Saturday, November 05, 2011

...and the nominees for the Forrest Gump “Stupid is as stupid does” award are:...
By Dissent, November 4, 2011
Public notice from UCLA Health System, posted today on their web site:
The UCLA Health System is notifying thousands of patients by mail that on Sept. 6, 2011, an external computer hard drive that contained some personal information on 16,288 patients was among a number of items stolen during a home invasion. Although this information was encrypted, the password necessary to unscramble the information was written on a piece of paper near the hard drive and cannot be located.

What changes a companies mind? (someone pointing out reality?)
By Dissent, November 4, 2011
TRICARE, the military health program, has directed its business associate, Science Applications International Corp., to offer one year’s worth of free credit monitoring and restoration services to the 4.9 million beneficiaries affected by a recent breach.
Earlier, TRICARE had announced that it would not offer credit monitoring services, citing the minimal risk involved in the breach, which involved backup tapes stolen from an SAIC employee’s car.

(Related) It is bigger than initially reported (that's common) perhaps it is also riskier?
By Dissent, November 4, 2011
The HHS breach tool has been updated and I noticed that the SAIC/TRICARE breach entry has been added. I also noticed that although media reports had the breach as affecting 4.9 million, the actual number appears to be 5,117,799. A lawsuit has been filed against the Department of Defense after backup tapes were stolen from a SAIC employee’s car that had been left unattended.

Would we react differently if they were domestic spies?
Foreign Spies Stealing US Economic Secrets in Cyberspace
November 4, 2011 16:41
Source: Office of the Director of National Intelligence, Office of the National Counterintelligence Executive
The threat to the United States from foreign economic collection and industrial espionage is appraised in these annual reports to Congress.
This [year's] report differs from previous editions in three important ways. The first and most significant is the focus. This report gives special attention to foreign collectors' exploitation of cyberspace, while not excluding other established tactics and methods used in foreign economic collection and industrial espionage. This reflects the fact that nearly all business records, research results, and other sensitive economic or technology-related information now exist primarily in digital form. Cyberspace makes it possible for foreign collectors to gather enormous quantities of information quickly and with little risk, whether via remote exploitation of victims' computer networks, downloads of data to external media devices, or e-mail messages transmitting sensitive information.
+ Link to full report (PDF; 2.69 MB)

So perhaps you should use Times New Roman?
Microsoft defends against espionage virus
Microsoft has released a temporary software patch to defend against the threat from Duqu, an espionage virus thought to be closely related to Stuxnet, the cyber attack that disrupted the Iranian nuclear programme.
… Microsoft said it exploited a vulnerability in the Windows TrueType font parsing engine to gain control of infected computers.

Worth a read. Who would do this in the US?
Snooping councils, phone hacking, CCTV… time to reform surveillance laws?
November 4, 2011 by Dissent
Adam Wagner writes:
JUSTICE, a law reform and human rights organisation, has today published a significant and wide-ranging critique of state surveillance powers contained in the Regulation of Investigatory Powers Act (RIPA).
The report - Freedom from Suspicion – Surveillance Reform for a Digital Ageis by Eric Metcalfe, former director of JUSTICE and recently returned to practise as a barrister. It reveals some pretty stunning statistics: for example, in total, there have been close to three million decisions taken by public bodies under RIPA in the last decade.
Read more on Adam’s excellent blog, UK Human Rights Blog.

...and now, no one needs to go postal!
USPS Need Not Disclose Psych Tests to Union
November 4, 2011 by Dissent
Julia Filip reports:
The U.S. Postal Service was justified in refusing to let its workers’ union access the confidential test scores of 22 employees without written consent, the 1st Circuit ruled.
Though the National Labor Relations Board had found that the union’s collective bargaining interests outweighed employees’ privacy interests, the Boston-based federal appeals court disagreed.
Read more about this case on Courthouse News.
[From the article:
"The Privacy Act notices first reaffirmed to applicants that their information would be kept private, and then alerted them to possible, limited disclosures," Chief Judge Sandra Lynch wrote for the court. "The notices did not wipe out all expectations of privacy."
The routine-use exception allows disclosure of relevant information to labor organizations, but it does not mandate such disclosure unconditionally, the order states.
"Thus, the fact that information may be disclosed 'as required by law' does not itself defeat all expectations of privacy, nor does it create an expectation that the information will be disclosed automatically whenever it is relevant to a union," Lynch added.

I can see the opportunity for so real geeky humor here. Hack the system so clicking on the icon gives more amusing reasons for the ads... “Because you NEED deodorant!”
New Google ‘Transparency’ Feature Aims to Reduce Ad-Targeting Creepiness
Google’s bread and butter is its targeted advertising technology, a multi-billion dollar business that includes tailors ad results to the browsing habits of individual users. The problem is, the better Google gets at guessing which ads we might want to see, the creepier its system feels.
Google wants to change that. The company just announced plans to roll out a new feature that provides clarity (or “transparency” in Google parlance) on why you receive certain ads on Google’s sites. A simple icon labeled “Why these ads” will soon begin appearing next to advertisements in Google Search and Gmail. Click on the icon, and you’ll get information on why the ad was personalized just for you.

Books you can read when the snowdrifts block the door...
"The book Digital Assassination: Protecting Your Reputation, Brand, or Business Against Online Attacks says businesses that take days to respond to social media issues are way behind the curve. Social media operates in real-time, and responses need to be almost as quick. In a valuable new book on the topic, Securing the Clicks Network Security in the Age of Social Media, Gary Bahadur, Jason Inasi and Alex de Carvalho provide the reader with a comprehensive overview on how not to be a victim of social media based security problems."
Read on for the rest of Ben's review.

Perspective: I can't see lots of Facebook programmers working for minimum wage and Social Networking access...
Facebook Access More Important Than Salary To Many Young Professionals
… Cisco Systems has just released its second annual "Connected World Technology Report." And the study reveals a series of data points that speak to the centrality of digital and mobile technology, as well as social media, to the professional expectations and habits of Generation Y.
But among the most glaring conclusions are the following two: 40 percent of college students and 45 percent of young professionals would accept a lower-paying job if it had more access to social media; a third of respondents consider the Internet as important as air, water, food and shelter. (Generation Y is roughly defined as having been born after Generation X -- some sources put the Gen Y starting point as the late 1970s and its end point as late as the beginning of the 21st century.)

(Related) Apparently, hactivists feel the same way!
Anonymous rejects a 5th November attack on Facebook
THE WIDER PART of the Anonymous hacktivist group has again publicly denounced a proposal to attack the social networking web site Facebook.

Friday, November 04, 2011

It's voluntary, so what portion of your data will they volunteer to share? It's government designed, so which are the delusional bits?
Personal info returned to UK consumers with ‘midata’
November 3, 2011 by Dissent
Mark Brown reports:
Google, Three and MasterCard are among 26 companies that have signed up to a government initiative called “midata“, which is aimed at giving UK citizens access to the personal information kept by corporations.
The take-away mantra is that “data should be released back to consumers,” and organisations will hand over your key information in a portable, electronic format — called “personal data inventories” (PDIs). They’ll be released in 2012.
Individuals will then be able to use this data to gain insights into their own behaviour, make more informed choices about products and services, and manage their lives more efficiently.
… We see a real opportunity here, but others, including the US and EU, are also showing real interest in the programme and the economic benefits it can deliver. [Government gibberish? What benefits? Bob]
midata will encourage sustainable economic growth by boosting competition between companies in terms of value and service, and driving innovation.

Another way to search Facebook for job applicant indiscretions?
Mind what you say in Facebook comments, Google will soon be indexing them and serving them up as part of the company’s standard search results. Google’s all-seeing search robots still can’t find comments on private pages within Facebook, but now any time you use a Facebook comment form on a other sites, or a public page within Facebook, those comments will be indexed by Google.
The new indexing plan isn’t just about Facebook comments, but applies to nearly any content that’s previously been accessible only through an HTTP POST request. Google’s goal is to include anything “hiding” behind a form — comment systems like Disqus or Facebook and other JavaScript-based sites and forms.

Could we call this “e-CSI?” Forensics in the digital crime scene...
Solving A Teen Murder By Following A Trail of Digital Evidence
The tragic tale, via Wired, is told through that same evidence by journalist David Kushner. His interviews with law enforcement speak to how important digital evidence has become for investigating crimes involving “digital natives”:

Think about this. Adding bad data to a widely accessible database is dangerous. What happens if a legitimate user relies on it? (I must assume there will be no “This is bogus” flag to prevent that) Also, why is it assumed that they can track bogus data, but can't track real data?
Darpa’s Plan to Trap the Next WikiLeaker: Decoy Documents
Darpa-funded researchers are building a program for “generating and distributing believable misinformation.” The ultimate goal is to plant auto-generated, bogus documents in classified networks and program them to track down intruders’ movements, a military research abstract reveals.
… Fake “classified” documents, when touched, will take a snapshot of the IP address of the intruder and the time it was opened, alerting a systems administrator of the breach.
… The deeper goal is to make hackers and whistleblowers jittery about whether the data they’ve stumbled on is actually real.
With Congress demanding the Defense Department work on eliminating insider threats, feds have been in overdrive trying to prevent another document-dump at the scale of WikiLeaks, even going to the extremes of threatening to prosecute airmen who let their families read the site.

“We don't need no stinking warrant!” (part 946) “The suspect should have known that specific parts of the technology used was not secure and therefore could not reasonable expect his information to remain private.
Feds’ Use of Fake Cell Tower: Did it Constitute a Search?
Federal authorities used a fake Verizon cellphone tower to zero in on a suspect’s wireless card, and say they were perfectly within their rights to do so, even without a warrant.
But the feds don’t seem to want that legal logic challenged in court by the alleged identity thief they nabbed using the spoofing device, known generically as a stingray. So the government is telling a court for the first time that spoofing a legitimate wireless tower in order to conduct surveillance could be considered a search under the Fourth Amendment in this particular case, and that its use was legal, thanks to a court order and warrant that investigators used to get similar location data from Verizon’s own towers.
… According to an affidavit submitted to the court (.pdf) by the chief of the FBI’s Tracking Technology Unit, the stingray is designed to capture only the equivalent of header information — such as the phone or account number assigned to the aircard as well as dialing, routing and address information involved in the communication. As such, the government has maintained that the device is the equivalent of devices designed to capture routing and header data on e-mail and other internet communications, and therefore does not require a search warrant.
… Despite the apparent shift in the government’s argument in this specific case, it still maintains that stingray devices do not violate American’s privacy, since the target doesn’t “have a reasonable expectation of privacy in his general location or in the cell site records he transmitted wirelessly to Verizon.”
The Metropolitan police in London have used similar technology which takes the surveillance a bit further, according to a recent story in the Guardian. The British device can be used to identify all mobile phones in a given area, capture and record the content of calls and remotely disable phones.

Perspective Is Microsoft heading for another antitrust investigation? (Bing is the hard-to-change default search engine in Internet Explorer.) ..
"As Bing gets closer to capturing almost 33% of the market share in the US, Google has again made a large tweak to its algorithms to provide more up-to-the-minute search results. The change affects around 35% of queries and is intended to give users more recent news and stories. For breaking news stories the search engine will now weight more heavily the most recent coverage, and not just those sites that are linked the most, and for general terms the search engine values fresh content more than old. Google is hoping that these recent new changes will provide better search experience and stops users from switching over to Bing, which just recently launched its own GroupOn like site."

My geeks will be interested. (Others will want the “let's fake a moon landing” app)
"The space agency is widely known as a cloud computing success story in the government for its Nebula cloud computing platform. Now NASA will develop an app store for its scientists. The NASA CIO says it's about getting the science job done."

For my geeks and my math students.
9 Equations True Geeks Should (at Least Pretend to) Know

Stay current. Some interesting new words/phrases
Jargon Watch: Pitstops, War-Texting, Data Furnace
War-texting v. Hacking into the software that lets drivers start a car or unlock its doors with a cellphone. The miscreants compromise security by sending unlock or start commands to the onboard computer via SMS — a trick that adds war-texting to a long line of exploits aimed at vulnerable networks, from war-dialing to war-driving.
Data furnace n. A cluster of servers used to warm a home with waste heat. Proposed by Microsoft as an alternative to centralized server farms that need to be air-conditioned, distributed networks of data furnaces would be maintained by cloud service providers who would give you free heating in exchange for a place in your basement.

Interesting. Am I a product of “the last dumb society?”
The Past, Present And Future Of Connectivity: A Must-See Mini Film
Just landed in our inbox: a link to this excellent documentary on connectivity, sponsored by Ericsson and entitled ‘On The Brink’.

Thursday, November 03, 2011

Why would a branch store in California have data on all the company's customers? Sounds like an invitation to steal the data!
Aaron’s operations computer stolen during burglary, contained customers’ Social Security numbers
November 2, 2011 by admin
It never rains but it pours?
I had never heard of Aaron’s until earlier this year when they were sued for allegedly installing spyware on rent-to-own computers. But now I see their name again – this time, on a breach notification to the New Hampshire Attorney General’s Office.
According to the firm’s letter of October 18, a Fresno, California franchise was burglarized. Aaron’s was informed of the burglary on September 26, [no indication of when it actually occurred Bob] and by September 30, had determined that a computer stolen in the burglary contained customers’ names and Social Security numbers. According to their notification, 1,008 residents of New Hampshire were affected by the breach; the nationwide total was not provided. Reportedly, the computer contained information on the franchisee’s customers and (other) Aaron’s customers.
The firm sent out notifications to consumers the week of October 17, offering them free credit monitoring services even though it appeared the computer was likely stolen for its hardware value and not for the data. [That is a good way of saying it, however what they actually said in the New Hampshire letter was:
All of the circumstances indicate that this was a common petty theft and that there was no intent to obtain or distribute personal information on the computers. We also have no reason to believe that the information has been accessed by the thieves.”
I doubt that circumstances indicate intent or that their belief that the thieves didn't want the data is any more reliable than my belief that they did. Bob]

Confusing. Did the breach involve only one bank? Very unlikely. So are the other banks lying? Why would MasterCard not notify everyone? If it is a merchant breach, why only debit cards?
Update, Iowa – MasterCard issues local security alert
November 2, 2011 by admin
Bob Eschliman reports more on a recent breach disclosure in Iowa:
The MasterCard Fraud Management department has been notified of a security breach of a U.S. merchant’s network. A data security firm has been engaged to conduct an onsite forensic investigation. This alert discloses the payment account numbers of MasterCard accounts that were potentially exposed to compromise.
Preliminary investigations indicate that magnetic stripe data is at risk.
This alert contains account numbers used in transactions at the subject merchant from November 2, 2010 through April 20, 2011.
What I find intriguing is that no other bank in the area has indicated that they have been notified of the merchant breach.
That’s also a long time for the network to have been breached without the merchant realizing it, although sadly, it’s not particularly uncommon.
[From the Southwest article:
No information was believed to be stolen... [But that's wishful thinking, because... Bob]
… The letter stated the bank was not provided details of the security compromise
… This involved only debit card accounts.
… Baier indicated the compromise occurred with the data processor, not with Bank Iowa, and that the confidential information for all other accounts at the Clarinda bank are still safe. Bank president John Krummel said the data processor was MasterCard.
He provided a copy of the notice sent to the bank, with the affected account numbers redacted to protect customers’ privacy. The report stated:
The MasterCard Fraud Management department has been notified of a security breach of a U.S. merchant’s network. [i.e. NOT MasterCard Bob]
… Other banks in Clarinda said they were not notified for any security compromise.

“All your Facebook base belong to my bot”
Researchers Glean 250GB of Facebook User Data with New Socialbot
Facebook's "Immune System" might not be as robust as Zuckerberg believes. In fact, four researchers from the University of British Colombia have recently demonstrated just how easily a new breed of bot can infiltrate the FB system and harvest user data.
Socialbots, also known as "sock puppet" bots, are designed to mimic a human user. Those unsolicited Friend invites your receive from scantily-clad co-eds? Socialbots. And, once Friended, they obtain instant access to email addresses, phone numbers, and the rest of your personal details that you only share with your "Friends."
Researchers from UBC devised this eight-week test, employing a single botmaster and 102 bots, to infiltrate the Facebook network specifically because the team believed FB to have superior security measures compared to other social sites (*snicker*). Their ruse eventually garnered more than 3000 new—presumably human—friends with a network of nearly a million users. As for Facebook's "Immune System," only 20 bots were flagged and only because users reported them for spam.

Is “silent” the same as “private?” Can I have any expectation of privacy if I can be compelled to disclose that which I want to remain private? Is “forgone conclusion” (We know they exist and are here on your laptop) the same as “We know what they contain?” in which case would they need my key?
Does the Fifth Amendment Protect Your Encryption Key?
November 3, 2011 by Dissent
In a new article on an unresolved question, Joshua A. Engel writes, in part:
In cases starting to wind through state and federal courts, the government has sought to compel suspects and defendants to provide passwords and encryption keys. For example, in a Colorado case involving allegations of real estate fraud, the government seized several computers after executing search warrants at the defendant’s residence. The government obtained an additional search warrant to search a laptop, but was unable to read the encrypted contents. The government then sought an order compelling the defendant to provide or enter the password.
The Colorado case remains undecided, but other courts to address this issue have generally concluded that the provision of a password or encryption key is subject to the protections of the Fifth Amendment because the provision of this information is essentially an admission that the person had possession and control over, and access to, the computer, files, or data. A good illustration is found in In re Grand Jury Subpoena to Sebastian Boucher. U.S.D.C., D. Vt. No. 2:06-mj-91 (February 19, 2009).
Read more on LTN.

I would seriously disagree – if IT actually had a memory for “things we did before” they would remember integrating those pesky “Personal” computers they they ignored for years... Even Local Area Networks (LANs) were introduced to the organization by accounting (and other) departments over the objection of IT.
"Advice Line's Bob Lewis discusses the difficulties IT faces in embracing the kinds of consumer technologies business users are demanding they support. 'Let's assume the consumerization of IT is the big trend many think it is. But using consumer tech in a business environment is a very different matter from being satisfied with consumer tech in a business environment. One of IT's legitimate [I'd say: “irrational” Bob] gripes is that we're often asked to turn consumer-grade technology into business-grade technology with a wave of our magic wands. On top of the intrinsic technical challenges, there's this: IT doesn't have anything that even resembles a methodology for performing the business analysis we need to figure out what it means to put consumer tech to productive day-to-day use.'"

A “Buy my Security Product/Service” survey?
What does the Unisys Security Index really tell us about consumer responses to a data breach?
November 2, 2011 by admin
I’m going to post a press release from Unisys with a warning: never confuse what consumers say they will do with what they actually do. [Amen Bob] I’ll meet you on the other side of the release:
Americans will go to great lengths to avoid identity theft, and many say they would take legal action against government or private organizations that compromise their personal data, according to new research conducted by Unisys Corporation.
Results from the bi-annual Unisys Security Index, which surveys more than 1,000 Americans for consumer views on a wide range of security concerns, indicated that more than three-quarters of respondents would stop dealing with an organization entirely in the event of a security breach, underlining the need to better protect customers’ personal data shared electronically.
Nearly 90 percent of all survey respondents said they would take some sort of action in the event of a data breach, ranging from conservative solutions like changing their passwords (87 percent) to those with more serious commercial implications, such as closing their accounts (76 percent) or taking legal action (53 percent).
Organizations that ignore security concerns also face public perception risks. Nearly 65 percent of U.S. survey respondents said they’d publicly expose a company that allows a breach. And in a world where communities such as Facebook and Twitter provide the opportunity to instantly broadcast dissatisfaction to a broad audience, this threat seems more real than ever before.
The Unisys study also revealed that more than half of surveyed Americans are willing to provide biometric data to secure their identities. This includes a willingness to provide biometric data at security checkpoints at airports (59.6 percent); when conducting financial transactions with banking institutions (56.9 percent); and when receiving government benefits or other services (53.0 percent).
Still, only 21.3 percent were willing to give their biometric data to social media sites, suggesting a perception that either these entities were less careful with their data, or that the risk was simply not worth the reward.
“The latest results of the Unisys Security Index suggest that organizations face very real business and financial implications for security breaches,” said Steve Vinsik, vice president, enterprise security, Unisys. “Given recent highly publicized breaches that have exposed large amounts of sensitive data, the results should be a wake-up call for organizations to take more proactive measures to protect customer data.”
The new findings follow the results of the May 2011 Unisys Security Index, in which 70 percent of respondents reported they were seriously concerned about identity theft.
The Unisys Security Index found similar responses in 11 other countries where the survey was performed. For example, 82 percent of citizens surveyed in the United Kingdom said they would close their accounts with an organization responsible for a breach of their private data. In Mexico, 62 percent said they would publicly expose the issue, and 86 percent of Brazilians surveyed said they would take legal action.
About the Unisys Security Index
The Unisys Security Index is a bi-annual global study that provides insights into the attitudes of consumers on a wide range of security related issues. Lieberman Research Group conducted the survey in Latin America, Europe and the U.S.; Newspoll conducted the research in Asia-Pacific. The Unisys Security Index surveys more than 10,000 people in 12 countries: Australia, Belgium, Brazil, Colombia, Germany, Hong Kong, Mexico, the Netherlands, New Zealand, Spain, the United Kingdom and the United States. For more information, visit
Okay, now most readers of my blog have been reading dire warnings about churn and reputation harm for years. And now we have 76% reporting that they would stop doing business with a company? Seriously? No way. They may bluster and tell that to pollsters, and maybe they even believe they would do it, but I want to see a survey of those who received breach notifications that shows that 76% stopped doing business with the firm. Did 76% of Sony PSE users stop using Sony? No. Has 76% of ANY business’s or bank’s customer or client base left them following a breach? No. Think TJX. Think any big breach. That statistic just does not stack up to the reality of what we see following a breach.
It’s time to stop asking people what they would do and ask more people what they have actually done.

Do you think this will spread to the US? Is a Policy enough to justify firing?
Apple was OK to fire man for private Facebook comments
November 3, 2011 by Dissent
Anna Leach reports:
Apple was right to fire an employee of one of its UK stores for saying rude things about the company on his Facebook wall, an employment tribunal in Bury St Edmunds ruled.*
The tribunal judge upheld Apple’s dismissal of the man for gross misconduct in a case which sets another precedent for social network users who like to bitch about work online.
The Apple Store worker had made derogatory comments about Apple’s brand and products on his Facebook wall. Although his posts were not public, one of his unfriendlier “friends” – also a colleague in the store – printed the comments out and showed them to their boss, who fired the man for misconduct.
Read more on The Register.
One of the key elements of the case was that Apple had a clear policy in place so it is not liked the employees weren’t forewarned about conduct on social media. The second key element was that even using “private” setting on Facebook does not protect the employee because it’s so easy for “friends” to copy and paste “private” messages that Facebook users/employees cannot really invoke Article 8 of the European Convention of Human Rights.
So how does that play out for students in schools, posting from their home on their own time? Freedom of expression seems to be shrinking as employers and schools establish policies and justify limiting speech off-hours.

Oh, the horror!
November 02, 2011
New on - The Digital Death of Copyright's First Sale Doctrine
via - The Digital Death of Copyright's First Sale Doctrine: An important copyright case won't be argued in the Supreme Court, which on October 3, 2011 declined to review Vernor v. Autodesk, a Ninth Circuit Court of Appeals decision involving the applicability of copyright's first sale doctrine to transactions involving software and other digital information goods. Law professor Annmarie Bridy discusses the wide reaching impact of the first sale doctrine, without which there would be no free market for used books, CDs, or DVDs, because the copyright owner's right of distribution would reach beyond the first sale, all the way down the stream of commerce.

This is smart! A library that generates its own content! Probably lots of non-academic publications they could assist with...
November 01, 2011
Library Publishing Services: Strategies for Success - Research Report
Library Publishing Services: Strategies for Success, Research Report Version 1.0. James L. Mullins, Catherine Murray-Rust, Joyce Ogburn, Raym Crow, October Ivins, Allyson Mower, Mark P. Newton, Daureen Nesdill, Julie Speer, and Charles Watkinson. Libraries Research Publications. Paper 136.
  • "Over the past five years, libraries have begun to expand their role in the scholarly publishing value chain by offering a greater range of pre-publication and editorial support services. Given the rapid evolution of these services, there is a clear community need for practical guidance concerning the challenges and opportunities facing library-based publishing programs. Recognizing that library publishing services represent one part of a complex ecology of scholarly communication, Purdue University Libraries, in collaboration with the Libraries of Georgia Institute of Technology and the University of Utah, secured an IMLS National Leadership Grant under the title Library Publishing Services: Strategies for Success. The project, conducted between October 2010 and September 2011, seeks to advance the professionalism of library-based publishing by identifying successful library publishing strategies and services, highlighting best practices, and recommending priorities for building capacity."

Perspective. Siri the Google killer? Voice interface has been discussed for years as simplest way to communicate with your computer. (Decades in the SciFi literature)
"Gary Morgenthaler, a recognized expert in artificial intelligence and a Siri board member, says that Apple now has at least a two-year advantage over Google in the war for best smartphone platform. 'What Siri has done is changed people's expectations about what's possible,' says Morgenthaler. 'Apple has crossed a threshold; people now expect that you should be able to expect to speak ordinary English — and be understood. Siri has cracked the code.' The threshold, from mere speech recognition to natural language input and understanding, is one that Google cannot cross by replicating the technology or making an acquisition adds Morgenthaler. 'There's no company out there they can go buy.' Morgenthaler's comments echo the recent article in Forbes Magazine, 'Why Siri Is a Google Killer' that says that Apple's biggest advantage over any other voice application out there today is the massive data Siri will collect in the next 2 years — all being stored in Apple's massive North Carolina data center — that will allow Siri to get better and better. 'Siri is a new interface for customers wanting to get information,' writes Eric Jackson. 'At the moment, most of us still rely on Google for getting at the info we want. But Siri has a foot in the door and it's trusting that it will win your confidence over time to do basic info gathering.'"

The End of an Era: Internet Explorer Drops Below 50 Percent of Web Usage

It seems you can get a bit carried away with this “Green” stuff... (Note to students: Wearing your jeans in sub-freezing weather is not the same as washing them!)
Stone-Washed Blue Jeans (Minus the Washed)
Levi Strauss suggests washing jeans rarely, if at all — the theory being that putting them in the freezer will kill germs that cause them to smell.

Geeky giggles!
Japan Pushes World’s Fastest Computer Past 10 Petaflop Barrier

Global Warming! Global Warming! Injecting politics always makes bad science.
Scientist who said climate change sceptics had been proved wrong accused of hiding truth by colleague
It was hailed as the scientific study that ended the global warming debate once and for all – the research that, in the words of its director, ‘proved you should not be a sceptic, at least not any longer’.
… But today The Mail on Sunday can reveal that a leading member of Prof Muller’s team has accused him of trying to mislead the public by hiding the fact that BEST’s research shows global warming has stopped.

Interesting business model: Get someone with no claim to fame other than being famous and have them pick (not just suggest) the products you buy. I never would have thought of that.
BeachMint’s BeautyMint Gets 500,000 Visitors In First 24 Hours (Thanks To Jessica Simpson)

When I saw this Infographic, I asked myself what percentage of this activity we were teaching our students about...
60 Seconds on the Internet [Infographic]

(Related) That wasn't depressing enough, so look at this one...
Infographic: The Mobile World In 60 Seconds

Wednesday, November 02, 2011

My Ethical Hackers are taught that “not being detected at all” is better than “blaming it on someone else” and “being underestimated” is always good strategy.
"A new paper argues that China's cyber-warfare capability is actually pretty poor. '[China has] evinced little proficiency with more sophisticated hacking techniques. The viruses and Trojan Horses they have used have been fairly easy to detect and remove before any damage has been done or data stolen. There is no evidence that China's cyber-warriors can penetrate highly secure networks or covertly steal or falsify critical data,' the paper reads (PDF). 'They would be unable to systematically cripple selected command and control, air defense and intelligence networks and databases of advanced adversaries, or to conduct deception operations by secretly manipulating the data in these networks.'"

Gary Alexander sends another interesting article. Could lawyers be leaders on the Privacy issue?
Law Firm Technology Survey 2011
It's been some time since the economy wasn't the dominant theme in our yearly survey. But while the struggling recovery must still be reckoned with, feedback from the 82 law firm technology chiefs who responded this year—and follow-up interviews with nearly a dozen of them—reveal that the top focus has moved from dollars to data. The key issue: How do firms make information accessible to their lawyers without making it too accessible.

An interesting topic. Cuts to the heart of the public/private writings issue.
October 31, 2011
Paper shares some information addressing questions of judges' personal use of social networks
Judicial Ethics and Social Networking Sites: "Michael Crowell UNC School of Government, September 2011 (Revised)
  • "One of the significant developments in communication in the last few years is the astounding growth of social networking websites. Increasing numbers of people join Facebook or LinkedIn or Twitter or other on-line social networks as a means to notify others of news in their lives, to learn what their friends and relatives and acquaintances are doing, and to generally stay in touch with other people with whom they have something in common. Businesses, organizations and government agencies use social networks to communicate information about their products and services and get limited feedback. For individuals, and for some kinds of organizations, the appeal of such sites is the opportunity for ongoing back-and-forth communication among large groups of people. Typically a social network allows someone to post a profile and photographs, videos, music, etc., and invite others to become “friends” or “fans.” Some information may be shared with the whole world; other parts may be restricted to a select, small group. For some time now state bar regulatory agencies have been addressing the effect of electronic communication on traditional ethical rules for lawyers ― the extent to which law firm websites constitute advertising, whether e-mail inquiries establish an attorney/client relationship, and so on. Likewise, judges hearing cases have faced new legal issues involving electronic discovery and searches of computers. Judges are becoming familiar, too, with problems of jurors communicating with the outside world and conducting their own research via their Blackberries, smart phones and other devices. Compared to the information available on those other electronic communication issues, there is relatively little reference material for judges concerning their own social networking and the Code of Judicial Conduct. The purpose of this paper is to share some information addressing questions of judges’ personal use of social networks. I welcome any additional material anyone knows about."

Another strategy we haven't bothered to develop.
November 01, 2011
New GAO Reports:
  • Biosurveillance: Nonfederal Capabilities Should Be Considered in Creating a National Biosurveillance Strategy, GAO-12-55, Oct 31, 2011

I know you guys are new to 'da bidness woild' so let me give you a tip. If it ain't in writing, it ain't a contract. Just because someone “Likes” you does not mean the like you...
Property tax confusion pokes Facebook in Ore.
The promise of lucrative tax breaks helped persuade Facebook to build a data center in one of Oregon's most economically depressed counties. Now, the state and the company are in a dispute over how much Facebook may owe in property taxes, and the social networking giant fears it could be taxed on intangible assets like the value of its powerful brand.
Facebook has said the state's action has the potential to rewrite an economic development deal it cut with Crook County, but not even state tax officials seem to know for sure whether the company is overreacting or it's truly facing a tax surprise.
… Under its agreement with local officials, Facebook built its data center in a rural enterprise zone, allowing the Palo Alto, Calif., company to pay property taxes only on its land, not on its buildings and other assets, for 15 years.
Confusion arose when the state Department of Revenue asserted that Facebook is a utility company because it's involved in the communications business, and its taxes should therefore be assessed by the state under a different section of the tax code.
… State officials say their decision doesn't change Facebook's tax bill — about $26,000 this year — and the money still goes to local governments in Crook County. But Facebook is concerned that the state will someday try to tax the company based on the value of its intangible assets, perhaps including computer files, patents, its labor force and goodwill.

Could this be the game changer I've been looking for?
Republic Wireless to launch $19 unlimited voice, SMS and data service
Republic Wireless, a division of Cary, N.C.-based VoIP and bandwidth provider will launch a hybrid cellular voice and VoIP service on Nov. 8, 2011. Jason Kincaid first reported the story, but we have some more details and a couple of screenshots. The service, which costs $19 a month, will allow you to make VoIP phone calls over Wi-Fi and will switch to cellular-based calling when a Wi-Fi network is unavailable. Text messages can also be sent via Wi-Fi or cellular networks. The service does require a special Android handset. The plan includes unlimited voice and text messaging. It also includes unlimited data without any bandwidth caps.
When inside the office or your home or inside a Wi-Fi hot-spot, all phone calls and text messages are sent and received via the Internet. When there is no Wi-Fi, the calls are routed over a cellular network.

It's cheaper than carrying around a xerox machine.
Scan Documents On Your Phone With CamScanner [Android & iPhone]
CamScanner is an exceptional application designed to make high quality document scanning easy for you using your smartphone. It’s really quite sophisticated, making it easy to scan multiple pages into one document or to auto-crop the image to exactly what you wish to keep.
The CamScanner application is available on Android, iPhone, Windows Mobile and Blackberry. It’s free to test an ad-supported, limited version and $4.99 to buy the fully functional Android application.
… With a touch of a button any image or collection of images in CamScanner can be converted into a PDF.
Email Or Upload To Cloud
From viewing any CamScanner document, the file can be emailed or uploaded to the cloud. Cloud options include Dropbox, and Google Docs, so it’s easy to make use of these CamScanner files elsewhere.

Busted! No more “Accounting homework” in my class!
HardlyworkIn: Disguise Facebook As Excel Spreadsheet
HardlyworkIn is a free to use web application that lets you check your Facebook account by masking it as a spreadsheet. All you have to do is visit the website and authorize it to access your Facebook account. After that, you can browse your Facebook account from a spreadsheet-like interface.
Similar tool: MoDazzle.

This might be a useful way to gather all of the resources I point to for my classes.
Searcheeze allows you to collect different web content in the same place, and have it published as a magazine that everybody else can read and share with all of his pals. This platform is in beta right now, but it already comes with all of the features you could ever need to have content curated and contextualized. You can collect everything from text and images to video and audio streams, and mix that in all the ways you could possibly fancy. The idea is to let you take your time to figure out the one combination that would work for you.
You'll be able to create an individual magazine for each and every topic that you'd like to curate, and then create a magazine based on that. You can add content webpage by webpage, and also by getting the provided bookmarklet and having it added to your magazine without having to leave the page you're on.
This content curation platform can be tried for free. You can create an account just by supplying some pretty basic details such as your name and your email address. And you can also sign in using your Facebook account, and have all your friends closer than ever when your content is ready and you want to have it shared.

(Related) Another collection & sharing tool - Create Ebooks For Free
This new site turns creating an ebook into something that anybody can do, as it's not only really simple to use but it's also available at no cost.
… And the site's not only usable for free, it can also be used without having to sign up for an account first.
Input formats: doc, docx, epub, fb2, html, lit, lrf, mobi, odt, pdb, pdf, prc, rtf, txt.
Output formats: epub, fb2, lit, lrf, mobi

Tuesday, November 01, 2011

At what point should this move from the hands of corporate security managers to a national (international) security organization?
Symantec uncovers cyber espionage of chemical, defense firms
… "The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage," according to the report. (PDF)
… Targets include multiple Fortune 100 companies that do research and development of chemical compounds and develop manufacturing infrastructure for the chemical and advanced materials industry, firms that develop advanced materials for military vehicles, Symantec said.
In one two-week period, researchers saw more than 100 unique IP addresses contact a command-and-control server with traffic that appeared to come from an infected machine. The IP addresses were from 52 different ISPs or organizations located in 20 countries, according to the report.

Who decided to do it this way? What business purpose is satisfied? (None that I can see)
Dumb security, Monday edition: Want to read Newsday as an Optimum Online customer? You’ll have to turn over your Cablevision password.
October 31, 2011 by Dissent
Color me stunned.
As an Optimum Online subscriber, I’m supposed to get free online access to Newsday, one of the largest newspapers in New York. So I went to sign up on Newsday’s site. And that’s when my eyes popped out of my head.
Not only does Newsday’s sign-up form ask you for your Optimum ID (username), full name, and address, but they require you to provide the password to your Optimum account.
Not believing my eyes, I called their help number and asked why they didn’t just take the ID and send a confirming e-mail to the user’s account, but was told that no, I had to provide the password to my account.
I told the representative, who I won’t name as this is not her fault, that that was the stupidest thing I’ve heard all day and is really poor from a security standpoint.
She put me on hold and eventually came back to tell me that I did have to provide the password but it’s “encrypted.”
I asked to speak to Newsday’s Chief Security Officer and was told they have none. Gee, what a surprise.
I asked to speak to Newsday’s Chief Privacy Officer and was told they didn’t have one of those, either.
So I called Optimum Online and asked to speak to their online security office. I posed my question to them and they told me I’d have to take it up with Newsday. Of course, they (Cablevision) own Newsday, so you’d foolishly think they might have some influence or be concerned about passwords being needlessly entered in a subsidiary’s web site, but no, they said I had to take it up with Newsday.
Obviously, I didn’t sign up for digital Newsday today. Shame on them and Cablevision for even requiring the major account password to access the site. What is Cablevision going to do if Newsday gets hacked? Email hundreds of thousands of customers and tell them to change their Optimum Online passwords? And what are they going to do if Newsday is hacked and the hackers decide to decrypt passwords, login to Optimum Online accounts and listen to people’s voicemail or look at their payment arrangements?
Such an unecessary and foolish risk.

(Related) Not much money for developing these tools...
Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising
October 31, 2011 by Dissent
A new report from the very excellent Carnegie Mellon University CyLab, by Pedro G. Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang: Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising.
We present results of a 45-participant laboratory study investigating the usability of tools to limit online behavioral advertising (OBA). We tested nine tools, including tools that block access to advertising websites, tools that set cookies indicating a user’s preference to opt out of OBA, and privacy tools that are built directly into web browsers. We interviewed participants about OBA, observed their behavior as they installed and used a privacy tool, and recorded their perceptions and attitudes about that tool. We found serious usability flaws in all nine tools we examined. The online opt-out tools were challenging for users to understand and configure. Users tend to be unfamiliar with most advertising companies, and therefore are unable to make meaningful choices. Users liked the fact that the browsers we tested had built-in Do Not Track features, but were wary of whether advertising companies would respect this preference. Users struggled to install and configure blocking lists to make effective use of blocking tools. They often erroneously concluded the tool they were using was blocking OBA when they had not properly configured it to do so.
Full Report: CMU-CyLab-11-017

Perhaps this plays into Facebook's ultimate strategy. They want unlimited access to your data, perhaps this is a country where they can work out a deal with “Big Government Brother”
Facebook’s Swedish data centre will be subject to Snoop Law
October 31, 2011 by Dissent
Anna Leach reports:
The icy location is a big advantage for the new data centre that Facebook is planning in the northern Swedish town of Lulea. But while the frigid Arctic winds will fan the servers, it’s the legal climate that could get hot.
A controversial Swedish internet surveillance law passed in 2008 allows the government there to intercept any internet traffic that passes Sweden’s borders with no need for a court warrant. It’s called the FRA law and the Swedes don’t like it, and Google called it “unfit for a Western democracy”. And the rest of Europe could start to get annoyed by it too when that internet traffic includes their Facebook data.
Read more on The Register.
In other coverage of this story, the Associated Press reports:
Jan Fredriksson, a spokesman for Facebook in Sweden, said the company was confident that restrictions on the agency’s surveillance activities would protect the integrity of regular Facebook users.
“This isn’t something that will affect users,” Frediksson said. “Only people who are strongly suspected of terrorism can become subjected to this.”
Just like here? Oh good. Then we can be sure that there will be no abuses of the system, right?
Another day, another pat on my own back that I had the foresight not to sign up for a Facebook account.

(Related) “Everybody is doing it!” Will these folks be gone from the gene pool in a generation or two? I kind of doubt it.
Survey: Many parents help kids lie to get on Facebook
In 1998, Congress passed the Children's Online Privacy Protection Act (COPPA) that requires Web sites to "obtain verifiable parental consent" before collecting personal information from children under 13.
… COPPA doesn't prevent companies like Facebook from admitting kids under 13, but it does present substantial and expensive roadblocks.
Companies with services aimed at younger kids, such as Disney's Club Penguin, have gone to considerable expense to comply with the law. But most companies, including Facebook, MySpace, and Google+, simply block pre-teens from the service. These rules are specified in the companies' terms of service, and companies generally require members to state their birth date. Any child whose date of birth indicates he or she is under 13 is blocked.
… A peer-reviewed study released today--"Why Parents Help Their Children Lie to Facebook About Age: Unintended Consequences of the 'Children's Online Privacy Protection Act'"--(available from found that "many parents knowingly allow their children to lie about their age--in fact, often help them to do so--in order to gain access to age-restricted sites in violation of those sites' terms of service."

Will this upgrade make Google the RSS Reader of choice?
Google Reader revamp arrives
Google Reader is finally getting its day in the sun. Just as promised earlier this month, the forgotten Google app for collecting and reading news articles all in one place is getting a revamped design.

This could be geeky fun!
"Open Hardware Journal is a new technical journal on designs for physical or electronic objects that are shared as if they were Open Source software. It's an open journal under a Creative Commons license. The first issue contains articles on 'Producing Lenses With 3D Printers,' 'Teaching with Open Hardware Submarines,' 'An Open Hardware Platform for USB Firmware Updates and General USB Development,' and more."
Mr. Perens has promised to be around tonight to answer any questions readers might have.

Now will you let me blog?
INFOGRAPHIC : The Schools That Rule The Web [US Only]
… Our infographic today comes courtesy of Best Education Sites. As the infographic points out, the web can make or break a school these days. They need to have a well designed website and they need to be connected to social media in order to attract the web 2.0 crowd.