Saturday, February 11, 2012
Local illogical? Doesn't encrypting my data create an expectation of privacy? What would they be looking for on the computer and why would it be there and no where else? (Some interesting comments follow the article...)
Woman who pleaded Fifth in password case now citing Fourth
… The 10th Circuit Court of Appeals in Denver ruled on Jan. 23 that the Fifth Amendment had nothing to do with the case and gave Fricosu until Feb.21 to provide the password.
On Tuesday, Fricosu’s lawyer, Philip Dubois filed a petition to appeal. A ruling should come in the next 10 days. Dubois, however, did succeed in getting Fricosu’s password deadline pushed back to Feb. 28.
… “I think it is simply wrong to force people to assist the government in searching for evidence with which they intend to use to prosecute that person,” said Dubois. “I think that is unreasonable. I think it amounts to an unreasonable search.”
… Fricosu’s case drew interest from civil rights groups who argued that current law needs to evolve to meet the nuances of the digital age. The prosecution, however, argued that hiding behind a password and encrypted data would make prosecution impossible in the future. [Really? Impossible? How did you get an indictment? Bob]
… Dubois, who once defended PGP creator Phil Zimmermann, says he is unsure if Fricosu can decrypt the hard drive of the laptop police seized from her home.
For my Ethical Hackers... Better, make it look like random noise – not a signal at all.
"Ahead of the anniversary of Iran's revolution, the country's government has locked down its already-censored Internet, blocking access to many services and in some cases cutting off all encrypted traffic on the Web of the kind used by secure email, social networking and banking sites. In response, the information-freedom-focused Tor Project is testing a new tool it's calling 'obfsproxy,' or obfuscated proxy, which aims to make SSL or TLS traffic appear to be unencrypted traffic like HTTP or instant messaging data. While the tool currently only disguises SSL as the SOCKS protocol, in future versions it will aim to disguise encrypted traffic as any protocol the user chooses. Tor executive director Andrew Lewman says the idea is to 'make your Ferrari look like a Toyota by putting an actual Toyota shell over the Ferrari.'"
Reader bonch adds: "A thread on Hacker News provides first-hand accounts as well as workarounds."
It all depends on what your definition of “is” is...
"In the Stanford Law Review Online, authors Frankel, Brookover & Satterfield discuss an ongoing lawsuit against Facebook where plaintiffs claimed the social network's 'Sponsored Stories,' displaying advertisements on Facebook including 'the names and pictures of users who have "Liked" a product,' violated the law. Facebook responded by asserting that
(1) Plaintiffs are "public figures" to their friends, and
(2) "expressions of consumer opinion" are generally newsworthy.'
The authors discuss the substantial impact this case might have on online privacy going forward: 'The implications are significant and potentially far-reaching. The notion that every person is famous to his or her "friends" would effectively convert recognizable figures within any community or sphere, however small, into individuals whose lives may be fair game for the ever-expanding (social) media. If courts are willing to find that nontraditional subjects (such as Facebook users) are public figures in novel contexts (such as social media websites), First Amendment and newsworthiness protections likely will become more vigorous as individual privacy rights weaken. Warren and Brandeis's model of privacy rights, intended to prevent media attention to all but the most public figures, will have little application to all but the most private individuals.'"
Could be an interesting hearing, but I doubt it. No intelligence gathering body should fail to monitor any open source. Nor should they stop looking for “weaknesses” or :”failures” that are reported in the press – terrorists won't. So what kind of rules can you specify?
A privacy advocacy group has swayed Congress to hold a hearing next week into the Department of Homeland Security’s practice of monitoring social networks such as Twitter and Facebook, as well as media reports and organizations, including The Drudge Report.
The Electronic Privacy Information Center (EPIC) recently obtained close to 300 pages of documents, as a result of a Freedom of Information Act lawsuit, detailing the federal agency’s “intelligence gathering” practices on the web.
Among the documents were guidelines from DHS instructing outside contractors to monitor the web for media reports and comments that “reflect adversely” on the agency or the federal government.
… EPIC director Ginger McCall notes that monitoring what people are saying about government policies goes too far and has a chilling effect on free speech.
“The Department of Homeland Security’s monitoring of political dissent has no legal basis and is contrary to core First Amendment principles,” she said.
… DHS officials have admitted that monitoring of social networks for negative opinion was undertaken by the agency, but claim that the operation was a one off test and was quickly dropped as it did not meet “operational requirements or privacy standards,” which “expressly prohibit reporting on individuals’ First Amendment activities.”
… The Congressional hearing, DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy, will be held Thursday February 16th.
However, it is already apparent where the House subcommittee for intelligence and counter-terrorism stands on the matter. As reported by Reuters, the top two members of the subcommittee, Rep. Patrick Meehan (R-PA) and Rep. Jackie Speier (D-CA), wrote to DHS Intelligence Chief Caryn Wagner last month, pressing her to more carefully monitor users’ posts on sites such as Facebook and Twitter, in order to help detect “current or emerging threats.”
As we have also previously reported, The DHS has openly announced that it is actively monitoring social media for signs of “social unrest”, in a bid to pre-empt any sign of social dislocation within the United States.
This is just the tool to add to my drone. Now I can search neighborhood backyards looking for “gardens of interest.”
"A new smart camera technology not only takes a picture but also assays chemical composition, allowing photographers to tell whether that hand-rolled cigarette contains tobacco or marijuana. Designed to speed industrial inspection systems — such as detecting whether food is spoiled — the new smart camera includes spectral filters that make images of corn fields appear differently from hemp. Spectral cameras have been available for decades, but this microchip version should be cheap enough for almost any application."
May not work well on bombs that are triggered by electrical signals...
The Government Wants To Build An App Store For Real-Life Jack Bauers
The US Department of Defense Explosive Ordinance Disposal unit is look for a few good coders to help build apps and an entire app store for bomb technicians and soldiers involved in ordnance handling.
… The request for proposals is as dull as dirt (you can read it here) but the requirements are clear: they’re looking for apps that will replace paper pocket guides and references used by the folks that blow up the big badda booms.
Pick one: 1) Make me money 2) Save me money 3) Get out of my way (Remember, this is still “Invitation Only!”)
How Pinterest Is Becoming the Next Big Thing in Social Media for Business
… Pinterest, an online bulletin board for your favorite images, launched in 2010 and is already experiencing wild growth. The site registered more than 7 million unique visitors in December, up from 1.6 million in September. And it's driving more traffic to company websites and blogs than YouTube, Google+ and LinkedIn combined, according to a recent report from Cambridge, Mass.-based content-sharing site Shareaholic.
… Perhaps the most powerful business application is the ability to post images of your company's products on your Pinterest board and link them back to your website. It works as a sort of virtual store catalog.
… Pinterest already is driving buyers to some websites. In the last six months, the retail deal site ideeli.com has seen a 446 percent increase in web traffic from Pinterest and sales resulting from those visits have increased five-fold.
Remember, even frequent computer users don't know everything...
The Secret Technology Club: If you think that technology power-users have a whole bunch of “secret” tricks and shortcut, you might be right. We’ve been immersed in computer-use for decades now, but very few of us have had much formal training. We learn through trial and error, but it’s difficult to learn what you don’t know exists! If you suspect you’ve fallen behind and would like to fill some of those silly technology gaps, this is for you. This will be a random assortment of tips and tricks for a variety of programs and web applications. You can become a member of the “Secret Technology Club” by learning the secret technology handshakes.
You might be surprised by what you don’t know. I learn something new every time I prepare for this presentation.
Here are the slides for The Secret Technology Club.
Friday, February 10, 2012
“Can't be fixed” often translates to “I don't know how to fix it.” What security replaced the VPN? The jeweler should have asked that question.
C.D. Peacock sues IT firm over network breach
February 9, 2012 by admin
Wailin Wong reports:
Chicago jeweler C.D. Peacock has sued a suburban information-technology consulting firm, alleging that the company’s negligence allowed hackers to access confidential customer financial data.
The lawsuit was filed Wednesday in Cook County Circuit Court. According to C.D. Peacock’s complaint, it hired Oak Brook-based BridgePoint Technologies for IT-related services in August 2009. In March 2010, the company found that its virtual private network, designed to give remote users access to a centralized network, was failing to make those connections.
C.D. Peacock said a BridgePoint consultant inspected the network and said the VPN could not be fixed. The consultant told the jeweler to go around the VPN connection, a move that he assured would be safe, according to the lawsuit.
“Circumventing the VPN led almost immediately to a serious security breach,” C.D. Peacock said in its filing.
Read more on WGN Radio
This one could be interesting. What odds is Vegas giving that it settles out of court?
"The Hollywood Reporter reports that members of the iconic disco-era musical group Sister Sledge have filed a major class action lawsuit against Warner Music Group claiming that the music giant's method for calculating digital music purchases as 'sales' rather than 'licenses' has cheated them out of millions of dollars from digital music sales. Songwriters typically make much less money when an album is 'sold' than they do when their music is 'licensed' (the rationale derives from the costs that used to be associated with the physical production of records) but record labels have taken the position that music sold via such digital stores as iTunes should be counted as 'sales' rather than licenses. The difference in revenue can be significant as Sister Sledge claim their record deal promises 25 percent of revenue from licenses but only 5-1/2% to 6-1/2% of net from sales. Eminem's publisher brought a nearly identical claim against Universal Music Group and won an important decision at the 9th Circuit Court of Appeals in 2010 when the 9th Circuit ruled that iTunes' contract unambiguously provided that the music was licensed. The lawsuit argued that record companies' arrangements with digital retailers resembled a license more than it did a sale of a CD or record because, among other reasons, the labels furnished the seller with a single master recording that it then duplicated for customers. 'Unlike physical sales, where the record company manufactures each disc and has incremental costs, when they license to iTunes, all they do is turn over one master,' says attorney Richard S. Busch. 'It's only fair that the artist should receive 50 percent of the receipts.'"
Since Megaupload is out of business, it seems clear they were not the ones pirating music/movies/stuff. No doubt that will be part of their defense.
… What was initially thought to be a victory for movie studios and record labels is turning out to be an empty win, however, as Megaupload’s closure has had almost no impact on file-sharing.
Internet consulting firm DeepField Networks analyzed Web traffic from six companies that provide the storage facilities responsible for roughly 80% of all file-sharing traffic. According to the firm, Megaupload’s files accounted for a huge portion of that traffic before a series of raids took the service offline last month; between 30% and 40% of all file-sharing downloads came from Megaupload.
The service moved so much data that global Internet traffic immediately decreased by between 2% and 3% when Megaupload’s services were taken offline on January 18th.
As big as Megaupload was, however, the service’s closure has not had the effect on file-sharing that copyright owners might have hoped. According to DeepField, Web traffic related to file-sharing recovered almost immediately as users simply utilized other services such as Rapidshare and Mediafire.
To compound matters, it looks like Internet Service Providers in the United States will likely take the biggest hit following Megaupload’s closure. ”Instead of terabytes of North America Megaupload traffic going to U.S. servers, most file sharing traffic now comes from Europe over far more expensive transatlantic links,” DeepField noted.
The communication was over the governments system. That isn't the issue. Retaliation for whistle blowing (to Congress) seems to have been their goal all along.
FDA says it monitored workers’ e-mail to investigate potential leak
February 10, 2012 by Dissent
Ellen Nakashima and Lisa Rein report:
The Food and Drug Administration said Thursday that it monitored the personal e-mails of employees who had concerns about unsafe medical devices beginning in April 2010 but said it did so to investigate allegations that the employees had leaked confidential information to the public.
The FDA’s statement came in response to a Washington Post article last month that reported that the FDA intercepted and stored the Gmail communications of a group of agency doctors who raised concerns with Congress about the agency approving cancer-screening and other devices despite the doctors’ determinations that the devices were not safe or effective.
Read more on The Washington Post.
Maybe kids are learning...
The majority of adults, 85 percent, in a new study believe that visiting social networks like Facebook are a pleasant way to spend time.
The report was published today by Pew Research Center’s Internet & American Life project.
Among the study’s highlights are these numbers:
- Only a small sampling of adults said their experience on social networks was unpleasant. Five percent of adults said that people are mostly unkind on Facebook and other social media channels, while five percent said their answer depends on the situation.
- The remainder of adult social network users said they didn’t know how to answer the question or refused to answer it.
Very fuzzy line between Identity Theft and Medical Identity Theft.
By Dissent, February 9, 2012
Rick Kam, President and CEO, ID Experts and Christine Arevalo, director of healthcare identity management, ID Experts write:
Healthcare fraud is costing American taxpayers up to $234 billion annually, based on estimates from the FBI. It’s no wonder that a stolen medical identity has a $50 street value, according to the World Privacy Forum – whereas a stolen social security number, on the other hand, only sells for $1.
One form of healthcare fraud, known as medical identity theft, has its own staggering statistics: 1.42 million Americans were victims of medical identity theft in 2010, according to a 2011 study on patient data privacy and security by the Ponemon Institute. The report estimates the annual economic impact of medical identity theft to be $30.9 billion.
Read more on Government HealthIT. The authors have chosen some real-life examples to include that remind everyone how much harm medical ID theft can cause.
[From the article:
Medical identity theft occurs when a person uses someone else’s medical record to obtain medical goods or services or to bill for medical goods and services that the patient did not receive. Thieves will also use a person’s social security number to obtain medical services or health insurance.
Did they skip “Just turn it off!”
This is only for my students who have not had their first IPO and have not yet hired a chauffeur...
Prepare for Liftoff With Automotive Cheat Codes
Like videogames, real cars have cheat codes—actions that unlock hidden potential. Some are printed in the owner’s manual; others are meant only for dealers. Many shut down safety features, so we’ll warn you: Don’t try these on public roads unless you think you can cheat death, too.
Beyond the “bragging rights,” this is interesting (to a geek anyway)
February 09, 2012
Top 10 Law School Home Pages of 2011
Top 10 Law School Home Pages of 2011, Roger Skalbeck, Georgetown University Law Center, 2 J.L. (1 J. Legal Metrics) 25-52 (2012)
- "For the third consecutive year, the website home pages for all ABA-accredited law schools are evaluated and ranked based on objective criteria. For 2011, law school home pages advanced in some areas. For instance, there are now thirteen sites using the HTML5 doctype, up from a single site in 2010. In addition, seventeen schools achieved a perfect score for three tests focused on website accessibility, up from eight in 2010. Nonetheless, there’s enough diversity in coding practices and content to help separate the great from the good. For this year’s survey, twenty-four elements of each home page are assessed across three broad categories: Design Patterns & Metadata; Accessibility & Validation; and Marketing & Communications. Most elements require no special design skills, sophisticated technology or significant expenses. For interpreting these results, the author does not try to decide if any whole is greater or less than the sum of its parts."
How to make money with Free Software...
From Russia With Tech Support: Open Source NGINX Remakes Web Servers
The second most popular web server on the planet no longer comes from Microsoft. It comes from NGINX. And now, the tiny Russian outfit wants to actually make some money from its widely popular open source server software.
This week, the company announced that it’s now officially offering technical support and consulting services to businesses everywhere. In others words, if you sign a three- to twelve-month contract, the company will help you install and configure the NGINX web server — a means of hosting web sites — and when things go wrong, it help with that too.
Khan Academy is so cool, it attracts geeks?
"Craig Silverstein, the first employee hired by Google co-founders Sergey Brin and Larry Page, will leave the search giant for Khan Academy, an online education portal based in Mountain View, Calif. Silverstein had been with Google shortly after it first launched in the garage of Susan Wojcicki, a friend of both Page and Brin, in September 1998. He had helped Brin and Page develop infrastructure when Google was just a Stanford grad school project, but when he officially joined the company, Silverstein became its technology director. The Khan Academy, where Silverstein is heading next, is a not-for-profit organization that aspires to change the education industry by providing free 'world-class education to anyone anywhere.' Microsoft chairman Bill Gates is an enormous fan of the service, telling CNN that he uses it with his kids."
It's not just for Teachers...
Thursday, February 9, 2012
Earlier today I presented a short webinar about some of my favorite Web 2.0 tools for teachers. The webinar was on behalf of Ed Tech Teacher for whom I facilitate in-person workshops from time to time. This summer I'll be working with them quite a bit. You can see the list of their summer workshops here. A recording of today's webinar will be available here shortly. If you just want to know what tools I shared in the webinar, you can view the slides below.
Thursday, February 09, 2012
If “Right” means doing exactly what they set out to do, then they are doing it right. If their auditors looked at their process and asked a few questions related to Best Privacy Practices they may have avoided all this kerfuffle.
Path CEO: ‘We Thought We Were Doing This Right’
“We thought we were doing this the right way. It turns out, we made a mistake.”
Some social media companies, including Path, subscribe to a philosophy that says access to your personal data — if used safely and in the right way — can only improve your experience. To this extent, address book data is the bread and butter of Path, an app that distinguishes itself as “the first truly personal network.”
“We don’t want to connect you with just anyone on Path,” Morin says. “Without the contact list information, some of these features just don’t work.”
Hipster CEO Also Apologizes For Address Book-Gate, Calls For “Application Privacy Summit” [Guest Post]
There seems to be much more here than meets the eye. Why would the FBI think that companies that spend more money each year on security than the FBI has wasted in the 12 years of their two year Case Management System upgrade can't get security right? Perhaps their security is too good?
FBI declares cloud vendors must meet CJIS security rules
… The CJIS database, maintained by the FBI, is one of the world's largest repositories of criminal history records and fingerprints.
The records are available to law enforcement agencies and contractors around the country that comply with the security rules, which include requirements that all data, both in transit and at rest, be encrypted and that anyone who accesses the database pass FBI background checks.
… "However," he added, "these requirements aren't new to vendors serving the criminal justice community and many vendors have successfully met these requirements for years."
It can't be as bad as this article suggests, can it?
Court Revives Challenge to No-Fly ListA federal appeals court on Wednesday revived a Malaysian woman’s legal fight against the United States’ no-fly list, ruling that she may challenge her two-hour airport detention on allegations she was wrongly singled out as a suspected terrorist.
The woman, Rahinah Ibrahim, was detained, handcuffed and questioned for two hours at San Francisco International Airport in 2005 when she was told she was on the government’s no-fly list.
… “At this point in the litigation, no court has attempted to determine the merits of Ibrahim’s claims under the First and Fifth Amendments. The parties have not briefed whether her placement on a terrorist watchlist violates her rights to freedom of association, equal protection, and due process,” Judge William Fletcher wrote for the majority, (.pdf) which was joined by Judge Dorothy Nelson.
… The evidence and procedures used to place individuals on the list are secret. Also secret are the reviews of people who ask to be removed from that list and from the much larger “selectee list” which allows people to fly, but requires they go through a pat-down or other extra screening.
… Following 9/11, the appeals court noted, “tens of thousands of of travelers have been misidentified because of misspellings and transcription errors” and because of “computer algorithms that imperfectly match travelers against the names” on watchlists. [Not sure why you would want an imperfect match... Bob]
(Related) “We have met the enemy and he is us!”
Department of Homeland Security Disregards Public Comments and Issues Final Rule that Undermines Traveler Privacy Rights
February 9, 2012 by Dissent
The U.S. Customs and Border Protection, a component within the Department of Homeland Security, issued a final rule approving Global Entry, a traveler screening program, despite the substantial privacy and security risks brought to the agency’s attention. Under the Global Entry program, the CBP collects detailed personal information, including social security numbers and biometric information, that should be subject to Privacy Act safeguards. However, the agency rejected EPIC’s recommendations that it comply with the Privacy Act by limiting the distribution of information to only those that need the information for screening purposes. In EPIC’s comments, EPIC also noted that CBP violated federal law by not conducting a Privacy Impact Assessment before implementing the new Global Entry program. For more information, see: EPIC: Global Entry.
(It's not mandatory, but you can save 90%...) Will they publish their guide to “Driving like Miss Daisy?”
"TomTom has signed a deal with an insurance firm that will see its satnavs used to monitor drivers. Fair Pay Insurance, part of Motaquote, will use monitoring systems built into the TomTom PRO 3100 [Apparently, they have been planning this for some time. I wonder of they are already recording how we drive? Bob] to watch for sharp braking and badly managed turns, rewarding 'good' drivers with lower premiums and warning less skilled motorists when they aren't driving as they should. 'We've dispensed with generalization's and said to our customers, if you believe you're a good driver, we'll believe you and we'll even give you the benefit up front,' said Nigel Lombard of Fair Pay Insurance."
Think there's a market for a “Doctor of Privacy”
Definitions of Privacy
February 8, 2012 by Dissent
Doctoral student Craig Blaha dropped me a note to share some of his dissertation work on privacy. You can read his overview on Definitions of Privacy on his blog. He’d welcome your comments or feedback.
(Related) Redefining Privacy for the benefit (amusement?) of the government.
Online denizens: the government says you are better off passing out flyers in a ski mask than Tweeting controversial material
February 8, 2012 by Dissent
More on the Twitter subpoena in the Occupy Boston case. In today’s hearing, the government made some truly outrageous claims.
This post by PrivacySOS is an absolute must-read for everyone who uses online social media and who believes in free speech and privacy. And if you’re not livid by the time you get done reading it, let me know.
It has more impact when the WSJ says it...
"Europeans will take to the streets this weekend in protest at the Anti-Counterfeiting Trade Agreement, an international agreement that has given birth to an ocean full of red herrings. That so many have spawned is, say critics, in no small part down to the way in which this most controversial of international agreements was drawn up. If the negotiating parties had set out to stoke the flames of Internet paranoia they could not have done a better job. Accepted there are two things that should never be seen being made in public—laws and sausages—the ACTA process could be a case study of how not to do it. Conducted in secret, with little information shared except a few leaked documents, the ACTA talks were even decried by those who were involved in them."
February 08, 2012
From The Atlantic - 150th Anniversary Edition - The Duty to Think
"On the 150th anniversary of the Civil War, we present this commemorative issue featuring Atlantic stories by Mark Twain, Henry James, Harriet Beecher Stowe, Frederick Douglass, Nathaniel Hawthorne, Louisa May Alcott, and many more."
- James Bennet editor of The Atlantic: "It is possible, in these pages, to enter into both the humanity of figures consecrated or condemned by history and the uncertainty the writers must have felt during the rush of events... It seemed to us that these Atlantic pieces have a way of conversing across the decades. And so in this issue, one finds Garry Wills’s account from 1992 of how Lincoln used the Gettysburg Address to reinterpret the Constitution and thereby “revolutionized the Revolution, giving people a new past to live with that would change their future indefinitely.” And then, equipped with that explication of how Lincoln purified the nation’s meaning, and with President Obama’s summation of what that meaning is, the reader can then encounter, with fresh appreciation, Lowell’s epitaph for Lincoln: “New birth of our new soil, the first American.”
Look, I'm certain the world is warmer than when I was a kid. What concerns me is that “humans are responsible and here's what we have to do about it” is apparently based on some pretty crappy science. For example: How did anyone conclude that “all the glaciers are melting” if we have never before looked at all the glaciers?
The Himalayas and nearby peaks have lost no ice in past 10 years, study shows
The world's greatest snow-capped peaks, which run in a chain from the Himalayas to Tian Shan on the border of China and Kyrgyzstan, have lost no ice over the last decade, new research shows.
The discovery has stunned scientists, who had believed that around 50bn tonnes of meltwater were being shed each year and not being replaced by new snowfall.
The study is the first to survey all the world's icecaps and glaciers and was made possible by the use of satellite data. Overall, the contribution of melting ice outside the two largest caps – Greenland and Antarctica – is much less than previously estimated, with the lack of ice loss in the Himalayas and the other high peaks of Asia responsible for most of the discrepancy.
Perspective: So, how can Cable TV survive?
Nielsen: Cord Cutting And Internet TV Viewing On The Rise
According to a new report from Nielsen, the number of U.S. homes that have broadband Internet, but only free, broadcast TV, is on the rise. Although representing less than 5% of TV households, the number has grown 22.8% over the past year.
In addition, the behaviors within these homes are unique. These broadband/broadcast-only households stream video twice as much as the general population, says Nielsen, and they watch half as much TV.
Since I keep posting lists of eBooks, these might be handy.
Wednesday, February 8, 2012
EPUBReader is a Firefox add-on that will allow you to read ePub documents within your browser. EPUBReader downloads ePub files and displays them directly in your browser. The video below offers a short demonstration.
Magic Scroll is a Chrome web app that you can use to read ePub files on your desktop or laptop even if you do not have an internet connection.
If you want to convert webpages into ePub documents, dotEPUB is a good Chrome web app for that. I previously wrote about dotEPUB in October. Here is a video overview of dotEPUB.
I try to follow who is investing in what. Occasionally you find interesting tools...
European accelerator HackFwd just announced that Infogr.am from Riga in Latvia as its latest investment. Infogr.am’s product is gunning to be a kind of adobe illustrator for online, allowing anyone to create cool info-graphics.
Free, interactive charts tool [Invitation only so far Bob]
Wednesday, February 08, 2012
You can't underestimate anyone's understanding of security concepts...
Syrian President Bashar al-Assad has been under fire from world leaders to step down this week. He’s also under fire from hacktivist group Anonymous, who leaked hundreds of his office’s emails on Monday.
While Anonymous is infamous for its hacking know-how, it doesn’t take a genius computer programmer to guess one of the passwords commonly used by Assad’s office accounts: 12345. The string of consecutive numbers is the second-weakest password according to a 2011 study. [“Password” is number one Bob]
No liability, because you have no Privacy?
Backdoor in TRENDnet IP Cameras Provide Real-Time Peeping Tom Paradise?
Nearly a month after a console cowboy identified a security vulnerability in Trendnet streaming IP cameras, Trendnet issued a security advisory. So far there have been 26 vulnerable models identified [I'm pretty sure they mean camera models, not tall anorexic women Bob] that allow voyeurs to spy in real time on homes and offices. Since many of the cameras were not registered, this vulnerability may remain an exploitable Peeping Tom paradise for a long time.
… The vulnerability allows users to tune in and to spy in real-time on thousands of private lives via Trendnet home security cameras. "There does not appear to be a way to disable access to the video stream,
… Since looking for these Trendnet cameras "manually is boring and tedious," SomeLuser created a Python script that uses the Shodan search engine to find the URL of web cam video streams, regardless of if it has a password on it or not. By now there are all kinds of lists circulating on forums, pastebin and sites like 4chan, giving armchair surfers unobstructed views into offices, homes, living rooms and kids' bedrooms.
Is this how companies act in a polite society? Should we expect anti-social networks?
Path caught storing users’ unencrypted data
Heather Taylor writes:
Today developer Arun Thampi discovered his entire address book including full names, emails and phone numbers was being collected by the new social app, Path.
In trying to make things easy for users, Path uploads your address book to their servers so you can easily connect to your friends and family on its network.
The problem is Path doesn’t tell you its going to do it.
Read more on eConsultancy.
(Related) So, is this evil? How about a 15 minute delay like a stock ticker?
"There is media (but not public?) outcry over the Pasadena, CA police switch from analog radio that can be picked up by scanners to encrypted digital radio that cannot. 'On Friday, Pasadena police Lt. Phlunte Riddle said the department was unsure whether it could accommodate the media with digital scanners. Riddle said the greatest concern remains officer safety. "People who do bank robberies use scanners, and Radio Shack sells these things cheap," Riddle said. "We just had a robbery today on Hill Avenue and Washington Boulevard," Riddle said. "The last thing I want to do is to have the helicopter or the officers set up on the street and the criminals have a scanner and know where our officers are." Just prior to the switch over, city staffers said they would look into granting access to police radio chatter, most likely by loaning media outlets a scanner capable of picking up the secure signal.'"
Is this anti-social? We keep telling you that “Delete” does not mean “Delete.”
Given the cutting-edge technological reputation of Facebook, you’d perhaps think profile holders need only execute a simple button press in order to swiftly cast unwanted or embarrassing photographs into social networking oblivion.
However, it would appear that personal images deleted by users are still doing the rounds on Facebook for up to three years after that initial button press.
Zuckerberg & Co. have this week revealed that not all images are removed “in a reasonable period of time” and that access to them can still be gained by Facebook users that maintain a direct link to the deleted image(s).
What that means is, for example, a Facebook photograph emailed out to friends can still be viewed via the original email link even though the image no longer appears on the user’s photo page.
I see this as a bit scary. Something like a “Minority Report” enabling technology. Walk past my store and I'll signal your Smartphone to tell you about my special offers (For you? $19.95)
Your dogs are going to hate you...
Why Lady Gaga Could Deploy a Sound Only Your Smartphone Can Hear
Audio tags are looking more and more like the new QR code — not only are they way less ugly than those jagged black-on-white squares, but you don’t need to take a picture of anything in order for them to work.
A startup called SonicNotify embeds inaudibly high-pitched audio signals within music or any other audio track. When a compatible app hears that signal, it triggers any available smartphone function to link you to websites, display text, bring up map locations, display a photo, let you vote on which song a performer plays next and so on.
… Buyers and journalists with the app installed at Fashion Week will be zapped an image of each model the instant they step onto the catwalk so they can examine the outfits up-close, in real time. Similarly impressive capabilities exist within the music realm. Best of all, the audience doesn’t even need to be actively running the app in order for it to pick up on those inaudible signals. [Remind you of the intro to the old “Outer Limits” TV show? “We control the vertical... and horizontal...” Bob]
“With Sonic, we can unlock anything that your iPhone or Android can do, as long as the SonicNotify SDK is built into an app that’s running in the background on your phone,” explained Israel. “For example, some of the stuff we’re doing with Gaga is when she is performing, mid-set, everyone in the arena gets a notification which lets them choose which song she plays for her encore.”
(Related) “We can, therefore we must!” What if your insurance company required you to monitor your health and report it to them in exchange for a break in premiums? (Auto insurance companies are already doing something similar...)
mHealth: Remote Patient Monitoring Is On The Rise, With Smartphones Leading The Way
… As smartphone processors become more powerful, a growing number of patients will be monitored by mobile networks. A recent report by Juniper on the mHealth sector estimated that 3 million patients will be monitored on those networks over the course of the next four years.
Ubiquitous surveillance. Now my model airplane skills can translate into “Urban Crop Dusting!” as I swoop down and spread Scott's fertilizer (only the best) on your lawn.
Congress Welcomes The Drones
Kashmir Hill writes:
The Senate passed a $63 billion bill Monday to provide four years of funding for the Federal Aviation Administration. One of the provisions of the Reauthorization Act is that the FAA clear the path for wider spread use of drones (a.k.a. unmanned aircraft) for governmental and commercial purposes. Within 90 days, the FAA has to speed up the process by which government agencies and law enforcement can get permission to use drones, and by 2015, it has to start allowing commercial use of drones
Read more on Forbes.
I don't understand... Did he say, “What you're doing is a crime. Keep doing it?”
Judge Refuses to Shut Down Online Market for Used MP3s
A one-of-a-kind website enabling the online sale of pre-owned digital-music files got a legal boost late Monday when a federal judge refused to shutter it at the request of Capitol Records.
It could be short-lived boost, however.
… The brief ruling (.pdf) by U.S. District Judge Richard Sullivan of New York did not clearly outline the reason for the decision. But in a transcript (.pdf) of a court proceeding Monday, he said that Capitol is likely to prevail at trial.
… Sullivan’s decision means that the case is still headed to trial, where Capitol will attempt to prove its allegations that ReDigi facilitates wanton copyright infringement and is not protected by the first-sale doctrine.
… ReDigi explained to Sullivan in court papers (.pdf) that its undisclosed number of account holders have a right to upload their purchased iTunes files into ReDigi’s cloud. And when a file is sold to another ReDigi account holder, no copy is made. What’s more, because of ReDigi’s technology, the original uploaded file that is sold cannot be accessed by the seller any more through ReDigi or via the seller’s iTunes account.
Prices for songs vary on ReDigi, with some files having asking prices as high as 87 cents — just 12 cents less than what many songs retail for on iTunes. The company, which earns up to 15 percent per sale, also offers cloud-storage music streaming.
Might be worth checking into...
New Web-Browser Add-On Protects Privacy
Leslie Meredith gives a nice write-up on Cocoon:
Cocoon’s co-founder Jeff Bermant admits he’s not a tech guy. “I wanted to give people relief from worrying about what can go wrong on the Internet,” he said. “Cocoon is for people who don’t know much about their computers.”
Read more on Tech News Daily.
[From the article:
Cocoon appears as a toolbar at the top of your browser window. When you click the "power button," the tool bar turns blue to indicate that Cocoon has been activated and your activities are protected.
Cocoon includes "disposable email" that lets users set up unique, throw-away email addresses to use when they subscribe to a website. Then they can easily delete the address to stop an onslaught of spam.
… Cocoon touts its portability, but to access your Cocoon account on another computer the plugin must be installed in the browser of the computer you'd like to use. [Or, install your browser on a thumb drive and carry your security with you. Bob] Once it is installed, you can log into your account with your email and password. When you log out of your session, it's as if you've never been there.
A great list of websites to start reading via you favorite RSS reader...
I probably have enough material for a half dozen textbooks on my thumb drive...
"The Saylor Foundation has a vision: Free and open materials for a complete undergraduate university education. To that end, they've announced the first winners in their Open Textbook Challenge: Four textbooks were relicensed under a Creative Commons Attribution 3.0 (CC-BY 3.0) Unported license, the most open of the CC licenses, and in return the authors were awarded a prize of $20,000 for each book. See the blog entries and the accompanying press releases for details. The second wave of submissions will be accepted until May 31, 2012."
Rice University And OpenStax Announce First Open-Source Textbooks
… Rice University, which has been pushing alternative distribution mechanisms for scholarly publications for years, has announced a new initiative, by which they hope to publish free, high-quality textbooks in core subjects like physics and biology via a non-profit publisher called OpenStax College. It’s the polar opposite of Apple’s iBooks textbooks, which, while they too help drag this dusty industry into the present, amount more to a new sales vector for the publishers than competition.
Tuesday, February 07, 2012
See? It can be done. And the article tells readers how it works (“it scrambles”) and where they can get it...
IN: Computers stolen from government office had encryption in place
February 7, 2012 by admin
Daniel Miller reports that 10 laptops loaded with classified and personal information were swiped over the weekend from the Department of Child Services in Hendricks County, Indiana, but thankfully, they were encrypted.
Read more on WISH.
Local Oops! Passwords & pass-phrases are forgotten. Write them down and store them someplace safe.
Wouldn't her lawyer have had a duty to ensure the password was preserved?
Defendant Ordered to Decrypt Laptop May Have Forgotten Password
David Kravets reports:
A Colorado woman ordered to decrypt her laptop so prosecutors may use the files against her in a criminal case might have forgotten the password, the defendant’s attorney said Monday.
The authorities seized the Toshiba laptop from defendant Ramona Fricosu in 2010 with a court warrant while investigating alleged mortgage fraud. Ruling that the woman’s Fifth Amendment rights against compelled self-incrimination would not be breached, U.S. District Judge Robert Blackburn ordered the woman in January to decrypt the laptop.
Read more on Threat Level.
Since I am personally struggling to recall an encryption key that I did not write down, I am prepared to believe any claims of forgetting. But what will the court do?
Have I already mentioned this?
Privacy in the Age of Big Data: A Time for Big Decisions
By Peggy Garvin Source: Stanford Law School
From the article:
We live in an age of “big data.” Data has become the raw material of production, a new source of immense economic and social value. Advances in data mining and analytics and the massive increase in computing power and data storage capacity have expanded, by orders of magnitude, the scope of information available to businesses, government, and individuals. … Data create enormous value for the global economy, driving innovation, productivity, efficiency, and growth. At the same time, the "data deluge" presents privacy concerns that could stir a regulatory backlash, dampening the data economy and stifling innovation. In order to craft a balance between beneficial uses of data and the protection of individual privacy, policymakers must address some of the most fundamental concepts of privacy law, including the definition of "personally identifiable information," the role of consent, and the principles of purpose limitation and data minimization.
[Stanford Law Review Online, 2 February 2012]
Are these used to vet people you meet on those dating websites?
February 06, 2012
FTC Warns Marketers That Mobile Apps May Violate Fair Credit Reporting Act
News release: "The Federal Trade Commission warned marketers of six mobile applications that provide background screening apps that they may be violating the Fair Credit Reporting Act. The FTC warned the apps marketers that, if they have reason to believe the background reports they provide are being used for employment screening, housing, credit, or other similar purposes, they must comply with the Act. According to the FTC, some of the apps include criminal record histories, which bear on an individual's character and general reputation and are precisely the type of information that is typically used in employment and tenant screening."
eLaw: Sort of the electronic equivalent of flashing your lights at oncoming traffic or listening to “traffic reports” – are either of those things illegal?
Brazil sues Twitter users over speed trap and traffic tweets
Twitter might have to decide quickly whether to start its new policy of removing tweets on a country-by-country basis.
Today, the attorney general of Brazil filed a preliminary injunction to block tweets and suspend the accounts of Twitter users who use the social-networking site to warn people about radar locations, speed traps, and DUI checkpoints in the Brazilian state of Goias, according to the news group O Globo.
Another eLaw case: There's “Social” and then there's “Social for Hire”
Employee or Employer: Who Owns the Twitter Followers?
A blogger might be on the hook for hundreds of thousands of dollars in economic damages after allegedly hijacking his former employer’s Twitter followers.
A lawsuit brought by South Carolina-based PhoneDog Media, a mobile-phone review site, raises a novel legal issue asking the simple question: Who owns an account’s Twitter followers, the employee or employer? For the moment, it looks like the employer does.
The PhoneDog website sued a former blogger, Noah Kravitz of Oakland, California, alleging that when Kravitz resigned in 2010 he took the company’s more than 17,000 followers with him to a new job at TechnoBuffalo, a PhoneDog competitor. The lawsuit accuses Kravitz of changing his username from @PhoneDog_Noah to @noahkravitz. [Surely changing your username isn't a crime (is it a tort?) Bob]
… PhoneDog says it provided Kravitz with the original Twitter username. The company says its staff is given Twitter handles in the pattern of @PhoneDog_(name).
“As a direct and proximate result of defendant’s wrongful acts, PhoneDog has suffered damage to its business by way of lost advertising revenue,” according to PhoneDog’s suit (.pdf) against Kravitz in San Francisco federal court.
Since the rule is “I know it when I see it” we'll need a few thousand examples to confirm that none rise to the level of Art and no new scientific principles are being documented.
Copyright defendant: Porn may be, um, unprotected
As Torrent Freak uploads the tale--backed up by a court-filed complaint (see below)--not long ago, an outfit calling itself Hard Drive Productions sued one Liuxia Wong over her alleged illegal download. Hard Drive later allegedly sought to drive a hard bargain by offering to settle its complaint with Wong for a mere $3,400.
The good lady was unimpressed. So she decided to sue, accusing Hard Drive--among other things--of harassment.
She also wonders whether Hard Drive could even have a case, arguing as she does that porn cannot be copyrighted.
Wong and her lawyers lean heavily on Article 1, Section 8, Clause 8 of the U.S. Constitution, which empowers Congress to "promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."
The question that might trouble some is whether porn promotes the progress of science and the useful arts
[The Harassment claim: http://www.scribd.com/doc/80042539/Gov-uscourts-cand-250725-4-0
A complement for TED?
"Google on Monday released a website and video regarding its Solve for X project, which the company says is 'a place where the curious can go to hear and discuss radical technology ideas for solving global problems.' It's got a TED-like think tank feel to it, but possibly with oodles of Google resources behind it. It appears related to Google's up-to-now largely secretive Google X research lab that the New York Times recently shed some light on."
Another useful(?) Google site
This website provides links to webinars, events, and usergGroups enabling you to connect with Google's Education team, their partners, and other educational institutions using Google Apps.
For my students
… For several years now, colleges and universities have posted for free academic courses via iTunes podcasts. But now in iTunes U, Apple is expanding the service by providing access to complete courses from leading universities and other schools.
For now the courses are completely free–requiring only your time to work through the lectures and assignments.
… You can access and view all the courses in iTunes U either through the iTunes U application itself, or in iTunes on your Mac or PC.
Monday, February 6, 2012
It is no secret that I am a Google fan boy which is why I use Chrome as my primary web browser. Chrome is my browser of choice in part because of the numerous useful browser extensions and add-ons that are available for it. In the video below I demonstrate my three favorite Chrome extensions that I think every teacher can benefit from using. These extensions are also available for Firefox and Safari.
Just in case everyone who tells me “I'm gonna start a Blog some day” actually means it...
Monday, February 06, 2012
This is news?
More breaches caused by staff than hackers
February 6, 2012 by admin
The 2012 data protection survey undertaken by the Irish Computer Society (ICS) shows that a higher number of data breaches are the result of internal failures and lack of awareness than are the result of external theft.
The survey involved more than 300 Irish IT administration and management staff and was undertaken in advance of the fourth annual ICS Data Protection conference on 9 February 2012.
Read more on InfoSecurity.
I vote for “Let it expire.” Otherwise the phrase, “I told you so!” loses its impact.
"Two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies. Internet Identity, a Tacoma, Wash. company that sells security services, found evidence of at least one DNSChanger infection in computers at half of all Fortune 500 firms, and 27 out of 55 major government entities. Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan's DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web. The FBI is currently debating whether to extend the deadline or let it expire."
Here's my Business Model, which I will now expand to include emails: I will analyze your political ads for $1000 per ad. Just call any of the numbers listed on my
Not Call Political Analyst list to initiate this service.
Call more than one number for our $10,000 “Analysis of Scope!”
[Like to be an analyst? Sign up for free. Records the ads. Get 90% of the fee.]
Move over robo-calls, states sell email addresses for campaigns to reach voters
Legal but annoying as heck? Kathleen Foster reports:
If your email inbox starts overflowing with messages from political campaigns this election season, it could be because your state sold you out.
A Fox News study has found 19 states plus the District of Columbia, now ask for an email address on voter registration cards. In nine of those states, email addresses from the cards are then sold to political parties, organizing groups, lawmakers and campaigns who can use them to send unsolicited emails.
Read more on Fox News.
Bottom line: if you’re registering to vote and are asked to provide an e-mail address, use a throwaway address or self-expiring address if you don’t want to be bothered with political e-mails. [Does failure to provide an email address mean you can't register to vote? Bob]
[From the article:
States that ask for email addresses on voter registration forms:
Arizona, Arkansas, California, Colorado, District of Columbia, Delaware, Indiana, Iowa, Maryland, Minnesota, Missouri, Nebraska, New Jersey, Oregon, Rhode Island, Tennessee, Virginia, Washington, Wisconsin and Wyoming
States that sell email addresses listed on voter registration forms:
Arkansas, California, Indiana, Iowa, Missouri, Oregon, New Jersey, Rhode Island and Wisconsin
If I capture the crooks breaking into your house, can I sell you the tape? And then sell it to the local TV station? And to the Defense Attorney? And Comedy Central? And “Cops? ” (the TV show, not the local boys in blue)
Public surveillance from private property questioned
Andrea Noble reports:
When D.C. police began installing surveillance cameras in neighborhoods more than five years ago as crime-fighting tools, privacy concerns voiced by civil liberties groups limited their scope and use.
Now a less-formal agreement from a citizens association planning to expand the Metropolitan Police Department’s watchful eye in Georgetown over the next few months is hitting a similar hurdle.
The Georgetown group’s cameras will tape public spaces such as streets and sidewalks, and video that could be used to solve a crime will be turned over to police, the group’s members said. The cameras will be located on private property, such as in residents’ yards, and as a result they will skirt the stringent rules imposed on the police department’s closed-circuit camera system.
Read more on The Washington Times.
Isn't this inevitable when companies hire every law firm in town?
"Google is at daggers end with a law firm it's been using since 2008, after discovering that lawyers in the law firm, named Pepper Hamilton LLP, were representing a patent licensing business that sued Google's Android partners last month. Google has claimed that Pepper Hamilton LLP never provided notice that it was hired by Digitude Innovations LLC, the firm that filed patent infringement complaints against Google's business allies."
iPhone soaks up 75 percent of all mobile phone profits
Though it holds only around 9 percent of the global mobile phone market, Apple raked in 75 percent of all profits across the industry last quarter, according to Asymco analyst Horace Dediu.
That left rival Samsung with 16 percent of the profit pie, RIM with 3.7 percent, HTC with 3 percent, and Nokia rounding out the list of 1.8 percent. All together that pie represents around $15 billion in profits for the final quarter of 2011.
Perspective Who (beside Homeland Security) reads that fast? (Of course, it could be 9,900 tweets of “Wow!”)
Twitter: In The Final 3 Minutes Of The Super Bowl, There Were 10,000 Tweets Per Second
… the Japanese continue to be avid tweeters, as the premiere of Japanese movie “Castles In The Sky” set the all-time record in December for tweets per second, at 25,088.
… Clearly, we are getting a glimpse of the increasing relevance and popularity of Twitter during important events, as Twitter’s official Twitter account (head explosion) announced tonight that, in the final three minutes of Super Bowl 2012, there was an average of 10,000 tweets per second. Obviously, this is less than half the tweet frequency (I’ll coin the “TF” acronym) of the Castles In The Sky premiere, but by all accounts this is the record for TF during a live sporting event.
Because I'm sure my students were too busy studying to watch...
Super Bowl 2012 Commercials - Watch, Laugh, Share
(Related) Okay, maybe they had a browser tab open...
First Legal Streaming Super Bowl A Success, But Audience Still Denied The Real Show
Lately, we’ve been seeing more and more big television events come with an online streaming counterpart. Sporting and televised events are showing up online with increasing frequency, with the 2010 Olympics seeming to be one of the first big global events where both viewers and media publicly recognized the power and potential of carrying an event like that online.
This year, for the first time in history, the Super Bowl is being shown online, for free. And it’s completely legal
My first 3 computers came without hard drives – floppy or cassette tape only....
… You’ll need a Windows Live account to start making full use of SkyDrive. For those too lazy to read – there’s 25gb of storage, web-based versions of popular Office apps; collaborative editing that doesn’t require everyone to login; and an iPhone app you should probably avoid for now.
… In SkyDrive, you now have access to cut-down versions of popular Office apps, to both create and edit documents without the need for a full offline Office suite (though you can at any point open your SkyDrive files in regular Office apps, then seamlessly save back again).
… so if your documents are predominantly MS formats and you’d like to move into the cloud without the hassle of importing and exporting etc, this is a great solution – and free.
… One really cool feature is that you don’t need a Windows Live account to edit the documents if someone sends you a link, so it’s a fantastic tool get anyone’s input without complicated sign ups.
… Even if you don’t need collaborative features, SkyDrive’s free 25gb is a generous cloud storage locker. It doesn’t sync with your files, so you can offload files totally to the cloud if you want, or just use it for backup. The interface is very Explorer-like so Windows users will feel right at home, but it also works just fine on a Mac.
For my students who are writing their own textbooks...
DotEPUB.com is a website that offers the free service of converting any text you find on the web into an e-book format which may be read on e-readers like Kindle or Nook among many others. The software which allows this conversion is based directly on the cloud, and requires no download whatsoever. And you don't have to worry either about having the latest version or not, because it will always be updated automatically.
… If on the other hand you have your own website and would like to let visitors save your texts as e-books, at DotEPUB.com you'll find a widget to include in your web which will give users this possibility.