Saturday, April 14, 2012

Keep everything in limbo...
Judge Won’t Purge Megaupload User Data, At Least Not Yet
A federal judge on Friday declined to pull the plug on 25 million gigabytes of Megaupload data seized when the government shuttered the file-sharing service in January.
… U.S. District Judge Liam O’Grady — according to CNET’s Greg Sandoval who attended the Virginia hearing — for the moment declined to go along with that plan, instead ordering the various parties connected to the case to broker a deal. [Why would the MPAA agree to anything, short of a full “confession?” Bob]

Well, as long as I have assurances from such a staunch defender of privacy...
Facebook defends CISPA while pledging not to share more data
The latest Internet oversight bill coming up before Congress -- the Cyber Intelligence Sharing and Protection Act (H.R. 3523) -- is only just starting to get much attention. And it certainly hasn't sparked a backlash the way SOPA did.
Unlike SOPA, CISPA has the support of a range of tech companies, including Facebook, IBM, Intel, Verizon, and AT&T. As my colleague Violet Blue explained in her piece "Say 'hello' to CISPA, it will remind you of SOPA":

What an amazing coincidence...
Interesting: Law Firm Leading The Antitrust Charge Against Apple Shares A Seattle Address With Amazon

What possible strategy was being followed?
"Following on the heels of the FCC and U.S. mobile carriers finally announcing plans to create a national database for stolen phones, a group of iPhone users filed a class action lawsuit against AT&T on Tuesday claiming that it has aided and abetted cell phone thieves by refusing to brick stolen cell phones. AT&T has '[made] millions of dollars in improper profits, by forcing legitimate customers, such as these Plaintiffs, to buy new cell phones, and buy new cell phone plans, while the criminals who stole the phone are able to simply walk into AT&T stories and 're-activate' the devices, using different, cheap, readily-available 'SIM' cards,' states their complaint. AT&T, of course, says the suit is 'meritless.'"

Should you always ask for the records that prove the government was monitoring you? Then you can claim that “This prosecution is actually persecution for my political beliefs” OR “The government claims they have not been monitoring me – if they are lying about that, what else are they lying about?” We're at the point where anyone could find technology the government has admitted using that could be connected to your case: (e.g. Speeding? GPS )
April 12, 2012
Protecting Classified Information and the Rights of Criminal Defendants: The Classified Information Procedures Act
Protecting Classified Information and the Rights of Criminal Defendants: The Classified Information Procedures Act, Edward C. Liu, Legislative Attorney; Todd Garvey, Legislative Attorney - April 2, 2012
  • "The Classified Information Procedures Act (CIPA) provides criminal procedures that permit a trial judge to rule on the relevance or admissibility of classified information in a secure setting. It requires a defendant to notify the prosecution and the court of any classified information that the defendant may seek to discover or disclose during trial. During the discovery phase, CIPA authorizes courts to issue protective orders limiting disclosure to members of the defense team that have obtained adequate security clearances, and to permit the government to use unclassified redactions or summaries of classified information that the defendant would normally be entitled to receive. If classified information is to be introduced at trial, the court may allow substitutes of classified information to be used, so long as they provide the defendant with substantially the same ability to present a defense and do not otherwise violate his constitutional rights. Among the rights that may be implicated by the application of CIPA in a criminal prosecution are the defendant’s right to have a public trial, to be confronted with the witnesses against him, and to have the assistance of counsel. CIPA may also be implicated by the obligation of the prosecution to provide the defendant, under Brady v. Maryland, with exculpatory information in its possession, and to provide the defendant with government witnesses’ prior written statements pursuant to the Jencks Act."

Something I should make my students use?
Friday, April 13, 2012
Last month I learned that Qwiki was launching a creation tool that allows users to create their own multimedia Qwikis. A Qwiki is a short narrated story that includes images, videos, and text. This morning I received my invitation to try out the new Qwiki Creator, these are my initial impressions.
Creating the basics of a Qwiki is very easy. There are three steps to the process; uploading content (or linking to hosted content like a Flickr image), recording narration, and captioning content. One of the things that I learned in my first attempt at creating a Qwiki is that the order in which you upload content is the order in which it will appear in your Qwiki. Perhaps I overlooked it, but I couldn't find a way to reorder my uploads. Voice recordings are limited to 20 seconds. You can also record with your webcam and have a video of yourself appear in your Qwiki. Captioning your content is very straight forward. After uploading content and making your recordings you're presented with a grid of all of your content to caption. Just fill in the blanks in the caption fields. The caption screen is where you can insert links.
The Qwiki Creator browser bookmarklet, titled Qwik It!, is a handy little product that will help some students clip and organize content for their Qwiki projects. With Qwik It! installed students can clip sections of webpages and send them directly to their Qwiki Creator accounts. From there they can use the clipped content to build a Qwiki.
Applications for Education
I was hoping for a bit more from the Qwiki Creator, but despite some of its editing limitations it could be a good tool for students to use to create short multimedia stories. Students could create personal narratives using Qwiki Creator. Or you might have students create short introductory narratives about topics that they're studying in your classes.

Harry Potter grows up?
J.K. Rowling Reveals Her New Book — For Adults
As widely reported yesterday, J.K. Rowling and her publisher Little, Brown have announced her new book. And, as you may have heard, it’s not for kids.
The “blackly comic, thought-provoking and constantly surprising” book, her publisher says — her first aimed at adults — is called The Casual Vacancy. It will be released worldwide (at least in English) in hardcover, ebook, unabridged audio download and CD on Thursday, September 27, 2012.

Friday, April 13, 2012

This is a long (but instructive) post, so I'll point you to it rather than quote it all here. These are questions their internal auditors would likely ask. Who else might be interested? (can you say BoD)
Why’s denial of breach fails to convince me
April 12, 2012 by admin
Some breach reports really bother me. The situation is a case in point. Despite their denial of any breach, what I saw in the two data dumps leaves me with the nagging suspicion that they were hacked. And so I contacted them again almost two weeks ago, following their last statement, to ask to speak with them about my concerns and what I had found in analyzing some of the data. They never responded to that request or got back to me.
So after mulling this over for a while, I decided to post my concerns here. This will be a long post, so bear with me.

If you were to ask an MBA (Oh wait, I have one of those) he would tell you that leaving anyone unsupervised was proof of bad management. I wrote a few programs to tell me exactly what my people were doing and I explained to them how the reports could (and did) protect them from wild accusations of misconduct. Frequent reviews of the reports with my employees reinforced the seriousness of “the rules”
Leaving IT admins unsupervised is like putting “Dracula in charge of the blood bank”
April 13, 2012 by Dissent
Ben Grubb reports:
About 40 per cent of IT administrators go snooping through emails of employees, particularly those of high-level executives, claims the chief executive of a firm that manages the IT security of various Australian companies and government agencies.
A company’s IT admins have access to virtually every document company-wide – including executive files, payroll information and medical data – and many “can’t help themselves” in gaining access to emails, says Carlo Minassian, founder and CEO of Earthwave, the North Sydney-based firm that is hired by organisations looking to outsource their IT security.
Read more on The Age.

Definitely something I'll add to my Intro t Computer Security course. (First, scare them Then, show them a solution)
'Get a Copy of What You've Shared on Facebook'
Faced a host of privacy investigations around the globe and an initial public offering in the next few works, Facebook is trying extra hard to increase transparency and make users happy. The latest effort is an expansion of the social network's "Download Your Data" feature, a three-click process that lets you "Get a copy of what you've shared on Facebook." The site first launched this feature two years ago but only allowed users to get a copy of their list of friends, photos, wall posts, messages, and chat conversations. Now, you'll also get a list of your former usernames and email addresses, all of your friend requests as well as the IP addresses of all the computers you've used to log on to Facebook. It's like a data-rich walk down memory lane.
Read the full story at The Atlantic Wire.

“We can (and do) therefore we (and the government) must” Haven't I been saying this for years?
"Chief Judge Alex Kozinski of the Ninth Circuit Court of Appeals candidly discusses the future of privacy law in an essay published today in the Stanford Law Review Online. Referencing an Isaac Asimov short story, Kozinski acknowledges a serious threat to our privacy — but not from corporations, courts, or Congress: 'Judges, legislators and law enforcement officials live in the real world. The opinions they write, the legislation they pass, the intrusions they dare engage in—all of these reflect an explicit or implicit judgment about the degree of privacy we can reasonably expect by living in our society. In a world where employers monitor the computer communications of their employees, law enforcement officers find it easy to demand that internet service providers give up information on the web-browsing habits of their subscribers.'"
"In a world where people post up-to-the-minute location information through Facebook Places or Foursquare, the police may feel justified in attaching a GPS to your car. In a world where people tweet about their sexual experiences and eager thousands read about them the morning after, it may well be reasonable for law enforcement, in pursuit of terrorists and criminals, to spy with high-powered binoculars through people's bedroom windows or put concealed cameras in public restrooms. In a world where you can listen to people shouting lurid descriptions of their gall-bladder operations into their cell phones, it may well be reasonable to ask telephone companies or even doctors for access to their customer records. If we the people don't consider our own privacy terribly valuable, we cannot count on government — with its many legitimate worries about law-breaking and security — to guard it for us.'"

Perhaps we could collect these into a “How To” guide...
Unmasking Anonymous Internet Speech in New York
April 12, 2012 by Dissent
Scott M. Himes writes:
Every day innumerable people “speak” on the internet, through email, social media, blogs, and other electronic writings, without disclosing their identities (or by using fictitious ones). But the anonymity of internet speech becomes an issue when one feels aggrieved by anonymous (or pseudonymous) words. And although the First Amendment protects anonymous speech, that protection is not absolute. Increasingly, would-be plaintiffs — particularly those claiming defamation based on internet speech — resort to the courts to unmask the electronic speaker’s identity. New York’s pre-action disclosure statute provides a well-suited mechanism for doing so, although using it for this purpose raises unsettled issues.
Read more on Law Technology News. The article provides a nice recap of cases in New York when it comes to unmasking anonymous online speakers.

How should I take this? Millions of legitimate users don't count? More likely, any possible defense is to be attacked aggressively, because if they lose this they might not get to fight another day...
U.S. tries to silence MegaUpload lawyers on issue of user data
… U.S. officials shut down the cyberlocker service, requested that the New Zealand government arrest DotCom, and are now trying to extradite him to the United States. U.S. officials have called the MegaUpload indictment the largest online criminal copyright case ever brought.
Hanging in the balance of today's hearing are digital files belonging to as many as 60 million people across the globe. Their files could be in jeopardy if O'Grady decides to allow Carpathia Hosting, the company that has housed the servers at its own expense since the service was taken down, to delete the information on them or possibly sell off the servers.
… Rothken says that all the parties are in agreement that MegaUpload's data should be preserved save for the U.S. government.
… Even the Motion Picture Association of America (MPAA), the trade group representing the film studios, has asked the court to save the data. The MPAA has said it may need it should the studios want to file a civil complaint at a later date against MegaUpload.
And should MegaUpload's attorneys be allowed to speak, they will tell the judge that they can't defend their clients properly without the server data, Rothken said.

Those who cannot remember the past are condemned to repeat it. ” George Santayana
A business model that charges for free broadcast TV? Sounds like the networks are jealous.
Shades of 1984 Emerge in Broadcast TV Copyright Flap
In 1984, Hollywood was arguing that the VCR and home taping would kill its business and wanted the Supreme Court to outlaw the devices from Americans’ living rooms. Luckily for Americans and Hollywood, the Supreme Court recognized the power of innovation and the limits of copyright in a 5-4 decision that helped unleash a revolution in home entertainment that included a multi-billion-dollar market in videotape and DVD sales and rentals.
Fast forward three decades and we’re right back to 1984. Broadcasters including ABC, CBS, Fox, NBC and Univision are set to appear in court next month to urge a New York federal judge to block the latest television-viewing technology they claim will bankrupt their business model.
… To understand the latest legal jockeying, substitute the term VCR with Aereo. The upstart, Aereo, opened for business last month and supplies internet streams and a DVR service for over-the-air broadcasts to its New York customers. In other words, Aereo lets those in New York who want to watch on their iPad what they can pull down for free from the public airwaves to their TV with an antenna. For the moment, the service is free, but will soon charge $12 monthly.

This just in: It was never about a successful launch.
This Just In: North Korea Still Sucks at Launching Rockets
The North Korean rocket launch that gave the world heartburn is a dud. Again. CNN reports that the Unha-3 rocket blew up after failing to get its “Bright Star” satellite into orbit. In case you’re counting, that makes them 0 for 4 since 1998.

Another free Office Suite...
"The Calligra team has announced the first release of the Calligra suite of office and creativity applications. This marks the end of a long development period lasting almost one and a half year. It is the first release in a long series which is planned to make improved applications every 4 months. Calligra is a continuation of the old KOffice project and it may be interesting for KOffice users to know what they will get. Some highlights are: a completely rewritten text layout engine that can handle most of the advanced layout features of OpenDocument Format (ODF), simplified user interface, support for larger parts of the ODF specification (for example line endings like arrows), and improved import filters for Microsoft document formats. There are also two new applications: Flow for diagrams and flowcharts, and Braindump for the note taking. Calligra Active is a new interface for touch based devices and especially for the KDE Plasma Active environment. Several companies have already used Calligra as a base for their own office solution. One of them is Nokia with their N9 high end smartphone where Calligra is embedded into the so called Harmattan Office."

It might be interesting to see what research attracts big bucks...
Crowdfunding projects through sites like Kickstarter has become incredibly popular lately. Can the same process of opening up funding to "the crowd" work for academic and scientific research?
A new site called Microryza launches today to do just that.
You can read my story over on Inside Higher Ed...

Huh. I've been doing that for years, why aren't I rich instead of handsome?
Screw University, Course Hero Curates YouTube Into Free Business and Coding Classes
You can learn just about anything from YouTube…if you’re willing to dig through millions of videos. Luckily, Course Hero has done the work for you, offering coherent classes by hosting collections of the best educational YouTube videos and other content. The newly launched courses section of the eduTech startup’s site now has classes in entrepreneurship, business plan development, and programming in a variety of languages. Meanwhile, Course Hero offers crowdsourced study guides, tutoring, and flashcards.

Thursday, April 12, 2012

So are my Computer Security majors worth more in the job market or not?
Future of Data Breach Class Actions After ‘Anderson’
April 11, 2012 by admin
John F. Mullen and Francis X. Nolan IV discuss the state of class action lawsuits over data breaches. Here’s a snippet:
In October 2011, the U.S. Court of Appeals for the First Circuit issued its decision in Anderson v. Hannaford, where it denied the defendant grocery chain’s motion to dismiss an action arising from a breach of customers’ personal information—a rare significant victory for plaintiffs alleging mitigation damages.1 Anderson is viewed, by some, as a watershed moment in the brief but frenzied history of data breach litigation. But is it really a departure from precedent? If not, what sets Anderson apart from other unsuccessful data breach actions? This article reviews and analyzes notable decisions in this area of law.
Read their full commentary and analysis on New York Law Journal.

That just means they can't hit him with it, right? They have to bring their own club...
Code Not Physical Property, Court Rules in Goldman Sachs Espionage Case
Former Goldman Sachs programmer Sergey Aleynikov, who downloaded source code for the investment firm’s high-speed trading system from the company’s computers, was wrongly charged with theft of property because the code did not qualify as a physical object under a federal theft statute, according to a court opinion published Wednesday.
“Because Aleynikov did not ‘assume physical control’ over anything when he took the source code, and because he did not thereby ‘deprive [Goldman] of its use,’ Aleynikov did not violate the [National Stolen Property Act],” the 2nd Circuit Court of Appeals wrote in its opinion (.pdf).
The three-judge panel in New York also ruled that Aleynikov was wrongly charged with espionage, since the code was not a product designed for interstate or foreign commerce, a requirement under the Economic Espionage Act with which he was charged and convicted. The court found that Goldman’s system was neither “produced for” nor “placed in” interstate or foreign commerce, nor did the company have any intention of selling its system or licensing it to anyone.
The opinion finally provides explanation for why the judges delivered a surprise ruling last February that reversed Aleynikov’s conviction and sprung him from prison a year after he had begun to serve an eight-year sentence.
The ruling also deals a blow to the government’s ability to prosecute others for similar thefts of trade secrets under the EEA.

I'm going to have someone explain this to me. It's conspiracy to charge more than DoJ thinks books are worth?
April 11, 2012
DOJ Files Lawsuits Against Apple and Publishers Over E-Book Pricing
News release: "In recent years, we have seen the rapid growth – and the many benefits – of electronic books. E-books are transforming our daily lives, and improving how information and content is shared. For the growing number of Americans who want to take advantage of this new technology, the Department of Justice is committed to ensuring that e-books are as affordable as possible. [Interesting choice of words. Will they offer coupons? Bob] As part of this commitment, the Department has reached a settlement with three of the nation’s largest book publishers – and will continue to litigate against Apple, and two additional leading publishers – for conspiring to increase the prices that consumers pay for e-books. Earlier today, we filed a lawsuit in U.S. District Court for the Southern District of New York, against Apple and five different book publishers – Hachette, HarperCollins, Macmillan, Penguin and Simon & Schuster. In response to our allegations, three of these publishers – Hachette, HarperCollins and Simon & Schuster – agreed to a proposed settlement. If approved by the court, this settlement would resolve the Department’s antitrust concerns with these companies, and would require them to grant retailers – such as Amazon and Barnes & Noble [and Apple? Bob] – the freedom to reduce the prices of their e-book titles. The settlement also requires the companies to terminate their anticompetitive most-favored-nation agreements with Apple and other e-books retailers."

(Related) It's not who you know, it's who you PAC (and how generously)
Jeff Bezos Should Send Eric Holder a Christmas Card
I can imagine Amazon CEO Jeff Bezos in Seattle this morning, reading the Justice Department’s antitrust lawsuit on a gigantic Kindle Fire XL prototype, and grinning ear to ear, savoring every word.
… Jeff Bezos knows exactly what to do next. Jeff Bezos doesn’t have to answer to anyone any more. Everyone else, including his most powerful counterparts across the negotiating table, will have to answer to him.
Amazon as the returning hero
Officially, Amazon’s response to today’s news is fairly measured. “This is a big win for Kindle owners, and we look forward to being allowed to lower prices on more Kindle books,” writes Amazon spokesman Drew Herdener in an e-mail.
But if it’s “a big win for Kindle owners,” it’s a huge win for Amazon. If you read the text of Justice’s proposed settlement with e-book publishers, it sounds like an argument for Amazon’s business model.
The settlement gives Amazon everything it wants in its dealings with publishers, and enshrines it as part of an agreement with the federal government, and compliance with antitrust law.
… In short, the settlement forces publishers who agree to it to go back to the negotiating table with Amazon while systematically taking away every piece of leverage those publishers have had — whether ill-gotten or not.
… What’s left out of the Justice department’s lawsuit might be even better news for Amazon than what’s included. There is no broader look at any of the anticompetitive vagaries of the e-book market beyond publishers’ negotiations with retailers in the period before and after the launch of iBooks.
The suit blasts most favored nation agreements without noting that Amazon has aggressively pursued MFN agreements with publishing partners, including partners whose books it sells wholesale. It’s completely silent on retailers’ and device manufacturers’ use of DRM to lock customers into a single bookstore. Amazon is purely a market innovator, not a budding monopolist, even as the DOJ notes that Amazon’s pricing power helped determine pricing power across the industry.

(Related) On the other hand...
DOJ is likely to lose e-book antitrust suit targeting Apple
… "It's a harder case against Apple than the publishers," says Geoffrey Manne, who teaches antitrust law at the Lewis and Clark Law School in Oregon and runs the International Center for Law and Economics. (See CNET's list of related articles and an explanation of e-book economics.)
One reason lies in the Justice Department's 36-page complaint, which recounts how publishers met over breakfast in a London hotel and dinners at Manhattan's posh Picholine restaurant, which boasts a "Best of Award of Excellence" from Wine Spectator magazine. The key point is that Apple wasn't present.
The Department of Justice "has a far better case against the publishers than Apple," says Dominick Armentano, professor emeritus of economics at the University of Hartford and author of Antitrust and Monopoly who's now affiliated with the Independent Institute in Oakland, Calif. "If the CEOs of the various publishers got together in hotel rooms to discuss prices, they are sunk" and might as well settle, he says.
Richard Epstein, the prolific legal scholar and professor of law at New York University, goes further. Epstein argues in an essay published yesterday that there are "difficulties" with the Justice Department's case against publishers as well: "It will take some time to hear the whole story, but the betting here is that this lawsuit is a mistake."

At least California added schools to those prohibited from invading your privacy.
More States Try to Keep Facebook Passwords Away From Bosses
The Maryland General Assembly passed a law on Tuesday to make it illegal for employers to ask employees for Facebook passwords, and now other states are considering similar legislation, including California, Michigan, Minnesota and Illinois.
In California, State Bill 1349 would prevent schools and employers from demanding access to social media accounts.
… One of the challenges that these laws will face is the fuzzy line between “personal” and “work” accounts. For instance, an employee may use a personal Twitter account to tweet as a subject matter expert who works for a well-reputed consultancy. Whether that consultant is tweeting from a work or personal account could be challenged in a court. [Who made money? Bob]

A US court can stop an injunction issued by a German court because the German court's ruling would stop the US court from ruling? This is why I'd never make it in Law School – my head would explode.
"In an unusual case, a U.S. judge has ruled that Motorola cannot enforce an injunction that would prevent Microsoft from selling Windows products in Germany, should a German court issue such an injunction next week. Microsoft asked the judge for the ruling in anticipation of an injunction that a German court is expected to issue related to a patent infringement suit that Motorola filed against Microsoft in Germany. The suit centers primarily on Motorola licenses that have been declared essential to the H.264 video standard. The German injunction is expected on April 17."
[From the article:
Microsoft argued that if the judge would allow that German injunction to go forward, which ultimately might compel Microsoft to negotiate a license according to German law, the U.S. court would lose its opportunity to make its own ruling on similar licensing issues. The U.S. court should be the one to rule on that issue, Microsoft argued, because Microsoft filed its lawsuit against Motorola over the terms of a licensing deal before Motorola filed its suit in Germany.

The University just went to dual-boot (Windows 7 & Ubuntu) over the break between Quarter. This was (apparently) considered so trivial that they didn't even notify the professors. We haven't trained anyone on Windows XP in a long while...
"Microsoft's recent announcement that it will end support for the Windows XP operating system in two years signals the end of an era for the company, and potentially the beginning of a nightmare for everyone else. When Microsoft cuts the cord on XP in two years it will effectively leave millions of existing Windows-based computers vulnerable to continued and undeterred cyberattacks, many of which hold the potential to find their way into consumer, enterprise and even industrial systems running the latest software. Although most of the subsequent security issues appear to be at the consumer level, it may not be long until they find a way into corporate networks or industrial systems, says VMWare's Jason Miller. Even scarier, Qualsys's Amol Sarwate says many SCADA systems for industrial networks still run a modified version of XP, and are not in a position to upgrade. Because much of the software running on SCADA systems is not compatible with traditional Microsoft OS capabilities, an OS upgrade would entail much more work than it would for a home or corporate system."

Ah ha! That's why they killed the penny, so Canadians would be forced to use e-Currency! Now they will be able to spend fractional pennies if they choose – perhaps my blog would be worth 14/93 of a penny?
"The Canadian mint has allowed 500 developers to enter a contest to create a new digital currency. The currency would allow micro payments using electronic devices. From the article: 'Less than a week after the government announced the penny’s impending death, the Mint quietly unveiled its digital currency called MintChip. Still in the research and development phase, MintChip will ultimately let people pay each other directly using smartphones, USB sticks, computers, tablets and clouds. The digital currency will be anonymous and good for small transactions — just like cash, the Mint says. To make sure its technology meets the gold standard in a world where digital transactions are gaining steam, the Mint is holding a contest for software developers to create applications using the MintChip.'"
It looks like the Canadian Mint might have a bit of Sweden envy.

"A Japanese bank this week said it will introduce ATMs that use palm scanners in place of cash cards. Ogaki Kyoristu Bank said the new machines will allow customers to withdraw or deposit cash and check their balances by placing their hand on a scanner and entering their birthday plus a pin number. The ATMs will initially be installed at 10 banks, as well as a drive-through ATM and two mobile banks. Ogaiki announced the new ATMs with the slogan 'You are your cash card.'"

How to get a micro-education?
Microsoft Inks Its Biggest Cloud Deal Yet: 7.5M Students And Teachers In India
Microsoft has announced that it has signed its largest-ever cloud services deal, an agreement with the All India Council for Technical Education to deploy Microsoft’s Live@edu service to some 10,000 technical colleges in the country, covering 7.5 million users.
Microsoft Live@edu
Microsoft Live@edu offers education institutions free, hosted, co-branded communication and collaboration services for students, faculty, and alumni. Microsoft Live@edu can:
  • Provision cloud-based email.
  • Provide enterprise-class tools.
  • Enable online document sharing and storage.
  • Help improve alumni communication.

For my Intro to Computer Security class

Could this be an e-Study Group tool?
Wednesday, April 11, 2012
Remember when Facebook was just a network for college students? Well they're not reverting back to those days, but today they did introduce Groups for Schools that do require members to have a .edu email from the college or university whose group they wish to join. The new Groups for Schools option is for colleges and universities who wish to create groups in which to post lectures, notes, and files. Groups for Schools includes a file sharing option that members of each group can use.
TechCrunch has a good piece about Facebook's new Group's for Schools that I recommend reading.

For that day in the (near) future when e-Textbooks become mandatory...
eReaderLookup is a website that allows users to compare different eBook readers and choose the best one suited for them. It shows users complete specifications of the available eBook readers along with their price.

Wednesday, April 11, 2012

(Yet another “We don't want to spend the money, let's ask the government to “do it for us!”) Where's the fun in that? My Ethical Hackers would be happy to see if they can speed up or shut off your pacemaker.
Board Urges Feds to Prevent Medical Device Hacking
In the wake of increasing concern about the security of wireless medical devices, a privacy and security advisory board is calling on the government to grant the FDA or other federal entity the authority to assess the security of devices before they’re released for sale to the market.

Clear legal reasoning is like pornography – I know it when I see it. Unfortunately, I see lots more pornography than clear reasoning. (And this from the 9th! Go figure.)
Court Rebukes DOJ, Says Hacking Required to Be Prosecuted as Hacker
Employees may not be prosecuted under a federal anti-hacking statute for simply violating their employer’s computer use policy, a federal appeals court ruled Tuesday, dealing a blow to the Obama administration’s Justice Department, which is trying to use the same theory to prosecute alleged WikiLeaks leaker Bradley Manning.
The case, decided by the 9th U.S. Circuit Court of Appeals, concerns the Computer Fraud and Abuse Act, which was passed in 1984 to enhance the government’s ability to prosecute hackers who accessed computers to steal information or to disrupt or destroy computer functionality.
At least, that’s what the court says is the act’s purpose.
The government, however, has interpreted the anti-hacking provisions to include activities such as violating a website’s terms of service or a company’s computer usage policy, a position the court said means “millions of unsuspecting individuals would find that they are engaging in criminal conduct.” The court said that violations of employee contract agreements and websites’ terms of service were better left to civil lawsuits.
“Under the government’s proposed interpretation of the CFAA, posting for sale an item prohibited by Craigslist’s policy, or describing yourself as ‘tall, dark and handsome,’ when you are actually short and homely, will earn you a handsome orange jumpsuit,” the court ruled, adding in a footnote that the government’s interpretation of the law opens employees up to be arrested, not merely fired, for playing Farmville at work.

Two in a row? I'm stunned!
Fifth Circuit Considers Constitutionality of Cell Site Location Data
April 11, 2012 by Dissent
Susan Freiwald writes:
Department of Justice litigators just filed a reply brief in an exciting but complex case in the Fifth Circuit that concerns law enforcement access to cell site location data. As amicus curiae, I hope to deepen readers’ understanding of the basic issues in the case and also to provide some insider’s insights. This blog post will furnish the background that later postings will draw upon.
The litigation began when Magistrate Judge Smith rejected three government applications for cell site location data that did not purport to satisfy probable cause. I highly recommend Judge Smith’s thoughtful opinion that holds that agents must obtain a warrant to compel service providers to disclose a target subscriber’s stored records of cell phone location data. Justice Department lawyers appealed Judge Smith’s denial, as well as the District Court’s order that agreed with Judge Smith, because they claim the right to compel disclosure whenever they satisfy the “relevance standard” under 18 U.S.C. § 2703(d) (“D order”).
Read more on Concurring Opinions.

(Related) I'll believe it when my Ethical Hackers can't get in...
This Internet provider pledges to put your privacy first. Always.
… The ISP would not merely employ every technological means at its disposal, including encryption and limited logging, to protect its customers. It would also -- and in practice this is likely more important -- challenge government surveillance demands of dubious legality or constitutionality.
A decade of revelations has underlined the intimate relationship between many telecommunications companies and Washington officialdom. Leading providers including AT&T and Verizon handed billions of customer telephone records to the National Security Agency; only Qwest refused to participate. Verizon turned over customer data to the FBI without court orders. An AT&T whistleblower accused the company of illegally opening its network to the NSA, a practice that the U.S. Congress retroactively made legal in 2008.
By contrast, Merrill says his ISP, to be run by a non-profit called the Calyx Institute with for-profit subsidiaries, will put customers first. "Calyx will use all legal and technical means available to protect the privacy and integrity of user data," he says

Maury Nichols sent the link to this article. Always gratifying to know someone reads my Clippings...
Can the Government Force the Surrender of Encryption Keys?
… Encrypted data is accessible only through the use of a password or encryption key, and this encryption raises several questions. What happens when the government wants to read encrypted documents? Can the government make you turn over your password or encryption key? Does the right to remain silent or the privilege against self-incrimination provide any protection? Some believe that the answer to this question may be one of the most important technology-related legal questions of the next decade.

Yesterday the FBI told us there is no security. Today there is a suggestion that Privacy is pretty much non-existent too.
UK: New smart meter privacy guidelines restrict suppliers’ access to data
April 11, 2012 by Dissent
Derek Du Preez reports:
The Department of Energy and Climate Change (DECC) has proposed tough new measures that would restrict how suppliers and network operators access and use consumer data obtained via smart meters.
For instance, suppliers of gas or electricity could end up only having access to monthly energy consumption data, which they could only use for billing purposes.
Read more on Computerworld (NZ)

If they really spent $1 Billion to keep Instagram away from Twitter, that's paranoia. But now that they have it...
Privacy concerns after Instagram’s acquisition by Facebook
April 11, 2012 by Dissent
Graham Cluley writes:
It’s the big tech headline of the week: Facebook has announced it is buying the popular photo-sharing app Instagram for a cool billion dollars.
But should Instagram’s 30 million users – who are reportedly uploading five million new photos to the service each day – have worries about the acquisition?
Read more on NakedSecurity.

If you believe that you are completely unable to say “No!” then it makes sense to ask the government to “do it for you.” After all, they want to do everything for you. If you don't need the government to intervene, then you must be a small government advocate.
Maryland becomes first state to ban employers from asking for social media passwords
April 10, 2012 by Dissent
Kevin Rector reports:
Employers in Maryland would be prohibited from asking current and prospective employees for their user names and passwords to websites such as Facebook and Twitter under legislation that passed the General Assembly and now awaits signature from Gov. Martin O’Malley.
Read more in the Baltimore Sun.
Because it was a Maryland state agency case that really raised public consciousness about this issue, it seems only right that they’d be the first state to pass a law prohibiting it.
Well done, folks. Now let’s see if Montana also passes one, as this whole matter first really came to public attention over Bozeman’s hiring policies.

No surprises here... (May include a dash of bias...)
"Jonathan Corbett, creator of the video showing that TSA's body scanners can't see metal objects on our sides, has a new video out. This time he's interviewing an experienced TSA screener identified only as 'Jennifer,' and her allegations point to 'fatal flaws' in TSA and its procedures. Worse, TSA's screeners are well aware of these flaws. According to Jennifer, body scanners frequently fail to detect objects on passengers, and this flaw is well known to the screeners on the job. People with visible items in their pockets can pass through scanners without detection, even when the items are simulated weapons or explosives. Jennifer also alleges that training for screeners is severely lacking. Screeners are directed to operate body scanners, even the X-ray scanners, without any training whatsoever. The manual of standard operating procedures often can't be found at the checkpoints, let alone read. Jennifer was so alarmed by what she experienced that she wrote her congressional representative to complain. She was ultimately fired as a result, effective yesterday."

April 10, 2012
Gartner Says Worldwide Media Tablets Sales to Reach 119 Million Units in 2012
News release: Worldwide media tablet sales to end users are forecast to total 118.9 million units in 2012, a 98 percent increase from 2011 sales of 60 million units, according to Gartner, Inc. Apple's iOS continues to be the dominant media tablet operating system (OS), as it is projected to account for 61.4 percent of worldwide media tablet sales to end users in 2012. Despite the arrival of Microsoft-based devices to this market, and the expected international rollout of the Kindle Fire, Apple will continue to be the market leader through the forecast period. "Despite PC vendors and phone manufacturers wanting a piece of the pie and launching themselves into the media tablet market, so far, we have seen very limited success outside of Apple with its iPad," said Carolina Milanesi, research vice president at Gartner. "As vendors struggled to compete on price and differentiate enough on either the hardware or ecosystem, inventories were built and only 60 million units actually reached the hands of consumers across the world. The situation has not improved in early 2012, when the arrival of the new iPad has reset the benchmark for the product to beat."

A lot of this is already accessible via WolframAlpha.
April 10, 2012
World Bank Publications and Research Now Easier to Access, Reuse
News release: "Two years after opening its vast storehouse of data to the public, the World Bank is consolidating more than 2,000 books, articles, reports and research papers in a search-engine friendly Open Knowledge Repository, and allowing the public to distribute, reuse and build upon much of its work—including commercially. The repository, launched today, is a one-stop-shop for most of the Bank’s research outputs and knowledge products, providing free and unrestricted access to students, libraries, government officials and anyone interested in the Bank’s knowledge. Additional material, including foreign language editions and links to datasets, will be added in the coming year. And, in a bid to promote knowledge-sharing around the world, the Bank has become the first major international organization to require open access under copyright licensing from Creative Commons — a non-profit organization whose copyright licenses are designed to accommodate the expanded access to information afforded by the Internet."

Most interesting, but you can only sign up using your Facebook account? Bummer!
Wavii Vows to Understand Entire Internet
Adrian Aoun wants to build a system that instantly understands everything posted to the internet.
He started the project about three years ago, and on Wednesday, he and his company, Wavii, unveiled version number one. As it stands, Wavii’s online service is a Facebook-like newsfeed for everything other than Facebook. It feeds you news about what’s going on in the world at large, not just random thoughts from your friends and family. But in building this service, Aoun and company are tackling a much larger problem. They’re trying to organize the internet’s information in ways that machines can understand it.

I'll add this one to my Math tools
Percentage Calculator

Tuesday, April 10, 2012

One hack worth “hundreds of millions?” So, the utilities are rushing to put unsecured meters on every home and then expecting the FBI to go door to door and look for hackers? That sounds like really bad management (or really smart buck-passing)
"A series of hacks perpetrated against so-called 'smart meter' installations over the past several years may have cost a single U.S. electric utility hundreds of millions of dollars annually, the FBI said in cyber intelligence bulletin first revealed today. The law enforcement agency said this is the first known report of criminals compromising the hi-tech meters, and that it expects this type of fraud to spread across the country as more utilities deploy smart grid technology."
[From the article:
The FBI warns that insiders and individuals with only a moderate level of computer knowledge are likely able to compromise meters with low-cost tools and software readily available on the Internet.
… The FBI believes that miscreants hacked into the smart meters using an optical converter device — such as an infrared light — connected to a laptop that allows the smart meter to communicate with the computer. After making that connection, the thieves changed the settings for recording power consumption using software that can be downloaded from the Internet.
“The optical converter used in this scheme can be obtained on the Internet for about $400,” the alert reads. “The optical port on each meter is intended to allow technicians to diagnose problems in the field. This method does not require removal, alteration, or disassembly of the meter, and leaves the meter physically intact.” [Thanks FBI, my Ethical Hackers should be able to take it from here. Bob]
The bureau also said another method of attacking the meters involves placing a strong magnet on the devices, which causes it to stop measuring usage, while still providing electricity to the customer. [Anyone can use this technique! Bob]

Isn't it all just the cost of doing business in this industry?
"Back in 2007, Heartland had a security breach that resulted in a 130 million credit card details being lifted. A class action suit followed and many thought it would send a direct message to business to ensure proper security measures protecting their clients and customers. With the Heartland case now over and settlements paid out and divided up, the final breakdown is as follows: Class members: $1925 (11 cases out of 290 filed were 'valid'). Lawyers for the plaintiff class action: $606,192. Non-Profits: around $1,000,000 (The Court ruled a minimum of $1 million dollars in payouts). Heartland also paid its own lawyers around $2 million. Eric Goldman (Law Professor) has additional commentary on his Law Blog: 'The opinion indicates Heartland spent $1.5M to advertise the settlement. Thus, it appears they spent over $130,000 to generate each legitimate claim. Surprisingly, the court blithely treats the $1.5M expenditure as a cost of doing business, but I can't wrap my head around it. What an obscene waste of money! Add in the $270k spent on claims administration, and it appears that the parties spent $160k per legitimate claimant. The court isn't bothered by the $270k expenses either, even though that cost about $1k per tendered claim (remember, there were 290 total claims).'"

People who can't count shouldn't be in charge of data security!
Utah Dept. of Health hacked, over 500,000 700,000 affected and the number’s growing?
April 9, 2012 by admin
Marjorie Cortez provides an update on a breach that started out bad enough last week, and just got a lot worse:
Some 280,000 people had their Social Security numbers listed in state health data stolen from a computer server last week, state officials announced Monday, calling the data breach the largest in state history.
Another 500,000 victims had less sensitive personal information stolen, state health department and technology services officials said during a press conference at the State Office Building. “Less sensitive” information was described as names, dates of birth and addresses. Officials said there may be some overlap between the groups, and information is still being reviewed.
The victims are likely to be people who have visited a health care provider in the past four months. Many are children who are enrolled in Children’s Health Insurance Program or Medicaid, although adults are also victims, officials said.
Read more on Deseret News.

Subtle, but important: “Everyone should keep an eye on their grandma.” NOT “Everyone should keep an eye on grandma.”
Watching ‘Martha’: 50,000 affected by security camera privacy breach
April 9, 2012 by Dissent
Andrew Ramadge reports:
Thousands of people all over the world could be watching Martha* get ready for bed right now. But Martha isn’t an entertainer. She’s an elderly woman, and she almost certainly doesn’t know that the inside of her home is being broadcast on the web.
Martha – or more likely, one of her carers – was one of up to 50,000 people who bought and installed a security camera made by the US company TRENDnet before it was discovered that the live footage they captured could be watched by anyone with an internet connection, without even having to guess a password.
Since the flaw was discovered in January, some TRENDnet customers have taken steps to fix it. But many haven’t, and apparently remain unaware that the devices they installed to keep themselves safe could in fact be doing the exact opposite.
Read more on SMH

Why I have a few concerns about government run Health Care databases... In a well managed system, the code for “pregnant” would not be available “if sex = F”
Why Britain has 17,000 pregnant men
… Instead, researchers studying the data think [They don't know? Bob] they’re the result of something way more boring: medical coding errors. Mistakes in data entry are, admittedly, a much less exciting development than a rash of pregnant men. But it’s one that poses as much of a challenge to modern medicine as a would learning to understand male conception.
This research, published as a letter this week in the British Medical Journal, was meant to draw attention to how much data gets entered incorrectly in the country’s medical system. [Will more subtle errors kill you? Bob]

One of the hazards of having more data than any previous case? Is 25 billion bytes of data big enough to be a representative sample?
Megaupload: Feds Want to Destroy User Data to Hobble Defense
… “In essence, the government has taken what it wants from the scene of the alleged crime and is content that the remaining evidence, even if it is exculpatory or otherwise relevant to the defense, be destroyed,” defense attorney Paul Brinkman wrote (.pdf) the Virginia federal judge presiding over the case.
The court filing, lodged Friday, focuses on an unprecedented amount of data — 25 petabytes in all — that was seized by the government from Megaupload’s 1,100 servers in January. A hearing on the issue is scheduled for Friday before U.S. District Judge Liam O’Grady in Virginia.
The government has said it has copied “selected data” from the servers and said the 25 million gigabytes of data stored on hosting service Carpathia’s servers can be wiped out. Brinkman claims the government “cherry picked” relevant data “to support its theories of criminal misconduct.”
… According to Brinkman, the Megaupload data might show that Megaupload was not a criminal enterprise dedicated to infringing activity, but was a legitimate service with “substantial non-infringing uses.”

Was this a requirement of the DCMA or are we inventing new law here?
SolKeshNaranek tips a story at TorrentFreak about an ongoing copyright case that revolves around how much effort websites need to expend to block repeat infringers after responding to DMCA requests. In 2011, a judge ruled that a website embedding videos from third parties had correctly removed links to infringing videos after receiving a DMCA request, but failed to do anything to police users who had created these links multiple times. For this, the judge said, the website would be required to adopt a number of measures to prevent repeat infringement. Google and Facebook wrote an amicus brief opposing the ruling, as did Public Knowledge and the EFF. Now the MPAA has, unsurprisingly, come out in favor. They wrote, "Contrary to the assertions of myVidster and amici Google and Facebook, search engines and social networking sites are not the only businesses that desire certainty in a challenging online marketplace. MPAA member companies and other producers of creative works also need a predictable legal landscape in which to operate. ... Given the massive and often anonymous infringement on the internet, the ability of copyright holders to hold gateways like myVidster liable for secondary infringement is crucial in preventing piracy."

The arms race intensifies?
April 09, 2012
Microsoft Purchases Majority of AOL's Intellectual Property, Including Netscape Patents
Ben Kersey: "Microsoft and AOL ...signed a deal that would see MSFT pick up 800 of AOL’s patents for around $1 billion in cash. The deal is expected to close at the end of 2012, with Microsoft being able to leverage AOL’s remaining 300 patents under a non-exclusive license. As it turns out, there was an undisclosed term to the deal, and AllThingsD reports that Microsoft has picked up part of Netscape."
  • See also NYT: Microsoft's AOL Deal Intensifies Patent Wars, by Steve Lohr: "The lofty price Microsoft paid AOL for 800 patents - $1.3 million each - reflects the crucial role patents are playing in the business and legal strategies of technology companies."

Facebook buying Instagram for $1 billion, won't cut off access to Twitter
[Anything is available for the right price... Bob]

(Related) ...and Pinterest is still “Invite only”
The only thing hotter than Instagram? Pinterest

Oh, look how they did it!
April 09, 2012
Library of Congress: Translation of National Legislation into English
The Law Library of Congress, Translation of National Legislation into English, March 2012 - Global Legal Research Center
  • Afghanistan, Argentina, Brazil, China, France, Germany, Greece, Israel, Italy, Japan, Lebanon, Mexico, and Russia International Organizations International Courts

Perspective Obviously, I can't see the benefit that a third grader can see... I still don't have one.
One-fifth of third-graders own cell phones
… According to a new study, 83 percent of middle schoolers, 39 percent of fifth-graders, and 20 percent of third-graders have a mobile device.
Stephanie Englander of Bridgewater University conducted the study (PDF) for the Massachusetts Aggression Reduction Center. Her research consisted of interviews with 20,766 Massachusetts students, in third through twelfth grades, with the goal of seeing whether readily available technology plays a role in cyberbullying.

Perspective (limited) Interesting experiment.
Iran expected to permanently cut off Internet by August
In a statement released last week, Reza Taghipour, the Iranian minister for Information and Communications Technology, announced it plans to establish a national intranet within five months in an effort to create a "clean Internet," according to an International Business Times report. " All Internet Service Providers (ISP) should only present National Internet by August," Taghipour said in the statement.

For my heavy Twitter using friends...
The first part of the infographic displays a graph of your tweets for each month, going back up to 3,200 tweets.
It is followed by a list of your 5 most retweeted posts and a list of your top 5 favorite followers based on the number of times they have mentioned you in their tweets. You can also click on the little arrow at the bottom of each list to view more entries. You cannot save the infographic as an image but you can tweet your results.

Every now and then it is amusing to sit back and read a fairy tale...
April 09, 2012
Chronicle of Higher Education - 2012 Faculty Salary Survey