Wednesday, November 16, 2011


For your security manager – You can't trust files that are “certified” safe!
"Security researchers claim that malware spreading via malicious PDF files is signed with a valid certificate stolen from the Government of Malaysia, in just the latest evidence that scammers are using gaps in the security of digital certificates to help spread malicious code. The malware, identified by F-Secure as a Trojan horse program dubbed Agent.DTIW, was detected in a signed Adobe PDF file by the company's virus researchers recently. The malicious PDF was signed using a valid digital certificate for mardi.gov.my, the Agricultural Research and Development Institute of the Government of Malaysia. According to F-Secure, the Government of Malaysia confirmed that the certificate was legitimate and had been stolen 'quite some time ago.'" [and never canceled? Bob]


I don't know
but I can guess,
Breach Reporting
is a mess!
(Marching song at Bob's Security Boot Camp) You could also say that government breach reporting has gone from virtually non-existent to merely very poor...
Ca: ‘Insider’ government data breaches soaring
November 15, 2011 by admin
Emily Chung reports:
The proportion of “insider” internet security breaches caused by employees are rising quickly within Canadian government departments and agencies, a new study shows.
Insider breaches in the government sector grew by 28 per cent between 2010 and 2011 and are up 68 per cent since 2008, the fourth annual Telus-Rotman joint study on Canadian IT security practices reported Tuesday. They now make up 42 per cent of breaches reported by government organizations, compared to 27 per cent of breaches at public corporations and 16 per cent at private businesses.
Read more on CBC.


Dang! Now I have to fight this battle for our Alumni Wiki... Fortunately, we have no “children” graduates.
Does FERPA ban schools from allowing students to post their schoolwork on the open Web?
Of the trio of laws that address children’s and students’ privacy and safety online, FERPA is often the one least cited outside of educational circles. The other two, COPPA and CIPA, tend to be in the news more often; the former as it relates to some of the ongoing discussions about privacy and social networking, the latter as it relates to BYOD and filtering programs. But in all cases, there seems to be a growing gulf between the laws and their practical application or interpretation, particularly since these pieces of legislation are quite old: COPPA was enacted in 1998, and CIPA in 2000. FERPA, the Family Educational Rights and Privacy Act, dates all the way back to 1974.
… The classic example used to explain how FERPA works: you can’t post a list of students’ names and grades on a bulletin board in the hallway.
But what about posting students’ work publicly online?
… Yesterday, Georgia Tech deleted all student history and participation from the school’s “Swikis,” the wikis that students use for their coursework. Georgia Tech has been using wikis for this purpose since 1997, pioneering the usage of the collaborative tools for undergraduate education. One of the features of the school’s wikis was that they allowed for cross-course and cross-semester communication. You could, should you choose, remain in a wiki for a class you’d taken previously, for example.


I must have missed earlier reports n this...
FTC Welcomes a New Privacy System for the Movement of Consumer Data Between the United States and Other Economies in the Asia-Pacific Region
November 16, 2011 by Dissent
The Federal Trade Commission welcomed the approval by the forum on Asia-Pacific Economic Cooperation (APEC) of a new initiative to harmonize cross-border data privacy protection among members of APEC. The initiative is designed to enhance the protection of consumer data that moves between the United States and other APEC members, at a time when more consumer information is moving across national borders.
On November 13, 2011, President Obama and representatives from the other APEC economies endorsed the APEC Cross-Border Privacy Rules at a meeting in Honolulu, Hawaii. The APEC privacy system is a self-regulatory code of conduct designed to create more consistent privacy protections for consumers when their data moves between countries with different privacy regimes in the APEC region.
… Companies that wish to participate in the APEC privacy system will undergo a review and certification process by third parties that will examine corporate privacy policies and practices and enforce the new privacy rules.
Source: FTC


What a surprise! (If the RIAA fails to stop them, I think I'll get into this business...)
"Ars Technica reports on the developing story between the RIAA and music reseller ReDigi, 'the world's first online marketplace for used digital music,' who first came online with a beta offering on October 11th, 'allowing users to sell "legally acquired digital music files" and buy them from others "at a fraction of the price currently available on iTunes.'' If the notion of selling 'used' digital content is challenged in court, we may finally receive a judicial ruling on the legality of EULAs that will overturn the previous Vernor v. Autodesk decision."

(Related) I'm sure it's brain damage...
An anonymous reader writes with a new twist in the recently resolved Canadian music label infringement lawsuit. From the article:
"Earlier this year, the four primary members of the Canadian Recording Industry Association (now Music Canada) — Warner Music Canada, Sony BMG Music Canada, EMI Music Canada, and Universal Music Canada — settled the largest copyright class action lawsuit in Canadian history by agreeing to pay over $50 million to compensate for hundreds of thousands of infringing uses of sound recordings. While the record labels did not admit liability, the massive settlement spoke for itself. While the Canadian case has now settled, Universal Music has filed its own lawsuit, this time against its insurer, who it expects to pay the costs of the settlement."


An interesting Tweet for the e-Discovery lawyers out there...
IBM's Ferucci: where we're going with Watson: Can we help people organize evidence...collect it and assess it? #chm #ibmwatson #cnet


Imagine a computer systems that doesn't second guess you! What a concept!
November 15, 2011
Google - Search using your terms, verbatim
Official Google Blog: "Behind the simplicity of Google search is a complex set of algorithms that expands and improves the query you’ve typed to find the best results. Automatic spelling correction ([vynal] to “vinyl”) and substituting synonyms (matching [pictures] to “photos”) are just two examples of the improvements we make...we’ve received a lot of requests for a more deliberate way to tell Google to search using your exact terms. We’ve been listening, and starting today you’ll be able to do just that through verbatim search. With the verbatim tool on, we’ll use the literal words you entered without making normal improvements such as
  • making automatic spelling corrections
  • personalizing your search by using information such as sites you’ve visited before
  • including synonyms of your search terms (matching “car” when you search [automotive])
  • finding results that match similar terms to those in your query (finding results related to “floral delivery” when you search [flower shops])
  • searching for words with the same stem like “running” when you’ve typed [run]
  • making some of your terms optional, like “circa” in [the scarecrow circa 1963]"


Some of my 'adult learners' will remember these – some don't remember these...
Play Old Games On New Systems
Even though we have multi-core processor videogame systems, high-definition, 3-D graphics rendered in stunning quality, and online networks that allow us to play with friends and enemies all over the world, we still reminisce over filling our pockets with quarters at the arcade and blowing the dust out of our old game cartridges. Unfortunately, our ancient hardware may not be able to hold up against the test of time for much longer. Fear not — it's possible to play basically any old game on a new console, though technical issues can occur during setup. Thankfully, there are a few tips, tricks and hacks you can use to re-live your gaming glory days once again.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)