Gartner's hype cycle: Tablets, gestures, and cloud

Gartner's "Hype Cycle" ... The underlying concept is pretty simple. New technologies enter the market, become the subject of breathless hype, fail to immediately live up to the most breathless hyperbole, start to therefore be perceived as failures, and finally become useful for the mainstream market in a realistic, measured way.

Gartner's 2010 Hype Cycle for Emerging Technologies Free, registration required.

For your Swiss Army folder...

Fileminx: Free Instant File Converter Online

Ever received an email with an attachment that you couldn’t open because you didn’t have the required program on your system? Asking the sender to resend the file is not always an option since that’d require a lot of time and even then the sender might not have the same software stack as you have. Thankfully, Fileminx is here to save us from all the back and forth emails.

  • Also read related articles:

For my Geeks...

Firefox Addon Builder: A Web Tool To Simplify Building Firefox Addons

Mozilla Firefox Add-on Builder is a free online developer tool. Its aim is quite straightforward: to simplify the process of building firefox addons.

You start by creating an account on the add-ons website here. Next you will need the Add-on Builder Helper Firefox add-on; this add-on will help you try out add-ons and it can be found here. With these things set, you can start coding your add-on in the edit area.

You can start from scratch or, to add functionality, you could use one of the various APIs available in the code library.

Also read related articles: Web Developer Toolbar for Firefox and How to Make Your Own Firefox Addon.

Web enabled Business Models.

How to Heartlessly Arbitrage Used Books With a PDA

Posted by timothy on Saturday October 16, @08:03AM

"Michael Savitz writes at Salon how he makes a living armed with a laser bar-code scanner fitted to a Dell PDA. [Automating the “look up” Bob] Savitz haunts thrift stores and library book sales to scan hundreds of used books a day and instantly identify those that will get a good price on Amazon Marketplace. 'My PDA shows the range of prices that other Amazon sellers are asking for the book in question,' writes Savitz. 'Those listings offer me guidance on what price to set when I post the book myself and how much I'm likely to earn when the sale goes through.' Savitz writes that on average, only one book in 30 will have a resale value that makes it a "BUY" but that he goes through enough books to average about 30 books sold per day. 'If I can tell from a book's Amazon sales rank that I'll be able to sell it in one day, I might accept a projected profit of as little as a dollar. The more difficult a book will be to sell, the more money the sale needs to promise.' [Economics 101 Bob] Savitz writes that people scanning books sometimes get kicked out of thrift stores and retail shops and that libraries are beginning to advertise that no electronic devices are allowed at their sales. 'If it's possible to make a decent living selling books online, then why does it feel so shameful to do this work?' concludes Savitz."

I'm a huge fan of WolframAlpha and my Math students quickly become fans too.

Saturday, October 16, 2010

Wolfram Alpha Word Widgets

Wolfram Alpha is known as a computation and statistics search engine, but Wolfram Alpha offers more than that. Two of examples of this are found in Wolfram's new word widgets. Wolfram now offers a dictionary widget that provides users with definitions, synonyms, and pronunciations.

[Classic Word Calculator

The Fun Word Calculator provides users with anagrams, rhyming words, and the Scrabble value of words.

[Fun Word Calculator

[I also recommend:

Using Wolfram|Alpha in the Classroom

Friday, October 15, 2010

A couple of points: First, the potential harm of Identity Theft isn't just in the first or second year after the event. Second, a well planned fraud may go for years without detection – unlike the small time 'quick buck' copycats we see so frequently. Three, I'm beginning to suspect the police generally don't trust the organizations breached to help in an investigation.

Orange Regional Medical Center asks investigators for info on breach

October 14, 2010 by admin

Following revelations yesterday by the FBI and U.S. Attorney’s Office of a massive Medicare fraud scam that utilized patient data stolen, in part, from Orange Regional Medical Center in New York, I asked the center whether they had known about the breach when it occurred in 2005 and whether and when patients were notified of the breach. In response, the center sent me this e-mail statement:

Orange Regional Medical Center was very concerned to learn from news reports that we were among several NY healthcare facilities from which patient identities had been allegedly obtained in 2005 by an organized crime ring, for the purposes of committing Medicare fraud. We were not aware of this Medicare fraud scheme until learning of it from news outlets; and we consider ourselves among the victims of this conspiracy. Orange Regional regards the protection of patient information to be among our highest priorities and we take any purported breach of patient information very seriously.

We have reached out to the FBI, Department of Justice and Office of the Inspector General and asked that they share with us any information relating to this incident and, specifically, whether this breach occurred within Orange Regional or outside at a site unrelated to Orange Regional. Presently, we are awaiting information.

In light of a statement in the indictment linking stolen patient data directly to a breach at ORMC in 2005, it sounds like the center had no idea that there had been a breach and still does not really know about it.

This is not the first time we’ve seen law enforcement withhold information about breaches from breached entities, but now that they’ve indicted people, it would be helpful if they informed the breached entities what they know about how the breaches occurred and which patients’ data were stolen so that the hospitals can contact their patients to make proper notification and offer apologies and support, as appropriate.

Technologically illiterate or simply too inept to steal patient data on you own? Let HHS help!

HHS covets role as ‘data sugar daddy’ to app developers

By Dissent, October 15, 2010

Mary Mosquera reports:

The Health & Human Services Department plans in December [In time for Christmas? Bob] to release significantly more health-related data to spur commercial development of new software applications designed to help patients, providers and policymakers make better health care decisions.

National, state and county health performance data sets will be made available via the Internet to HHS’s “Health Indicators Warehouse,” according to Todd Park, HHS’s chief technology officer, who said HHS will also set up a permanent “one stop shop” Web site for public access to community health data and health-related data from other federal agencies.

“We want to keep flooding the market with more and more data from our vaults,” said Park, who views government as an enabler of business innovation and a source of support to developers and programmers looking to use public data in useful applications and services.

Read more on Government Health IT.

How about flooding us with data on privacy and security?

[From the article:

In an example of innovative uses of the data, Park highlighted how software firm Adobe Systems converted ASCII text files containing veteran and Medicare information into the HTML format for Web documentation, which made the information easier for beneficiaries to read and manipulate.

The application is part of the “Blue Button” initiative, a program under which the Veterans Affairs Department and the Centers for Medicare and Medicaid Services offer beneficiaries access to copies of their personal health information via a button on the VA and CMS Web sties.

Look at everything technology makes available to us!

Coming soon to your pharmacy: Police accessing your prescription records

From The Associated Press:

Starting next year, dozens of states will begin knitting together databases to watch prescription drug abuse, from powerful painkillers to diet pills.

With federal money and prodding, states are being asked to sign onto an agreement allowing police, pharmacies and physicians to check suspicious prescription pill patterns from Nevada to North Carolina.

Civil liberties and privacy advocates have objected to the state databases, which would be linked with technology and standards developed by the Justice and Homeland Security departments.

Thirty-four states operate databases to fight a drug problem authorities say is growing more deadly than heroin.

Read more onn Lancaster Online.

(Related) “If you've got nothing to hide...” we'll make something up for you!

The war on drugs makes flu sufferers felons

By Dissent, October 14, 2010

Jim Edwards asks, “Why Do Police Want a Centralized Database of Flu Sufferers?”

A federal law intended to restrict the crystal meth trade is leading to a centralized police database of flu sufferers. In a rash of recent cases across the South and Midwest, people innocently buying the nasal decongestant pseudoephedrine – often sold as Pfizer (PFE)’s Sudafed, Dimetapp, and Advil Allergy Sinus, and Merck (MRK)’s Clarinex-D – have been arrested for “promotion of meth manufacturing” when in fact all they have is a stuffy nose. Possessing too much pseudoephedrine is often the sole requirement for a “promotion of meth manufacturing” charge.


In Wabash Valley, Ind., Sally Harpold bought a box of Zyrtec and a box of Mucinex and became the subject of an early morning police raid:

The morning she was arrested, Harpold and her husband were awakened by police officers banging on the front door of their home at Midway along U.S. 36. She was allowed to get dressed, and was then taken in handcuffs to the Clinton Police Department, where she was questioned about her cold medicine purchases. She was later booked into jail, and her husband had to pay $300 bail to get her released.

Harpold is actually employed in law enforcement: she works at the Rockville Correctional Facility for women. Her police mugshot ran on the front page of her local newspaper under the headline “17 Arrested in Drug Sweep.” The local cops couldn’t care less, according to….

Read more on bnet. Really. Read it. This is one of the problems with surveillance databases that do not have adequate checks on their use. People’s reputations can be wrecked.

Some in law enforcement acknowledge the problem, but their solution is to gaily discard HIPAA and invade privacy in the name of preventing false arrests:

The police’s major complaint about the law is that it doesn’t go far enough in allowing them to scrutinize the citizenry’s medical records. The system falls down, they say, because the pharmacy records aren’t centralized. They want to install a single, central online database into which all pharmacies would enter the indentifying information of anyone buying Sudafed.

The war on drugs should never be confused with a war on flu. Get it together, people. In the meantime, my family will stick to chicken soup, I guess.

(Related) ...and if you can't find a specific law they've broken, you can always brand them terrorists.

Wikileaks Donations Account Shut Down

Posted by timothy on Thursday October 14, @06:51PM

"The whistleblowing group WikiLeaks claims that it has had its funding blocked and that it is the victim of financial warfare by the US government. Moneybookers, a British-registered internet payment company that collects WikiLeaks donations, emailed the organisation to say it had closed down its account because it had been put on an official US watchlist and on an Australian government blacklist. The apparent blacklisting came a few days after the Pentagon publicly expressed its anger at WikiLeaks and its founder, Australian citizen Julian Assange, for obtaining thousands of classified military documents about the war in Afghanistan."

This should give the RIAA warm fuzzies... How did they ever convince the French to do this? Celine Dion autographs?

French Government May Subsidize Music Downloads

Posted by Soulskill on Friday October 15, @09:26AM

"The European Commission has approved a French program to subsidize legal music downloads for young people. The Carte Musique scheme gives €25 (US$35) to French residents aged 12 to 25 to spend on music downloads or subscription services. Young people can purchase a €50 card for just €25, with the balance paid by the state."

I think I'd prefer the Regan approach – end it. But perhaps we have forgotten that history.

Chertoff Advocates Cyber Cold War

Posted by timothy on Thursday October 14, @06:07PM

"The US and allied countries should formulate a doctrine to apply the principles of nuclear deterrence to cyber attacks and cyber espionage, according to former US Homeland Security secretary Michael Chertoff. No matter that it's very difficult to attribute the source of cyber attacks — just take punitive action against the platform being used to attack, says Chertoff."


UK Police Force Posts All Its Calls On Twitter

Posted by samzenpus on Thursday October 14, @09:50AM

"One of the largest police forces in the UK is posting every incident reported to it today on Twitter. Greater Manchester Police began its 24-hour experiment this morning at 05:00 BST, tweeting all incident reports in the hope of highlighting the complexity of modern policing. 'Policing is often seen in very simple terms, with cops chasing robbers and locking them up,' Chief Constable Peter Fahy said in a statement. 'However the reality is that this accounts for only part of the work they have to deal with.'"

[From the article:

Due to restrictions imposed by Twitter, the force must alternate between three separate accounts - @gmp24_1, @gmp24_2, and @gmp24_3 - over the course of the day.

(Related) that didn't take long...

Cops in online scuffle over fake Twitter posts

This should make for an interesting lawsuit...

CIO Fired After Others May Have Accessed Her EHR

By Dissent, October 14, 2010

Gerry Higgins writes:

A prominent CIO of a regional hospital system encountered the limitations of HIPAA and so-called “Protected Health Information (PHI)” when her boss fired her after a short medical leave of absence. After years working without taking vacation, a family catastrophe that affected her health prompted her to take a medical leave of absence. She had a physician’s letter to justify the leave, which was sent to the Occupational Health section of the hospital system, and they guaranteed the information would be kept confidential. Upon her return, she was called into her supervisor’s office and was promptly terminated, even after years of excellent performance reviews.

Two co-workers in the Department of Clinical Informatics, which she had managed, told her that they were ordered by other executives in the hospital system for a copy of her Electronic Health Record – a flagrant abuse of PHI. There they found she had a history of depression, but she had managed the problem with Cognitive Behavioral Therapy, extensive psychotherapy and medication. Another employee in Human Resources, who recently left the department, told her that is was routine policy to share Physician’s letters supporting medical leave with the employee’s supervisor.


That an employee’s supervisor may have access to any PHI or a doctor’s report has always been a workplace privacy issue across all settings, as I’ve blogged about on at times.

I wonder whether the Chief Privacy Officer for the hospital was aware of this “routine policy” and had any input into it and why Human Resources does not make clear to employees requesting a medical leave that any doctors’ reports will be shared with their employer.

While I agree with some of the “lessons to be learned” that Gerry describes, there’s another lesson here for employers: be transparent.

For my Ethical Hackers: Think of this as reverse engineering on the fly. And note that governments will protect “markets” even when they are not the issue...

Norwegian Day Traders Convicted For Manipulating Computer Trading System

Posted by timothy on Friday October 15, @01:53AM

An anonymous reader submits news of the conviction of two Norwegian day traders, Svend Egil Larsen and Peder Veiby, who were on Wednesday fined and given suspended sentences (Norwegian court, Norwegian document) for cleverly working out — and cashing in on — the way the computerized trading system of Interactive Brokers subsidiary Timber Hill would respond to certain trades. They used the system's predictable responses to manipulate the value of low-priced stocks. The pair have gotten some sympathetic reactions from around the world, and promise to appeal.

[From the article:

The news brings the role of automated trading systems, with complicated algorithms, back under scrutiny. High-volume algorithmic platforms are playing an increasingly important role in trading globally, with stock exchanges investing heavily to ensure their own networks meet the demand.

… In yesterday's conviction of the Norweigan traders, the prosecution said the pair had given "false and misleading signals about supply, demand and prices" when they manipulated several Norwegian stocks through Timber Hill’s online trading platform.

Anders Brosveet, the lawyer for Veiby, admitted that his client had learnt how the Timber Hill trading algorithm would behave in response to certain trades. However, he denied this amounted to "market manipulation".

Brosveet told the Financial Times, “They had an idea of how the computer would change the prices but that does not make them responsible for what the computer did.”

Interesting that they will spend more on e-discovery and therefore want the rules changed to limit it. Only 30% of US firms report Privacy “issues” v. 51% in the UK. (They also asked who uses Facebook and Twitter.)

October 14, 2010

Fulbright's 7th Annual Litigation Trends Survey Report

Fulbright's 7th Annual Litigation Trends Survey Report

  • AmLawDaily: "Fulbright's 2010 report is based on survey responses from 275 U.S. and 128 U.K. in-house lawyers, the majority of whom were general counsel at companies with revenues north of $100 million in the last fiscal year. Ninety-three percent of U.S. respondents and 97 percent of U.K. respondents expected litigation involving their companies to increase or remain steady in the coming year. Eighty-seven percent of U.S. respondents faced new litigation in the past year, compared with 83 percent in Fulbright's previous survey."

A “challenge” for my Ethical Hackers

Home WiFi Network Security Failings Exposed

Posted by CmdrTaco on Thursday October 14, @12:14PM

"The shocking state of home wireless (Wi-Fi) network security in the UK has been revealed by a life assistance company study. CPP used an 'ethical hacker,' Jason Hart, to test thousands of Wi-Fi networks across six UK cities, including London. He found that many didn't even have a password and roughly half of home UK Wi-Fi networks could be hacked in less than 5 seconds." [Suggests he was doing something manually. Let's fully automate and get the time down to under one second. Bob]

Another challenge for my Ethical Hackers: Let's look at thumbs to detect potential Texting and lips to detect potential cell phone use and could that runny nose indicate cocaine use?

Tiny Eyetracker watches for sleepy drivers

The compact digital camera system, being developed at the Fraunhofer Institute for Digital Media Technology in Germany, tracks drivers' eye movements. If it spots the peepers shut beyond a user-defined interval, it sounds an alarm to keep the driver from dozing off.

For my Risk Management students. “Green” cars are both environmentally safe and delicious!

Denver Airport Overrun by Car-Eating Rabbits

Posted by samzenpus on Thursday October 14, @12:14PM

It turns out the soy-based wire covering on cars built after 2002 is irresistible to rodents. Nobody knows this better than those unlucky enough to park at DIA's Pikes Peak lot. The rabbits surrounding the area have been using the lot as an all-you-can-eat wiring buffet. Looks like it's time to break out The Holy Hand Grenade of Antioch.

For the amusement of my Math students...

Proving 0.999... Is Equal To 1

Posted by CmdrTaco on Thursday October 14, @09:24AM

"Some of the juiciest parts of mathematics are the really simple statements that cause one to immediately pause and exclaim 'that can't be right!' But a recent 28 page paper in The Montana Mathematics Enthusiast (PDF) spends a great deal of time fielding questions by researchers who have explored this in depth and this seemingly impossibility is further explored in a brief history by Dev Gualtieri who presents the digit manipulation proof: Let a = 0.999... then we can multiply both sides by ten yielding 10a = 9.999... then subtracting a (which is 0.999...) from both sides we get 10a — a = 9.999... — 0.999... which reduces to 9a = 9 and thus a = 1. Mathematicians as far back as Euler have used various means to prove 0.999... = 1."

For all my tech and business students (Registration required)

The Age of Exabytes: Tools & Approaches For Managing Big Data

We are experiencing a big data explosion, a result not only of increasing Internet usage by people around the world, but also the connection of billions of devices to the Internet.

Eight years ago, for example, there were only around 5 exabytes of data online.

Just two years ago, that amount of data passed over the Internet over the course of a single month.

And recent estimates put monthly Internet data flow at around 21 exabytes of data.

This explosion of data - in both its size and form - causes a multitude of challenges for both people and machines. No longer is data something accessed by a small number of people. No longer is the data that's created simply transactional information; and no longer is the data predictable - either as it's written, or when, or by whom or what it's going to be read by. Furthermore, much of this data is unstructured, meaning that it does not clearly fall into a schema or database. How can this data move across networks? How can it be processed? The size of the data, along with its complexity, demand new tools for storage, processing, networking, analysis and visualization.

This new premium report explores how technologies are evolving to address the needs of managing big data, from innovations in storage at the chip and data center level, to the development of frameworks used for distributed computing, to the increasing demand for analytical tools that can glean insights from big data in near real-time.

I know you frequently ask yourself, “Are there any more sites as wonderful as Centennial-Man?” Well, these tools won't help you find them, but they work well on standard websites.

Similar Site Search: Find Similar Websites On The Web With Ease

Similar tool: SimilarSites and SimilarWeb.

Thursday, October 14, 2010

The Privacy Foundation brochure for their seminar on the “Legal Implications of Internet Advertising” has been added to their website:

Identity theft: “So easy, even a politician can do it?” I wonder if this will be the basis for yet another “Attack ad?”

MA: Court papers allege Cahill camp laptops stolen

October 13, 2010 by admin

Dave Wedge reports on allegations that laptops containing personal information of campaign donors were stolen for political purposes:

Laptops containing personal information of Tim Cahill donors were reported stolen from aides to Paul Loscocco just days before the supporters received requests for contributions to the Charlie Baker campaign, a top Cahill aide claims in new court papers.

Read more in the Boston Herald.

What kinds of personal information were on the stolen laptops? Was there any donor credit card information on them? Were they left unattended? Have they been recovered? Anyone know or have the court papers?

You can't manage it if you don't know it exists...

Feds Discover 1,000 More Government Data Centers

Posted by CmdrTaco on Wednesday October 13, @10:54AM

"The US government has 2,094 data centers, nearly 1,000 more than previous estimates, according to an updated inventory by federal agencies. The finding underscores the scope of the challenge facing the Obama administration as it seeks to streamline the government's IT infrastructure in a massive data center consolidation."

Dilbert continues the Master's level class on Privacy and Identity Theft

Now this could become an interesting Ethics case. Should you not sell technology directly to a “repressive regime” (definition left to politicians and media companies?) even if they can buy the same technology off store shelves and “customize” it themselves?

Holding Nokia Responsible for Surveilling Dissidents in Iran

Eddan Katz of EFF issues this call to action in a case mentioned previously on this blog:

EFF has long pointed out that technology companies are complicit in human rights violations when they knowingly sell customized human surveillance technologies to repressive regimes that are then used to target people for arrest, torture, and disappearance. Now a lawsuit filed recently against Nokia Siemens in Virginia by Isa Saharkhiz, an imprisoned Iranian dissident, and his son Mehdi Saharkhiz, brings this issue to the fore. The lawsuit accuses the Nokia Siemens Network of:

“knowingly, negligently and willfully provid[ing] the infamous, abusive and oppressive Iranian government with sophisticated devices for monitoring, eavesdropping, filtering, and tracking mobile phones.”

It doesn't take many stories like this to give an industry a bad name...

Debt collector broke the law by using MySpace photo to intimidate consumer

October 14, 2010 by Dissent

Evan Brown recaps a recent court decision in Minnesota:

Plaintiff fell behind on her car payments. The lender turned the debt over to a collection agency that used technology and some remarkably poor judgment in an attempt to get paid.

The first bad decision was to use a caller-ID spoofer to make it look like the collection call was coming from plaintiff’s mother in law. The next not-smart use of technology was to access plaintiff’s MySpace page, learn that plaintiff had a daughter, and to use that fact to intimidate plaintiff.

Read more about Sohns v. Bramacint on Internet Cases.

For my (future) Stalking 101 class and my Ethical Hackers

Need a new identity? Just steal someone else's

An opportunistic new website by the name of should serve as a wake-up call to Foursquare and other social network users about the potential risks to their privacy and security - especially those who are crazy enough to publish such personal details as their home address. uses publicly-available information posted on social networking site Foursquare to find locations where a number of women are gathering -- from nightclubs to coffee shops. When it finds there's a correlation amongst a number of female Foursquare users it shows where they are and displays their Foursquare profile pictures so would-be stalkers - sorry admirers - can decide if it's worth turning up to 'meet' them.

It also sends the news out over a Twitter feed, for instance: "Bunch of ladies in yoga pants at The New Nail on Chestnut. They are talking about needing to find a man. Jackpot." Indeed.

… By way of illustration, I searched Foursquare for people who had "checked in" their home address -- telling the world exactly where they live and also displaying it on a handy map. I soon found an attractive 20-something year-old advertising agency executive, who had posted the address of her London flat. She had also "checked in" at her workplace, so I also knew where she worked and for whom.

She hadn't posted her full name on Foursquare, but I quickly found that on her Facebook page, along with her date of birth, which University she went to and what she studied. I also found that she likes house and trance music, her favourite film is Sex and the City 2 and she watches Louis Theroux and Come Dine With Me on telly.

I know from her Twitter feed about the trip she made to Paris for a couple of days last week, and where she goes to gym. I know, in fact, what she eats for breakfast, which bus she takes to work and when she is running late. I know that today she's at home in bed, with a heavy cold.

Now why would they want to keep your messages forever...

Facebook users can no longer delete chat history

October 13, 2010 by Dissent

Athima Chansanchai writes:

It’s starting to feel like anyone with anything to hide needs to find better hiding spots. For instance, people trying to keep their Facebook chats from prying eyes best find another IM program, because they can no longer erase chat history.

I discovered this while chatting the other day. Anyone who’s ever IM’d knows those conversations can go all over the place, and frankly, I like to think of each conversation as a fresh start.

Read more on MSNBC.

(Related) ...Oh, now I get it. (They even have the entire PowerPoint presentation in the article.)

Inside the Government’s Facebook Spy Operation

October 13, 2010 by Dissent

Ryan Tate writes:

Federal agents are infiltrating social networks via sneaky friend requests and monitoring them via a special command center, according to documents obtained by the Electronic Frontier Foundation. Who cares? Well, prospective citizens, for one.

The U.S. Citizenship and Immigration Services published a memo, below, encouraging agents to exploit the “narcissistic tendencies” of Facebook users and to “friend” prospective citizens on the social network, hoping targets wouldn’t realize they’d let a federal agent investigate their profiles for evidence of fraud, like a sham marriage.

Read more on Gawker.

Very interesting response.

Big Media Wants More Piracy Busting From Google

Posted by samzenpus on Wednesday October 13, @07:03PM

"Last month, executives from two music-industry trade groups, the Recording Industry Association of America (RIAA) and the International Federation of the Phonographic Industry (IFPI), asked Google if it could provide a means to help them track down pirated material more efficiently. Typically, copyright owners are responsible for finding pirated links and alerting Google, which is required by law to quickly remove the links. But Google's response raised eyebrows at some of the labels. James Pond, a Google manager, wrote in a letter dated September 20, that Google would be happy to help — for a price."

For my Ethical Hackers

Interesting Facts You Might Not know About SPAM [Infographic]

For my Ethical Hackers – So maybe the homework project was impossible. Okay, I'll change your grades.

The US electrical grid is too crappy to be vulnerable to terrorist attack, say physicists

Basically, the grid was set up so haphazardly that you'd have to take out a major node before you'd affect the entire thing. (Want to see a map of the US electrical grid? Check out this one on NPR.)

Science Daily sums up:

[The] electric grid is probably more secure that many people realize — because it is so unpredictable. This, of course, makes it hard to improve its reliability (in another line of research, Hines has explored why the rate of blackouts in the United States hasn't improved in decades), but the up-side of this fact is that it would be hard for a terrorist to bring large parts of the grid down by attacking just one small part.

Think this will work?

CarWoo Takes the Cheap Suit Out Of Car Sales

Here’s how it works. Shoppers pay a fee to CarWoo and select the car they want. Depending upon which plan they choose, CarWoo will facilitate quotes from two to five nearby dealerships. Buyers are free to negotiate the final price, but rather sitting in some cubicle while the saleman makes repeated trips to “talk to the manager,” it all happens anonymously online. The process is transparent, and both the buyer and the dealers involved see all of the offers that come in.

Think of it as eBay in reverse.

Buyers indicate how much they’re willing to pay and sellers decide whether the offer is acceptable. Dealers can see the negotiations in real time and — if they are able — can undercut their competitors directly to offer the best price. Company spokeswoman Renee Blodgett said CarWoo has about 3,200 dealers participating nationwide, with 50 more added each week.

For my Math classes... And the Accounting students. Produce some very interesting graphics too.

5 Free Calculator Apps If You Aren’t Happy With The Windows Calculator

Wednesday, October 13, 2010

Is this merely another case of poor security management or do companies truly believe that “it can't happen to us?”

Watch those portable devices, Tuesday edition

By Dissent, October 12, 2010

Maryland-based HomeCall Inc. recently notified the Maryland Attorney General’s Office that an employee’s portable point-of-care device was stolen. The device contained names, addresses, SSN, medical record number, diagnoses, and treatment information. HomeCall reports that the device was “multi-level password protected” (but not encrypted). In correspondence to those affected, HomeCall stated that the device required a user/pass to login and then a second user/pass to access the program containing the patients’ electronic medical records. Eleven Maryland residents were notified of the breach and the company subsequently encrypted all portable devices.

What a pity that so many entities wait until after they’ve had a breach to encrypt. After all this time, is there really still any excuse not to either have encrypted sensitive data on devices or have implemented some equally effective security?

Nothing says encryption solves all problems. Here the data was apparently encrypted with the wrong key.

Encryption didn’t prevent this breach

October 12, 2010 by admin

A report to the Maryland Attorney General’s Office from ING gave me pause because I don’t remember ever seeing a security issue like this before in a breach report. In their notification, ING writes (emphasis added by me):

ReliaStar Life Insurance Company (RLIC) is responsible for premium administration for RLIC insurance products purchased by employees of our clients. An encrypted electronic file containing the personal information of one client’s employees, including several Maryland resident (sic), was inadvertently made available to another company’s Human Resources (HR) department due to an isolated administrative error. The encrypted file included the individual’s (sic) name and social security number. Our password-based registration encryption system prohibits the wrong addressee from opening an encrypted e-mail. Because the e-mail was addressed to the wrong client, that client was able to open the e-mail.

The receiving (incorrect) employer notified ING on June 3 and ING worked with them to securely delete the file and protect the data.

Of the individuals affected, 473 were Maryland residents.

Why different rules to cover the same data?

Tuesday, October 12, 2010

Lots of health data breaches reported to HHS, only trivial ones to FTC

With just over a year having passed since the health data breach notification rules mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act went into effect, and interesting contrast has emerged between the breaches disclosed to the Department of Health and Human Services (HHS) by HIPAA-covered entities and business associates and those disclosed to the Federal Trade Commission (FTC) by organizations that provide personal health records (PHRs) and associated services, but are not covered by HIPAA. As reported on Monday and evidenced by the complete listing of breaches posted by the FTC, as far as the FTC is aware there have been no major breaches (those involving 500 or more individuals) in the past year. All 13 of the breaches reported to the FTC involved lost or stolen credentials, which presumably could result in an unauthorized party gaining access to a user's personal health information, but no actual loss of data seems to have been involved. It may or may not be interesting to note that all the breaches reported also came from one company: Microsoft. [Perhaps they are the only ones in compliance? Bob] In contrast, the current count of breaches reported to HHS is 181, all of which involve 500 or more individuals, many of which apparently involve loss or theft of data (or laptops or other paper or electronic record storage devices).

It seems fair to ask, can any substantial conclusions be drawn from the paucity of breaches reported to the FTC or their relative triviality? No one appears to be suggesting that the data protection practices of organizations subject to the FTC's data breach rule are superior to those of those covered under HHS' rules, so why so few breaches reported to the FTC? Several possible explanations come to mind, only some of which have anything to do with security or privacy practices:

  • The population of organizations subject to the rule is small. The FTC's Health Breach Notification Rule, following language in the HITECH Act (§13407), applies specifically to "vendors of personal health records" and third-party service provides who are not covered by HIPAA. The total number of these vendors is very small relative to the number of covered entities and business associates subject instead to HHS' rules.

  • Breaches of encrypted data do not have to be reported. Following HITECH (§13402), Both the HHS and FTC data breach notification rules apply to breaches of unsecured data, meaning data that has not been "rendered unusable, unreadable, or indecipherable" through the use of recommended technologies such as data encryption. It is possible that some PHR vendors who might have suffered relevant incidents had no cause for concern, and no reason to disclose them, because the data in question was encrypted.

  • Not many people use PHRs from non-HIPAA-covered vendors. This is not meant to imply that vendors like Dossia, Google, and Microsoft have so few users of their PHRs that there wouldn't potentially rise to the level of a major breach if a data loss occurred, but instead to suggest that there may be more attractive targets for malicious attackers to go after among health care organizations.

  • Technology company employees (may) have better security awareness. Surely a suggestion open to challenge, but with the frequency with which health data breaches occur do to intentional or inadvertent misuse by employees (that is, authorized users), PHR vendors whose business depends to a great extent on their ability to secure customer's data might logically make security and privacy awareness a higher priority among the employees who have access to the data. Also, it shouldn't be overlooked that, unlike employees of health care organizations, PHR vendor employees have little or no reason to access personal health information stored in their systems.

I seems to learn more about the law reading articles that claim the judge got it wrong than I do when reading articles the attempt to summarize the entire field.

Romano and Facebook: Muddling Toward the Law of Privacy on Social Networks

October 12, 2010 by Dissent

David K. Isom writes:

Those of us who watch the development of the law of electronic discovery, information security and privacy usually have nothing better to do on a Saturday night (except last Saturday when we saw the movie “The Social Network”) than kibitz about how information on Facebook and other social networks is impacting and will likely impact civil lawsuits. Last month, a New York trial court in Romano v. Steelcase took a crack at some of these issues. While the New York court got the bottom line right — relevant information on Facebook and other social media is generally discoverable — some of its reasoning is baffling, some wrong and some spot on.

Read more on InfoLawGroup. I had previously commented as a non-lawyer that I thought the judge reached the right decision but via faulty logic. I am delighted to see David try to explain what was confusing or wrong from a legal perspective.

If they monitored social networks without a specific threat (granted, for a high profile event) why would they just stop after the inauguration?

New FOIA Documents Reveal DHS Social Media Monitoring During Obama Inauguration

October 12, 2010 by Dissent

Jennifer Lynch of EFF writes:

This is part two of a two part series. Read part one.

As noted in our first post, EFF recently received new documents via our FOIA lawsuit on social network surveillance that reveal two ways the government has been tracking people online: Citizenship and Immigration’s surveillance of social networks to investigate citizenship petitions and the DHS’s use of a “Social Networking Monitoring Center” to collect and analyze online public communication during President Obama’s inauguration. This is the second of two posts describing these documents and some of their implications.

In addition to learning about surveillance of citizenship petitioners, EFF also learned that leading up to President Obama’s January 2009 inauguration, DHS established a Social Networking Monitoring Center (SNMC) to monitor social networking sites for “items of interest.” In a set of slides [PDF] outlining the effort, DHS discusses both the massive collection and use of social network information as well as the privacy principles it sought to employ when doing so.

Read more on EFF.

Dilbert brilliantly summarizes the ethical and privacy implications of Behavioral Advertising.

Interesting. Why not add Starbucks, libraries and unsecured home wifi?

Dutch Hotels Must Register As ISPs

Posted by timothy on Tuesday October 12, @11:00PM

"The Dutch telecommunications authority OPTA has announced that Dutch hotels must register as internet providers (original version, in Dutch) because that is what they formally are, according to Dutch laws. It is well possible that once hotels are officially internet providers, they will also have to abide by the European regulations on data retention and make efforts to link email headers and other data traffic to individual hotel guests. Could this also happen in other European countries? This is probably not likely to lead to a more widespread adoption of free WiFi services in hotels."

A preview of things to come?

IRS Servers Down During Crucial Week

Posted by timothy on Tuesday October 12, @07:30PM

"A planned server outage turned into an unplanned glitch for the Internal Revenue Service, and it comes at a very bad time. The IRS planned the server outage for the holiday weekend ... but today they couldn't get the system back into operation. This week is the deadline for filing 2009 tax returns for taxpayers who got extensions. So far it's not having a huge impact since the shutdown only involves the updated version of the e-filing system, and most programs used by large tax companies like H&R Block will default to the older version. There's no estimate on when the system will be back up."

Security AND surveillance Fun for my Computer Forensics students.

Canon Blocks Copy Jobs Using Banned Keywords

Posted by CmdrTaco on Tuesday October 12, @08:18PM

aesoteric notes that a future version of Canon's document management system will include the exciting breakthrough technology that will OCR your printed and scanned documents, and prevent distribution of keywords. Documents containing the offending words can be sent to the administrator, without actually telling the user just what word tripped the alarm. The article notes that simply using 1337 for example will get around it.

[From the article:

Uniflow allows printers, scanners, copiers and multifunction devices to be managed centrally.

This allows a record to be kept of how many documents have been printed and by whom for billing purposes - essential for professions that bill clients by the hour or by the amount of work done, such as lawyers and architects.

… Once configured by an administrator, the system can prevent a user from attempting to print, scan, copy or fax a document containing a prohibited keyword, such as a client name or project codename.

The server will email the administrator a PDF copy of the document in question if a user attempts to do so. [Perhaps a minor hack will allow me to receive a BCC copy of those emails... Bob]

(Related) The downside of a tool like this is huge. Think of it as “book burning” for e-book users. No more organizing political opposition via Twitter...

Apple Patents Anti-Sexting Device

Today the US Patent and Trademark Office approved a patent Apple filed in 2008, which, get this, prevents users from sending or receiving “objectionable” text messages.

… The “Sexting” patent background info states that the problem it solves is that there is currently “No way to monitor and control text communications to make them user appropriate. For example, users such as children may send or receive messages (intentionally or not) with parentally objectionable language.”

(Related) Lots of fun uses. Eliminate any sign of protesters, hide the assassin's face, etc.

Erasing Objects From Video In Real Time

Posted by timothy on Wednesday October 13, @08:09AM

Smoothly interpolating away objects in still pictures is impressive enough, but reader geoffbrecker writes with a stunning demonstration from Germany's Technical University of Ilmenau of on-the-fly erasure of selected objects in video. Quoting:

"The effect is achieved by an image synthesizer that reduces the image quality, removes the object, and then increases the image quality back up. This all happens within 40 milliseconds, fast enough that the viewer doesn't notice any delay."

(Related) Or we can put you at the scene of the crime, or put your face on the assassin...

MovieReshape: New abs for old actors

Want giant biceps in all those home videos you're posting to YouTube? Forget hassling with barbells and simply adjust the muscularity control slider in MovieReshape, an image alteration program developed at the Max Planck Institut Informatik in Germany. The system allows for "quick and easy manipulation of the body shape and proportions of a human actor in arbitrary video footage"--without frame-by-frame manipulation.

Common errors people make with passwords translates directly into a lecture on “How to access password protected systems” for my Ethical Hackers. (Your security is only as strong as your weakest user)

Survey Shows How Stupid People Are With Passwords

Posted by CmdrTaco on Tuesday October 12, @02:06PM

"Another study was released to today that once again shows how careless people really are online. When it comes to safeguarding personal information online, many people don't seem to care very much, or don't think enough about it. In the survey of more than 2,500 people, some interesting and scary trends were revealed in how users handle their online passwords..."

Welcome to the 21st Century!

October 12, 2010

GAO Pilots New Web-Based Format for Reports - E-Report project offers enhanced navigation for users

"Beyond the usual findings and recommendations for improving federal operations, a new report from the U.S. Government Accountability Office (GAO) is the first to offer a web-based E-Report format to help users navigate content more easily... The new pilot format, which is part of a report on geostationary environmental satellites (GAO-10-799), allows users to quickly access those sections of the report that are of interest to them. Using links on the sidebar and within the pages of the report, users will have instant access to the report’s highlights, objectives, findings, recommendations, agency comments, and supporting evidence. A podcast discussing the report can also be played directly from the E-Report page. The traditional PDF version can be downloaded there as well. The pilot also allows for enhanced use of color in charts and graphics and GAO is seeking direct feedback from users about the new format. The pilot E-Report can be found at"

If I knew THAT was what my students were saying, I'd have flunked them all.

10 Online Slang Dictionaries To Learn Jargon & Street Language

If I didn't mention this n my Ethical Hacking class, how would we know what rules to break? Mentions many useful resources.

The Internet and the death of ethics