Saturday, May 05, 2012


Can you think of a worse way to show how much you care about your patients?
By Dissent, May 4, 2012
Lance Williams reports on a case previously covered on this blog:
A Prime Healthcare Services hospital in Redding broke state law when it publicized a patient’s confidential medical files in an effort to discredit a California Watch news report, state regulators say.
The state Department of Public Health on Tuesday issued five “deficiencies” against Shasta Regional Medical Center for what were described as repeated breaches of patient confidentiality last year.
At one point, the hospital CEO sent an e-mail to 785 people – virtually everyone who worked at the hospital – disclosing details from a 64-year-old diabetes patient’s confidential files, state investigators found.
Read more on California Watch.
Back in January, I suggested that SRMC should probably shut up and not continue to try to defend its actions. The ruling by the state comes as no surprise to me. Nor, however, am I surprised to read that SRMC is appealing the finding.
Do I expect to see fines over this one? You betcha. A “good faith belief” only cuts you some slack, not all.


Interesting set of facts. The investigator stole the Logon ID of a third party to access the girls “private” Facebook pictures. Isn't that third party the victim?
Outraged Dad Says Law Firm and Insurer Snooped on Injured Girl’s Facebook Page
May 4, 2012 by Dissent
Kevin Koeninger reports:
A father claims in court that a law firm and an insurer hired an investigator to pose as the Facebook friend of his 12-year-old daughter, who had been hurt in a dog attack, “for the purpose of examining and printing all of the postings and pictures contained” on her Facebook profile.
Nelson Cope sued two people and three businesses on behalf of his daughter, in the Cuyahoga County Court of Common Pleas.
Read more on Courthouse News.
Okay, you’re probably thinking that Dad needs to wake up to the reality that whatever you post on Facebook is fair game, right? But what if the investigator acquired the friend’s Facebook login and used that to access to the daughter’s page? What then? It would seem to be a Facebook TOS violation, but are there grounds for any civil claim against the investigator and his clients?


This type of change would make their job easier. No need for warrants or other pesky (hated) paperwork. And, my Ethical Hackers get to use the backdoor for their own (purely academic) purposes! (Remember, I get 1%)
FBI Wants Backdoors in Facebook, Skype and Instant Messaging
The FBI has been lobbying top internet companies like Yahoo and Google to support a proposal that would force them to provide backdoors for government surveillance, according to CNET.
The Bureau has been quietly meeting with representatives of these companies, as well as Microsoft (which owns Hotmail and Skype), Facebook and others to argue for a legislative proposal, drafted by the FBI, that would require social-networking sites and VoIP, instant messaging and e-mail providers to alter their code to make their products wiretap-friendly.
… Under the Communications Assistance for Law Enforcement Act, or CALEA, passed in 1994, telecommunications providers are required to make their systems wiretap-friendly. The Federal Communications Commission extended CALEA in 2004 to apply to broadband providers like ISPs and colleges, but web companies are not covered by the law.
… The news comes on the heels of another FBI plan that began kicking around in 2010 that would require backdoors in encrypted communication systems. That proposal, which would revisit the encryption wars of the 1990s, has failed to gather administration backing.

(Related)
DOJ Official: Any Privacy Protection is Too Much Privacy Protection for Cell Phone Tracking
May 4, 2012 by Dissent
Hanni Fahoury writes:
Jason Weinstein, a deputy assistant attorney general in the Department of Justice’s criminal division, told a panel at the Congressional Internet Caucus Advisory Committee’s “State of the Mobile Net” conference yesterday that requiring a search warrant to obtain location tracking information from cell phones would “cripple” prosecutors and law enforcement officials. [That's why we could never solve a crime until cellphones were invented. Bob] We couldn’t disagree more.
[...]
The problem with the DOJ’s position is that it fails to take into account privacy. The only way to ensure “fairness” and “justice,” is to demand that our Fourth Amendment rights not be violated by law enforcement working closely with cell phone providers to access your location information without your knowledge. We’ve already seen that despite the ruling in Jones, law enforcement and the wireless industry are finding ways to continue their pre-Jones practices of warrantless surveillance amid a stunning lack of transparency. We’re slowly seeing legislative action in the right direction on these important issues. On the federal level, Senator Ron Wyden (D-Or) has proposed the GPS Act, that would require law enforcement to obtain a search warrant to access location information. In California, we sponsored a bill with the ACLU of Northern California, to require law enforcement to get a search warrant anytime it wants location information about another person in California. And earlier this week, Representative Ed Markey (D-Mass) sent a request (PDF) to the biggest wireless carriers, demanding information about their relationship with law enforcement.
Read more on EFF.

(Related)
May 03, 2012
FAS: Counterintelligence Surveillance Under FISA Grew in 2011
Secrecy News, Steven Aftergood: "In 2011, the US Government submitted 1,745 applications to the Foreign Intelligence Surveillance Court for authorization to conduct electronic surveillance or physical searches under the Foreign Intelligence Surveillance Act (FISA), according to a new annual report to Congress. Of these, 1,676 included requests for authority for perform electronic surveillance, the report said. That compares to 1,579 such applications in 2010 (including 1,511 for electronic surveillance). As is usually the case, the FIS Court did not deny any electronic surveillance applications in whole or in part last year, though it made modifications to 30 of them. The new report says that the government filed 205 applications for business records (including “tangible things”) for foreign intelligence purposes last year, compared to 96 in the previous year."


There are some very interesting conclusions in this article. Not sure I believe all of them, but definitely worth thinking about.
The Newsonomics of Pricing 101
When the price of your digital product is zero, that’s about how much you learn about customer pricing. Now, both the pricing and the learning is on the upswing.


Who is promising to keep student load rates low?
May 04, 2012
TRAC: Recent Rise in Federal Suits to Recover Student Loans
"The latest month-by-month data from the federal courts shows that in March of this year the government reported that it had sued 279 individuals in order to seek recovery of defaulted student loans. According to the timely case-by-case case civil enforcement information analyzed by the Transactional Records Access Clearinghouse (TRAC), this count was 25.7% higher than the previous month when 222 cases of this kind were filed. Relative to its population, the Eastern District of Michigan (Detroit) led the nation with prosecution rates ten times the average for the country. The Central District of California (Los Angeles) led the nation in the number of suits filed, accounting for 140 out of the 279 suits in March."


For my Geeks...
New Start Up CodeNow.Com Lets You Build And Test Code In Real Time, In Your Browser
Trying new APIs is tricky. You can spend hours setting things up, gaining permissions, and learning syntax before you even get to write one line of code. That’s why CodeNow.com is cool. In short, it allows you to try APIs before you invest too much time into them and, as an added bonus, it acts as a code repository.
The site is currently in private beta but it’s accepting users tonight.

Friday, May 04, 2012


Even terrorists should follow Best Practices.
"If you're running a terrorist organization, it might make sense to encrypt your files. Clearly Osama Bin Laden didn't realize that — as some of the documents seized during the raid on his hideout in Pakistan have been made public for the first time. 17 electronic documents, which were found on USB sticks, memory cards and computer hard drives after US Navy Seals killed the terrorist chief in the May 2011 raid, are being released in their original Arabic alongside English translations by the Combating Terrorism Center, reports Sophos."


Osama may not be the only one who isn't following Best Practices...
U.K. Ministry of Defense tries to play catch up with hackers
The British military's head of cybersecurity, Jonathan Shaw, admitted that there have been a number of successful attacks into the Ministry of Defense's computer systems, according to the Guardian.
"The number of serious incidents is quite small, but it is there," Shaw told the Guardian in a final interview before he retires. "And those are the ones we know about. The likelihood is there are problems in there we don't know about."
He wouldn't say how many attacks there have been, but he did emphasize that it was serious enough to make cybersecurity a top priority for the Ministry of Defense. This is the first time the government agency revealed that its networks have been breached.
Shaw had a few ideas in mind to deal with cybercrime. One was to develop cyberweapons.
… Another idea was to listen to "young" people.
… A final idea was to be creative and look at what tech companies are doing to combat data breaches.


It's wrong, but there are multiple degrees of wrongness. If “attachment” alone is the violation, what will happen when everyone has a “black box” in their car?
May 02, 2012
CRS - United States v. Jones: GPS Monitoring, Property, and Privacy
United States v. Jones: GPS Monitoring, Property, and Privacy, Richard M. Thompson II, Legislative Attorney, April 30, 2012
  • "In United States v. Jones, 132 S. Ct. 945 (2012), all nine Supreme Court Justices agreed that Jones was searched when the police attached a Global Positioning System (GPS) device to the undercarriage of his car and tracked his movements for four weeks. The Court, however, splintered on what constituted the search: the attachment of the device or the long-term monitoring. The majority held that the attachment of the GPS device and an attempt to obtain information was the violation; Justice Alito, concurring, argued that the monitoring was a violation of Jones’s reasonable expectation of privacy; and Justice Sotomayor, also concurring, agreed with them both, but would provide further Fourth Amendment protections. This report will examine these three decisions in an effort to find their place in the body of existing Fourth Amendment law pertaining to privacy, property, and technology."

(Related) Always quick to jump on trendy topics, despite staggering ignorance... “Hey, is it true you guys give information to the police? ...and what exactly is this telly-foney thingie?”
Rep. Markey asks for data from carriers on surveillance requests and revenues
May 3, 2012 by Dissent
Data helps, and Rep. Markey is asking AT&T some pointed questions about their cooperation with law enforcement on surveillance requests.
Responses are requested by May 23.


Watch the watchers?
Gary Kovacs: Tracking the trackers
As you surf the Web, information is being collected about you. Web tracking is not 100% evil -- personal data can make your browsing more efficient; cookies can help your favorite websites stay in business. But, says Gary Kovacs, it's your right to know what data is being collected about you and how it affects your online life. He unveils a Firefox add-on to do just that.
[...and one viewer's comment:
This is not even the best there is... I personally use a Firefox add-on thats called "Ghostery", and it doesn't just show you what trackers are tracking you, but it lets you block them very simply.

(Related) If that made you paranoid, these will really drive you to think)
8 Tools for the Online Privacy Paranoid


Yesterday Europe, tomorrow the world?
"Even as an EU court rules that APIs can't be copyrighted, tech observers are waiting for the Oracle v. Google trial jury to rule on the same question under U.S. law. Blogger Brian Proffitt spoke with Groklaw's Pamela Jones on the issue, and her take is that a victory for Oracle would be bad news for developers. Essentially, Oracle is claiming that, while an individual API might not be copyrightable, the collection of APIs needed to use a language is. Such a decision would, among other things, make Java's open source nature essentially meaningless, and would have lots of implications for any programming language you can name."


Interesting to note that, “Traditional privacy practices are finding their way to the mobile space. ” Or, as I have said repeatedly, each new generation of technology eventually relearns the lessons of earlier technology.
Mobile experts disagree on who should protect privacy
May 4, 2012 by Dissent
Grant Gross reports:
Users of mobile apps need more information about the ways those apps use their personal information, a group of experts agreed Thursday, but they didn’t agree on who is most responsible for protecting user privacy.
Apple and Google can better police their app marketplaces, although both companies have several good privacy protections, said Todd Moore, founder of app vendor TMSoft, during a discussion on mobile app privacy at the State of the Mobile Net conference in Washington, D.C. The operators of the iPhone and Android app marketplaces are in the best position to enforce privacy controls and set rules limiting the amount of information apps can collect, he said.
Read more on Computerworld.

(Related) ...and others are noticing the same thing.
Are Mobile Devices repeating PC History?


No more “Papers, Citizen!” Perhaps we can inject a chip under your skin at birth... “Bits, Citizen?”
"On Wednesday, the European Commission published a strategy document aimed at setting up systems to protect children online. In the document — but not in the accompanying press release nor the citizens' summary — the Commission mentioned that it will soon propose a 'pan-European framework for electronic authentication,' full details will be announced on 30th May. The launch of the strategy follows a push to strengthen internet security in the EU. It also outlined legal measures to make it easier for people to use a single e-ID for online services across borders, which would underpin a move toward a pan-European framework for electronic identification, authentication and signature (Pefias) framework."


Interesting, but not too much foresight required. (See following article)
Infographic: Features your next smartphone may have


The future is arriving on Track 2... Security by facial recognition.
Samsung Galaxy S III Tracks Your Eyes, Knows When You’re Ready to Call
One new feature, Smart Stay, uses eye-tracking technology to put the phone to sleep (and wake it up again) as needed. Specifically, the S III’s front-facing camera registers when you’re looking at the device. If the phone recognizes your mug, its screen will turn on and remain active as long as you’re using it.

(Related) Security for those of us with no smartphone?
"Tom Jacobs has a very cool little story about an Israeli research team introducing a novel way of verifying a computer is being operated by its rightful user. Its method, described in the journal Information Sciences, 'continuously verifies users according to characteristics of their interaction with the mouse.'"

(Related) Touch the cookie jar and hear “Do you really need another 300 calories?”
Touché Teaches Objects To Sense Your Touch
Researchers at Disney and Carnegie Mellon University have created an interesting new technology using Swept Frequency Capacitive Sensing that allows nearly any object to sense multiple points of contact on its complex service. This would allow, for example, doorknobs to understand when to lock and unlock based on your finger position and environmental controls based on the user’s current body position. Lying down? The lights go out. Feet on the floor? The lights go up.


Perspective
"According to Symantec's annual Internet Security Threat Report, religious and ideological websites have far more security threats per infected site than adult/pornographic sites. Why is that? Symantec's theory: 'We hypothesize that this is because pornographic Web site owners already make money from the Internet and, as a result, have a vested interested in keeping their sites malware-free — it's not good for repeat business,'"


Perspective
Study: 37% Of U.S. Teens Now Use Video Chat, 27% Upload Videos
According to a new study by the Pew Internet & American Life Project, 37% of teens now regularly use Skype, Apple’s iChat and startups like Tinychat to video chat with each other.


Don't they make you leave your phone in a basket before entering their X-ray machine?
Radioactivity Counter is a new application for Android devices. The function of the app is to help you measure radiation in your surroundings. Interestingly, the app makes use of your smartphone’s camera.
If you cover the camera with black tape, then the radiation in your surroundings will be registered as specs of white light in the CMOS sensors in the camera that come equipped on the phone. Through this method you can primarily measure gamma radiations and a few higher order beta radiations.
For a demonstration of the app, check out the following video:
Similar tools: Wikisensor.


Get smart, cheap!
Making use of this helpful service is easy. Just visit the website and look below for courses that are currently available. Choose one, and click on the button that says “Enroll”. You can then make an account or sign up with your Facebook account to access the course. The courses are conducted through video lectures, slides and PDFs.


There is money in online education...
Smart Education: How Lynda.com Hit $70M In Revenue Without A Penny From Investors
That’s why the story of Lynda.com has such relevance in today’s landscape. Founded in the ’90s, the company is, compared to the slew of year-old edtech startups, an old-hand. For those unfamiliar, Lynda.com offers a virtual video library of over 1,200 educational, how-to videos. Unlike the awesome Khan Academy, Lynda’s video courses are taught by industry experts, working professionals, and veteran teachers, served up in installments for a monthly subscription fee of about $25.
… For educators and teachers, part of the appeal of Lynda is that they’re guaranteed a paycheck for the content they help produce. Since Lynda is a veteran of the publishing industry, Lynda’s compensation model is not unlike book deals. Once teachers are vetted (and the co-founders told me they find more than 50 percent of the time that authors don’t necessarily make great teachers), they’re given an advance for their work. From there, the company offers a cut of revenues depending on the popularity of their videos.


While you are thinking about how much to invest...
This Story Contains Forward-Looking Statements
There are those investment titans who will be receiving a visit from Mark Zuckerberg and his band of roadshow colleagues flogging their 337.4 million shares in Facebook. That doesn’t include most of us. Fortunately, the Facebook team has kindly ginned-up a video for everyone else.
The 30-minute video, dubbed the Retail Roadshow, covers the basics of the massive Facebook offering in five easy sections. Think of it as the cheat-sheet for the S-1.


For my students (and a new Legal field?)
The Government Would Like You to Write a 'Social Media Will'
By some estimates, nearly a half a million people with Facebook accounts passed away last year, leaving family and friends to navigate what to do with those pages. Leave the account open? Shut it down entirely? Convert it to an official Facebook memorial page? What would you want for your own Facebook profile? And forget Facebook, what do you want to become of your email account?
If you want any say in such matters, you might want to consider creating a social-media will, as the US government is now recommending as part of its advice on estate planning. As per their blog:
If you have social media profiles set up online, you should create a statement of how you would like your online identity to be handled. Just like a traditional will helps your survivors handle your physical belongings, a social media will spells out how you want your online identity to be handled.
Like with a traditional will, you'll need to appoint someone you trust as an online executor. This person will be responsible for closing your email addresses, social media profiles, and blogs after you are deceased.
Sounds good, but legally it's tricky territory.

Thursday, May 03, 2012


e-Xtortion? Isn't the loss of customer confidence worth more than the EUR 150,000? So they have already paid the tax...
Hackers demand EUR150K ‘idiot tax’ from Dexia in return for stolen customer data
May 2, 2012 by admin
A group claiming to have hacked a Dexia Bank subsidiary’s database is threatening to post sensitive customer information unless it receives an “idiot tax” of EUR150,000 by Friday.
In a pastebin statement addressed to the media, the unnamed group says it has “downloaded extensive confidential customer information” from servers belonging to Elantis, a mortgage and consumer credit unit of Belgium-based Dexia.
The data – a sample of which has been posted in the message – apparently includes loan applications featuring full names, job descriptions, ID card numbers, contact information and income details.
Read more on Finextra.
The full media statement follows:
Dear members of the media,
Last week, our group downloaded extensive confidential customer information from Elantis’ servers. Elantis is a money lending company which belongs to renowned Belgian bank, Dexia (Do not bother trying to reach their website, they disconnected their server after we hacked into it).
In addition to database tables containing data such as internal login credentials, we downloaded numerous tables which contain Internet loan applications, as well as fully-processed applications. Those tables hold highly-sensitive data such as the applicants’ full names, their jobs, ID card numbers, contact information and details about their income.
It is worth pointing out that this data was left unprotected and unencrypted on Elantis’ servers.
We contacted Dexia over the weekend to offer them not to publicly release this data over the Internet if they agreed to pay us the equivalent of roughly EUR 150,000 before Friday, May 4th. So far they have declined to do so.
While this could be called ‘blackmail,’ we prefer to think of it as an ’idiot tax’ for leaving confidential data unprotected on a Web server.
The only question that remains now is this — After they carelessly treated their clients’ data, will Dexia act to prevent their clients’ data from being published online, or is their clients’ confidentiality worth less to them than EUR 150,000?
Time is running out.
The hackers involved did not identify themselves or point to any Twitter accounts.
Update: Loek Essers of IDG obtained some additional details on the breach. The bank says it will not pay blackmail, which is just as well as it seems the hackers didn’t give them any instructions as to how they were supposed to make the payment. It may well be that the hackers’ threat was just to call more attention to the bank’s lack of security for their data, but just making the threat could add years to any sentence if/when the hackers are caught.


Same tools different payoff?
Hackers Threaten University of Pittsburgh with Disclosure of Students’ Personal Info if Demands Are Not Met
May 3, 2012 by admin
Jacob Kleinman reports:
Members of the hacktivist collective calling itself “Anonymous” are targeting the University of Pittsburgh, and threatening to release a wealth of private information regarding the school and its students, if the University does not “apologize to your students, law enforcement, and professors on your home page of your domain for a duration of no less then fifteen days!”
In a three-minute long video directly addressing the Computer Science (CS) and Law departments in particular, Anonymous claims to have obtained every students personal information including passwords, dorm information, payment and credit information, parent information, coursework and grades, as well alumni information. According to the video, Anonymous has deleted the information, which was poorly protected, from the University’s website, but will post it publicly online if their demands are not met by Monday, May 6.
Read more on International Business Times, where you can read the full text of Anonymous’s statement.
[Video omitted Bob]
Sadly, I think Anonymous has just played right into the hands of those who would promote CISPA and broad information sharing by non–government entities with the federal government. Anonymous is also showing no regard for the privacy of students who have done nothing wrong but who may have their details posted online.
The hack is reportedly in response to the university being involved in the arrest of several supporters of Anonymous. And while the university might be embarrassed or incur expenses if the data are all posted online, I suspect there will be a greater backlash against Anonymous for using the 99% as a mere tool in their campaign.
The university already caved in to one demand, dropping a posted reward for information resulting in the apprehension of party or parties who pranked the university. Will they cave in to this demand, too?


Interesting. Now I know how to build a mailing list to advertise Privacy seminars.
Sixth Circuit dismisses class action over personal information release
May 2, 2012 by Dissent
Jessica M. Karmasek writes:
A federal appeals court this week upheld the dismissal of a proposed class action lawsuit over the distribution of personal information from a state’s motor vehicle records.
Plaintiffs Norma Wiles, Thomas Wiles, Theresa Gibson and Wanta Evitt, all Kentucky residents, filed the proposed class action against defendants Ascom Transport System Inc., Downtown Owensboro Inc., Jones and Wenner Insurance, Nationwide Debt Recovery Service Inc., Tennessee Valley Authority and Xerox Corporation in January 2010.
Read more about the case on Legal Newsline.
[From the article:
The district court ruled in December 2010 that the bulk purchase of such motor vehicle records without a "specific need for every record" does not violate the DPPA, and ultimately granted Ascom's motion to dismiss the plaintiffs' third amended complaint.


Teachers are always enemies, never friends.
"The New York City Department of Education has issued rules covering student-teacher interactions on social networking websites. Following numerous [Could be 9, could be 99 percent Bob] inappropriate relationships between students and teachers that began on social networking sites, the rules prohibit teachers from communicating with students using their 'personal' accounts, and requires parental consent before students can participate in social networking for educational purposes. The rules also state that teachers have no expectation of privacy online, and that principals and other officials will inspect teachers' profiles. Oddly, the rules do not address communication involving cell phones, which the Department of Education's own investigations have shown to be even more problematic."


More about “reverse engineering” than copying the code...
"The European Court of Justice ruled on Wednesday that the functionality of a computer program and the programming language it is written in cannot be protected by copyright. In its ruling on a a case brought by SAS Institute against World Programming Limited (WPL), the court said that 'the purchaser of a license for a program is entitled, as a rule, to observe, study or test its functioning so as to determine the ideas and principles which underlie that program.'"


I thought we had settled this a while ago... (The order is included in the article)
Judge: An IP-Address Doesn’t Identify a Person (or BitTorrent Pirate)
May 3, 2012 by Dissent
Ernesto reports on a federal court ruling from Eastern District New York:
A landmark ruling in one of the many mass-BitTorrent lawsuits in the US has suffered a severe blow to a thus far lucrative business. Among other things, New York Judge Gary Brown explains in great detail why an IP-address is not sufficient evidence to identify copyright infringers. According to the Judge this lack of specific evidence means that many alleged BitTorrent pirates have been wrongfully accused by copyright holders.
Read more on TorrentFreak.
[From the article:
Previous judges who handled BitTorrent cases have made observations along these lines, but none have been as detailed as New York Magistrate Judge Gary Brown was in a recent order.
In his recommendation order the Judge labels mass-BitTorrent lawsuits a “waste of judicial resources.” For a variety of reasons he recommends other judges to reject similar cases in the future.


Why didn't they ask for a copy of the video to improve engine safety? More interested in enforcement of (really silly) rules than airline safety?
FAA issues warning to passenger who filmed bird strike
A Delta Air Lines passenger who admitted using an electronic device last month to videotape a bird strike minutes after takeoff has been warned by the Federal Aviation Administration to follow the rules or face a penalty the next time.


Free and accessible.
"Wikipedia founder Jimmy Wales is helping a UK government bid to make the results of Government funded research available freely online. The move taps into a popular protest at the restrictions which academic publishers place on the availability of research. From the article: 'Almost 11,000 researchers have signed up to a boycott of journals owned by the huge academic publisher Elsevier. Subscriptions to the thousands of research journals can cost a big university library millions of pounds each year – costs that have started to bite as budgets are squeezed. Harvard University, frustrated by the rising costs of journal subscriptions, recently encouraged its faculty members to make their research freely available through open access journals and to resign from publications that keep articles behind paywalls.'"


Attention publishers? Will anyone/everyone follow?
Blurb, The Custom Book Printing Startup, Is Tossing Its Hat Into The E-Book Ring
Blurb has had a good amount of success as a disruptive player in the “traditional” publishing space. The San Francisco-based company, which lets anyone write and publish a physical book at relatively affordable prices, has built a profitable business with more than 100 staff and more than a million paying customers since it launched to the public six years ago.
… Blurb is expanding into the e-book space this summer, gradually rolling out a software platform developed in-house that will allow people to create and distribute multimedia-enabled digital books.


Geeky (and not-so-geeky) stuff (Each links to a full article)
10 awesome ways to use a USB flash drive


Tools for the artist...
Similar tools: 333DDD, Sculptris, and Muvizu.


For my students who already know everything...
Google Search Education is a website that wants to help students become better searchers. Aimed at educators, this site provides lesson plans, video tutorials, and access to live trainings to help show teachers how to empower their students to use the tools that Google has to offer and make their search experience stronger and more valid. A wonderful resource for teachers and learners of all ages.


One possible direction for education?
EdX: A Platform for More MOOCs and an Opportunity for More Research about Teaching and Learning Online
At a joint press conference today, Harvard University President Drew Faust and MIT President Susan Hockfield announced a new nonprofit partnership, edX, that would offer free open online courses.
… But the east coast-west coast and/or the elite university rivalries aren’t really the most interesting thing about the edX news.
Nor is it that Harvard says that it will, just as MITx does, offer certification (but no college credits) to those who complete the class.
Nor is the most interesting thing in today’s news that we’re seeing institutions of higher ed, reknowned for the glacial pace of their responsiveness and transformation, move quickly – really really quickly – to embrace MOOCs. Add to the list of MIT, Stanford, and Harvard are other US universities too – the University of Pennsylvania, Princeton, and the University of Michigan, now all offering courses via the Coursera or the MITx platform, as well as open online courses at other universities, including those offered at the University of Mary Washington and the University of Regina.)
As the MITx platform will be open source, universities will be able to offer MOOCs on it without having to pay or license the similar software from one of these other new for-profit education startups.
… The edX platform will enable the study of which teaching methods and tools are most successful. The findings of this research will be used to inform how faculty use technology in their teaching, which will enhance the experience for students on campus and for the millions expected to take advantage of these new online offerings.”


Dilbert explains why Apps sell so well. (For your Privacy Cartoon collection)

Wednesday, May 02, 2012


I can see we need a “debate” to clear this up.
Eric Goldman: The Irony of Privacy Class Action Lawsuits
May 1, 2012 by Dissent
Eric Goldman writes:
I’ve posted a new essay to SSRN titled The Irony of Privacy Class Action Lawsuits. It should be published later this year in the Journal of Telecommunications and High Technology Law at University of Colorado. The essay comes out of a panel discussion we had at Colorado Law in December on the Economics of Privacy. The version I’ve posted is still in draft form, so I should be able to make some changes. I welcome your comments.
The essay issues a challenge to privacy advocates who support enforcement of privacy violations via class action lawsuits.


Not very well managed for a breach of more than a million cards. Perhaps we need a new mantra:
“If at first you don't detect,
make damn sure you find out what is happening before opening your mouth...”
Global Payments breach went on for at least 8 months – revised estimate
May 1, 2012 by admin
Brian Krebs has an update on the Global Payments breach:
A hacker break-in at credit and debit card processor Global Payments Inc. dates back to at least early June 2011, Visa and MasterCard warned in updated alerts sent to card-issuing banks in the past week. The disclosures offer the first additional details about the length of the breach since Global Payments acknowledged the incident on March 30, 2012.
[...]
Initially, MasterCard and Visa warned that hackers may have had access to card numbers handled by the processor between Jan. 21, 2012 and Feb. 25, 2012. Subsequent alerts sent to banks have pushed that exposure window back to January, December, and then August. In an alert sent in the last few days, the card associations warned issuers of even more compromised cards, saying the breach extended back at least eight months, to June 2011.
Read more on Krebs on Security.
So far, there’s no revised/updated information on Global Payment’s site, but they will undoubtedly respond to Brian’s latest exposure of these details. And once again, they will be behind the story instead of ahead of it, it seems.


A tweek for my lawyer friends...
INFOGRAPHIC: America's Obsession with Lawyers


It's “Genetically Modified Milk,” they just did it the old fashioned way. Interesting article.
The Perfect Milk Machine: How Big Data Transformed the Dairy Industry


For my Computer Security students. Not actually “links” but at least citations.
May 01, 2012
CRS: Cybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and - Resources, Rita Tehan Information Research Specialist, April 26, 2012
  • "Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated by individuals, as well as countries. Targets have included government networks, military defenses, companies, or political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which also makes a response problematic... There is no shortage of data on this topic: government agencies, academic institutions, think tanks, security consultants, and trade associations have issued hundreds of reports, studies, analyses, and statistics. This report provides links to selected authoritative resources related to cybersecurity issues."


Since the definitions for each fallacy have their own URL, that's all I need to send to my Congressman.
When I taught current events to ninth grade students the first unit I taught was about recognizing bias, propaganda, and logical fallacies. Today, through a Tweet by Lee Lefever, I found a nice website that I wish I had had when I was teaching that class.
Your Logical Fallacy Is provides short explanations and examples of twenty-four common logical fallacies. Visitors to the site can click through the gallery to read the examples. Your Logical Fallacy Is also provides free PDF poster files that you can download and print. I dropped one of these posters into Zoom.it for easy embedding into this blog post.


Humor. The Google home page in Nigeria

Tuesday, May 01, 2012


A very small (relatively) breach that normally wouldn't get posted except for the time between the breach and someone noticing the breach. (If the breach predates disclosure laws, do they still have to report it?)
Vol State: Personal information found vulnerable for 14,000 students, faculty
April 30, 2012 by admin
About 14,000 students, former students and faculty at Volunteer State Community College in Gallatin had personal information placed on a web server that was not secure.
The files placed on the web included names and Social Security numbers, but university officials say there is no evidence that any of that information has been accessed [“We don't keep logs...” Bob] or used inappropriately. No credit card or financial information was included in the files.
Bruce Scism, interim president, said the university is notifying the affected students and faculty members as a precaution.
Read more on The Tennessean.
The college’s press release notes that the files had been accessible since 2008 and that “it’s possible that this data could have been accessed by unauthorized individuals on the web.”


Are we still allowing this? What happened to Best Practice contracts that required vendors to remove any such “security holes?”
Equipment Maker Caught Installing Backdoor Vows to Fix Following Public Pressure
After ignoring a serious security vulnerability in its product for at least a year, a Canadian company that makes equipment and software for critical industrial control systems announced quietly on Friday that it would eliminate a backdoor login account in its flagship operating system, following public disclosure and pressure.
RuggedCom, which was purchased recently by German-conglomerate Siemens, said in the next few weeks it would be releasing new versions of its RuggedCom firmware in order to remove the backdoor account in critical components used in power grids, railway and traffic control systems, as well as military systems.


Interesting article, but until everyone can carry the electronic equivalent of a Colt .45, I don't think it's wise.
'Stand Your Cyberground' Law: A Novel Proposal for Digital Security


Management: “Were too backlogged to worry about Security! You can ignore an applicant's Taliban past because we need him to secure our airports!”
TSA delays background checks for new hires
In a move that could affect security at airports around the nation, the Transportation Security Administration confirmed Wednesday it had such a backlog of background security checks, airport employers were allowed to hire any employee needed.
TSA officials said the background checks are delayed, but they are processing them as fast as they can. 
TSA also will complete background checks on accepted applicants at a later date.


It's hard to remain anonymous...
Engineer Doe” of Google StreetView payload data privacy breach unmasked
May 1, 2012 by Dissent
Steve Lohr and David Streitfeld of the New York Times put a name to “Engineer Doe” in the FCC investigation of the Google Street View investigation. “Doe” was the engineer who we now know wrote code to intentionally scoop up payload data from unsecured Wi-Fi networks. According to the less-redacted version of the FCC’s report (voluntarily released by Google after EPIC filed under FOI to obtain it), Doe did inform others of what he was doing, but Google claims that management did not read his communications.
A state investigator who spoke with the NYT identified the engineer as Marius Milner. Google had reportedly given his name to state investigators in December 2010.
The release of the report has raised new questions about Google’s public claims that this was all “accidental.” It has also raised questions as to why the FCC did not disclose to the public that they had found evidence of intentional data collection. In an OpEd yesterday, Chris Soghoian called on Congress to investigate the FCC for its failure to really inform the public of its findings.


Resources...
Resource: Librarians for Privacy
May 1, 2012 by Dissent
Jay Stanley of the ACLU writes:
The American Library Association has created an excellent public education resource on the privacy issues facing our society – a web site called privacyrevolution.org.
Read more on ACLU. Today starts Choose Privacy Week. Find out more on privacyrevolution.org.


The best way to share knowledge? Does this work the same in the US?
April 30, 2012
Briefing Paper on Embedding Creative Commons Licences into Digital Resources
Briefing Paper on Embedding Creative Commons Licences into Digital Resources - Naomi Korn, Strategic Content Alliance IPR Consultant, March 2011
  • "Creative Commons licences (also referred to as CC licences) can facilitate the copying, reuse, distribution, and in some cases, the modification of the original owner’s creative work without needing to get permission each time from the rights holder. There are a number of different types of these licences. Across the UK’s public sector, CC licences are increasingly used to provide access to cultural heritage and teaching, learning and research outputs. Creative Commons licensed resources are also helpful for public sector bodies who wish to use third party resources which place the least restrictive licensing terms on the user. This short briefing paper accompanies further information on CC licences produced by the Strategic Content Alliance, available here demonstrates how the terms of CC licences can be embedded into a variety of resources, such as PowerPoint, images, Word docs, elearning resources, podcasts and other audio visual resources." {via Robin Good]


This could be amusing. How much value would a phone bring to Amazon? Would Skype cut the cost of their 800 number? (They do have one.)
Is a Smartphone in Amazon’s Hardware Future?
Amazon is killing it. Its tablet is selling like Android-powered hotcakes and recent financial filings show that its bank account just keeps on growing. The retailer-turned-hardware vendor is on a roll, which begs the question: What will Amazon’s hardware division do next?
For answers, we might look to Facebook, which along with Apple, Google, Amazon and Microsoft, has the potential to own an entire “stack” — in other words, a walled-off ecosystem in which consumers use a single company’s hardware, operating system and storefront to search online, buy apps and purchase digital media and even physical products.
Last week, yet another rumor surfaced that Facebook is getting closer to releasing its own branded smartphone, an obvious attempt at owning a stack component (hardware) that’s currently missing from its line-up. So is it any more outlandish to think that Amazon, too, would enter the smartphone game? After all, it’s already selling the world’s most successful Android tablet in the Kindle Fire.
“A smartphone would be a logical next step for Amazon,” ABI Research Analyst Aapo Markkanen told Wired via email.
… The Kindle Fire does a fine job of goosing digital download sales, but it’s not the device consumers carry all the time. ... So imagine, instead, a truly mobile hardware device that would provide dead-simple hooks into the Amazon buying experience, 24-7.


Kulture!
… I need to introduce you to AIBQ, otherwise known as the Comic Books Archive.
You’re going to want to head straight to the Catalog page and you’ll quickly see just how vast the collection is, currently with over 900 comics available for download.
… Clicking on an issue that is available will bring up a prompt to download a CBR file. Save that file to wherever you’d like. Now, we need a quality comic reader. That’s where ComicRack comes in.
… Oh and don’t forget to check out our free comics manual, Bam! Your Guide To Cool Online Comic Books by Lachlan Roy, which also features other comic sources and comic software.

Monday, April 30, 2012


Oops?
Columbia U. notifies faculty and proprietors that their SSN and bank account numbers were exposed on the Internet for two years
April 30, 2012 by admin
A reader kindly alerted me to the fact that Columbia University sent out breach notices last week. The letter, dated April 21, informed recipients that 3,000 current and former employees, as well as 500 sole proprietors had their names, addresses, Social Security numbers and bank account numbers exposed on the Internet. The names of the banks or the routing numbers were not included in the file.
According to the letter from Jeffrey F. Scott, Executive Vice President for Student and Administrative Services, the breach occurred when a programmer erroneously saved what was supposed to be an internal test file on a public server in January 2010. [Never test with real data. It does not contain the errors you are testing for. Bob] The file remained there until it was discovered because Google had indexed it. The university said it was informed of the breach on April 16 and took immediate steps to secure the file and remove it from Google’s index. The university’s logs indicate that the file was not accessed between January 2010 and March 10, 2012, when it was first indexed by Google. [See how valuable logs can be? Bob]
Columbia is offering affected individuals a two-year subscription to a credit monitoring service from Experian.
In a statement to DataBreaches.net, the university writes:
We deeply regret that this incident occurred and the imposition it has caused. We have arranged for affected individuals to receive a two-year subscription to a credit monitoring system to help ensure they are protected from the risk of identity theft.
Although an FAQ posted on Columbia’s web site says that this breach “appears to have been an isolated, unintentional incident,” it is at least the fourth time the university has had a breach involving exposure of personally identifiable information on the Internet. And it is not the first time data were available on the Internet for quite a while before being discovered:
  • In 2005, an Emergency Management Operations Team Contact List for the School of International and Public Affairs was exposed on the Internet. As a result, 98 individuals associated with SIPA had their names, phone numbers, emergency contact person and Social Security numbers exposed. Although the university believed it had fully corrected the problem, a copy of the list showed up on the Internet again in June 2006.
  • In June 2008, 5,000 students’ Social Security numbers were discovered on the Internet. They had been exposed since February 2007, when a student employee had uploaded a database of students’ housing information to a Google-hosted Web site.
  • In September 2010, NewYork-Presbyterian Hospital and Columbia University Medical Center disclosed that the names and clinical information of 6,800 patients were exposed on the Internet during the month of July because an employee’s computer was “inadvertently open” to the Internet. For 10 of those patients, Social Security numbers were included.
A fifth exposure incident, in which the Social Security numbers of some of 993 doctors at Columbia University’s faculty practice were exposed was not due to Columbia University’s error but to an error by United Healthcare.
Related: Breach FAQ


We have no reason to suspect you are cheating but we want to come onto your property and check anyway...
UK: Nottingham textile firm taking a stand against council camera car
April 30, 2012 by Dissent
Good one, but do they really have any legal leg to stand on? The council says they don’t:
A Nottingham business is refusing to let the city council’s camera car onto its premises to check it is obeying the conditions of the workplace parking levy.
The council has spent £93,000 on a car [A Toyota at Rolls prices Bob] that will record the number of vehicles parked in company car parks [because they couldn't find anyone who could count? Bob] to enforce the new parking tax.
But Lenton firm Nottingham Textile Group, which voiced strong opposition to the levy before it came into force at the beginning of the month, has questioned the legal rights of the council to record on private property.
The company’s chief operating officer Adrian Wright has written to the Government Office of Surveillance Commissioners and the Information Commissioner’s Office, to ask for clarification and guidance. He says until this is provided they will not allow the car on site.
Read more on This is Nottingham.
[From the article:
The company's chief operating officer Adrian Wright ... said: "It's the privacy aspect of it. When they've recorded the vehicles, what happens to that information?"
… The company has said it will only use ten of its 50 car parking spaces, which is the maximum number of spaces before businesses have to pay the levy.
"We've got cars strewn down the road," said Mr Wright. "A few are beached at the side of the kerb. It looks rather strange when we have an empty car park, but that's our choice because we feel we can spend that money in many better ways."


Surely not what the framers intended. Before you change how the system works, explain why it isn't doing the job...
"The USPTO is considering a rather interesting request straight from lobbyists via congress. That certain 'Economically Significant' patents should be kept secret during the process (PDF Warning) of being evaluated and granted. While this does occur at the moment on a very select few patents 'due to national security' for things like nuclear energy and the like — this would allow it to go much, much further. 'By statute, patent applications are published no earlier than 18 months after the filing date, but it takes an average of about three years for a patent application to be processed. This period of time between publication and patent award provides worldwide access to the information included in those applications. In some circumstances, this information allows competitors to design around U.S. technologies and seize markets before the U.S. inventor is able to raise financing and secure a market.'"


Might make good handouts, if we could get them printed neatly...
April 29, 2012
New on LLRX - A Technical Examination of SOPA and PIPA
Via LLRX.com - A Technical Examination of SOPA and PIPA - The Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) are the subject of this Infographic, by Spencer Belkofer, Lumin Consulting. See also his related Infographic on the Cyber Intelligence Sharing and Protection Act (CISPA).


Who, in their right mind, would want to impersonate a government official...
April 29, 2012
New E-Gov Site - Check & Register: Federal Social Media Accounts
Via Howto.gov: "Do you have an official government social media account? Have you ever wondered if one you’re following is legit? GSA has built a federal social media registry — a government-wide solution that gives the public a way to verify whether a social media account is official. It also provides a place for agencies to register their accounts centrally so they don’t have to build a solution within each agency. This tool is now available for agencies to use on HowTo.gov, so they can start entering and editing their data."


Interesting idea (changes often are) but who is teaching the employees/bosses how to use these new toys? The article merely suggests that “big things are happening” without real examples.
How Tablets Are Transforming Business Intelligence
… Jeff Cavins, CEO of Fuzebox, recently wrote in Business Insider that the explosive uptake of tablet computers is fueling the growth of what he called the new “iPad economy.” Cavins said: “The iPad is shifting the way businesses function, changing how executives interact and transforming the economics of today’s business operations.”
… Simple RSS readers are used to condense multiple streams of content from a variety of sources into single channels, granting users access to diverse content all in one place. Some applications have further simplified news aggregation by using innovative search technology that goes beyond the function of RSS readers to deliver richer streams of highly targeted information to business users – a critical asset to businesses large and small.


Here's one I clearly don't understand.
Barnes & Noble, Microsoft ink $300M deal on e-reading
The companies announced today that Microsoft has invested $300 million into a new Barnes & Noble subsidiary, known as Newco until the company can come up with a name. The $300 million investment will give Microsoft 17.6 percent equity stake in the firm. Barnes & Noble, which assumed a $1.7 billion valuation on the subsidiary, will retain 82.4 percent ownership.
Newco will combine Barnes & Noble's digital and College businesses, meaning the retailer's Nook operation and its Nook Study software for students and educators will be a part of the operation.
As part of this deal, Barnes & Noble will bundle its Nook digital bookstore with Windows 8 when it launches later this year. In addition, the companies have settled all of their patent litigation related to use of Android on the Nook tablet, and have formed a "royalty-bearing license under Microsoft's patents for its Nook e-reader and Tablet products."


Since most of my Math is online, this could help my students...
April 29, 2012
Infographic - The Eye-Opening Effects of Staring at Your Screen
The Eye-Opening Effects of Staring at Your Screen by JuJu Kim. "It’s no secret that we spend more than six hours a day on average staring at digital screens. But what’s lesser known is the toll it can take on our eyes. Read on for the ailments too much screen-staring can cause (turns out, “Computer Vision Syndrome” is a thing), then discover some tips to protect your peepers."


Finding, organizing and presenting online resources for each of my classes takes time. Tools like this might help...
There are literally hundreds of services out there that want to help you keep your bookmarks neat and tidy. The problem is, most of these are installed to your browser, and therefore, only work on that specific browser. Fav-Links is different, because it works with a web app and a Windows-based app, so it works regardless of what browser you are using.
Fav-Links offers a very elegant bookmark solution that is easy to use. Once you install the program, a small icon will appear on your screen. You simply click and drag the URL you want to add to the icon and it will add it to your bookmarks. You can add a custom screenshot to the bookmark, so it looks exactly as you want.