Congratulations Mr. President. I knew
(one of) you would be elected!
As expected. My brother is still
without power, so it is possible some of these email addresses are
simply offline... A Governor's decree does not override Mother
Nature.
E-Mail
Voting Fails Some New Jersey Residents
November 6, 2012 by Dissent
Ben Smith reports:
New Jersey’s
last-minute offer of e-mail voting to displaced residents was greeted
by concern
by security experts, who warn that e-mail offers a fast track to
voter fraud.
But the system may
have another problem as well: County election administrators are,
according to anecdotal reports, simply not responding to all requests
for ballots. In two major counties, the e-mail address advertised on
the website of the county clerk is not even accepting e-mail.
The e-mail address
listed on the website
of the Morris County Clerk, asmith@co.morris.nj.us, is not
receiving e-mail. Nor is the e-mail address, info@essexclerk.com,
listed on the website
of the Essex County Clerk, nor theCounty’s
site. (The Essex County Clerk posted
to his Facebook page Monday that voters could e-mail requests to his
personal Hotmail account.
[...]
Essex County Clerk
C.J. Durkin e-mailed at 5:30 a.m. Tuesday, “We are working around
the clock to try and ensure that everyone who wants to vote…can.
As an alternative email, voters can send requests to
cj_durkin@hotmail.com
Oh. My. God.
Read more on BuzzFeed
Politics.
(Related) My “Shooting fish in a
barrel” prediction: Most of these “problems” were known before
the machines were used. An illustration of genius? A woman in
Florida was block (for a time) because of her MIT sweatshirt...
Several readers have submitted news of
the inevitable problems involved with trying to securely collect
information from tens of millions of people on the same day. A video
is making the rounds of a touchscreen voting machine registering
a vote for Mitt Romney when Barack Obama was selected. A North
Carolina newspaper is reporting that votes
for Romney are being switched to Obama. Voters are being
encouraged to check and double-check that their votes are recorded
accurately. In Ohio, some recently-installed
election software got a pass from a District Court Judge. In
Galveston County, Texas, poll workers didn't
start their computer systems early enough to be ready for the
opening of the polls, which led to a court order requiring the
stations to be open for an extra two hours at night. Yesterday we
discussed how people in New Jersey who were displaced by the
storm would be allowed to vote via email; not only are some
of the emails bouncing, but voters are being directed to request
ballots from a county clerk's personal Hotmail account. If
only vote machines were as
secure as slot machines. [Yet, the house always wins... Bob]
Of course, there's still the good, old fashioned analog problems;
workers
tampering with ballots, voters being told they can vote
tomorrow, and people leaving after excessively long
wait times.
For my Computer Security students.
This is why you study Network Security. When we say the
infrastructure is fagile, remember this...
New submitter mc10 points out a post on
the CloudFlare blog about the
circumstances behind Google's services being inaccessible for a
brief time earlier today. Quoting: "
To understand
what went wrong you need to understand a bit about how networking on
the Internet works. The Internet is a collection of networks, known
as "Autonomous Systems" (AS). Each network has a unique
number to identify it known as AS number. CloudFlare's AS number is
13335, Google's is 15169. The networks are connected together by
what is known as Border Gateway Protocol (BGP). BGP is the glue of
the Internet — announcing what IP addresses belong to each network
and establishing the routes from one AS to another. An Internet
"route" is exactly what it sounds like: a path from the IP
address on one AS to an IP address on another AS. ... Unfortunately,
if a network starts to send out an announcement of a particular IP
address or network behind it, when in fact it is not, if that network
is trusted by its upstreams and peers then packets can end up
misrouted. That is what was happening here. I
looked at the BGP Routes for a Google IP Address. The route
traversed Moratel (23947), an Indonesian ISP. Given that I'm looking
at the routing from California and Google is operating Data Centre's
not far from our office, packets should never be routed via
Indonesia."
Not that is a contract I'd like to
read...
Strategizing
the lawsuit against South Carolina
November 5, 2012 by admin
While I was offline, the lawsuit(s?)
apparently commenced against South Carolina over their monster data
breach. According to Meg Kinnard of Associated Press, however,
plaintiffs
might receive only a matter of pennies, as the
state limits/caps how much a state agency can pay out for a breach,
and that cap is $600,000. It may depend, in part, on how
a state court defines an “occurrence.” Then again, there may be
deeper pockets with no cap. In the latest development, TrustWave has
been added as a defendant. Eric Connor reports;
The private
company hired by the state of South Carolina to monitor millions of
taxpayers’ sensitive personal data is in the crosshairs of a
lawsuit after it was revealed that its services were
used in lieu of internal, government-owed protection. [So they
outsourced their security... Bob]
“This is a huge
development, because we learn for the first time that a large,
multinational corporation had assumed the responsibility for securing
this data,” Upstate attorney John Hawkins said in announcing his
amended lawsuit against the state, which he hopes will be named as a
class-action suit.
“This
case is no longer just about suing state government,”
Hawkins said. “It’s become much bigger.”
GreenvilleOnline.com
is developing this story and has contacted the computer security
company, TrustWave, seeking comment, as well as Gov. Nikki Haley.
[That sentence reads like the Governor is hiding at
TrustWave Bob]
Read more on GreenvilleOnline.com.
“We figure that using a really old
technology like tapes means we can ignore all them thar modern
security “Best Practices” like encryption.” Also a really
interesting twist!
By Dissent,
November 6, 2012
Tim O’Coin reports:
Women
& Infants Hospital says tapes of ultrasound
images [Does this fit the legal definition of Child Porn? Bob]
and patients’ personal information are missing.
According to a
post on its website, the hospital discovered back in
September that backup ultrasound tapes at Ambulatory Sites
in Providence and New Bedford had disappeared.
The hospital said
the tapes also contained patients’ names, dates of birth, and in
some cases Social Security numbers.
Read more on WPRI.
The following press release was posted
to the hospital’s web site yesterday:
11/05/2012
Women &
Infants Hospital today announced that on September 13, 2012, the
hospital discovered that unencrypted backup tapes containing
ultrasound images from two of its ambulatory sites located at 79
Plain Street in Providence, RI and 67 Brigham Street in New Bedford,
MA were missing. The hospital immediately began an investigation and
conducted a thorough search of its facilities but has been unable to
locate the backup tapes.
The backup tapes
contained ultrasound studies dating from 1993 to 1997 in Providence
and from 2002 to 2007 in New Bedford and included patient names,
dates of birth, dates of exam, physicians’ names, patient
ultrasound images, and, in some instances, Social Security numbers.
“We have no
reason to believe that the information on the backup tapes has been
accessed or used improperly,” said Elizabeth Fecteau, privacy
officer at Women & Infants Hospital, explaining that it
would take specialized equipment [a tape drive Bob] and
technical expertise [Knowing how to press the “On”
button Bob] to access the information on the tapes.
… Women &
Infants has taken steps to prevent an incident like this from
happening in the future, including a thorough review of policies and
procedures and enhancement of backup tape receipt and storage
practices. [Is this proof that the earlier system was
inadequate? Bob]
The corresponding notification letter
to patients says:
… The backup
tapes contained ultrasound images dating from 1993 to 1997 from the
Providence location,
… The backup
tapes contained ultrasound image dating from 2002 to 2007 from the
New Bedford location,
… While
we no
longer have the actual ultrasound images,
[These were not “Backup” copies, they were the ONLY copies! Bob]
we assure our patients that the full report of their
ultrasound and its findings remain in their electronic medical record
for reference, if ever needed.
Physicians, stick to your anti-socal
networks...
By Dissent,
November 6, 2012
Lynn Sessions and Cory Fox write:
Recently, the
Federation of State Medical Boards (“the Federation”) released
its Model Policy Guidelines
for the Appropriate Use of Social Media and Social Networking in
Medical Practice (“Guidelines”). The Guidelines are intended to
address how physicians can utilize social media to facilitate patient
care while still maintaining the privacy and confidentiality of
patient information and the appropriate level of professionalism.
Social media
usage, such as Facebook, Twitter, LinkedIn and blogging, has
increased amongst healthcare providers. One survey
indicates that 87% of physicians use social media websites for
personal use and 67% use social media for professional purposes.
Another study indicates that 35% of physicians have received friend
requests from patients or their family members, and 16%of physicians
have visited an online profile of a patient or a family member. The
expanded use of social media raises challenging questions for
healthcare providers, such as the extent to which physicians can
share their work experiences online without violating the privacy and
confidentiality of their patients and how to clearly delineate
appropriate boundaries of professionalism. An analysis of
physician blogs found that nearly 17% included enough information
about patients to identify them.
Read more on Data
Privacy Monitor.
(Related) And it's an application of
statistics that my Statistics students will love
like laugh at me for presenting.
According to a fairly recent estimate
by Facebook, there are around 83
million fake accounts on the social network.
… Thankfully, like the bulk of
spamming and phishing efforts today, they’re mostly still fairly
easy to spot.
… Recently, Barracuda
Networks pieced together some statistics
about Fake Facebook profiles, the results of which are quite
interesting and might help you to spot a fake profile. Here’s what
the average fake profile looks like:
- They have 6 times the average number of friends (726 versus 130)
- Around 60% of fake accounts say they are bisexual, which is more than 10 times the amount of real Facebook accounts that list that information.
- Almost all fake accounts (97%) claim to be female, as opposed to 40 percent of real accounts.
- Fake accounts will often tag photos far more often than real accounts, with an average of 136 tags per four photos on fake accounts compared to one tag per four photos for real Facebook users.
- 43% of fake profiles have never updated their status, compared with 15% of real people.
I'd like to know how many people were
actually overcharged. Does the fine represent hundreds of dollars
per victim or pennys? Apparently the FCC settled before they found
out...
"CNet reports on an agreement
between AT&T and the FCC which will require the telecom company
to pay
$700,000 to the federal government to resolve overcharging
complaints. AT&T will also refund charges
to customers who were switched from pay-as-you-go
data plans to monthly plans after AT&T said they could keep the
old plans. 'AT&T has also agreed to an extensive
compliance plan (PDF), which includes: consumer notification,
training of customer care representatives, and periodic compliance
reports to the FCC. AT&T must also conduct additional searches
of its records to identify improperly switched consumers and ensure
appropriate refunds.'"
The saga continues. The RIAA reaches
out to Gabon? “Zap this guy and we'll get you an autographed
picture of Justin Bieber!”
"Kim Dotcom's plan
to launch a 'bigger, better, faster, stronger, safer' Megaupload
successor, Mega, is already in peril as Gabon's
government has suspended the domain me.ga
. Announcing his decision, Gabon's Communication Minister
Blaise Louembe said 'I have instructed my departments... to
immediately suspend the site www.me.ga
'in a bid to 'protect intellectual property
rights' and 'fight cyber crime effectively.'
Dotcom revealed
through a tweet that he is in possession of an alternative domain
name and that the recent suspension 'demonstrates the bad faith witch
hunt the U.S. government is on.'"
(Related)
Megaupload
Case Has Far-Reaching Implications for Cloud-Data Ownership Rights
… The privacy and property rights
of its 60 million users are also in jeopardy, as well as the privacy
and property rights of anyone who stores data in the cloud, according
to the Electronic Frontier Foundation, which is representing one of
Megaupload’s users in a lawsuit against the government that could
set a precedent for cloud users in general. A hearing on the issue
in Virginia federal court is expected to be set any day.
The problem lies in the fact that there
is currently no clear process for owners to retrieve property that
federal prosecutors effectively seized when
they shuttered the file-sharing and cyberlocker service last
January over issues of alleged copyright infringement.
I often point to Dilbert cartoons as
simple summaries of complex ideas. That's because Scott Adams is
actually a rather smart guy.
"Scott Adams has an
entertaining entry on his Dilbert Blog about the
perception of privacy. He writes, 'It has come to my attention
that many of my readers in the United States believe they have the
right to privacy because of something in the Constitution. That is
an unsupportable view. A more accurate view is that the
government divides the details of your life into two categories: 1.
Stuff they don't care about. 2. Stuff they can find out if they have
a reason.' His post is written in response to some
reader comments on another entry about privacy guardians and how
swell life would be if we voluntarily gave up certain personal info."
Interesting. A mindmap with Priority
flags... Aspects of a Project Management tool. Be sure to look
under the Education tab.
… MindMaple is a program designed
to help you manage all those difficult tasks in the most efficient
way possible. It helps you generate a mind map, which is like an
outline of what you need to do and your ideas for how to do it.
- Also read related article: 8
MS Word Templates That Help You Brainstorm & Mind Map Your Ideas
Quickly.
We will need to do this too... Perhaps
we could make these class projects? Perhaps a KickStarter funded
business?
Distance
Learning University, The Open University, Repackages Course Materials
For The App Generation
U.K.-based distance learning
university, the Open
University, is developing a series of apps to deliver
undergraduate course materials to students’ smartphones and tablet
devices, starting next year. The OUAnywhere
app will allow undergraduates to access their main course
materials through their handheld devices, along with the audio and
visual content the OU produces to support studies.
… OUAnywhere is being created in
response to increasing use of mobile devices by students — the OU
notes that mobile usage of its virtual
learning environment in one month is now comparable to usage for
an entire quarter of the previous year. It’s also noticed students
are spending much more time online via mobile and tablet devices, and
clocking up more repeated visits. (Students using gadgets? It’s
not exactly rocket science… )
A place for me to brush up. “Biiru
ippai kudasai.” and then “WC doko desu ka? ”
No comments:
Post a Comment