Friday, April 13, 2012

This is a long (but instructive) post, so I'll point you to it rather than quote it all here. These are questions their internal auditors would likely ask. Who else might be interested? (can you say BoD)
Why’s denial of breach fails to convince me
April 12, 2012 by admin
Some breach reports really bother me. The situation is a case in point. Despite their denial of any breach, what I saw in the two data dumps leaves me with the nagging suspicion that they were hacked. And so I contacted them again almost two weeks ago, following their last statement, to ask to speak with them about my concerns and what I had found in analyzing some of the data. They never responded to that request or got back to me.
So after mulling this over for a while, I decided to post my concerns here. This will be a long post, so bear with me.

If you were to ask an MBA (Oh wait, I have one of those) he would tell you that leaving anyone unsupervised was proof of bad management. I wrote a few programs to tell me exactly what my people were doing and I explained to them how the reports could (and did) protect them from wild accusations of misconduct. Frequent reviews of the reports with my employees reinforced the seriousness of “the rules”
Leaving IT admins unsupervised is like putting “Dracula in charge of the blood bank”
April 13, 2012 by Dissent
Ben Grubb reports:
About 40 per cent of IT administrators go snooping through emails of employees, particularly those of high-level executives, claims the chief executive of a firm that manages the IT security of various Australian companies and government agencies.
A company’s IT admins have access to virtually every document company-wide – including executive files, payroll information and medical data – and many “can’t help themselves” in gaining access to emails, says Carlo Minassian, founder and CEO of Earthwave, the North Sydney-based firm that is hired by organisations looking to outsource their IT security.
Read more on The Age.

Definitely something I'll add to my Intro t Computer Security course. (First, scare them Then, show them a solution)
'Get a Copy of What You've Shared on Facebook'
Faced a host of privacy investigations around the globe and an initial public offering in the next few works, Facebook is trying extra hard to increase transparency and make users happy. The latest effort is an expansion of the social network's "Download Your Data" feature, a three-click process that lets you "Get a copy of what you've shared on Facebook." The site first launched this feature two years ago but only allowed users to get a copy of their list of friends, photos, wall posts, messages, and chat conversations. Now, you'll also get a list of your former usernames and email addresses, all of your friend requests as well as the IP addresses of all the computers you've used to log on to Facebook. It's like a data-rich walk down memory lane.
Read the full story at The Atlantic Wire.

“We can (and do) therefore we (and the government) must” Haven't I been saying this for years?
"Chief Judge Alex Kozinski of the Ninth Circuit Court of Appeals candidly discusses the future of privacy law in an essay published today in the Stanford Law Review Online. Referencing an Isaac Asimov short story, Kozinski acknowledges a serious threat to our privacy — but not from corporations, courts, or Congress: 'Judges, legislators and law enforcement officials live in the real world. The opinions they write, the legislation they pass, the intrusions they dare engage in—all of these reflect an explicit or implicit judgment about the degree of privacy we can reasonably expect by living in our society. In a world where employers monitor the computer communications of their employees, law enforcement officers find it easy to demand that internet service providers give up information on the web-browsing habits of their subscribers.'"
"In a world where people post up-to-the-minute location information through Facebook Places or Foursquare, the police may feel justified in attaching a GPS to your car. In a world where people tweet about their sexual experiences and eager thousands read about them the morning after, it may well be reasonable for law enforcement, in pursuit of terrorists and criminals, to spy with high-powered binoculars through people's bedroom windows or put concealed cameras in public restrooms. In a world where you can listen to people shouting lurid descriptions of their gall-bladder operations into their cell phones, it may well be reasonable to ask telephone companies or even doctors for access to their customer records. If we the people don't consider our own privacy terribly valuable, we cannot count on government — with its many legitimate worries about law-breaking and security — to guard it for us.'"

Perhaps we could collect these into a “How To” guide...
Unmasking Anonymous Internet Speech in New York
April 12, 2012 by Dissent
Scott M. Himes writes:
Every day innumerable people “speak” on the internet, through email, social media, blogs, and other electronic writings, without disclosing their identities (or by using fictitious ones). But the anonymity of internet speech becomes an issue when one feels aggrieved by anonymous (or pseudonymous) words. And although the First Amendment protects anonymous speech, that protection is not absolute. Increasingly, would-be plaintiffs — particularly those claiming defamation based on internet speech — resort to the courts to unmask the electronic speaker’s identity. New York’s pre-action disclosure statute provides a well-suited mechanism for doing so, although using it for this purpose raises unsettled issues.
Read more on Law Technology News. The article provides a nice recap of cases in New York when it comes to unmasking anonymous online speakers.

How should I take this? Millions of legitimate users don't count? More likely, any possible defense is to be attacked aggressively, because if they lose this they might not get to fight another day...
U.S. tries to silence MegaUpload lawyers on issue of user data
… U.S. officials shut down the cyberlocker service, requested that the New Zealand government arrest DotCom, and are now trying to extradite him to the United States. U.S. officials have called the MegaUpload indictment the largest online criminal copyright case ever brought.
Hanging in the balance of today's hearing are digital files belonging to as many as 60 million people across the globe. Their files could be in jeopardy if O'Grady decides to allow Carpathia Hosting, the company that has housed the servers at its own expense since the service was taken down, to delete the information on them or possibly sell off the servers.
… Rothken says that all the parties are in agreement that MegaUpload's data should be preserved save for the U.S. government.
… Even the Motion Picture Association of America (MPAA), the trade group representing the film studios, has asked the court to save the data. The MPAA has said it may need it should the studios want to file a civil complaint at a later date against MegaUpload.
And should MegaUpload's attorneys be allowed to speak, they will tell the judge that they can't defend their clients properly without the server data, Rothken said.

Those who cannot remember the past are condemned to repeat it. ” George Santayana
A business model that charges for free broadcast TV? Sounds like the networks are jealous.
Shades of 1984 Emerge in Broadcast TV Copyright Flap
In 1984, Hollywood was arguing that the VCR and home taping would kill its business and wanted the Supreme Court to outlaw the devices from Americans’ living rooms. Luckily for Americans and Hollywood, the Supreme Court recognized the power of innovation and the limits of copyright in a 5-4 decision that helped unleash a revolution in home entertainment that included a multi-billion-dollar market in videotape and DVD sales and rentals.
Fast forward three decades and we’re right back to 1984. Broadcasters including ABC, CBS, Fox, NBC and Univision are set to appear in court next month to urge a New York federal judge to block the latest television-viewing technology they claim will bankrupt their business model.
… To understand the latest legal jockeying, substitute the term VCR with Aereo. The upstart, Aereo, opened for business last month and supplies internet streams and a DVR service for over-the-air broadcasts to its New York customers. In other words, Aereo lets those in New York who want to watch on their iPad what they can pull down for free from the public airwaves to their TV with an antenna. For the moment, the service is free, but will soon charge $12 monthly.

This just in: It was never about a successful launch.
This Just In: North Korea Still Sucks at Launching Rockets
The North Korean rocket launch that gave the world heartburn is a dud. Again. CNN reports that the Unha-3 rocket blew up after failing to get its “Bright Star” satellite into orbit. In case you’re counting, that makes them 0 for 4 since 1998.

Another free Office Suite...
"The Calligra team has announced the first release of the Calligra suite of office and creativity applications. This marks the end of a long development period lasting almost one and a half year. It is the first release in a long series which is planned to make improved applications every 4 months. Calligra is a continuation of the old KOffice project and it may be interesting for KOffice users to know what they will get. Some highlights are: a completely rewritten text layout engine that can handle most of the advanced layout features of OpenDocument Format (ODF), simplified user interface, support for larger parts of the ODF specification (for example line endings like arrows), and improved import filters for Microsoft document formats. There are also two new applications: Flow for diagrams and flowcharts, and Braindump for the note taking. Calligra Active is a new interface for touch based devices and especially for the KDE Plasma Active environment. Several companies have already used Calligra as a base for their own office solution. One of them is Nokia with their N9 high end smartphone where Calligra is embedded into the so called Harmattan Office."

It might be interesting to see what research attracts big bucks...
Crowdfunding projects through sites like Kickstarter has become incredibly popular lately. Can the same process of opening up funding to "the crowd" work for academic and scientific research?
A new site called Microryza launches today to do just that.
You can read my story over on Inside Higher Ed...

Huh. I've been doing that for years, why aren't I rich instead of handsome?
Screw University, Course Hero Curates YouTube Into Free Business and Coding Classes
You can learn just about anything from YouTube…if you’re willing to dig through millions of videos. Luckily, Course Hero has done the work for you, offering coherent classes by hosting collections of the best educational YouTube videos and other content. The newly launched courses section of the eduTech startup’s site now has classes in entrepreneurship, business plan development, and programming in a variety of languages. Meanwhile, Course Hero offers crowdsourced study guides, tutoring, and flashcards.

No comments: