Wednesday, November 07, 2012

Congratulations Mr. President. I knew (one of) you would be elected!

As expected. My brother is still without power, so it is possible some of these email addresses are simply offline... A Governor's decree does not override Mother Nature.
E-Mail Voting Fails Some New Jersey Residents
November 6, 2012 by Dissent
Ben Smith reports:
New Jersey’s last-minute offer of e-mail voting to displaced residents was greeted by concern by security experts, who warn that e-mail offers a fast track to voter fraud.
But the system may have another problem as well: County election administrators are, according to anecdotal reports, simply not responding to all requests for ballots. In two major counties, the e-mail address advertised on the website of the county clerk is not even accepting e-mail.
The e-mail address listed on the website of the Morris County Clerk,, is not receiving e-mail. Nor is the e-mail address,, listed on the website of the Essex County Clerk, nor theCounty’s site. (The Essex County Clerk posted to his Facebook page Monday that voters could e-mail requests to his personal Hotmail account.
Essex County Clerk C.J. Durkin e-mailed at 5:30 a.m. Tuesday, “We are working around the clock to try and ensure that everyone who wants to vote…can. As an alternative email, voters can send requests to
Oh. My. God.
Read more on BuzzFeed Politics.

(Related) My “Shooting fish in a barrel” prediction: Most of these “problems” were known before the machines were used. An illustration of genius? A woman in Florida was block (for a time) because of her MIT sweatshirt...
Several readers have submitted news of the inevitable problems involved with trying to securely collect information from tens of millions of people on the same day. A video is making the rounds of a touchscreen voting machine registering a vote for Mitt Romney when Barack Obama was selected. A North Carolina newspaper is reporting that votes for Romney are being switched to Obama. Voters are being encouraged to check and double-check that their votes are recorded accurately. In Ohio, some recently-installed election software got a pass from a District Court Judge. In Galveston County, Texas, poll workers didn't start their computer systems early enough to be ready for the opening of the polls, which led to a court order requiring the stations to be open for an extra two hours at night. Yesterday we discussed how people in New Jersey who were displaced by the storm would be allowed to vote via email; not only are some of the emails bouncing, but voters are being directed to request ballots from a county clerk's personal Hotmail account. If only vote machines were as secure as slot machines. [Yet, the house always wins... Bob] Of course, there's still the good, old fashioned analog problems; workers tampering with ballots, voters being told they can vote tomorrow, and people leaving after excessively long wait times.

For my Computer Security students. This is why you study Network Security. When we say the infrastructure is fagile, remember this...
New submitter mc10 points out a post on the CloudFlare blog about the circumstances behind Google's services being inaccessible for a brief time earlier today. Quoting: "
To understand what went wrong you need to understand a bit about how networking on the Internet works. The Internet is a collection of networks, known as "Autonomous Systems" (AS). Each network has a unique number to identify it known as AS number. CloudFlare's AS number is 13335, Google's is 15169. The networks are connected together by what is known as Border Gateway Protocol (BGP). BGP is the glue of the Internet — announcing what IP addresses belong to each network and establishing the routes from one AS to another. An Internet "route" is exactly what it sounds like: a path from the IP address on one AS to an IP address on another AS. ... Unfortunately, if a network starts to send out an announcement of a particular IP address or network behind it, when in fact it is not, if that network is trusted by its upstreams and peers then packets can end up misrouted. That is what was happening here. I looked at the BGP Routes for a Google IP Address. The route traversed Moratel (23947), an Indonesian ISP. Given that I'm looking at the routing from California and Google is operating Data Centre's not far from our office, packets should never be routed via Indonesia."

Not that is a contract I'd like to read...
Strategizing the lawsuit against South Carolina
November 5, 2012 by admin
While I was offline, the lawsuit(s?) apparently commenced against South Carolina over their monster data breach. According to Meg Kinnard of Associated Press, however, plaintiffs might receive only a matter of pennies, as the state limits/caps how much a state agency can pay out for a breach, and that cap is $600,000. It may depend, in part, on how a state court defines an “occurrence.” Then again, there may be deeper pockets with no cap. In the latest development, TrustWave has been added as a defendant. Eric Connor reports;
The private company hired by the state of South Carolina to monitor millions of taxpayers’ sensitive personal data is in the crosshairs of a lawsuit after it was revealed that its services were used in lieu of internal, government-owed protection. [So they outsourced their security... Bob]
“This is a huge development, because we learn for the first time that a large, multinational corporation had assumed the responsibility for securing this data,” Upstate attorney John Hawkins said in announcing his amended lawsuit against the state, which he hopes will be named as a class-action suit.
This case is no longer just about suing state government,” Hawkins said. “It’s become much bigger.” is developing this story and has contacted the computer security company, TrustWave, seeking comment, as well as Gov. Nikki Haley. [That sentence reads like the Governor is hiding at TrustWave Bob]

“We figure that using a really old technology like tapes means we can ignore all them thar modern security “Best Practices” like encryption.” Also a really interesting twist!
By Dissent, November 6, 2012
Tim O’Coin reports:
Women & Infants Hospital says tapes of ultrasound images [Does this fit the legal definition of Child Porn? Bob] and patients’ personal information are missing.
According to a post on its website, the hospital discovered back in September that backup ultrasound tapes at Ambulatory Sites in Providence and New Bedford had disappeared.
The hospital said the tapes also contained patients’ names, dates of birth, and in some cases Social Security numbers.
Read more on WPRI.
The following press release was posted to the hospital’s web site yesterday:
Women & Infants Hospital today announced that on September 13, 2012, the hospital discovered that unencrypted backup tapes containing ultrasound images from two of its ambulatory sites located at 79 Plain Street in Providence, RI and 67 Brigham Street in New Bedford, MA were missing. The hospital immediately began an investigation and conducted a thorough search of its facilities but has been unable to locate the backup tapes.
The backup tapes contained ultrasound studies dating from 1993 to 1997 in Providence and from 2002 to 2007 in New Bedford and included patient names, dates of birth, dates of exam, physicians’ names, patient ultrasound images, and, in some instances, Social Security numbers.
“We have no reason to believe that the information on the backup tapes has been accessed or used improperly,” said Elizabeth Fecteau, privacy officer at Women & Infants Hospital, explaining that it would take specialized equipment [a tape drive Bob] and technical expertise [Knowing how to press the “On” button Bob] to access the information on the tapes.
… Women & Infants has taken steps to prevent an incident like this from happening in the future, including a thorough review of policies and procedures and enhancement of backup tape receipt and storage practices. [Is this proof that the earlier system was inadequate? Bob]
The corresponding notification letter to patients says:
… The backup tapes contained ultrasound images dating from 1993 to 1997 from the Providence location,
… The backup tapes contained ultrasound image dating from 2002 to 2007 from the New Bedford location,
While we no longer have the actual ultrasound images, [These were not “Backup” copies, they were the ONLY copies! Bob] we assure our patients that the full report of their ultrasound and its findings remain in their electronic medical record for reference, if ever needed.

Physicians, stick to your anti-socal networks...
By Dissent, November 6, 2012
Lynn Sessions and Cory Fox write:
Recently, the Federation of State Medical Boards (“the Federation”) released its Model Policy Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Guidelines”). The Guidelines are intended to address how physicians can utilize social media to facilitate patient care while still maintaining the privacy and confidentiality of patient information and the appropriate level of professionalism.
Social media usage, such as Facebook, Twitter, LinkedIn and blogging, has increased amongst healthcare providers. One survey indicates that 87% of physicians use social media websites for personal use and 67% use social media for professional purposes. Another study indicates that 35% of physicians have received friend requests from patients or their family members, and 16%of physicians have visited an online profile of a patient or a family member. The expanded use of social media raises challenging questions for healthcare providers, such as the extent to which physicians can share their work experiences online without violating the privacy and confidentiality of their patients and how to clearly delineate appropriate boundaries of professionalism. An analysis of physician blogs found that nearly 17% included enough information about patients to identify them.
Read more on Data Privacy Monitor.

(Related) And it's an application of statistics that my Statistics students will love like laugh at me for presenting.
According to a fairly recent estimate by Facebook, there are around 83 million fake accounts on the social network.
… Thankfully, like the bulk of spamming and phishing efforts today, they’re mostly still fairly easy to spot.
… Recently, Barracuda Networks pieced together some statistics about Fake Facebook profiles, the results of which are quite interesting and might help you to spot a fake profile. Here’s what the average fake profile looks like:
  • They have 6 times the average number of friends (726 versus 130)
  • Around 60% of fake accounts say they are bisexual, which is more than 10 times the amount of real Facebook accounts that list that information.
  • Almost all fake accounts (97%) claim to be female, as opposed to 40 percent of real accounts.
  • Fake accounts will often tag photos far more often than real accounts, with an average of 136 tags per four photos on fake accounts compared to one tag per four photos for real Facebook users.
  • 43% of fake profiles have never updated their status, compared with 15% of real people.

I'd like to know how many people were actually overcharged. Does the fine represent hundreds of dollars per victim or pennys? Apparently the FCC settled before they found out...
"CNet reports on an agreement between AT&T and the FCC which will require the telecom company to pay $700,000 to the federal government to resolve overcharging complaints. AT&T will also refund charges to customers who were switched from pay-as-you-go data plans to monthly plans after AT&T said they could keep the old plans. 'AT&T has also agreed to an extensive compliance plan (PDF), which includes: consumer notification, training of customer care representatives, and periodic compliance reports to the FCC. AT&T must also conduct additional searches of its records to identify improperly switched consumers and ensure appropriate refunds.'"

The saga continues. The RIAA reaches out to Gabon? “Zap this guy and we'll get you an autographed picture of Justin Bieber!”
"Kim Dotcom's plan to launch a 'bigger, better, faster, stronger, safer' Megaupload successor, Mega, is already in peril as Gabon's government has suspended the domain . Announcing his decision, Gabon's Communication Minister Blaise Louembe said 'I have instructed my departments... to immediately suspend the site 'in a bid to 'protect intellectual property rights' and 'fight cyber crime effectively.' Dotcom revealed through a tweet that he is in possession of an alternative domain name and that the recent suspension 'demonstrates the bad faith witch hunt the U.S. government is on.'"

Megaupload Case Has Far-Reaching Implications for Cloud-Data Ownership Rights
… The privacy and property rights of its 60 million users are also in jeopardy, as well as the privacy and property rights of anyone who stores data in the cloud, according to the Electronic Frontier Foundation, which is representing one of Megaupload’s users in a lawsuit against the government that could set a precedent for cloud users in general. A hearing on the issue in Virginia federal court is expected to be set any day.
The problem lies in the fact that there is currently no clear process for owners to retrieve property that federal prosecutors effectively seized when they shuttered the file-sharing and cyberlocker service last January over issues of alleged copyright infringement.

I often point to Dilbert cartoons as simple summaries of complex ideas. That's because Scott Adams is actually a rather smart guy.
"Scott Adams has an entertaining entry on his Dilbert Blog about the perception of privacy. He writes, 'It has come to my attention that many of my readers in the United States believe they have the right to privacy because of something in the Constitution. That is an unsupportable view. A more accurate view is that the government divides the details of your life into two categories: 1. Stuff they don't care about. 2. Stuff they can find out if they have a reason.' His post is written in response to some reader comments on another entry about privacy guardians and how swell life would be if we voluntarily gave up certain personal info."

Interesting. A mindmap with Priority flags... Aspects of a Project Management tool. Be sure to look under the Education tab.
… MindMaple is a program designed to help you manage all those difficult tasks in the most efficient way possible. It helps you generate a mind map, which is like an outline of what you need to do and your ideas for how to do it.

We will need to do this too... Perhaps we could make these class projects? Perhaps a KickStarter funded business?
Distance Learning University, The Open University, Repackages Course Materials For The App Generation
U.K.-based distance learning university, the Open University, is developing a series of apps to deliver undergraduate course materials to students’ smartphones and tablet devices, starting next year. The OUAnywhere app will allow undergraduates to access their main course materials through their handheld devices, along with the audio and visual content the OU produces to support studies.
… OUAnywhere is being created in response to increasing use of mobile devices by students — the OU notes that mobile usage of its virtual learning environment in one month is now comparable to usage for an entire quarter of the previous year. It’s also noticed students are spending much more time online via mobile and tablet devices, and clocking up more repeated visits. (Students using gadgets? It’s not exactly rocket science… )

A place for me to brush up. “Biiru ippai kudasai.” and then “WC doko desu ka?

No comments: