Tuesday, June 12, 2012

Security breach perspective As the value of a single credit card goes down, you can make up for it by increasing your volume...
Theft of 44K credit cards is tip of the iceberg, police say
… David Benjamin Schrooten, aka "Fortezza," is being targeted by federal prosecutors for allegedly hacking into computers and stealing massive amounts of credit card numbers. Once he obtained the numbers, he allegedly sold them in bulk quantities via different Web sites. The 44,000 is reportedly from just one sale.
Police caught onto Schrooten's alleged heist last November after a Seattle restaurant owner contacted the police. According to the Associated Press, several customers who ate at the restaurant got suspicious charges on their cards. Some were even getting charged $70 to $80 in as little as 10 minutes after using their cards at the restaurant.

For my Disaster Recovery class. “Sorry, we have no record of your account.” Many articles, no real information.
IN: Fire in Pathankot bank, data destroyed
June 11, 2012 by admin
Hope they had an off-site backup:
Pathankot: A fire broke out in a branch of State Bank of Patiala here, destroying a large amount of data, police said today.
According to preliminary inquiry, the fire was caused by short circuit in the computer room last night and was controlled after two hours of fire fighting operations assisted by police.
No loss of life was reported due to the fire.
The data loss due to the fire in the computer room could be huge, Pathankot DSP Rajit Singh said.
Source: ZeeNews.com

Perhaps the Privacy Foundation should invite Phil back. This is how lawyers should talk to their clients...
Phil Zimmermann's post-PGP project: privacy for a price
… Zimmermann's new company, Silent Circle, plans to release a beta version of an iPhone and Android app in late July that encrypts phone calls and other communications. A final version is scheduled to follow in late September.

If everyone (NSA, TSA, DHS, NYPD, MOUSE) starts flying these things over cities, we might see more crashes in places normal air traffic avoids.
Navy Loses Giant Drone in Maryland Crash

Somehow this doesn't make sense.
"Documents released by the FBI provide an unusual inside look at how the agency is struggling to penetrate 'darknet' Onion sites routed through Tor, the online privacy tool funded in part by government grants to help global activists. In this case, agents were unable to pursue specific leads about an easily available child pornography site, while files withheld indicate that the FBI has ongoing investigations tied to the Silk Road marketplace, a popular, anonymous Tor site for buying and selling drugs and other illegal materials."
Sounds similar to the problems that plagued freenet.
[From the MuckRock article:
In this particular case, a citizen reported stumbling upon [i.e the files were not hidden Bob] a cache of child pornography while browsing the anonymous Tor network's hidden sites, which are viewable with specialized, but readily available, tools and the special .onion domain. [How could they be “readily available” to everyone but the FBI? Bob]

We're doomed!
June 11, 2012
Report - "When the Government Comes Knocking, Who Has Your Back?"
  • "When you use the Internet, you entrust your online conversations, thoughts, experiences, locations, photos, and more to companies like Google, AT&T and Facebook. But what happens when the government demands that these companies to hand over your private information? Will the company stand with you? Will it tell you that the government is looking for your data so that you can take steps to protect yourself? The Electronic Frontier Foundation examined the policies of 18 major Internet companies — including email providers, ISPs, cloud storage providers, and social networking sites — to assess whether they publicly commit to standing with users when the government seeks access to user data. We looked at their terms of service, privacy policies, and published law enforcement guides, if any. We also examined their track record of fighting for user privacy in the courts and whether they’re members of the Digital Due Process coalition, which works to improve outdated communications law. Finally, we contacted each of the companies with our conclusions and gave them an opportunity to respond and provide us evidence of improved policies and practices. These categories are not the only ways that a company can stand up for users, of course, but they are important and publicly verifiable."

Worth skimming theough?
UK: #Intelligence
Source: Demos (UK)
The growth of social media poses a dilemma for security and law enforcement agencies. On the one hand, social media could provide a new form of intelligence – SOCMINT – that could contribute decisively to keeping the public safe. On the other, national security is dependent on public understanding and support for the measures being taken to keep us safe.
Social media challenges current conceptions about privacy, consent and personal data, and new forms of technology allow for more invisible and widespread intrusive surveillance than ever before. Furthermore, analysis of social media for intelligence purposes does not fit easily into the policy and legal frameworks that guarantee that such activity is proportionate, necessary and accountable.
This paper is the first effort to examine the ethical, legal and operational challenges involved in using social media for intelligence and insight purposes. It argues that social media should become a permanent part of the intelligence framework but that it must be based on a publicly argued, legal footing, with clarity and transparency over use, storage, purpose, regulation and accountability. #Intelligence lays out six ethical principles that can help government agencies approach these challenges and argues for major changes to the current regulatory and legal framework in the long-term, including a review of the current Regulation of Investigatory Powers Act 2000.
+ Direct link to document (PDF; 405 KB)

We like this standard best: “It's off by default (because that's best for us) and even when you turn it on, we can keep acting like it's off.”
Do not track’ privacy options should not be activated by default, standards body proposes
June 12, 2012 by Dissent
The World Wide Web Consortium (W3C), which is responsible for ensuring that web technology is based on an agreed set of technical standards, has been working on developing a new ‘do not track’ (DNT) controls system for operation within web browser settings. It has said that the controls should not to be set by default. Instead, internet users would have to provide their “explicit consent” to activate them.
Jonathan Mayer of Stanford University, who has been working on the new standard, said that W3C had worked on a “compromise proposal” which would prohibit online publishers using cookies to track their users’ online activity once those users had enabled the DNT option. However, “affiliate information sharing” about users can continue even once DNT controls have been activated, Mayer said.
Read more on Out-Law.com.

Just out of curiosity, does State actually have anyone on staff who understands technology?
State Department offers Amazon up to $16.5M to hand out Kindles
The only e-reader fit enough to meet the U.S. State Department's needs is the Kindle Touch. The iPad and Nook simply won't do. The government has asked Amazon to negotiate a no-bid contract of up to $16.5 million to pass out Kindles to the country's embassies overseas. This was first reported by Nextgov.
If Amazon proposes a contract based on the State Department's needs, it would theoretically provide at least 2,500 Kindle Touches preloaded with 50 titles each to the State Department; but this number could grow because the government is looking to negotiate a contract that could last up to five years.

Job opportunities for my Ethical Hackers...
"In this TED Talk, Rory Sutherland discusses the need for every company to have a staff member with the power to do big things but no budget to spend: these are the kinds of individuals who are not afraid to recommend cheap and effective ways to solve big company problems. This article argues that, in the IT world, this person is none other than a highly-skilled hacker. From the article: 'To the media, the term “hacker” refers to a user who breaks into a computer system. To a programmer, “hacker” simply means a great programmer. In the corporate IT field, hackers are both revered as individuals who get a lot done without a lot of resources but feared as individuals who may be a little more “loose cannon” than your stock IT employee. Telling your CEO you want to hire a hacker may not be the best decision for an IT manager, but actually hiring one may be the best decision you can make.'"

Fortunately, we no longer bother with “ye olde textbooks” – each learning objective is a separate collection of lectures, videos, websites and Apps...
First time accepted submitter discussM tipped us to a story about a recently granted patent in which "a system and method preventing unauthorized access to copyrighted academic texts is provided in which trademark licenses, discussion boards, and grade content are integrated into a web-based system that aligns the interests of teaching professionals, students, and publishers while also enhancing the overarching academic mission to create and disseminate knowledge." Quoting Torrent Freak: "As part of a course, students will have to participate in a web-based discussion board, an activity which counts towards their final grade. To gain access to the board students need a special code, which they get by buying the associated textbook." But don't worry too much, from Ars: "Beyond the legal questions, other experts suggested forcing students to buy texts through such a system is unlikely to be implemented. Professors have few incentives to make it more difficult and to compel students even more than they already are to buy textbooks, digital or analog. (A 2011 survey from UC Riverside found that 78 percent of undergraduates 'bought fewer books, bought cheaper books or read books on reserve to help meet expenses.')"

(Related) For my students. Lots more out there like these.
… We have published a number of articles with links to programming video tutorials, interactive learning modules, and even our own programming lessons, but sometimes, you might just need a good book to immerse yourself in. Lucky for you, up next I’ve gathered a list of legally free programming books that can get you started with learning how to program, scripting and even making your own websites.
Thinking in C++ by Bruce Eckel
The author of the book also has written various books on Java, Python and more, many of which are available for free from his site.
Dive Into HTML5 by Mark Pilgrim
Eloquent Javascript by Marijn Haverbeke
Another resource to note is the Non-Programmer’s Tutorial for Python 3 from Wikibooks, which indicates that it’s meant for individuals with no previous programming experience, though I’m sure intermediate programmers could also find the tutorial useful. There’s even a print-friendly version for those that want a physical copy of the tutorial.
For additional resources to learn Python, check out a more complete list of Python-teaching sites.

Monday, June 11, 2012
If you're looking to learn something new or brush-up on your content area knowledge, Open Culture probably has a course listing for you. The latest update to their list of free and open online courses brought the total offerings up to 500. The course content is hosted on a variety of platforms including iTunes, YouTube, and Vimeo. The courses come from notable universities including Stanford, Harvard, and Yale. And thankfully, the list is organized by subject area.

No comments: