Saturday, June 30, 2012

Another good “Bad Example” for my Business Continuity class. That's what you get for relying on a Cloud.
There Goes The Weekend! Pinterest, Instagram And Netflix Down Due To AWS Outage
… Because of storms in North Virginia, power outages have impaired Amazon Web Services data centers in the region tonight, which means no Pinterest, Instagram, Netflix, Heroku and other sundry AWS-dependent services for you.
According to the AWS outage dashboard the company is ONIT, yet, as of 12:31AM PST, it is only at 50% recovery.

What do you bet someone will forget to change their clocks and the NYSE will crash on Monday...
How Will You Spend Today's 'Leap Second'?
Today's the day when we officially add another second to our calendar -- to compensate for the fact that it's taking the planet longer and longer to complete a full rotation around its axis.

A sound byte is a sound byte...
Kucinich: US Drone Program Is ‘Vigilantism Conducted by Robots’
The U.S. drone assassination program is "vigilantism conducted by robots" and has caused us to "journey into moral depravity," said Rep. Dennis Kucinich (D-Ohio) in an interview with The Bureau of Investigative Journalism.
In the June 21 interview with the London-based Bureau, Kucinich gives a scathing review of the U.S. wars in Yemen and Pakistan and states that the nation's justice values have been "radically altered" and that we now have a system of trial by execution.
"We have ventured into a world since 9/11 where international law is set aside and where the implements of war are becoming so ubiquitous that all the rules are being ignored and conflict zones are expanding. Where suspected terrorists – and we do not know what they are really suspected of doing, you know – they can be suspects now, and they can be executed. Or they can just be perceived to be a male of combat age and be executed."

(Related) A more practical concern, but easily avoided – think Best Practices.
Drones can be hijacked via GPS spoofing attack
Last year a U.S. military drone doing reconnaissance in Iran disappeared. Iranian government officials there said they had steered the device off course by interfering with its GPS signals.
Such an attack, called GPS spoofing, had previously been considered theoretical. A research team at the University of Texas at Austin has demonstrated that the GPS signals of an unmanned aerial vehicle can be commandeered remotely. This demonstration highlights security concerns with plans to allow thousands of military and civilian drones in U.S. airspace by 2015.

How do I surveil thee? Let me count the ways.
I surveil thee to the depth and breadth and height
My evil-little-mind can reach, you are never out of sight
June 29, 2012
WSJ - E-book publishers and retailers collecting data on readers
WSJ: "In the past, publishers and authors had no way of knowing what happens when a reader sits down with a book. Does the reader quit after three pages, or finish it in a single sitting? Do most readers skip over the introduction, or read it closely, underlining passages and scrawling notes in the margins? Now, e-books are providing a glimpse into the story behind the sales figures, revealing not only how many people buy particular books, but how intensely they read them."
[From the article:
The major new players in e-book publishing—Amazon, Apple and Google—can easily track how far readers are getting in books, how long they spend reading them and which search terms they use to find books. Book apps for tablets like the iPad, Kindle Fire and Nook record how many times readers open the app and how much time they spend reading. Retailers and some publishers are beginning to sift through the data, gaining unprecedented insight into how people engage with books.

If I can spoof an IP address to fool the BBC into believing I live in the UK, how hard will it be to live (temporarily) in Delaware?
"Delaware became the first state to enter the realm of legal online casino gambling Thursday with the governor's approval of legislation that allows for full-service betting websites offering slots play and games like roulette, poker and blackjack. Federal law limits online gambling to players within the state's borders, which will be verified using geolocation software. The state hopes to launch online gambling in 2013 and intends to make betting available on a variety of digital devices including smart phones and tablets."

Another techno tchotchke, because when you need one you really need one.
OnlineConvert is a helpful online website that allows users to convert various types of files from one format to another. Currently, the website supports audio, video, documents, e-books, hash, image and archive conversion.

Because we don't waste enough time online?
While physically setting up dominos takes a lot of time, you can now do it virtually thanks to a site called Drawminos.
… You can select any one of the domino patterns present on the site and then watch them fall. The names of each pattern usually define the pattern’s shape.
You can create your own domino patterns as well. Click on the Create button and you will be able to set up dominos yourself and move them around; balls can be added too. A sharing link for your pattern is generated so you can share your patterns with friends. [I see a university wide competition in my future! Bob]

I'm looking forward to teaching “Tablet 101”
A Portrait of Today’s Tablet User
Source: Online Publishers Association
Summary Findings:
1. Tablet usage is exploding.
2. Tablets have become embedded in people’s lives.
3. Content consumption continues to dominate tablet usage.
4. Tablet users have an appetite for paid content.
5. After seeing tablet ads, tablet users are driven to actions.
6. Tablet content purchasers and cross-platform tablet users are more positive about tablet ads and are more likely to purchase products from their tablets.

Mini-Linux Coming soon to a computer lab near you! Note that the demand for these exceeds their ability to manufacture even this simple cheap device.
Allied Electronics Is Now Accepting Orders For The Bite-Sized Raspberry Pi
The Raspberry Pi is a tasty little Linux computing device but it’s so far been rather hard to buy. I’ve wanted to order one since it officially started to ship in April. However, due to the limited quantities, retailers sold out nearly immediately.
Enter Allied Electronics. The Texas-based electronic distributor is now taking orders for the Raspberry Pi at the list price of $35 each with the only caveat being shipping is not for 10-12 weeks. But I’ll take it!

Just a reminder...
"If you don't recall, then Broadband/DSL Reports is here to remind us that ISPs around the U.S. will begin adhering to the RIAA/MPAA-fueled 'Six Strikes' agreement on July 1st. Or is it July 12th? Comcast, AT&T, Verizon and Cablevision are all counted among the participants. They will each introduce 'mitigation measures' against suspected pirates, including: throttling down connection speeds and suspending Web access."

A Virtual Trip: New Grateful Dead Digital Archive Launches
No band deserves an online archive more than the Grateful Dead. As much lifestyle as musical outfit, the Dead influenced millions through their concerts and songs. A few years ago, the band selected the University of California Santa Cruz [home of the Banana Slugs Bob] as the host for its history, and now the first fruits of that decision are available for consumption. The Grateful Dead Online Archive is now live.

Dilbert continues my legal education with “everything you ever wanted to know about patent trolls”

Friday, June 29, 2012

Health tax. Matches (unfortunately) the retirement tax. (See, government is trying to become a social network, no matter the cost.)
I think Roberts did something smart for the long term. I see this decision as a huge billboard saying: Congress tried to hide this tax by calling it something else, but they did no better at that than they did writing this really stupid law. Unfortunately, “stupid” is not unconstitutional.
Best illustration of how bad even 2700 pages can be? NPR had the example of youngsters who would find the $1500 tax cheaper than health insurance until they are diagnosed with something serious, at which time they can buy health insurance. Remember, they can't be turned down or charged extra for a preexisting condition. This suggests a couple of things: 1) Insurance companies will set their rates high enough to cover this. 2) The government will have to raise this tax to “drive” younger/smarter citizens into buying insurance.
By the way, what happens to that $1500? Does it go to insurance companies or to organizations that provide care to the uninsured?

Cheap. Even the Class Action Lawyers won't get much – more than a e-Book, but still...
Hacking settlement to cost Stratfor $1.75 million
Stratfor has agreed to settle a class-action lawsuit filed against the global intelligence firm after hackers affiliated with Anonymous stole subscriber data from its computers last year, Reuters reported today.
The settlement -- which calls for Stratfor to offer subscribers one month of free access to its service, a digital version of a book, and credit-monitoring service, in addition to paying attorney fees -- is expected to cost the company about $1.75 million, according to the settlement given preliminary approval by Judge Denis Hurley in U.S. federal court in New York.

They are probably not worth a Maverick missile each. Perhaps a pound or two of plastique?
"Anti-drug squads are now using Brazilian spy drones to sniff out drug labs that dot Bolivia in increasing numbers. Felipe Caceras, Bolivia's top anti-drug official, claims that some 240 drug labs have been busted in Santa Cruz, an eastern lowlands state bordering Brazil, this month alone, all thanks to Brazil's drones."

Info on cookies two days in a row? Curious.
June 28, 2012
UK Info Commissioner: Cookies - advice for members of the public
"What are cookies? - A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things eg remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website. The rules on cookies are covered by the Privacy and Electronic Communications Regulations. The Regulations also cover similar technologies for storing information, eg Flash cookies. The Regulations were revised in 2011, and the ICO is responsible for enforcing these new rules... Where to find information about controlling cookies:

Dilbert shows what happens when an IP Lawyer retires...

Thursday, June 28, 2012

Even if this is a hoax, Comcast and AT&T will be scrambling to check and double check. Having a procedure to search for suspect data would make this cheaper and faster (and be extremely useful if you ever have a real breach)
Latest hacker dump looks like Comcast, AT&T data
A group of hackers has posted to the Web today data that appears to include Comcast employee names, ages and salaries, as well as e-mails and passwords associated with AT&T VoIP service accounts.
… As with many data dumps, it's unclear whether the data is what the hackers claim it is, whether it is current, who actually stole it, and how.

“We're intimidated by government. We almost tolerate customers.”
Mobile Carriers Gladly Give Your Data to the Cops, But Not to You
The nation’s major mobile carriers have amassed a treasure trove of sensitive data on their customers that they share with police and advertisers — but keep hidden from the consumers themselves.
The major carriers, AT&T, Sprint, T-Mobile and Verizon, store who you texted, the content of texts and locational tracking information such as cell-site data, which identifies the cell tower to which a customer was connected at the beginning of a call and at the end of the call. Different companies hold your data for different times. Sprint hoards information the longest, according to a Justice Department survey, keeping your call records for an average of 18-24 months.
But, according to a survey by Pro Publica, the major carriers won’t disclose the data to their customers, for a host of reasons — nonsensical ones at best. But they will gladly hand it over to the authorities, even without warrants.
… When defeating California legislation this year that would force the mobile carriers to publicly report the number of times they turn over cell phone location information to police and federal agents, they successfully argued that such a plan would be too burdensome, and would take time away from the important work of sharing customer data with cops “day and night.”
T-Mobile declined comment on the Pro Publica survey. But AT&T said giving customers their data “is not a service we provide.”
Sprint said it doesn’t do it “for privacy reasons.”
That answer sounds familiar to a claim made last week by the Obama administration, which said it would violate Americans’ privacy if it informed the public on how many times it spied, without warrants, on Americans’ electronic communications under the FISA Amendments Act.
Verizon said it would provide your data to the cops “but not directly to you.”

This could be enlightening.
June 26, 2012
The Web Privacy Census
Berkeley Center for Law and Technology: "The Web Privacy Census is intended to formalize the benchmarking process and measure internet tracking consistently over time... This effort was developed and executed in partnership with Abine, Inc. Abine has been our technical collaborator and resource partner, helping us develop a reliable method for web crawling and analysis of tracking vectors. We seek to explore:
  • How many entities are tracking users online?
  • What vectors (technologies) are most popular for tracking users?
  • Is there displacement (i.e. a shift from one tracking technology to another) in tracking practices?
  • Is there greater concentration of tracking companies online?
  • What entities have the greatest potential for online tracking and why?"

Do you really “offer” the service if you don't tell anyone about it?
"The Federal Communications Commission has settled with Comcast over charges that the cable company made it hard for consumers to find stand-alone broadband packages that don't cost an arm and leg. As part of the settlement Comcast paid the U.S. Treasury $800,000 and the FCC extended the length of time Comcast had to provide such a service."

(Related) Does anyone in government do their job without prodding from someone outside?
Your FTC Privacy Watchdogs: Low-Tech, Defensive, Toothless
Jonathan Mayer had a hunch.
The young computer scientist suspected that online advertisers might be following consumers around the web — even when they set their browsers to block the snippets of tracking code called cookies. If Mayer’s instinct was right, advertisers were eying people as they moved from one website to another even though their browsers were configured to prevent this sort of digital shadowing. Working long hours at his office, Mayer ran a series of clever tests in which he purchased ads that acted as sniffers for the sort of unauthorized cookies he was looking for. He hit the jackpot, unearthing one of the biggest privacy scandals of the past year: Google was secretly planting cookies on a vast number of iPhone browsers. Mayer thinks millions of iPhones were targeted by Google.
This is precisely the type of privacy violation the Federal Trade Commission aims to protect consumers from, and Google, which claims the cookies were not planted in an unethical way, now reportedly faces a fine of more than $10 million. But the FTC didn’t discover the violation.
… If it seems odd that a federal regulator was scooped by a sleep-deprived student, get used to it, because the federal government is often the last to know about digital invasions of your privacy. The largest privacy scandal of the past year, also involving Google, wasn’t discovered by federal regulators, either. A privacy official in Germany forced Google to hand over the hard drives of cars equipped with 360-degree digital cameras that were taking pictures for its Street View program. The Germans discovered that Google wasn’t just shooting photos: The cars downloaded a panoply of sensitive data, including emails and passwords, from open Wi-Fi networks. Google had secretly done the same in the United States, but the FTC, as well as the Federal Communications Commission, which oversees broadcast issues, had no idea until the Germans figured it out.

Perhaps the DoJ should have consulted a real lawyer?
Kim DotCom warrants invalid, New Zealand judge rules
… New Zealand High Court Judge Helen Winkelmann ruled Thursday that the warrants did not adequately describe the offenses alleged, according to a report in the New Zealand Herald. "Indeed they fell well short of that," she said. "They were general warrants, and as such, are invalid.''
She also ruled that it was unlawful for the data confiscated in the raid to have been sent offshore, saying "the release of the cloned hard drives to the FBI for shipping to the United States was contrary to the 16 February direction" [given by the court] "that the items seized were to remain in the custody and control of the Commissioner of Police."

Tools for the next “Rodney King” incident? Perhaps record your Arizona traffic stop for “failure to look sufficiently Aryan.”
… You may have your own requirements for such an app, but in my particular case, I really wanted something that is: (1) extremely easy to set up, (2) extremely fast and convenient to start capturing video, and (3) produces high-quality video instantly on the web.
… Thankfully, I did find 5 apps to choose from that really fit the bill when you want to stream live video from your smartphone, for either all of the world, or just for a select circle of friends and family.

Designed for 9-year-olds – should be perfect for my students...
… Last year I shared an Explania video that illustrated and explained browser cookies. Yesterday, Common Craft released an explanation of their own. Watch both videos and I think you'll have a pretty good understanding of what cookies are and what they do. I do wish that both videos added a little more information about why and how websites and ad networks in particular use cookies.

Word is, having a thumb drive full of “fill in the blanks” legal documents is easier that typing them from scratch.
Similar site: JDSupra,

Perspective: Can anyone remember back that far?
59% of Young People Say the Internet Is Shaping Who They Are
… We have adopted new technologies with such remarkable speed and enthusiasm that they seem like they have been here much longer than they actually have.
A few points of reference:
  • When the country elected Barack Obama just four years ago, Twitter was a fledgling startup. During the campaign, Obama overtook Kevin Rose as the most followed person on Twitter, passing him at 56,482 followers.
  • Five years ago, according to Pew, less than half of Americans used email daily; less than a third used a search engine.
  • YouTube was founded in 2005 and Facebook in 2004 -- and it would be a while after that until they became such integral parts of our day-to-day Internet experience.
  • Today nearly half of Americans own a smartphone. The iPhone is five years old.
… In the new survey, commissioned by The Atlantic and The Aspen Institute and conducted by Penn Schoen Berland and Associates, we can see some hints of what this early generation of Internet users looks like, vis-a-vis that very technology that they've grown up on, and also with regard to questions of values that cut to the core of what America will look like in the years ahead.
Most younger people say that the Internet is shaping who they are. On a question that asked people to rank different sources of influence on their sense of right and wrong, 59 percent of people ages 18 to 29 said that social media or the Internet had a "great deal" or a "fair amount" of influence. Fascinatingly, 38 percent of Americans older than 65 said the same.

Dear Google, Unlike many reviewers, I plan to actually read this manual before writing my review. If you would be so kind as to send me a Nexus 7, I would even try using it before writing my review. If you look back through my Blog, you will see that I rarely say nasty things about Google so your odds of a good review aren't too bad. Hopefully, Bob
Nexus 7 tablet guidebook now available
Want to know more about Google's Nexus 7 tablet and Android 4.1 Jelly Bean? A free 84-page guidebook explains how to use the new tablet and OS.
The guidebook is available for Android, IOS, and PC users via Google Play.

Infographics are to statistics what comic books are to great literature – that's why I love 'em.
Infographics That Don’t Suck: FindTheBest’s Comparison Charts Are Now Embeddable
FindTheBest, the startup led by DoubleClick founder Kevin O’Connor, has built charts comparing everything from financial advisors to dog breeds to smartphones. And now that those charts can be embedded in blog posts, you might start seeing them a lot more often.

Wednesday, June 27, 2012

This suggest a failure by policy. And what are “proper incident response procedures” and where are they documented?
FTC Files Complaint Against Wyndham Hotels For Failure to Protect Consumers’ Personal Information
June 26, 2012 by admin
Woo hoo. I had such a headache trying to sort out Wyndham’s breaches (see previous blog entries on Wyndham) and was concerned that at least one state had removed their notification from public view on the state’s web site because Wyndham had asked that it be treated as confidential. Now it seems the FTC has gone after them (complaint) and that Wyndham’s breaches allegedly affected over 500,000 customers. From the FTC today:
The Federal Trade Commission filed suit against global hospitality company Wyndham Worldwide Corporation and three of its subsidiaries for alleged data security failures that led to three data breaches at Wyndham hotels in less than two years. The FTC alleges that these failures led to fraudulent charges on consumers’ accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers’ payment card account information to an Internet domain address registered in Russia.
… In its complaint, the FTC alleges that Wyndham’s privacy policy misrepresented the security measures that the company and its subsidiaries took to protect consumers’ personal information, and that its failure to safeguard personal information caused substantial consumer injury. The agency charged that the security practices were unfair and deceptive and violated the FTC Act.
… Ultimately, the breach led to the compromise of more than 500,000 payment card accounts, and the export (sic) hundreds of thousands of consumers’ payment card account numbers to a domain registered in Russia.
Even after faulty security led to one breach, the FTC charged, Wyndham still failed to remedy known security vulnerabilities; failed to employ reasonable measures to detect unauthorized access; and failed to follow proper incident response procedures. As a result, Wyndham’s security was breached two more times in less than two years.

(Related) Another 'less than stellar' response? Looks like “speak with one voice' isn't one of their “Best Practices.”
From the a-little-birdie-told-me dept.
June 26, 2012 by admin
A Charter One customer called Charter One after her debit card was refused at a merchant. It seems that someone had tried to put through a micro-charge on the card that morning and Charter One had cancelled the card because of the suspicious activity. When she asked why she hadn’t been called about the matter, an employee reportedly told her that Charter One was busy dealing with thousands of breached cards from a third-party processor and didn’t have time to call customers. [Translation: Customers be damned, we could lose money! Bob]
Third-party processor and a rash of charges on compromised cards? Hmmm.

How else should my Ethical Hackers repay their student loans?
"Billionaire Mark Cuban talks in an interview with the Wall Street Journal about how he thinks high-frequency trading can be quite damaging to stock markets. He goes so far as to call high-frequency traders the 'ultimate hackers.' [Translation: Really good Bob] He says, 'They're running software programs that have one goal, and that's to exploit the trading systems as early and often as possible. [They didn't write the rules... Bob] As someone who wrote software for eight years and who keeps up very closely with the technology world, that scared the hell out of me. The only certainty in the software world is that there is no such thing as bug-free software. When software programs are trying to outsmart other software programs and hack the world's trading platforms, that is a recipe for disaster. ... How many times an hour are there failures across individual equities around the world because of software running algorithms battling each other for supremacy to make a profitable trade? We have no idea. It's not a question of if or when we have meltdowns, it's just a question of how big and where. It's straight out of War Games. And that's before we even get to the possibility of nefarious or sovereign hackers getting involved.'"

If you keep teasing the kitten, don't be surprised when you get an unpredictable cat.
"A series of reports shows that the U.S. and Israel are engaged in a cyber war with Iran to stop it from developing nuclear weapons. Oddly enough, at the same time, the United States and others nations are trying to negotiate with Iran. As America and others start the world's first undeclared cyber-wars, dangerous precedents are being set that this type of warfare is without consequences. Such ideas could not be further from from truth."

Welcome to the world of Behavioral Advertising...
Orbitz Discriminates Against Mac Users ... Just Like It Should Be Doing
The Wall Street Journal has a great scoop: Orbitz, the online travel agency, has realized that users who visit the site on Mac computers spend as much as 30 percent more on hotels than their PC-using counterparts. Based on that insight, the company is starting to show Mac-based visitors different, and sometimes more expensive, hotel options.

Interesting idea. Take public statements and make them even more public (public-er?) Would this site help educate my students? When Trashing Your Boss on Facebook Suddenly Becomes Very Public
Let me give you this hypothetical about privacy. You and a friend walk into a public subway station having a conversation about how much you hate your boss. Someone happens to be recording every word spoken listening for the search string "hate my boss" while running facial recognition software to figure out who you are. This information is then being posted in another public location for anyone and everyone to see. Would that be OK?
My intuition is that almost everyone reading this post would say no. And yet, that is precisely what the website, is doing with public Facebook updates. The site scrapes public Facebook updates and searches for people saying "hate my boss," discussing doing drugs, giving out their phone numbers, or complaining about being hungover. It then handily formats them for broader consumption.

Perspective: Unplanned increases cause bottlenecks... Is this why everything seems so slow? For example, every question in my online Math homework has a video attached and I send students to and other online Math sites, all with video.
High Definition Video Clogs Corporate Networks
If you could somehow peek inside the pipes of your typical corporate network, you’d see a whole heck of a lot of streaming video and P2P filesharing.
That’s what network scanning company Palo Alto Networks discovered when it took a look at more than 2,000 corporate networks between November 2011 and May of this year.
In the past six months, the amount of bandwidth used by streaming video software has quadrupled, according to Chris King, the company’s director of product marketing. And P2P filesharing traffic is up seven-fold, he says. It’s not that more companies are allowing P2P or video streaming. It’s just that the people doing it are using a lot more bandwidth. “It’s a massive increase within the companies that are using them,” he says. “There’s just more comfort with getting busted using streaming at work.”

Perspective: Noticing changes in your operating environment can allow you time to plan a solution. Also, not all your growth is due to customer activity.
Facebook Future-Proofs Data Center With Revamped Network
When Facebook started work on its new data center in Forest City, North Carolina, the idea was to create pretty much an exact copy of the new-age facility the company had just built in the high desert of central Oregon. “The blueprint we’d put together was pretty good,” says Jay Parikh, the man who oversees Facebook’s entire data center infrastructure. “We felt that all we needed to do was lather, rise, and repeat.”
But about two months into the project, Parikh and company decided this was a poor idea — not because the Oregon facility was deficient in any way, but because Facebook’s network traffic had changed in a big way and, as is always the case in the internet world, more changes were on the horizon. “We decided to change everything,” Parikh says. “We realized that we have to make sure our infrastructure is several steps ahead of what we need now.”
What Facebook noticed was a significant jump in the traffic generated by its internal services — software systems that generate things like friend recommendations and realtime notifications. These services work in tandem to build each new Facebook page, and the bits traveling between these services was growing exponentially faster than the traffic to and from the internet.

“It is better to look good than to feel good.” Fernando (Billy Crystal) on SNL Perhaps not the best education strategy?
San Diego schools spend $10M on iPads for students
The purchase, reported by several local media outlets, is said to be one of the largest educational iPad rollouts in the U.S. K-12 market. The 26,000 iPads will be spread out in 340 classrooms starting this fall.

(Related) Insight or sour grapes? Videos and transcript in the article, you be the judge.
"In a detailed interview on the future of education, Bill Gates was surprisingly down on tablets in education — considering that Microsoft just released Surface. He said low-cost PCs are the thing for students, and he dismissed the idea that simply giving gadgets to students will bring change. Quoting: 'Just giving people devices has a really horrible track record. You really have to change the curriculum and the teacher. And it's never going to work on a device where you don't have a keyboard-type input. Students aren't there just to read things. They're actually supposed to be able to write and communicate. And so it's going to be more in the PC realm—it's going to be a low-cost PC that lets them be highly interactive.'"

For my students...
Today, Google announced the launch of a new MOOC - Massive Open Online Course - titled Power Searching With Google. The course will contain six 50 minute sessions and activities to try out the things that are taught in the course. Upon completion of the course you will be able to get a certificate of completion (presumably suitable for printing at home and putting on your refrigerator). The course begins on July 10. Registration is open now.
Applications for Education
If you're familiar with advanced Google search tools, you can handle all of Dan Russell's search challenges, and you're ready to take the next step toward being a power searcher, take this new course. And even if you're not up to speed with all of the advanced search tools in Google, this MOOC could help you too. Take the course this summer and pass on your new search skills to your students in the fall. 

Tuesday, June 26, 2012

If not government sponsored, perhaps a tool for corporate espionage?
"Security researchers have come across a worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm's infection rates are dropping at this point and it doesn't seem to be part of a targeted attack campaign. ... [They] discovered that not only was the worm highly customized and well-constructed, it seemed to be targeting mostly machines in Peru [Proof of concept testing? Bob] for some reason. ... They found that ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that's used in AutoCAD."

Another “Joy of Computer Security” article... Seems they are developing “Best Criminal Practices” as fast as we are developing Best Computer Security Practices.” ...
Cybercriminals Getting Quicker and Craftier, Google Says
Five years ago, Google started a “Safe Browsing” initiative to track down malicious content across the Web. On Tuesday, the company shared some of the insights it gleaned during the cleanup job.
It said — no surprises here — that cybercriminals are getting faster and more creative.
The Internet has long been plagued by “phishing” schemes in which criminals try to trick users into clicking on malicious links that allow them to scoop up a user’s banking credentials or send spam from their machines.
The difference now, Google says, is that as security mechanisms for blocking sites have gotten more effective, criminals have learned to narrow their focus on their victims and never stay in the same place for long.
To avoid detection, cybercriminals now switch up their location and put up new malicious sites using free Web hosting providers and services that automatically generate new domain names. Google said many phishing sites now only stay online for less than an hour. Some are switched out every 10 minutes. It said it now finds 300,000 new phishing sites a month, triple the number it encountered three years ago.

This is not my Ethical Hackers paying off college loans. (They already did that)
Operation High Roller auto-targets bank funds
A global financial fraud scheme that uses an active and passive automated transfer system to siphon money from high balance accounts in financial institutions has been discovered by McAfee and Guardian Analytics.
According to a joint report released overnight, the online fraud, dubbed "Operation High Roller," attacks banking systems worldwide and has impacted thousands of financial institutions including credit unions, large global banks and regional banks. The criminals have attempted to transfer between 60 million euros (US$75.1 million) and 2 billion euros (US$2.5 billion) to mule business accounts belonging to the "organized crime" syndicate from at least 60 banks so far, the study revealed.
"The advanced methods discovered in Operation High Roller show fraudsters moving toward cloud-based servers with multi-faceted automation in a global fraud campaign," David Marcus, director of security research for McAfee Labs, said in a blog post.

We give you a list of Best Practices so you can implement them. Sure it takes a bit more thought (rarely more work) but it avoids articles like this...
Analysis: eHarmony had several password security fails
An analysis of passwords stolen from eHarmony and leaked to the Web recently reveals several problems with the way the dating site handled password encryption and policies, according to a security expert.
The biggest problem clearly was that the passwords, although encrypted and obscured with a hashing algorithm, were not "salted," which would have increased the amount of work password crackers would need to do, writes Mike Kelly, a security analyst at Trustwave SpiderLabs, in a blog post today.
But there were two other less obvious problems. First, the lowercase characters in passwords were converted to uppercase before hashing, Kelly says
… And secondly, during resets the passwords were changed to a five-character password using only letters and digits

Another reason for lawyers to insist that emails with clients must be encrypted!
Typosquatter Used Misspelled Domains to Intercept Email, Claims $1 Million Lawsuit
A man accused of typosquatting is being sued for $1 million by a law firm that alleges he set up a domain that mimics the law firm’s domain name. The firm says he did so in order to intercept email communications intended for its attorneys and staff.
Arthur Kenzie is being sued by Gioconda Law Group, which says that he set up email accounts under a doppelganger domain,, that is designed to catch email that is intended for the law firm’s domain,, if senders mistype the address.

“Welcome to America! Here are a few tips on how to avoid a free trip to Mexico.”
"In the wake of the U.S. Supreme Court ruling Monday on Arizona's immigration enforcement law, H-1B workers are being advised to keep their papers on them. About half of all H-1B visa holders are employed in tech occupations. The court struck down several parts of Arizona's law but nonetheless left in place a core provision allowing police officers to check the immigration status of people in the state at specific times. How complicated this gets may depend on the training of the police officer, his or her knowledge of work visas, and whether an H-1B worker in the state has an Arizona's driver's license. An Arizona state driver's license provides the presumption of legal residency. Nonetheless, H-1B workers could become entangled in this law and suffer delays and even detention while local police, especially those officers and departments unfamiliar with immigration documentation."

“People are ignorant, governments must “care” for them!” Fortunately, the loyalty card I use is in the name of a certain law school professor I know.
UK: Supermarket spies: How the Government plans to use loyalty card data to snoop on the eating habits of 25 million shoppers
June 25, 2012 by Dissent
Martin Robinson reports:
The shopping habits of Britain’s 25 million supermarket loyalty card holders could be grabbed by the Government in an attempt to halt the UK’s dangerous obesity crisis, it was claimed today.
People who buy too much alcohol, fatty foods or sugary drinks would be targeted with ‘tailored’ health advice under plans being considered by the Coalition.
With more children than ever dangerously overweight, parents could also be contacted if their bills show they are not giving their offspring a balanced diet from their weekly shop.
Read more on Daily Mail
I wonder how many customers would be willing to give up loyalty cards if this comes to pass.

(Related) “And parents are more ignorant than their children...” Just because they are doing what they say they're not doesn't mean they aren't doing what they say they are.
DATA DETOUR: Spying? No, we're tracking for a web filter, says Telstra
All those rumours about Telstra spying on your web browsing activity have been put to rest. It turns out Telstra wasn't spying at all - they were simply tracking what sites you visit and then sending that data to an overseas company called Netsweeper, which is working on an internet filtering system for the telco. Phew! Thank goodness for that.
They would have told you, of course, but it wasn't really important. I mean, it's not as if they were capturing customer data, storing it and sharing it with third-party operators, right?
… But Greens Senator Scott Ludlam was troubled by the serious privacy implications.
He told SC: "It is potentially problematic. Anything in the US is subject to the Patriot Act, even if the data is anonymised, or sent as batches.
… "We will shortly launch a cybersafety tool that allows parents to specify the website categories their kids can browse. To prepare for this, we are working with a company called Netsweeper to ensure web content is accurately characterised," Telstra told ZDnet in a statement.
Telstra says Netsweeper has a large database of URLs, but when customers visit new domains not in the database, the URL is sent to Netsweeper by Telstra.
… All customer data is left out of the information being shared with the US company, according to Telstra.
… The service will, ultimately, be opt-in, Telstra said.

(Related) ...and some companies have a long tradition of “Let's try this and see if anyone notices.”
Facebook Hides Your Email Address Leaving Only Visible. Undo This Poppycock Now
In an attempt to improve email address privacy, Facebook has screwed up big time in what seems like a self-serving attempt to increase usage of email addresses that direct to your Facebook Messages Inbox.
Now everyone’s personal email addresses have been hidden from their profiles, regardless of previously selected privacy settings. Instead, your contact info is the only one visible to people with permission to see your email addresses. This makes it harder for friends to contact you via third-party email unless you reset your controls.

Attention conspiracy theorists! (and Class Action Lawyers?)
By Dissent, June 25, 2012
Jane Yakowitz writes:
Vioxx, the non-steroidal anti-inflammatory drug once prescribed for arthritis, was on the market for over five years before it was withdrawn from the market in 2004. Though a group of small-scale studies had found a correlation between Vioxx and increased risk of heart attack, the FDA did not have convincing evidence until it completed its own analysis of 1.4 million Kaiser Permanente HMO members. By the time Vioxx was pulled, it had caused between 88,000 and 139,000 unnecessary heart attacks, and 27,000-55,000 avoidable deaths.
The Vioxx debacle is a haunting illustration of the importance of large-scale data research. Dr. Richard Platt, one of the FDA’s drug risk researchers, described a series of “what if” scenarios in 2007 FDA testimony. (Barbara Evans describes the studyhere.) If researchers had had access to 7 million longitudinal patient record, a statistically significant relationship between Vioxx and heart attack would have been revealed in under three years. If researchers had had access to 100 million longitudinal patient records, the relationship would have been discovered in just three months. Of course, if public health researchers did post-market studies that looked for everything all the time, many of the results that look significant would be the product of random noise. But even if it took six months or one year to become confident in the results from a nation-wide health research database, tens of thousands of deaths may have been averted.
Read more on Info/Law.

Perhaps we should collect some of these “Bad Technology Laws” and make one of those funny Youtube videos?
"The Canadian House of Commons may have passed the Canadian DMCA, but the constitutional concerns with the copyright bill and its digital lock rules will likely linger for years. Michael Geist has obtained internal government documents that indicate that the Department of Justice issued a legal opinion warning about the potential for constitutional violations. The DOJ legal opinion warned of the need to link circumvention with copyright infringement and of the particular danger of not providing the blind with an exception. The Canadian law misses the mark on both counts with no link to infringement and an exception that blind groups say is 'nullified' by strict conditions."

Towards a “Lawyer Free” world! (Just kidding, please don't sue me...)

Perspective: Everyone is becoming more social...
And the Winner of the Next Social Networking Jackpot Is…
Microsoft Monday said it would spend $1.2 billion cash in a much-anticipated acquisition of Yammer, a sort of Twitter for businesses.
The nearly 4-year-old startup is only the latest acquisition in a string of similar deals. Earlier this month, spent $689 million to buy Buddy Media, which makes Facebook tools for interacting with customers. Oracle last month bought Virtue, which helps companies coordinate social network posts, for $300 million. And analysts expect acquisitions of “Facebook for business” plays to continue.
So who will be next to score in the social-meets-business lottery? Here’s a shortlist of top contenders:

Perspective: Like all good journalism, I assume this is completely without bias... (Sure I do)
"As newspaper budgets shrink, state-sponsored media outlets like RT, China Daily, and Al Jazeera have grown, hired more writers and offered more (free) coverage. Mark Mackinnon, writing for The Globe and Mail, explains the issue well: 'Throughout the recent crisis in Syria, and before that in Libya and Egypt, Xinhua and RT News have thrown unprecedented money and resources at reporting from the scene, even as Western media scale back on their own efforts. It's not too far-fetched to imagine a near future where it's Xinhua or RT, rather than the Associated Press or BBC, that have the only correspondents on the scene of an international crisis, [But the networks will send six people to cover the local dog show! Bob] meaning the world will only get Beijing or Moscow's version of what's happening.' But quality coverage still requires money, which means finding funding from somewhere. You see the effects of this ever day: If your revenue is based mostly off of pay-per-click banner ads, a lowest-common denominator post, like a cheap roundup of cat pictures, is quite possibly going to pull in way more views for less money than a nuanced, deeply reported, and expensive dispatch from Syria. And, yeah, ads can be a bummer, especially when they're executed poorly, and paywalls aren't great. But when the alternatives are either fluffy, thin reporting; or worse, blatantly biased coverage sponsored by governments, we have to find a palatable way to fund good reporting."

Perspective: The thing about large datasets is they are reallly large. This is 25 times larger that the entire online storage of a multi-billion dollar manufacturing company I consulted for a few years ago.
Bing Maps adds 165TB of new images of Earth

Local As real (kill me a tree) books fade, only book collectors will have them, so why not make the display cuter?
These Book Covers Are Custom Made to Match Your Library
Now Wine isn't a book designer, but he does design with books. It started as a hunt for special volumes at thrift stores and estate sales to resell on eBay. But his efforts soon expanded into an entire outfit. Wine's Boulder-based company, Juniper Books, cleverly fills out shelves using both custom covers created for classic works as well as a curated selection of existing editions. The result brings fresh design thinking to a centuries-old industry.

Isn't it bad enough that new parents make us look at hundreds of baby pictures? Now we must watch hours of baby movies?
If you are away from your computer, you cannot view the videos that are stored on it. But what if you could remotely access those videos and stream them using your handheld device? That is precisely what a tool called Air PlayIt offers.

Tools for the “Speachifying” class
Video Recording Teleprompter is an iOS application sized at nearly 7 MB and meant for iOS devices with front-facing cameras running iOS version 5.0 or later. The app lets you record videos with the front-facing camera of your device. Meanwhile, the screen can show you the text that you need to read in your speech thereby serving the function of a teleprompter. You can then watch the videos by saving them or simply uploading them to YouTube.

Monday, June 25, 2012

How “polluted” must some user data be before all user data is corrupt? Or at least highly suspect? Lots of other questions occur...
Apple gets privacy-protecting data pollution patent
June 25, 2012 by Dissent
Geoff Duncan reports:
One remarkable thing about Apple is that it has generally made decisions in favor of preserving its customers privacy rather than collecting data about their preferences or activities — or making it easy for third parties to do so without Apple users’ explicit permission. However, now the company has a patent on technology that could take an activerole in preserving users’ privacy. Titled “Techniques to pollute electronic profiling,” the patent essentially describes methods that can be used to disseminate false information about individuals, making it more difficult for marketers, analytics companies, and even governments to collate accurate profiles of Internet users’ activities, preferences, and attitudes.
Read more on Digital Trends

I think it depends on what you see as a revenue stream...
"Dane Jasper's tiny Internet service provider briefly took the national spotlight last October, when it contested a Department of Justice order that it secretly hand over the data of privacy activist and WikiLeaks associate Jacob Appelbaum. But has actually been quietly implementing a much more fundamental privacy measure: For the past eighteen months it's only kept logs of user data for two weeks before deletion, compared with 18 to 36 months at Verizon, AT&T, Comcast, Time Warner and other ISPs. In a lengthy Q&A, he explains how he came to the decision to limit logging after a series of shakedowns by copyright lawyers attempting to embarrass users who had downloaded porn films, and he argues that it's time all ISPs adopt the two-week rule."

Are we looking at a major legal screw-up or cleverly orchestrated “defense theater?”
MegaUpload scoreboard: Momentum is with Kim DotCom
In January, MegaUpload founder Kim DotCom was little more than antipiracy road kill. [Steamrollered by the MPAA? Bob]
Six months later, DotCom is making a comeback.
… A month after his arrested, DotCom was still locked up in jail. His assets had all been seized. His family had been booted out of his home. Since then, however, DotCom and some of the other MegaUpload defendants have won a string of favorable court decisions in New Zealand that have led to their release on bail, the return of some of their assets and a court order that requires the FBI to show the evidence it has against the company.
On Friday, when MegaUpload's lawyers are due to appear in a Virginia federal court to argue that the charges should be tossed out, all the momentum will be with them.
… His biggest public-relations coup was posting a photo of himself with Steve Wozniak, the bearded and beloved co-founder of Apple. For the skeptics who don't believe a photo necessarily signifies an endorsement, Wozniak, in an exclusive e-mail interview with CNET, made clear what he thinks of DotCom.
"When crimes occur through the mail, you don't shut the post office down," Wozniak wrote on Sunday. "When governments dream up charges of 'racketeering' for a typical IT guy who is just operating a file-sharing service, or accuse him of mail fraud because he said he had removed files [to alleged infringing content] when he'd just removed the links to them, this is evidence of how poorly thought out the attempt to extradite him is. Prosecutors are attempting to take advantage of loopholes."
… DotCom's extradition hearing in New Zealand is scheduled for August 6. But come Friday, Ira Rothken, MegaUpload's lead attorney, is expected to argue that the U.S. government hasn't properly served the defendants with a summons. The company's lawyers also say the U.S. Department of Justice has no jurisdiction over the Hong Kong-based company.
Over in New Zealand MegaUpload's legal team has recently made an issue of the removal of some of Kim DotCom's personal data from New Zealand. The court is trying to determine whether the United States and New Zealand had the authorization to transfer the data.
In April, District Judge Liam O'Grady wondered aloud in court whether the case against DotCom would ever go to trial. The way things are going, the judge's statement looks prophetic.

Perhaps I should stop bringing cookies to class?
Your sweet tooth might be making you stupid
Prepping for a big presentation but can't seem to remember any of the content? Blame your sweet tooth.
A diet high in sugar may hamper your memory and ability to learn, says a study published in the Journal of Physiology.
Researchers had two groups of rats drink water mixed with fructose, a type of sugar. One of the groups also received omega-3 fatty acids as a part of their diet. After 6 weeks, the rats who drank only sugar water completed a maze slower than the omega-3-fed mice. (We know you're not a mouse -- but you can still take steps to navigate the maze of life. Check out these 27 Ways to Power Up Your Brain.)

Something for my students...
How a Tech Non-Profit Became the Hottest Ticket in Silicon Valley
After five years at Facebook, where she was one of three engineers who launched the company’s advertising platform, Yun-Fang Juan could write her own ticket. That might have meant joining an early-stage startup in the mold of, say, Instagram (sold to Facebook for $1 billion), or starting her own venture (ex Facebook engineer Dave Morin has one valued at $250 million), or angling for one of Google’s legendary compensation packages.
Instead, after taking some time off for soul searching, the long-ago winner of a Yahoo “superstar” award decided to go work for a small online education non-profit known as Khan Academy, where she’d have no shot at any sort of jackpot.
… Juan is hardly alone. Khan Academy, an educational non-profit, is becoming one of the sexiest workplaces for programmers in Silicon Valley, where stock options, IPOs and big-money acquisitions have long been considered key to luring talent. It’s attracted star coders from companies like Google and Microsoft and, as it grows, has its pick of some of the tech sector’s top engineers.
Khan’s recruiting success underlines something often forgotten as investment dollars pour in to the Valley: Money isn’t everything.