Saturday, April 28, 2012

It is never enough to simply implement a security procedure. You actually have to follow Best Practices exactly and then test it every way you can...
"A new project that was setup to monitor the quality and strength of the SSL implementations on top sites across the Internet found that 75 percent of them are vulnerable to the BEAST SSL attack and that just 10 percent of the sites surveyed should be considered secure. The SSL Pulse project, set up by the Trustworthy Internet Movement, looks at several components of each site's SSL implementation to determine how secure the site actually is. The project looks at how each site is configured, which versions of the TLS and SSL protocols the site supports, whether the site is vulnerable to the BEAST or insecure renegotiation attacks and other factors. The data that the SSL Pulse project has gathered thus far shows that the vast majority of the 200,000 sites the project is surveying need some serious help in fixing their SSL implementations."

In Texas it's, “One revenuer, one revolution.”
"The Houston Chronicle is reporting that will soon start collecting sales tax from buyers in state of Texas. 'Seattle-based Amazon, which had $34 billion in sales in 2010, has long opposed collecting taxes. That has drawn fire from state governments facing budget shortfalls and from traditional brick-and-mortar retailers, who say online sellers essentially give customers an automatic discount when they don’t collect taxes. Combs has estimated the state loses $600 million a year from untaxed online sales. However, Amazon has recently begun making deals with a number of states to collect sales tax. Those deals have usually included a one- to three-year window exempting Amazon from sales tax collection.'"

A new legal niche? “If you can't be civil, we'll fit you for a civil suit?”
Teen Sues Over Facebook Bullying
A teenager in Georgia has decided to take things into her own hands after her school and police said they could do nothing about the classmates bullying her on Facebook.

Oh look, a symptom! Now, how to we cure the disease?
When Will This Low-Innovation Internet Era End?
It’s an age of unprecedented, staggering technological change. Business models are being transformed, lives are being upended, vast new horizons of possibility opened up. Or something like that. These are all pretty common assertions in modern business/tech journalism and management literature.
Then there’s another view, which I heard from author Neal Stephenson in an MIT lecture hall last week. A hundred years from now, he said, we might look back on the late 20th and early 21st centuries and say, “It was an actively creative society. Then the internet happened and everything got put on hold for a generation.”
Stephenson was clearly trying to be provocative. But he’s not alone in the judgment that we’re not actually living in an era of great innovation. Economist Tyler Cowen’s e-book-turned-book, The Great Stagnation, made similar points: Compared with the staggering changes in everyday life in the first half of the 20th century wrought by electricity, cars, and electronic communication, the digital age has brought relatively minor alterations to how we live.
… The most common response to such griping has been, just wait. Many techno-optimists base their thinking on a famous 1990 paper by economic historian Paul David, which described how, for decades, electricity had little effect on industrial productivity as manufacturers simply swapped out older energy sources for electric power but changed nothing about how they made things. It was only as new factories were built that took advantage of the unique properties of electric motors that a productivity boom ensued. Just give the digital age a bit more time, and you’ll see huge changes (and, one hopes, improvements) in how we work and live.
[A correct link to Paul David's paper:

After using Open Office for more than 10 years, perhaps it's time to move?
"If you are looking for small niche features such as interactive word count, bundled report designer, or command line filtering etc – LibreOffice beats OpenOffice hands down. 'Noting the important dates of June 1, 2011, which was when Oracle donated OOo to Apache; and Apache OpenOffice 3.4 is due probably sometime in May 2012; Meeks compared Apache OpenOffice 3.4 new features to popular new features from LibreOffice: 3.3, 3.4, 3.5. It wasn't surprising to find that LibreOffice has merged many features not found in Apache OO given their nearly year long head start.'"

This could be very useful as I try to teach my students my SOP PDQ. (LOL)
When you are browsing websites, you will come across countless abbreviations. These abbreviations can be anything, ranging from Internet slang to something specific to the website you are visiting. What you need is a tool which you can use to quickly reference abbreviations and their possible meanings without having to leave the webpage you are currently on. Here to offer you that is a service called ABBREX.
ABBREX is a free to use browser tool. It comes as an add-on for Mozilla Firefox and an extension for Google Chrome. The purpose of ABBREX is to reveal all the possible meanings of abbreviations you find on websites. Although you could easily execute a web search to find out what an abbreviation stands for, ABBREX lets you learn the abbreviation’s meaning without having to leave the webpage.
With the add-on or extension installed in your web browser, all you have to do is place your mouse pointer over an abbreviation and its meaning is shown in a floating window. Multiple meanings are shown and these are all contributed by ABBREX users.

How geeks become experts before 'normal' people even hear of the software.
OnlineBeta is a website that allows users to participate in beta tests of unreleased products. Users get a chance to review products from well-known companies such as Logitech, Dell, T-Mobile, Polycom, Kodak, Yahoo and many more. The products range from household items to video games to enterprise class hardware . The website sends only offers that might catch the interest of the users.
To use the service, you must sign up for a free account, and you will be sent offers over the period according to the information you have provided along with the beta product details.
Similar tools: BetaBait and InviteShare.

Friday, April 27, 2012

On the “Internet of Things,” who owns the data is going to be an rather important question.
Recommended Reading: The Automotive Black Box Data Dilemma
April 26, 2012 by Dissent
A tweet from the World Privacy Forum pointed out this excellent article by Willie D. Jones on ieee Spectrum. Here’s a snippet:
… “I don’t see how there can be an expectation of [EDR] privacy in a criminal case,” Gillingham insists. “When you’re driving on public land, you give up expectation of privacy.” Challenged on whether that statement conflicts with longstanding U.S. principles of search and seizure, he says, “There’s an expectation of privacy with regard to my body or my home; that’s very much different than the engine of my car.”
But there is a growing cadre of people who disagree with Gillingham, including the Court of Appeals of California, Sixth District, which overturned the manslaughter conviction in February 2011 on the grounds that law enforcement did not secure a search warrant to retrieve the data. (The other convictions were left intact.)
In the first civil lawsuits and criminal cases involving cars equipped with EDRs, auto companies claimed that they owned the data; courts eventually began ruling that it belongs to vehicle owners and lessees. But without federal laws governing who should have access to black box data, the matter was left to the states. Thus far, only 13 states have passed laws governing the ownership of EDR data.
Read more on ieee Spectrum.

What is the opposite of “viral marketing?” Perhaps this is the basis for a new Olympic sport – Copyright Enforcement.
London Olympics To Visitors: Don’t Share What You See
According to the London 2012 Olympic “conditions for ticket holders,” you are not allowed to take pictures or video of the events nor are you allowed to “exploit” any video on social networks.
… This means no Instagrams, no Tweetpics, no Facebooking (“OMG OLYMPICS!!”), and no nothing. In short, you shouldn’t tell anyone you went to the Olympics.
According to Petapixel, UK photographers are already being hassled for taking photos of the Olympic “city” from public places, which suggests perhaps that London should spring for a geodesic dome to cover the proceedings in mystery and smash cameras of errant Tweeters.

Attention stalkers!
Here Are 20 Companies Who Sell Your Data (& How To Stop Them)
April 26, 2012 by Dissent
Jon Mitchell writes:
Meet the data brokers. There’s a whole industry full of companies who make their money buying and selling our personal information. TheFTC is working on busting this dark racket wide open, but in the meantime, they’re out there. Who are they? Can we stop them? Read on to find out.
Read more on ReadWriteWeb.

Would this also apply to random interception of wireless communication?
Victory! Federal Judge Rules Against Drug Testing of Florida’s State Workers
April 26, 2012 by Dissent
Great news from Baylor Johnson of the ACLU of Florida:
Two months ago, I was sitting in a federal courtroom in Miami watching as our staff attorney, Shalini Goel Agarwal, argued for the rights of Florida state workers against invasive, suspicionless mandatory bodily-fluid searches. The ACLU of Florida, on behalf of the American Federation of State, County and Municipal Employees (AFSCME), was challenging an executive order issued by Gov. Rick Scott requiring random drug testing for state employees.
Today, a decision came down in that case affirming the privacy and personal dignity of thousands of state employees by declaring the order a violation of the Fourth Amendment. Without a “compelling need,” a search of your bodily fluids is exactly the kind of unreasonable search and seizure the Constitution clearly bars.
Read more on the ACLU’s web site and congratulations to them or their successful advocacy!

(Related) Just because it's legal doesn't mean we can't use it against you. It is much easier to look at every prescription issued by every doctor to see if anything stands out, than to gather more specific information on the street. (Drug companies won't complain about increased sales and Insurance companies are unlikely to pay for unneeded drugs.)
By Dissent, April 27, 2012
While a federal court ruled Florida’s drug-testing law unconstitutional yesterday, not all news is good news in terms of invasions of health issues. Vermont Public Radio reports:
The Vermont Senate has voted to allow police access without a search warrant to a database of Vermonters’ prescriptions maintained by the Vermont Department of Health.
In an 18-11 vote after more than two hours of debate on Wednesday, the Senate rejected the arguments of some members that allowing police access to the database would violate rights against search and seizure promised by the U.S. and Vermont constitutions.
The majority sided with those saying police access would not be unlimited, and that investigators need to be able to crack down on an epidemic of prescription drug abuse in the state.
The House earlier voted to require a search warrant before police got access to the database. A conference committee likely will have to work out the difference.
As regular readers of this blog know, I’ve been following the state laws on prescription databases and by now, many states do have laws that open up databases to law enforcement in the name of busting prescription abusers (usually pain killer medications). But since these situations are usually not emergency situations with imminent danger involved, why can’t law enforcement be required to show probable cause to obtain a warrant? Inconvenient for law enforcement, perhaps, but if the real issue is that law enforcement doesn’t have enough information to rise to the level of probable cause, do we really want them able to access someone’s prescription records?

“For every law there is a loophole.” Who said that? (Every lawyers ever born?)
The FBI Workaround For Private Companies To Share Information With Law Enforcement Without CISPA
… In 1997, long-time FBI agent Dan Larkin helped set up a non-profit based in Pittsburgh that “functions as a conduit between private industry and law enforcement.” Its industry members, which include banks, ISPs, telcos, credit card companies, pharmaceutical companies, and others can hand over cyberthreat information to the non-profit, called the National Cyber Forensics and Training Alliance (NCFTA), which has a legal agreement with the government that allows it to then hand over info to the FBI. Conveniently, the FBI has a unit, the Cyber Initiative and Resource Fusion Unit, stationed in the NCFTA’s office. Companies can share information with the 501(c)6 non-profit that they would be wary of (or prohibited from) sharing directly with the FBI.

The Congressional version of “Ready, Fire, Aim?” Perhaps, if my Ethical Hackers were to send the 248 Luddites their complete Internet dossier...
House Passes Controversial Cybersecurity Measure CISPA
The Cyber Intelligence Sharing and Protection Act, or CISPA, sponsored by Reps. Mike Rogers (R-Michigan) and Dutch Ruppersberger (D-Maryland), passed on a vote of 248 to 168.

Interesting. I thought for sure Google would pay this out of Petty Cash and move on. But as they say in Calculus, as the Money available approaches infinity, behavior becomes unpredictable.
Google pushes back against FCC fine
April 27, 2012 by Dissent
Andrew Feinberg reports:
Google is pushing back against a Federal Communications Commission proposal to fine the Internet company for snooping on people’s Wi-Fi networks using equipment in its Google Street View cars.
Google denied it had obstructed the probe by not making personnel available, saying it had let the commission take testimony from “everyone the FCC asked to meet.” The company also argued that “the fact that a certain engineer was legally unavailable did not leave any significant factual questions unanswered.”
Read more on The Hill.
[From the article:
...the engineer who wrote the offending code code would not talk to the FCC

I fall mostly into the “not so fast” crowd...
April 26, 2012
Pew - The Future of Money in a Mobile Age
The Future of Money in a Mobile Age by Aaron Smith, Janna Anderson, Lee Rainie - Apr 17, 2012
  • "Within the next decade, smart-device swiping will have gained mainstream acceptance as a method of payment and could largely replace cash and credit cards for most online and in-store purchases by smartphone and tablet owners, according to a new survey of technology experts and stakeholders. Many of the people surveyed by Elon University’s Imagining the Internet Center and the Pew Research Center’s Internet & American Life Project said that the security, convenience and other benefits of “mobile wallet” systems will lead to widespread adoption of these technologies for everyday purchases by 2020. Others—including some who are generally positive about the future of mobile payments—expect this process to unfold relatively slowly due to a combination of privacy fears, a desire for anonymous payments, demographic inertia, a lack of infrastructure to support widespread adoption, and resistance from those with a financial stake in the existing payment structure."
[Is Square the model for future electronic transactions? Bob]

For my Ethical Hackers. What went wrong? Exactly, he used his own name! And didn't test adequately. (The potential cost of Cloud computing...)
Oops! Amazon Web Services Customer Unleashes ‘Denial of Money’ Attack – on Himself

Kickstarter loves creative projects. I'd get one of these if I had a cell phone.
2-Cans-and-a-String Technology Updated for Age of Mobility

Everything changes
SketchUp Is Google’s First Divestment Ever, And It Made A Profit
Google’s sale of a previously purchased arm of the company this morning, 3D modeling software SketchUp, to Trimble, isn’t just something it does “every now and again”. It’s actually Google’s first divestment ever, according to two sources, and we’re hearing the search giant made a profit, as it sold SketchUp for more than it bought it for back in 2006.
… It wasn’t that SketchUp wasn’t working. It had 30 million activations since joining Google as part of @Last Software in March 2006. But it just didn’t fit with the direction Google is heading in. It’s a relatively niche product for architects and the construction industry, game developers, and filmmakers. It doesn’t fit with last year’s theme of inherently social product that could be tied to Google+, or this year’s plan to simplify everyone’s lives.

An interesting Charlie Rose interview
Jack Dorsey, Chairman of Twitter and CEO of Square

It's a horrible secret. Whatever you do, don't Google the words “zerg rush

Thursday, April 26, 2012

Best Practices As new security tools and techniques become available, you should re-visit applications that were “cleared” using earlier, less capable tools. I suspect few organizations do, and therefore don't detect backdoors added by “cutting edge” hackers.
Cryptic Studios uncovers old hack, notifies users
April 25, 2012 by admin
A reader alerted me to a breach notification he received from Perfect World subsidiary Cryptic Studios, a massively multiplayer online role-playing game developer. You can read the web version of their notice. The hack occurred in 2010 but was only first discovered now due to “increased security analysis.”
The intruder reportedly accessed account names, handles, and encrypted passwords, at least some of which were apparently decrypted. The intruder also may have been able to access date of birth, e-mail and billing addresses, and partial credit card numbers, although Cryptic Solutions doesn’t believe that those were accessed.
As always, if you had reused passwords across sites, go change your passwords on the other sites.

(Related) ...and here's why we follow Best Practices. (Yes, I'm being repetitious and redundant. That too is a Best Practice.)
"If businesses and consumers stuck to security basics, they could have avoided all cases of Conficker worm infection detected on 1.7 million systems by Microsoft researchers in the last half of 2011. According to the latest Microsoft Security Intelligence report, all cases of Conficker infection stemmed from just two attack methods: weak or stolen passwords and exploiting software vulnerabilities for which updates existed."

Everything's big in China. When they decide to clean house, they seem to have no trouble identifying and gathering up large volumes of 'evil doers.' But then, the first time is easy. Now that they have been warned, they'll start using accounts in their lawyer's names.
Cn: 1,700 arrested on stealing personal data
April 25, 2012 by admin
Wow. He Dan reports:
Police across the country have arrested more than 1,700 people on suspicion of stealing or misusing personal information, according to the Ministry of Public Security.
Under the ministry’s deployment, police in 20 provincial-level regions, including Beijing and Shanxi, uncovered 38 operations where people’s personal details were being illegally traded, according to a statement posted on the ministry’s website on Tuesday night.
In the first-ever crackdown of its kind, 611 companies that illicitly conducted surveys were closed, and 161 unauthorized databases were destroyed.

(Related) But if you want really big, you have to hand it to Texas.
Texas Error Exposed Over 13 Million Voters’ Social Security Numbers
April 25, 2012 by admin
I don’t know he is on other issues, but Texas Attorney General Greg Abbott is one of the most active AG’s when it comes to pursuing those who dump data or don’t secure it properly. I can only imagine how mortified he must be by this breach, which thankfully, could have been much worse if the data had fallen into the wrong hands.
From the Lone Star Project:
A legal brief filed by opponents of the Texas Voter Photo ID law reveals that Attorney General Greg Abbott exposed millions of Texas voters’ full Social Security numbers to possible theft and abuse.
The brief, filed Monday, April 23, 2012 states:
after vigorously fighting the production of data containing full Social Security numbers, Texas mistakenly produced to Intervenors data from the VR [voter registration] data base that contained full Social Security numbers.” (Defendant-Intervenors’ Motion for Clarification of the Trial Schedule, 4/23/12, page seven.)
Texas voters escaped public release of their Social Security numbers only because of the vigilance of conscientious lawyers working against the Voter Photo ID bill. Rather than attach the files to documents circulated to other attorneys or expose them to access by the general public, opposing counsel immediately notified the AG’s office of the bungled release of private data. Abbott then, at the expense of Texas taxpayers, sent a courier to both New York and Washington, DC to retrieve the files.
Read more on Lone Star Project.
According to the Texas Secretary of State web site, Texas had 13,269,233 registered voters in the November 2010 election.

China again. If China steals from everyone, why bother to hack anyone else?
VMWare Source Code Leak Follows Alleged Hack of Chinese Defense Contractor
Source code belonging to VMWare has leaked to the internet after apparently being stolen by a hacker who claims to have obtained it from a Chinese firm’s network.
The source code belongs to VMWare’s ESX virtual machine software product, a popular tool for creating and operating virtual computing environments. The code was posted to the Patebin web site, a repository for coders that has become a favorite for hackers to publish purloined wares.
VMWare acknowledged the leak in a note posted to the company’s web site.

Perhaps my “Technical University” could team up with the and build a few for demonstration purposes? Nerf weapons anyone?
Who Has the Right to Fly a Drone Above Your Head? Finally, There's a List
While the government's use of drones in other countries has drawn scrutiny, there are plenty of drones flying in American skies on behalf of the military, law enforcement, universities, and local governments.
… Perhaps most interesting is how many universities have applied for permits. Some may be working with military grant money. [Magic words for cutting through University red tape Bob]

It's a start, but one not likely to last past November without a lot more public comment. -
The White House threatens to veto CISPA
April 25, 2012 by Dissent
This may be the strongest pro-privacy statement I’ve seen from President Obama. Let’s hope it’s not just posturing and rhetoric: [Is it from a politician? Are his lips moving? Bob]
The Administration is committed to increasing public-private sharing of information about cybersecurity threats as an essential part of comprehensive legislation to protect the Nation’s vital information systems and critical infrastructure. The sharing of information must be conducted in a manner that preserves Americans’ privacy, data confidentiality, and civil liberties and recognizes the civilian nature of cyberspace. Cybersecurity and privacy are not mutually exclusive. Moreover, information sharing, while an essential component of comprehensive legislation, is not alone enough to protect the Nation’s core critical infrastructure from cyber threats. Accordingly, the Administration strongly opposes H.R. 3523, the Cyber Intelligence Sharing and Protection Act, in its current form.
[Yada, yada, yada Bob]
The House takes up the bill Thursday and there have been a slew of proposed amendments, the vast majority of which do not address the main concerns privacy advocates have.

If I ran for President on an “eliminate TSA” platform, would Obama and Romney even notice?
"With public outcry against the TSA continuing to spread, the TSA is defending a recent episode in which a four-year-old was patted down while kicking and screaming at Wichita Airport in Kansas. From the AP article: 'The grandmother of a 4-year-old girl who became hysterical during a security screening at a Kansas airport said Wednesday that the child was forced to undergo a pat-down after hugging her, with security agents yelling and calling the crying girl an uncooperative suspect.'"

Now even those who are not Computer Security majors may listen to me.
"A German court has ruled that clients, not banks, are responsible for losses in phishing scams. The German Federal Court of Justice (the country's highest civil court) ruled in the case of a German retiree who lost €5,000 ($6,608) in a bank transfer fraudulently sent to Greece. According to The Local, a German news site, the man entered 10 transaction codes into a site designed to look like his bank's web site and his bank is not liable as it specifically warned against such phishing attacks."

Some years ago, this worked into my model for organizational change. It is very difficult to change an organization's culture, so you need to create a parallel organization. When it works the way you want it to, you fold the original organization and transfer everything to the new one. (If it doesn't work, kill it and start over.)
The A/B Test: Inside the Technology That’s Changing the Rules of Business
… Over the past decade, the power of A/B testing has become an open secret of high-stakes web development. It’s now the standard (but seldom advertised) means through which Silicon Valley improves its online products. Using A/B, new ideas can be essentially focus-group tested in real time: Without being told, a fraction of users are diverted to a slightly different version of a given web page and their behavior compared against the mass of users on the standard site. If the new version proves superior—gaining more clicks, longer visits, more purchases—it will displace the original; if the new version is inferior, it’s quietly phased out without most users ever seeing it. A/B allows seemingly subjective questions of design—color, layout, image selection, text—to become incontrovertible matters of data-driven social science.
After joining the Obama campaign, Siroker used A/B to rethink the basic elements of the campaign website. The new-media team already knew that their greatest challenge was turning the site’s visitors into subscribers—scoring an email address so that a drumbeat of campaign emails might eventually convert them into donors.
… Most shocking of all to Obama’s team was just how poorly their instincts served them during the test. Almost unanimously, staffers expected that a video of Obama speaking at a rally would handily outperform any still photo. But in fact the video fared 30.3 percent worse than even the turquoise image. [Amazing! Politicians believing facts! Bob]

One word: Multivac
"Google could go the way of the dodo if ultra intelligent electronic agents (UIEA) make their way into the mainstream, according to technology prognosticator Daniel Burrus. Siri is just the first example of how a UIEA could end search as we know it. By leveraging the cloud and supercomputing capabilities, Siri uses natural language search to circumvent the entire Google process. If Burrus is right, we'll no longer have to wade through '30,000,000 returns in .0013 milliseconds' of irrelevant search results."

Why wouldn't your local bank offer the same service? After all, “that's where the money is.” (Willie Sutton)
Buy a product on, pay
The retail giant says that customers can now browse more items on its Web site, and then opt to pay with cash by heading into a local store and dropping off the Benjamins.

That will teach him to toy with Hasbro! (Should you really sue your fans?)
Hasbro Goes After Blogger In IP Theft Case
You’d never think that the world of Nerf guns and dart shooters was so intense, but Hasbro apparently sued a blogger for leaking information about unreleased Nerf products he found on Chinese marketplace Taobao using the sweetest bait imaginable: free Nerf guns.
Urban Taggers is a blog about “assault blasters” for “kidults.” Essentially they cover Nerf guns and the like and are fairly popular in the space. The lead blogger, Pocket, ran a review of an unreleased gun. A few days later, he received a note from Hasbro offering some guns to giveaway to his readers. Eager to share the blaster love, he agreed and sent his address. That’s when his troubles began.
Immediately after the emails went back and forth, Pocket received a letter from Hasbro’s lawyers accusing him of IP theft.

Perspective. Can you see shelves full of Kindles? Me neither...
April 25, 2012
Pew Presentation: Public libraries in the digital age
Public libraries in the digital age by Mary Madden, Kathryn Zickuhr, Apr 25, 2012 at Chief Officers of State Library Agencies: "They presented findings on the rise of e-reading, including reading-device ownership and the general reading habits/preferences of Americans. Their presentation included libraries research fact sheets:

(Related) Sci-Fi publishers are such forward thinking people I would expect nothing less...
"'Science fiction publisher Tor UK is dropping digital rights management from its e-books alongside a similar move by its U.S. partners. ... Tor UK, Tor Books and Forge are divisions of Pan Macmillan, which said it viewed the move as an "experiment."' With experiments, come results. Now users can finally read their books across multiple devices such as Amazon's Kindle, Sony Reader, Kobo eReader and Apple's iBooks. Perhaps we will see the *increase* of sales, because the new unrestricted format outweighs the decrease caused by piracy?"

Useful in my “build your own website” class...

Tools to keep in the “Oh Crap!” folder.

I'm afraid to ask. Is this for the “English for people who can't read” class?
Yesterday, I Tweeted a story from Open Culture that highlighted 12 animated Shakespeare stories. In my investigation of the video source that Open Culture highlighted, I discovered Shakespeare Animated. Shakespeare Animated is a YouTube channel containing twelve playlists ten of which are animated adaptations of Shakespeare's most famous plays. Some of the animated plays that appear in the Shakespeare Animated playlist are Romeo and Juliet, Hamlet, MacBeth, and The Taming of the Shrew. I've embedded part one of Romeo and Juliet below.
The Shakespeare Animated videos could be useful for supporting your students' reading of Romeo and Juliet or any of the nine other plays in the list. Because the plays are broken into segment they are well-suited to being used one class meeting at a time. You could show the ten to twelve minute segments
You might also like:

For my students (and my 1%)
Another Crowdfunding Player Enters The Fray: Apps Genius Launches
… Like Kickstarter and many others, GetFunded will be a “crowdfunding platform for entrepreneurs who are seeking new investments in their businesses and ideas,” according to a statement from App Genius.

Wednesday, April 25, 2012

Mr Chairman, Thank you for asking me to testify about medical device security. Those of you on the committee with pacemakers will want to keep a close eye on the Remote Control device in my hand...”
"The vulnerability of wireless medical devices to hacking has now attracted attention in Washington. Although there has not yet been a high-profile case of such an attack, a proposal has surfaced that the Food and Drug Administration or another federal agency assess the security of medical devices before they're sold. A Department of Veterans Affairs study showed that between January 2009 and spring 2011, there were 173 incidents of medical devices being infected with malware. The VA has taken the threat seriously enough to use virtual local area networks to isolate some 50,000 devices. Recently, researchers from Purdue and Princeton Universities announced that they had built a prototype firewall known as MedMon to protect wireless medical devices from outside interference."

Interesting, if low profile.
April 24, 2012
Guide - overview of significant cyber warfare events from the news
Cyberthings for Managers - overview of significant cyber warfare events from the news: "Cyberthings for Managers is created by Reuser’s Information Services to meet a growing demand by managers in the domain of cyber warfare for a quick overview of the most important events of the past weeks in the field, without being overwhelmed by technical details, individual incidents, or repetitions of earlier news. Cyberthings will list a summary of significant events in the world of Cyberwarfare from Governmental level down. There will be no listings of technical hacks, detailed descriptions of cyberweapons, repetitions of detailed cybercrime events, only the more strategic events will be covered." [via Marcia E. Zorn]
[Subscribe via email:
Subscribe? Mail ”subscribe cyberthings” to:
Unsubscribe? Mail ”unsubscribe cyberthings” to:
Archive. An archive of previous editions is maintained at,
choose Products, then Publications.

You talk the talk, can you walk the walk? (and other Hollywood catch phrases)
April 24, 2012
CFA Report: How Identity Theft Services Measure Up to Best Practices
"The Consumer Federation of America (CFA) released Best Practices for Identity Theft Services: How Are Services Measuring Up?, which analyzes how well identity theft services are providing key information to prospective customers. The study is based on CFA’s Best Practices for Identity Theft Services, voluntary guidelines that CFA developed with the help of identity theft service providers and consumer advocates. Released last year, the best practices resulted from CFA’s first study of identity theft services in 2009, which raised concerns about misleading claims about the ability to protect consumers from identity theft, lack of clear information, and other troublesome practices."

Entirely too reasonable?
NAFCU Letter to Reps. Boehner and Pelosi on Cyber/Data Security
April 24, 2012 by admin
Via CUInsight, a letter that has some recommendations many readers might agree with:
… On behalf of the National Association of Federal Credit Unions (NAFCU), the only trade association exclusively representing our nation’s federal credit unions, I write today in regards to the issue of cyber security.
… With that in mind, NAFCU specifically recommends that the House consider the following issues related to data security as you tackle the broader issue of cyber security:
  • Payment of Breach Costs by Breached Entities: NAFCU asks that credit union expenditures for breaches resulting from card use be reduced. A reasonable and equitable way of addressing this concern would be to require entities to be accountable for costs of data breaches that result on their end, especially when their own negligence is to blame.
  • National Standards for Safekeeping Information:
  • Enforcement of Prohibition on Data Retention:

Attention paranoids!
CYBERSECURITY Threats Impacting the Nation
The nation faces an evolving array of cyber-based threats arising from a variety of sources. These threats can be intentional or unintentional. Unintentional threats can be caused by software upgrades or defective equipment that inadvertently disrupt systems, and intentional threats can be both targeted and untargeted attacks from a variety of threat sources. Sources of threats include criminal groups, hackers, terrorists, organization insiders, and foreign nations engaged in crime, political activism, or espionage and information warfare.
The number of cybersecurity incidents reported by federal agencies continues to rise, and recent incidents illustrate that these pose serious risk. Over the past 6 years, the number of incidents reported by federal agencies to the federal information security incident center has increased by nearly 680 percent.

Law School, outside the box?
"Brooklyn Law School's Incubator and Policy Clinic (BLIP) hosted its first 'Legal Hackathon.' Instead of hacking computer code, attendees — mostly lawyers, law students, coders, and entrepreneurs — used the hacking ethos to devise technologically sophisticated solutions to legal problems. These included attempts to crowdsource mayoral candidacies in New York City and hacking model privacy policies for ISPs."

Continuing my quest for the “Next Big Thing!”
How to Spot the Future

8 Visionaries on How They Spot the Future

Plan on a Browser with attached Cloud storage. Install Chrome on your thumb drive and you will be able to access your files from any computer. (No need to carry them through customs)
Google Set to Meld GDrive With Chrome OS

Who owns your files on Google Drive?
… When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide licence to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.
The rights that you grant in this licence are for the limited purpose of operating, promoting and improving our Services, and to develop new ones. This licence continues even if you stop using our Services (for example, for a business listing that you have added to Google Maps)."

They are completely open when stealing your data in Nigeria.

Handy API?
April 24, 2012
Millions of Harvard Library Catalog Records Publicly Available
News release: "The Harvard Library announced it is making more than 12 million catalog records from Harvard’s 73 libraries publicly available. The records contain bibliographic information about books, videos, audio recordings, images, manuscripts, maps, and more. The Harvard Library is making these records available in accordance with its Open Metadata Policy and under a Creative Commons 0 (CC0) public domain license. In addition, the Harvard Library announced its open distribution of metadata from its Digital Access to Scholarship at Harvard (DASH) scholarly article repository under a similar CC0 license... The catalog records are available for bulk download from Harvard, and are available for programmatic access by software applications via API's at the Digital Public Library of America (DPLA). The records are in the standard MARC21 format."

Stay current?
Wavii is quite simply a neat way to follow your favourite topics. Unlike your RSS feeds, Wavii is filtered so that only one headline for each story is shown to you. So, you’re able to keep track of the big events in each topic without being drowned in repeat information.
… Wavii only allows Facebook sign-in, which will upset a few people for sure.

For my fellow teachers. Perhaps we could create a lesson on how to create a lesson?
The Digital Education Revolution, Cont'd: Meet TED-Ed's New Online Learning Platform
… Back in March, TED, after realizing that teachers had begun using its iconic videos as instructional aides, launched a YouTube channel dedicated to educational videos.
Today, it's going a step further: TED-Ed is launching a suite of tools that allow teachers to design their own web-assisted curricula, complete with videos, comprehension-testing questions, and conversational tools. TED-Ed provides a template -- think Power Point slides, with populate-able fields -- that teachers can fill in with customized content: lesson titles, lesson links, student names, embedded video, test questions, and the like. Once saved, a lesson generates a unique URL, which allows teachers to track which students have watched assigned videos, how they've responded to follow-up questions, and, in general, how they've interacted with the lesson itself.

For my Starving Students (and cheap people, like me)
How to get the most free online storage
All cloud storage services offer a free plan, with varying levels of storage and features.
… let's take a look at the free upgrades some of these services are offering, and how you can take advantage of them today.
First, let's get the services out of the way that aren't currently offering free upgrades. SkyDrive, Google Drive, Cubby, and iCloud all start with a free plan, then if you need more storage you'll have to pay.
That leaves us with Dropbox and Box.

Tuesday, April 24, 2012

Very polite. “Don't make yourselves look like even bigger idiots.” Signed by a Who's Who of Security Experts.
An Open Letter From Security Experts, Academics and Engineers to the U.S. Congress: Stop Bad Cybersecurity Bills
… . The bills nullify current legal protections against wiretapping and similar civil liberties violations for that kind of broad data sharing. By encouraging the transfer of users’ private communications to US Federal agencies, and lacking good public accountability or transparency, these “cybersecurity” bills unnecessarily trade our civil liberties for the promise of improved network security. As experts in the field, we reject this false trade-off and urge you to oppose any cybersecurity initiative that does not explicitly include appropriate methods to ensure the protection of users’ civil liberties.

Here's my nightmare. Manning yells “Hike!” and the Offensive line breaks into their “Dancing with the Stars” routine... Therefore, from this day forward, you must be a Broncos fan to enroll in the Ethical Hacker program.
Broncos transfer traditional playbooks to iPads for 2012 season
The Denver Broncos are tossing out the tradition of printing 500-page playbooks every week for each of the 120 players, coaches, scouts and other personnel.
… Now when Broncos head coach John Fox [Or one of my students Bob] adds a play, the update will be pushed automatically to the playbook app on each player's iPad.
… The Broncos figure the savings from not having to print tens of thousands of playbook pages each season will help offset the cost of purchasing 120 iPads with Verizon Wireless 4G access — many of them the top model featuring 64 gigabytes of data, which retail for $829 each. [Did these guys actually take classes in college? Bob]

This is completely and totally unrelated to my Ethical Hackers. Rumors that it was them are based on a student paper “Using technology to impact the global economy”
"Iran disconnected computer systems at a number of its oil facilities in response to a cyber attack that hit multiple industry targets during the weekend. A source at the National Iranian Oil Company (NIOC) reportedly told Reuters that a virus was detected inside the control systems of Kharg Island oil terminal, which handles the majority of Iran's crude oil exports. In addition, computer systems at Iran's Oil Ministry and its national oil company were hit. There has been no word on the details of the malware found, but computer systems controlling several of Iran's oil facilities were disconnected from the Internet as a precaution. Oil Ministry spokesman Ali Reza Nikzad-Rahbar told Mehr News Agency on Monday that the attack had not caused significant damage and the worm had been detected before it could infect systems."

Clarifying the muddy waters or pouring more ink into the mix?
Information stored under data retention laws can be disclosed to copyright holders to identify illegal file-sharers, ECJ rules
April 24, 2012 by Dissent
The good folks at spell out a recent European Court of Justice ruling:
The Data Retention Directive does not contain terms that prevent internet protocol (IP) addresses that ISPs must store under the terms of the law from being used by rights holders in civil legal proceedings to identify alleged copyright infringers, the Court said.
It said that other EU laws on privacy and electronic communications (e-Privacy Directive) and the enforcement of intellectual property rights (IPR Directive) read together allow member states to form national laws that provide a means for rights holders to obtain disclosure of personal data about alleged illegal file-sharers subject to the condition that courts in those countries can determine the legitimacy of disclosure on a case-by-case basis.
If I’m understanding their analysis, a country (member state) can choose not to enact law that would require ISPs to turn over information in such disputes, but if it does enact such legislation permitting it, there has to be protection of the user’s rights so that the court considers the matter on a case-by-case basis. No big John Does 1-2 million type cases there, then? Or have I misunderstood the ruling?

(Related) How it's done in the US
'Hurt Locker' makers file new suit against downloaders

“We have the email and we're not afraid to use it.” (Guess what I would add to my email filter...)
"On Friday, more than 1,300 employees of London-based Aviva Investors walked into their offices, strolled over to their desks, booted up their computers and checked their emails, only to learn the shocking news: They would be leaving the company. The email ordered them to hand over company property and security passes before leaving the building, and left the staff with one final line: 'I would like to take this opportunity to thank you and wish you all the best for the future. 'This email was sent to Aviva's worldwide staff of 1,300 people, with bases in the U.S., UK, France, Spain, Sweden, Canada, Italy, Ireland, Germany, Norway, Poland, Switzerland, Belgium, Austria, Finland and the Netherlands. And it was all one giant mistake: The email was intended for only one individual." [“We typed 'ALL' when we meant to type 'Al'” Bob]

Be careful what you say under your own name. Say all the evil, incriminating stuff under the name of your friendly neighborhood law professor... If my Tweets are “not mine” is that a defense?
Your tweets are not your own, Monday edition
April 23, 2012 by Dissent
More from the Malcolm Harris/Twitter subpoena case. Joseph Ax reports:
An Occupy Wall Street protester has lost his bid to quash a subpoena seeking his Twitter records from last fall, when he was arrested during a mass protest on the Brooklyn Bridge.
Criminal Court Judge Matthew Sciarrino Jr., who is overseeing a special courtroom dedicated to handling nearly 2,000 Occupy-related cases, ruled that Malcolm Harris did not have standing to challenge the third-party subpoena. Prosecutors from the Manhattan District Attorney’s Office served the subpoena on Twitter in January, requesting Harris’ user information and more than three months’ worth of tweets.
The judge compared Harris to a bank account holder who by law cannot challenge a subpoena of his records served on his bank.
Twitter’s license to use the defendant’s Tweets means that the Tweets the defendant posted were not his,” the judge wrote in a decision filed Friday.
Read more on Thomson Reuters.

You can't take pictures of the police...
DHS’s “appropriate” use of social media?
April 23, 2012 by Dissent
So… does this strike anyone as an appropriate use of social media by DHS?
Eleven hours before I was arrested during the Occupy Miami eviction in January, the Miami-Dade Police Homeland Security Bureau sent an email to various police officers, which was then forwarded to the department’s public information officers – including arresting officer Major Nancy Perez – informing them that I would be documenting the action.
The subject of the email was “Multimedia information/Situational Awareness.” It included my Facebook profile photo where I’m trying my hardest to look like a terrorist thug.
It also included the following statement about me.
Read more of photographer Carlos Miller’s experience on Pixiq
[From the article:
It also included the following statement about me.
Carlos Miller is a Miami multimedia journalist who has been arrested twice for taking pictures of law enforcement. He has publicly posted on social networks that he will be taking pictures today in order to document the eviction.

Perspective. All I get from my users is grief.
You Earn Facebook An Average Of $1.21 Per Quarter

Think of it as “electronic shoulder surfing.”
"TapLogger, a proof-of-concept Trojan for Android developed by resarchers at Pennsylvania State University and IBM, uses information from the phone's motion sensor to deduce what keys the user has tapped (PDF), thus revealing otherwise-hidden information such as passwords and PINs."

If we can use computers to grade essays, why can't we automate document review?
… Rand concluded, as have I, and many others, that the primary problem in e-discovery is the high cost of document review. They found it constitutes 73% of the total cost of e-discovery. For that reason, Rand focused its first report on electronic discovery on this topic, with side comments on the issue of preservation.
Where The Money Goes: Understanding Litigant Expenditures for Producing Electronic Discovery is a must read that is within everyone’s budget. It can be downloaded for free, both a summary and the full report (131 pages), but I recommend you read the full report.

Lawyers have a sense of humor?

Maybe they are interesting, maybe they are dead for good reason.
Dead Media Beat: Lignin, a website for extinct, important magazines
From Dubai. Okay, maybe they can afford to shelve them, then.
… “Here I have a list of collected ‘old’ magazines, that are no longer circulated, but instead used as objects in galleries, as collectible items, and things to search for in your (or others) grandparents attic. Rather than physically creating a space to collect and archive these magazines, we are using this “webspace” as a repository for once-upon a time publications.

Inevitable. But why evaluate complete textbooks? Each concept could be an independent lesson. A La Khan Academy?
"Minnesota Public Radio is running a story about the University of Minnesota's Open Textbooks project. The goal of the project is to solicit reviews of college-level open source textbooks and collect those that pass muster onto their website. The project will focus first on high-volume introductory classes such as those for Math and Biology, because as David Ernst, director of the project, states in the interview: 'You know the world doesn't need another $150 Algebra One book. Algebra One hasn't changed for centuries, probably.'"
Requirements for inclusion include: Open licensing (Creative Commons Attribution/Share Alike), complete content (no glorified collections of lecture notes), applicability outside of the author's institution, and print availability.

Research, research, research. I'll write the paper when I can remember which room my computer is in...
7 Beers You Should Drink This Spring

Real research
When I first heard about Instagrok, a new “educational search engine,” I admit, I wasn’t that thrilled with the idea. It’s not that I think Google is the perfect search engine. It’s not that I think the company is unassailable in the area that was once its core product (remember those days?). I’m a huge fan of DuckDuckGo, for example, as I think that it offers high quality, low-spam search results – with major bonus points for caring about users’ privacy.
… This isn’t about finding “the” answer to a search query; rather it’s about, in his words “seeing the topic” and learning more about what you’re researching – concepts, definitions, and connections. “Learning is an exploratory process,” he told me, arguing that the way students move through the Web should encourage that exploration. It shouldn’t just be about clicking on the “first blue link.”

Citations in research. “Wikipedia says” does not cut it.
… Sometimes I think I spend more time working on my bibliography than I spend writing the entire paper. Thankfully, Citelighter exists to make this process easier.
Citelighter is a handy Firefox toolbar that grabs information directly from the source and stores all the bibliographical information for you. You simply need to highlight the information you need and tell the toolbar to capture it. It will pull as much bibliographical information from the webpage as it can find, and you may only have to enter a couple of fields. Once you save it, it will be stored on your account and accessible from anywhere.

Research tool you add to your browser...
Cruxbot is an interesting new web tool that helps to summarize web pages. With a simple bookmarklet tool, this tool reads through any site - presumably with a large amount of text - and it summarizes the content. The summary can be lengthened or shortened by the user and users can even identify keywords to focus the learning on a particular issue. Very cool idea which works fairly well.

When you really need to concentrate.
SelfRestraint is a Python-based free to use open-source desktop application currently available for Windows and Linux, with a Mac version coming soon. The app simply lets you enter websites that you find distracting. You can then set a time duration for which these websites should be blocked.

Would probably be handy if all my math classes were not already online...
Using this handy editor you can create mathematical equations of all kinds with little or no coding skill required. Most of the equations are created by simply clicking on an image and filling in the numerals needed.
Similar tools: Daum Equation Editor, Fooplot and Text2img.

Free is good (even if you just keep them on your PC)
… The best part of all is that none the Kindle free classics are abridged!
Below, we have six classics that you may or may have not been able to read on the Kindle, so don’t hesitate. Also, for those of you who don’t have a Kindle, you really shouldn’t feel left out. With the Kindle app and the Cloud Reader, you can join right in and read all of these on whatever device you happen to have.
[Other sources of free books:
Ereader News Today Tips, Tricks, And Free Ebooks For Your Kindle

Another “Future of Education” model?
Grovo is a service that offers video lessons on how to use a huge array of web apps and web services. Grovo lessons on the subjects of Internet basics, productivity, business tools, communication, lifestyle, and entertainment. Within each of these subjects you can learn how to use hundreds of different websites and web apps. Not sure how to set up filters in your email? Grovo can teach you. Confused about privacy settings on Facebook? Grovo lessons can clarify them for you. Have an interest in Pinterest, but don't know how to use it? Grovo lessons will help you learn.
Grovo's video lessons aren't just stand-alone videos. There a part of a sequence of video courses. Each course has guiding questions that you can use to check your knowledge along the way.
Before you get too excited about Grovo, you should know that their course offerings a mix of free and paid enrollment courses. The courses marked with a big "G" indicate that they are courses for which you will have to pay to enroll.