Thursday, June 14, 2012
A little out of the ordinary.
PA: Security breach exposes student data
June 14, 2012 by admin
Jason A. Kahl reports:
The personal information of all students in the Fleetwood School District was stolen and posted online, district officials and Fleetwood police said Wednesday.
The security breach was discovered by parents of students in the district who notified school officials Tuesday. The school contacted borough police and the website, Wikispaces, where it was posted, and had it taken down within hours, Dr. Paul B. Eaken, superintendent, said Wednesday night.
The stolen information included the name, date of birth, school identification number, address, parents’ names, teacher’s name and grade level of each of the approximately 2,700 students from kindergarten through 12th grade, Eaken said.
He said the information came from a digital spreadsheet file stored in the administrative section of the district.
Read more on Reading Eagle.
Hopefully their ID number isn’t their SSN.
[From the article:
They stated that families should be watchful for unknown visitors [I've never seen a warning like that. Do they have reason to suspect stalkers stole their data? Bob] and unwanted mail."
… It was unclear when the information was stolen and how long it had been online before the parents found it. [The school district didn't know it was missing, someone had to tell them. They were unable to see who accessed the data? Bob]
Eaken said the data was taken electronically from the school's computer system, either by a virus, someone with a password or someone hacking into the system. [So, someone inside, someone outside or something else entirely? That pretty much covers it. Bob]
For my “Business Continuity” students... My Ethical Hackers already know...
Cyberrisks to U.S. electric grid a matter of timing
Security technology used by U.S. electric utilities is flawed and could increase the odds of computer intrusions or sabotage, the chairman of an industry standards group warns.
Jesse Hurley, co-chair of the North American Energy Standards Board's Critical Infrastructure Committee, says the mechanism for creating digital signatures for authentication is insufficiently secure because not enough is being done to verify identities and some companies are attempting to weaken standards to fit their business models.
… This debate over critical infrastructure security comes as the U.S. Senate prepares to debate a Democrat-backed bill that would give Homeland Security additional authority to regulate cybersecurity practices for critical infrastructure [Making Infrastructure as secure as TSA makes flying? Why does that not give me the warm fuzzies? Bob]
This is an interesting change... Think the court will quash?
New submitter nbacon writes with news that Comcast, apparently tired of the endless BitTorrent-related piracy lawsuits, has stopped complying with subpoena requests, much to the chagrin of rightsholders. From the article:
"Initially Comcast complied with these subpoenas, but an ongoing battle in the Illinois District Court shows that the company changed its tune recently. Instead of handing over subscriber info, Comcast asked the court to quash the subpoenas. Among other things, the ISP argued that the court doesn’t have jurisdiction over all defendants, because many don’t live in the district in which they are being sued. The company also argues that the copyright holders have no grounds to join this many defendants in one lawsuit. The real kicker, however, comes with the third argument. Here, Comcast accuses the copyright holders of a copyright shakedown, exploiting the court to coerce defendants into paying settlements."
Perhaps I wasn't wrong in thinking “Innocent” was a possible defense?
Retired Judge Joins Fight Against DOJ’s ‘Outrageous’ Seizures in Megaupload Case
Abraham David Sofaer, a former New York federal judge, recently was presenting a paper at the National Academy of Sciences about deterring cyberattacks when he learned the feds had shut down Megaupload, seizing its domain names, in a criminal copyright infringement case.
Troubling him more than his paper on global cybersecurity (.pdf) was learning that the government had seized the files of 66.6 million customers as part of its prosecution of the file-sharing site’s top officers, and was refusing to give any of the data back to its owners.
“It’s really quite outrageous, frankly,” the 74-year-old President Jimmy Carter appointee said in a recent telephone interview. “I was thinking the government hadn’t learned to be discreet in its conduct in the digital world. This is a perfect example on how they are failing to apply traditional standards in the new context.”
A former State Department legal adviser, Sofaer has teamed up — free of charge — with the Electronic Frontier Foundation in urging a federal court to set up a system to allow Megaupload users to get back their legal content.
His entry into the high-profile case comes as users increasingly turn to online storage systems and services, including Dropbox, Gmail, YouTube, ReadItLater, iCloud, and Google Drive, among others, to share and store their data — despite the fact that legal protections for cloud services are weak and servers can be shut down at any time by an aggressive prosecutor. In an unrelated copyright infringement seizure, the feds confiscated the domain of a hip-hop music blog at the behest of the recording industry, only to return it, without apology or recompense, a year later for lack of evidence.
… The government copied 25 petabytes of the data, and said the rest can be erased. The Department of Justice told the federal judge overseeing the prosecution that the government has no obligation to assist anybody getting back their data, even if it’s non-infringing material.
… But in a recent court filing, the authorities wrote that assisting an Ohio man in getting back his company’s high school sports footage “would create a new and practically unlimited cause of action on behalf of any third party who can claim that the government’s execution of a search warrant adversely impacted a commercial relationship between the target of the search and the third party.”
Sofaer, also a former clerk to then-Supreme Court Justice William Brennan Jr. and now a Hoover Institution fellow, claims the government’s response is hogwash. All legal files could easily be retrieved, just like they were before the service was shuttered in January.
If you had access to all this data, what could you determine? What voters look for in a Presidential candidate? What stocks to buy or sell? The answer to life, the universe and everything?
"Technology Review has an in depth profile of the team at Facebook tasked with figuring out what can be learned from all our data. The Data Science Team mine that information trove both in the name of scientific research into the patterns of human behavior and to advance Facebook's understanding of its users. Facebook's ad business gets the most public attention, but the company's data mining technology may have a greater effect on its destiny — and users lives."
What new degree should my young whippersnappers be looking for? Cloud Management?
"Young whippersnappers might imagine that Computer Science degrees — and the term "computer science" — have been around forever. But they were invented, after all, and early programmers couldn't earn a college degree in something that hadn't been created yet. In The Evolution of the Computer Science Degree, Karen Heyman traces the history of the term and the degree, and challenges you on a geek trivia question: Which U.S. college offered the first CS degree? (It's not an obvious answer.)"
So let's all publish a book!
Self-publishing a book: 25 things you need to know
Returned many short papers on topics I searched...
Wednesday, June 13, 2012
Through a recent blog post by Angela Maiers I discovered a nice service for finding and sharing ebooks. The service is called ebook browse and it's similar to services like Scribd and DocStoc. On ebook browse you can browse for documents, upload and share your own documents, and download the documents that other people make available. If you want to make your documents available online for others to read, just upload them to ebook browse and share the link or embed them into your blog or website using the embed code provided by ebook browse.
… Students can upload to ebook browse then use the embed code provided to display their documents in their digital portfolios.