Saturday, August 06, 2011

Has there ever been a firmer lock on an award?

No surprise: Sony wins Pwnie Award for Most Epic Fail

The Black Hat security conference in Las Vegas is one of the largest of its kind on the planet, and as such the cachet of its annual awards, the Pwnies, is unrivaled in security circles. That is, of course, assuming you’re didn’t win the Pwnie for Most Epic Fail. Sorry Sony.

This year Sony, who shut down the Playstation Network for a whole month in the spring, was so completely and utterly considered a failure by security folks that there was no doubt the company would win. Even crazed Vegas gamblers couldn’t have bet against Sony’s win: the company’s security report card was so bad this year they were the only nominee.

There is substantial growth in the Cybercrime economy, but I doubt this is move Wall Street. The report is available via email.

The Cost of Cybercrime

The Second Annual Cost of Cybercrime Study, sponsored by ArcSight

The study found that the median annualized cost of cybercrime for the organizations in the study is $5.9 million per year, with a range of $1.5 million to $36.5 million each year per company. This represents an increase in median cost of 56 percent from the first cyber cost study published last year.

FBI Tech? Designed to give the FBI all the information they could desire, but is it secure? Parents should have information to help find and identify their children, but this will definately become a target for hacker/pedophiles?

Child ID, FBI's first Apple iPhone app, is unveiled

The FBI released its first app for Apple's iPhone on Friday, called Child ID.

"Using a special tab on the app, you can also quickly and easily e-mail the information to authorities with a few clicks" in case a child goes missing or in other emergencies, the FBI said in announcing the app's release.

So for those worried about their child's info getting stolen, a passcode lock would be a good call.

The app itself has no password lock-down feature (but that might not be such a bad idea FBI developers).

Only 91 times? Hard to believe...

Warrantless “emergency” surveillance of Internet communications by DOJ up 400%

Chris Soghoian wrote up the data he obtained under Freedom of Information as to how often the Department of Justice obtained customer account communications data from ISPs without a warrant. Chris writes:

According to an official DOJ report, the use of “emergency”, warrantless requests to ISPs for customer communications content has skyrocketed over 400% in a single year.

The 2009 report (pdf), which I recently obtained via a Freedom of Information Act request (it took DOJ 11 months (pdf) to give me the two-page report), reveals that law enforcement agencies within the Department of Justice sought and obtained communications content for 91 accounts. This number is a significant increase over previous years: 17 accounts in 2008 (pdf), 9 accounts in 2007 (pdf), and 17 accounts in 2006 (pdf).

Read more on Slight Paranoia. As Chris explains, these numbers only scratch the surface as they are only from the DOJ and the DOJ is not the most frequent requester.

Everywhere You Look, They’re Looking

Chris’s commentary is especially timely in view of what is going on in the Senate Intel Committee, who have been trying to shut down Senators’ Wyden and Udall’s attempts to get more transparency about how the government is interpreting provisions of the PATRIOT Act and the FISA Amendments Act. The understanding is that our government has come up with some interpretation that they believe allows them to engage in domestic surveillance and/or obtain geolocation data on citizens, even though the public’s understanding of these laws would seemingly prohibit such acquisition. An amendment that would have required the DOJ to estimate how many Americans have been surveilled failed by a vote of 7-8, and Senator Wyden has reportedly put a hold on a the FY2012 Intelligence Authorization Act.

The attempts of our government to keep citizens in the dark about how we are being surveilled and how legislation is being interpreted to permit what Congress never intended is despicable. Why are Senators Wyden and Udall the only two really standing up to call attention to this issue and to do something about it?

Where are your legislators on this? Have you called them to tell them that you want them to take a stand, too?

We gotta do something!” trumps science. 70% false positives?

In German Trials, Airport Body Scanners Easily Confused

"The German government just finished a 10-month test of millimeter-wave body scanners made by L3 Communications. It appears they are not happy with the results. The devices raise false alarms 7 times out of 10, and are confused by layered clothing, boots, zippers, pleats, and even incorrect posture. Australia recently started a trial, and the second person in at the Sydney airport set off the alarm repeatedly due to sweaty armpits."

Might be useful. I could cross reference Student Name, Class, Project, etc.

How to organize all your files using tags

If you've ever had to look for that old letter of recommendation or sample design work from years past, you probably either wished you had an intern or prayed for a miracle. Media sorting has been far beyond other file management in terms of ease of use and quick searching thanks to the power of tags. Now you can use Elyse (for Windows and Mac) to tag your non-media files as well to make searching a snap. Here's how to get started:

Friday, August 05, 2011

Perhaps we should try “thoughtful legislation” rather than knee-jerk, “we gotta do something” laws?

Data Breach Bills Exclude Health Information

By Dissent, August 4, 2011

I’ve often disagreed with the Center for Democracy & Technology, but I laud them for pointing out the glaring holes in proposed federal data security and data breach notification laws that exclude health information. Harley Geiger writes:

One of the negative side-effects of the sectoral approach the United States has taken to privacy regulation is confusion over whether certain types of personal information are protected under existing rules. Specifically, many people – and, it appears, legislators – seem to assume that all health information is protected under HIPAA. This is incorrect, however, and the assumption that health information is already fully protected in commercial contexts may be leading to its exclusion in proposed data breach bills currently circulating in Congress. Not only do the bills fail to protect health data, but the preemption clauses in some of the bills would prevent state legislatures from enacting their own health privacy safeguards. As a result, if any of the data breach bills introduced in this Congress pass as currently written, a commercial entity that loses, say, your full name and a list of your medications would not be obligated to notify you.

Read more on CDT.

Why would they stop with search?

Widespread Hijacking of Search Traffic In the US

"The Netalyzr research project from the ICSI networking group has discovered that on a number of US ISPs' networks, search traffic for Bing, Yahoo! and sometimes Google is being redirected to proxy servers operated by a company called Paxfire. In addition to posing a grave privacy problem, this server impersonation is being used to redirect certain searches away from the user's chosen search engine and to affiliate marketing programs instead. Further analysis is available in a post at the EFF."

[From the NewScientist article:

Patents filed by Paxfire, the company involved in the hijacking, suggest that it may be part of a larger plan to allow ISPs to generate revenue by tracking the sites their customers visit. It may also be illegal.

For my Ethical Hackers...

Black Hat, Defcon: All about hacking (roundup)

Remember those “old” crime movies where people looked through huge albums of Mugshots? Facebook has created what could be a national (international?) Mugshot book. Another chip in your Privacy wall...

Face-matching with Facebook profiles: How it was done

Facebook's online privacy woes are well-known. But here's an offline one: its massive database of profile photos can be used to identify you as you're walking down the street.

A Carnegie Mellon University researcher today described how he assembled a database of about 25,000 photographs taken from students' Facebook profiles. Then he set up a desk in one of the campus buildings and asked willing volunteers to peer into Webcams.

The results: facial recognition software put a name to the face of 31 percent of the students after, on average, less than three seconds of rapid-fire comparisons.

In a few years, "facial visual searches may become as common as today's text-based searches," says Alessandro Acquisti, who presented his work in collaboration with Ralph Gross and Fred Stutzman at the Black Hat computer security conference here.

As a proof of concept, the Carnegie Mellon researchers also developed an iPhone app that can take a photograph of someone, pipe it through facial recognition software, and then display on-screen that person's name and vital statistics.

(Related) A “secret” command for Twits?

Fake John Doerr Tips Us About Cool Twitter Photo Search Trick

The Fake John Doerr wanted to tell us about a cool new search shortcut on If you type in “sp” anywhere on the page (but not in the search box or the Tweet box) a new “search photos” box will appear that will search only photos. If you do that, you get a nice visual grid of photos people have Tweeted out.


Transparency vs. Anonymity: Where Do You Stand? [INFOGRAPHIC & POLL]

Many of us don’t think twice about laying out details of our personal lives in public for all to see. Many might even be using our real names, just as Facebook‘s Mark Zuckerberg likes it. On the other hand, consider free-for-all meme site 4chan, where users cavort about in complete anonymity. That site’s founder, Christopher “Moot” Poole, thinks anonymity fosters creativity, honesty, and authentic content sharing.

You already have Cloud Storage... Free while in Beta, try it and see if it is useful enough to pay for...

SharedSafe.Com - Share Your Folders

Why pay for online storage space when you can use the space that comes with your email instead? That's the idea from which this new application sprung into life. Named Shared Safe, it enables users to resort to their existing email storage in order to both synchronize and share folders with his friends, acquaintances and colleagues. This is an application that lends itself both to personal and professional uses, with the same simplicity.

As it is only fit, all the files that one stores and shares like this are encrypted. And nobody gets to see them without the express consent of the user. In no case are the keys stored online.

The Shared Safe application is currently available for Windows. You can download the latest version on the site, and have it installed without having to exert yourself that much. And while Shared Safe is in beta, you will be able to use it for free. When the license the app comes with when you download it expires (after 90 days), then you can get a new one at no cost. And so on.

Try this security add-on.

HTTPS Everywhere opens to all

The security add-on for Firefox called HTTPS Everywhere (download) that forces HTTPS encryption on numerous popular Web sites has graduated to its first stable release, about a year after it was released into public beta.

The tool does not let you force HTTPS (Hypertext Transfer Protocol Secure) willy-nilly on Web sites. Instead, it includes a series of rules that supports sites that allow HTTPS encryption. The Electronic Frontier Foundation said in the blog post announcing the release that it encompasses more than 1,000 popular sites, including Google Search, Wikipedia, Twitter, Facebook,, GMX, blogs, The New York Times, Paypal,, Tor, and Ixquick. The extension was co-developed between the EFF and The TOR Project, which is a Web service that encrypts data transmitted to and from your computer.

The changing Social environment...

LinkedIn Now Adding Two New Members Every Second

In LinkedIn’s first earnings call as a public company, CEO Jeff Weiner revealed that LinkedIn is adding two new members every second, which is up from one member per second in November 2010. In Q2 alone, LinkedIn added 14 million members, after passing the 100 million mark earlier this year.

Weiner also said that the network is now north of 120 million members, so LinkedIn has added 5 million members in the past month. While LinkedIn’s IPO is a financial event for the company, some of this growth in membership could be the marketing influence of now being a public company. And LinkedIn’s IPO received a ton of media attention, as it was the first major social networking company to go public.

For my students.

Google Docs Templates: Thousands Of Templates To Increase Productivity

Google Docs serves as one of the best alternatives to Microsoft Office and now they are making it even better by offering thousands of templates that users can use to cut down their time and efforts. The templates are uploaded by other users and cover a massive variety of areas including resumes, presentations, invoices, billing documents, budgets and financial models, agreements and contracts, labels, business cards and many more.

You can preview each template and start using it right away. The templates can be browsed by category, languages, template type and even by popularity and rating.

Similar sites: EbookBrowse and Calameo.

Also see our article “3 Websites To Publish & Share Your PDFs Online“.

I know some of my students can read...

Discover Books to Match the Websites You Read

Book Discovery is a browser extension that helps you find books that are related to the content of the websites you read. With Book Discovery installed in your browser whenever you're viewing a website you can click "book discovery" and have a page of suggested books generated for you. The Book Discovery extension is available for Chrome, Firefox, Opera, Safari, and Internet Explorer.

From an ISACA email...

IT Control Objectives for Cloud Computing

Interactive Webinar Presentation and Q&A

Date: Thursday, 11 August 2011 Schedule time: 11am (CDT) / 9am (PDT) / 12pm (EDT) / 16:00 (UTC) Duration: 60 minutes

Be among the first to examine this pivotal new book, designed to help organizations better understand the cloud computing landscape. The book provides useful guidance for enterprises considering moving applications into cloud environments, and outlines the governance and controls needed to ensure the cloud is delivering effective security and value.

Join us in this interactive forum as our featured speakers and contributing authors discuss the new book, explain the benefits and nuances of cloud computing, and answer your questions live!

Thursday, August 04, 2011

Identity Theft 101 Follow the Meter Maid... I suspect there is no legal requirement to put this information on the ticket, so shouldn't they have sued the Police Department?

Federal Court OKs Personal Information on Parking Tickets

Here’s a follow-up on a case I mentioned on this blog in September 2010. The court issued its decision and although the court may (or may not) have made a correct ruling, the decision leaves anyone who gets a parking ticket in Palatine, Illinois at greater risk of identity theft:

The Village of Palatine, Illinois prints the personal information of vehicle owners — including their address, driver’s license number, date-of-birth and weight — on parking tickets left under the windshield wipers of their automobiles. In a ruling handed down last month, the Seventh US Circuit Court of Appeals found no problem with this procedure.

Motorist Jason Senne had filed suit against what he saw as an outrageous violation of privacy after he received a $20 parking ticket in August 2010. The information printed on the citation, and left open to anyone walking past his vehicle, could be used by an identity thief. Senne argued this was a violation of the federal Driver’s Privacy Protection Act which prohibits disclosure or otherwise making available the information found in motor vehicle records.

Read more on The Truth About Cars.

Their technology is managed by Dilberts, but their Security is controlled by the pointy haired manager...

Hard-Coded Password and Other Security Holes Found in Siemens Control Systems

A security researcher has uncovered a slew of vulnerabilities in Siemens industrial control systems, including a hard-coded password, that would let attackers reprogram the systems with malicious commands to sabotage critical infrastructures and even lock out legitimate administrators.

The vulnerabilities exist in several models of Siemens programmable logic controllers, or PLCs — the same devices that were targeted by the Stuxnet superworm and that are used in nuclear facilities and other critical infrastructures, as well as in commercial manufacturing plants that make everything from pharmaceuticals to automobiles.

Germany, that bastion of Privacy Rights?

Germany Says Facebook's Facial Recognition Is Illegal

"Although we think it's generally a pretty nifty feature, valid concerns over the misuse of Facebook's auto-recognition tagging have lead Germany to ban it entirely. That's right—Facebook in its current state is now illegal. The German government, which possesses perhaps the world's most adamant privacy laws as a result of postwar abuse, considers Facebook's facial recognition a violation of 'the right to anonymity.'"

There must be more than this. Otherwise, creating an account devoted to the wit and wisdom of Millard Fillmore would get me arrested.

Posing as a different Facebook user can constitute identity theft, US court rules

A California Court of Appeal ruled that a school pupil had committed identity theft under Californian laws when he obtained a schoolmate’s email password, used it to gain access to her Facebook account, and posted sexually suggestive messages whilst posing as the girl.

Wilfully obtaining personal identifying information and using it “for an unlawful purpose” without the person’s consent is illegal under the provisions of California’s Penal Code.

The student, referred to as Rolando S in the ruling, had received the girl’s email password from an “unsolicited” text message, the Court ruling said. Because he had kept a record of the password and intended to use it later Rolando S had wilfully obtained personal identifying information belonging to the girl, the Court said.

We conclude [Rolando S] wilfully obtained the victim’s password when he chose to remember the password from the text message, and later affirmatively used the password to gain access to the victim’s electronic accounts,” the Court said in its ruling (13-page / 39KB PDF).

Read more on There will undoubtedly be many who are unhappy with this ruling, but after reading it, it does seem that the California legislature was quite clear in its stated intent that they wanted to expand the application of identity theft law to cover situations that didn’t just involve financial fraud or the like. I wonder if those legislators have any second thoughts now that a young person has been charged and convicted. Might or could this case have been more appropriately handled as a case of harassment? Should account takeovers used for purposes of harassment really be viewed as identity theft?

Obvious over-reaction.

Missouri restricts social networking between teachers, students (podcast)

The law states that "No teacher shall establish, maintain, or use a work-related Internet site unless such site is available to school administrators and parents," and further requires that "No teacher shall establish, maintain, or use a nonwork-related Internet site which allows exclusive access with a current or former student."

Think of it as the visual equivalent of wiretapping...

FAA Taking a Look At News Corp's Use of Drone

"The News Corp iPad newspaper has a drone they've been using for news gathering — mainly flying it over disaster zones in N. Dakota and Alabama. However, FAA regulations on drones are very restrictive at the moment, and they're not supposed to be used for commercial purposes (law enforcement is free to use them). The FAA is now examining The Daily's use of its drone. Could this set a precedent for how private businesses can use drones?"

Competition! What a concept! Perhaps it is time to drop our monopoly system?

London Could Soon Get Free Wi-Fi Everywhere

"London could soon be covered with a free public WiFi network as Virgin Media moves to challenge BT's Openzone network. Virgin Media's network would be freely available to anyone at 0.5Mbps, and to subscribers to its home broadband at speeds up to a blistering 10Mbps. The proposals would see WiFi routers installed in each of the company's street-side cabinets, which distribute its cable network to homes and businesses"

Free is good!

CloudExperience: Gives You Free 10 Gb Of Storage On The Cloud

Cloud Experience is a website that lets you create online backups of your data. The site offers various paid and one free account; the free account provides the user with 10GB of free data storage. After you create an account on the site you can download its offline applications; there are different versions for Windows, Mac, Android, iOS, and BlackBerry. These applications quietly synchronize data from your computer or phone to your Cloud Experience online folders. The online interface gives you a clear view of the files you have uploaded along with their upload dates.

Similar tools: miMedia, Boxnet, Adrive, Boxstr, AllYouCanUpload and FrostBytez.

Also read related articles:

4 Best Sites To Get 10GB Free Online Backup & Storage

Online Storage Services with Free Account Option

Do I just imagine how amusing some of these were? I'll let you know.

Thousands of Old Time Radio Programs

Before televisions appeared in every household in the US, children like Ralphie were huddled around radios to listen to their favorite programs. Long ago those programs stopped being broadcast, but you can still listen to them. The Old Time Radio Network is an online collection of more than 12,000 old radio shows. The catalog is organized alphabetically by program title. Next to each program title you'll find the number of episodes available online. To get started have a listen to Hopalong Cassidy or Abbot and Costello.

For my Introduction to IT students...

Visualize the Effects of Search Operator Words

For the last two days I've facilitated a series of workshops about using Google products in the classroom. One of the workshops included using Google's advanced search features. During that session I was reminded of the Boolify Project, a handy resource for showing students how search operator words affect search results.

The Boolify Project provides a jigsaw-like template into which you can drag the search modifier pieces "and," "or," and "not." Each time a piece is added to the puzzle the search results at the bottom of the page will change accordingly.

For all my students. Can you imagine how much tuition will have to rise to replace bookstore profits?

3 Websites To Purchase Electronic College Textbooks’s eTextbook Store

CourseSmart’s eTextbook Store

Also for all my students, who could stand to “rite gooder”

5 Cool Word Sites That Are A Bit Different


WordSift helps you to visualize the vocabulary structure of text by creating a tag cloud of important words. The bigger the word, greater is its frequency. You can sort the words and move them around with the mouse. Visual Thesaurus, the Google Images and video searches, and also the sample sentences help students create word associations.

Hot For Words

The beautiful face behind the site belongs to Marina Orlova, a former model and now a linguist (more specifically, a philologist). Her YouTube series here she traces the origins of everyday English words is an internet sensation. The website complements her YouTube channel. The downside is that the site may not be suitable for kids.

What Does That Mean

You can contribute and earn ‘Karma points’ to move up the value chain on the site. The site is trying to build a free, community powered dictionary of English idioms, buzzwords, and catch phrases from around the world.

Tag Galaxy

Tag Galaxy is another cool word site that is more about visual representation of data than about words. But you can use it in some cool ways because every word you enter here becomes a keyword surrounded by related words. Oh yes, it’s all in a 3D-like photosphere with photos drawn from Flickr. The central word becomes the sun, and the related words turn into planets.

Corpus of Contemporary American English

The 425 million word strong collection is the largest currently available. The words have been collected from diverse sources – spoken, fiction, popular magazines, newspapers, and academic journals. It is constantly updated and has powerful search features which allow you to wade through the extensive collection. You can search using word, phrase, related words, substring, part of speech, synonyms etc. Word comparisons across different genres can be made for usage differences and context. Here’s a YouTube video that shows you how to get started with the corpus.

If you missed our previous collection of websites on words and vocabulary, fret not. Here are some:

8 More Word Games You Can Play To Sharpen Your Language Skills

8 Quick Online Word Games To Play With Your Vocabulary

10 Spelling Bee Game Websites That Help Your Children Spell Words Right

10 Websites To Learn A Word A Day & Enrich Your Vocabulary

10 Online Synonym Dictionaries To Help You Find A Similar Word