Saturday, September 01, 2012

I want one! (for my Ethical Hackers of course)
"It seems Russia's defense ministry doesn't trust Google's tablet computers: a new Android device presented to a top Russian government official boasts encryption and works with software and a global positioning system made in Russia, the AFP reports. The OS has all the functional capabilities of an Android operating system but none of its hidden features that send users' private data to Google, addressing concerns that data stored by Google could slip into the hands of the US government and expose some of their most secret and sensitive communications. Two versions of the tablet will supposedly be made — one for consumers and one for defense needs."

Who knew?
"Quebec police are on the hunt for a sticky-fingered thief after millions of dollars of maple syrup vanished from a Quebec warehouse. The theft was discovered during a routine inventory check last week at the St-Louis-de-Blandford warehouse, where the syrup is being held temporarily. The Federation of Quebec Maple Syrup Producers, which is responsible for the global strategic maple syrup reserve, initially kept the news quiet, hoping it would help police solve the crime quickly."

Clearly TV over a cable owned cable is different than TV over an Internet cable! Thanks for clearing that up lawyer guys...
Broadcasters Defeat TV Streaming Service
A federal appeals court is dealing a death blow to an upstart service that streams broadcast television over the internet, ruling that ivi Inc. is not a cable system and therefore is not protected by the Copyright Act.

We've know this since the late 1960's, but every so often we need to remind ourselves. (Yes, before the personal computer and the world wide web)
Working From Home? You’re a Better Worker
If you’re a U.S. worker, there’s a 10 percent chance that you work from home at least once a week, and a 4.3 percent chance that you work from home most of the time. And if you’re one of those working from home, you’re likely a more productive worker, at least according to a study recently published by Stanford.
… During the 9-month study they found:
  • A 12 percent increase in productivity for the at-home workers. Of that increase, 8.5 percent came from working more hours (due to shorter breaks and fewer sick days) and 3.5 percent came from more performance per minute. The researchers speculate this was due to quieter working conditions.
  • No negative spill-overs to the control group stuck in the office even though they had communicated that they wanted to work from home.
  • A 50 percent decrease in attrition among the work-from-home group.
  • Substantially higher work satisfaction as measured by a survey among the home group .

Almost every teacher I know already has the guts of a book. Clean it up, add an intro and make some cash!
I’m sure that more than a few of you readers have a half-written book or useful guide you’ve put together to help people learn something. You’ve probably wondered if it would be possible to make money off of your book, or at least gain some exposure, by selling it as an eBook on Amazon.
Well, the idea isn’t as far-fetched as you might imagine. As long as you have already created something worth reading, the process of getting it into Amazon as an eBook isn’t that onerous. We’ll take you through the basic steps today and you can be selling your eBook in a few days. It’s easy!

Friday, August 31, 2012

It could be leakage from the Saudi malware (very unlikely). It could be someone trying to drive up the price of natural gas. It could be someone like Syria, angry at states that aren't supporting them.
Qatari Gas Company Hit With Virus in Wave of Attacks on Energy Companies
The Qatari natural gas company commonly known as RasGas has been hit with a virus that shut down its website and e-mail servers, according to news reports.
The malware, however, did not affect the company’s operational computers that control the production and delivery of gas, an official of the Ras Laffan Liquefied Natural Gas company told Bloomberg.
The attack reportedly began Aug. 27. The RasGas website was still unavailable on Thursday, three days after the attack.
Qatar is the world’s largest producer of liquified natural gas. RasGas, a joint operation of Qatar Petroleum and ExxonMobil, distributes about 36 million tons of the resource annually.

(Related) We do need a scorecard.
A who's who of Mideast-targeted malware

For the Security/Privacy toolkit
Supports Firefox, IE, Chrome and Safari.

Texans certainly know RFID. Those tags attach to the ears of livestock are a common sight. Perhaps this is merely a reaction of parents concerned that their children will pierce their ears and wear the RFID as “Orwellian bling”
Rebellion Erupts Over School’s Student-Chipping Plan
August 30, 2012 by Dissent
It may not be the Alamo, but some Texans are taking a stand for student privacy with the support of a number of organizations.
Bob Unruh reports:
A rebellion is developing in Texas against a plan by a school district in San Antonio that would monitor the exact location and activities of all students at all times through RFID chips they are being ordered to wear.
Katie Deolloz, a member of Consumers Against Supermarket Privacy Invasion and Numbering, told WND today that parents and students from San Antonio’s Northside Independent School District confronted the school board last night, stating their concerns about privacy and other issues “clearly and passionately.”
Read more on WND.
If truancy is a problem, chipping kids isn’t a solution. Finding out why they don’t care about classes and making education more important to them is. And if a school district can’t manage to keep accurate attendance figures without technology, the parents should be raising questions of competence. supports the students and parents who are fighting mandatory chipping. They’re our children, not merchandise on a pallet or sheep. Yes, schools have a responsibility to keep schools safe, but chipping students is no substitute for teaching them responsibility. Kids have always cut school. Good schools know how to deal with that without dehumanizing children by chipping them.

As my friends in New Jersey would say, “Good luck wid dat,”
EFF Sues to Get Secret Court Rulings Showing Feds Violated Spy Law
… Specifically the EFF wants the government to make public a secret court ruling that found that the feds had broken a 2008 wiretapping law that was intended to legalize President George W. Bush’s warrantless wiretapping program.
The public first learned of that ruling thanks to three damning statements U.S. Sen. Ron Wyden (D-Oregon) obtained national security clearance to make public. Wyden, a member of the Senate Intelligence Committee, presumably learned of the lawbreaking in briefings from the intelligence community.

Un-humor. How else do you reward campaign contributors?
Army Doubles Down on ‘Garbled, Ineffective’ Next-Gen Radios
… The radio in question: the General Dynamics Manpack, a backpack-portable version of the Pentagon’s ambitious Joint Tactical Radio System. Voice traffic from the Manpacks was “garbled” and “unintelligible,” according to Michael Gilmore, the Pentagon’s chief weapons tester. In a memo dated July 20, Gilmore declared the Manpack “not operationally effective.” In other words, it didn’t work in mock combat — and it probably won’t work in real combat, either.
But the scathing review hasn’t stopped the Army from doubling down on the meager remnants of the once-mighty JTRS initiative, which aimed to equip the entire U.S. military with hundreds of thousands of cheap, high-tech radios whose smart processors would switch waveforms in an instant, making them the radio equivalent of Star Trek‘s universal translator. Just over a week ago the Army dropped $54 million on 13,000 copies of General Dynamics’ similar Rifleman radio, banking on engineers to work out any bugs like those identified in the Manpack in New Mexico.

“We are not delaying, we're incompetent! We don't do anything deliberately.”
TSA Denies Stonewalling Nude Body-Scanner Court Order
… On July 15, 2011, the U.S. Circuit Court of Appeals for the District of Columbia Circuit set aside a constitutional challenge brought by the Electronic Privacy Information Center trying to stop the government from using intrusive body scanners across U.S. airports. But the decision also ordered TSA “to act promptly” and hold public hearings and publicly adopt rules and regulations about the scanners’ use, which it has not done, in violation of federal law, the court ruled.
The agency said in a court filing Thursday that there was “no basis whatsoever for its assertion that TSA has delayed implementing this court’s mandate.” (.pdf)

For those times when I'm hinting that my lawyer friends should pick up the check? (Okay, that's every time) Mostly, this is to make them drool into their keyboards.
Court filing provides peek at Apple's massive legal bill
… All told, the bill for just that motion rings up to $116,668.50 for nearly 232 hours of work, a figure that could come out of Samsung's pocket. [a mere $500 per hour Bob]
Update at 8:24 p.m. PT: Not to be outdone, Samsung's firm Quinn Emanuel has filed its own similar paperwork detailing how much work went into preparing for three separate motions pertaining to sanctions the company wanted against Apple.
All told, Samsung's attorneys say they spent $258,200.50 working to prepare just the three motions.
… The highest paid among the group was Quinn Emanuel partner Marc Becker, who was billed $1,035 an hour, a third more than Apple's top paid attorney from the above filing. Nonetheless, the firm notes that its hourly rates are "consistent with prevailing market rates for attorneys of similar skill and expertise," as well as "rates charged by Apple's outside counsel."

My Blog, apparently... (No real value, but it might illustrate something about SEO)
Ask any website owner or SEO specialist what the most important aspect of owning a website is, and they will probably tell you that it is to get on to the first page of search results – and stay there. In fact, since search engines rank all pages based on relevance and popularity, many people, when searching for something, rarely go past the first or second page. But have you ever wondered what you would be presented with, if the top one million results were automatically removed? That is what Million Short offers to show you.

If you haven't tried RSS Feeds, you should.
RSS is one of those web technologies that boomed many years ago but isn’t a top priority anymore. With the advent of widespread social networking, many users end up getting their updates through emails and site-specific news feeds. But for blogs, which are still on a popularity rise, RSS is one of the best ways to aggregate news updates.
… For web-based RSS aggregation, my go-to site is Google Reader. But just as some people prefer to use Outlook and Thunderbird instead of Gmail’s web interface, it may please you to use a desktop client instead of a web-based solution. For that, Omea Reader is one of the best on Windows.

Social Math! Might have potential!
Wolfram Alpha Launches Personal Analytics Reports For Facebook
Wolfram Alpha, the “computational knowledge engine” that quietly handles a large number of queries from Apple’s Siri, launched a new feature today that allows you to quickly get an overview of all your data on Facebook.
… The company plans to expand these reports with new features over time, but they already give you a pretty deep look at your Facebook habits.
The report, for example, shows which words you use most in your status updates, who likes your updates the most, when you use Facebook the most, your app activity and how your friends are connected to each other.
The report also gathers a good amount of data about your friends, including, for example, their marital status, age and gender distribution and lists of the most common names among them. You can also see a specialized report that just focuses on your friend by searching for ‘facebook friends.’
… To see your own personalized report, just head over to Wolfram Alpha and search for ‘facebook report.’ You’ll then be prompted to connect to Facebook and create a (free) Wolfram Alpha account. After that, Wolfram will gather all your data and compile your report within a few seconds.

Thursday, August 30, 2012

So how's that database stuff working for ya UK?
Council data breaches increase by ‘alarming’ 1,600 per cent
August 30, 2012 by admin
Data breaches across the UK have dramatically increased in the past five years, figures released under freedom of information laws have revealed.
Information disclosed by the Information Commissioner’s Office to a data security firm showed a major growth in self-reported data breaches every year.
On average the increase since 2007 stood at more than 1,000 per cent. But some sectors saw even higher rates of increase.
Now, when some of us here report increased figures for breach disclosures, we (translation: I) always point out the confounding factors in interpreting apparent increases. Happily for Imation, the firm that requested the data, they think they can dismiss such factors as the explanation:
“Undoubtedly there are some mitigating circumstances which have contributed to the rise in annual data breach numbers, such as the introduction of mandatory reporting in certain sectors, plus the increasing amounts of data being stored and accessed. But none of these factors obscures the clear trend of constant increases.”
How do you know, Imation? How do you know that the increased reports aren’t an artifact of both increased reporting requirements and increased detection of breaches? What percent of the reported increase is really due to increased incidents and what percent is due to other factors? [Sounds like a project for my Statistics class Bob]

Speaking of databases...
Don't Build a Database of Ruin
by Paul Ohm
Many businesses today find themselves locked in an arms race with competitors to see who can convert customer secrets into the most pennies. To try to win, they are building perfect digital dossiers, to use a phrase coined by Daniel Solove, massive data stores containing hundreds, if not thousands or tens of thousands, of facts about every member of our society. In my work, I've argued that these databases will grow to connect every individual to at least one closely guarded secret. This might be a secret about a medical condition, family history, or personal preference. It is a secret that, if revealed, would cause more than embarrassment or shame; it would lead to serious, concrete, devastating harm. And these companies are combining their data stores, which will give rise to a single, massive database. I call this the Database of Ruin. Once we have created this database, it is unlikely we will ever be able to tear it apart.
[A quote from the Comments:
If you have something to hide then you should have done it on your neighbors wifi it in the first place.

I suppose it's better than Tweeting, “Dude, did the reactor scram?”
"The Japanese national Fire and Disaster Management Agency today hosted the first of 3 panels to discuss allowing emergency calls to be placed through social networks. For the event, Twitter's Japanese blog posted entries on how to use the service during emergencies, one of which advised: 'If your circumstances allow, please add #survived to your tweets. This will help when family and friends that are worried about you search on your welfare.'"

Attention Class Action Lawyers! Word is starting to leak out!
Netflix Users Object to Privacy Settlement
August 29, 2012 by Dissent
Erik Gruenwedel reports:
A number of Netflix subscribers have filed objections to a court decision on a privacy act complaining the proposed $9 million class-action settlement leaves little for those allegedly wronged.
A Northern California court in February found the Los Gatos, Calif.-based streaming pioneer violated provisions of the 1988 Video Privacy Protection Act that disallows video rental services from accessing subscriber information up to two years after cancelation.
About 50 subscribers reportedly have filed formal objections to the court complaining the settlement awards more than $2 million to lawyers involved in the case, about $30,000 to each of the initial six plaintiffs, and little to anyone else. The complaints say the lack of financial remuneration undermines the validity of the case and rendering it little more than a frivolous lawsuit benefitting lawyers. [Well, DUH! Bob]
Read more on HomeMedia.

(Related) You don't even need a Class Action...
Consumer Watchdog wins right to fight Google’s itty-bitty FTC payout
August 29, 2012 by Dissent
Kelly Fiveash reports that Consumer Watchdog will be able to file a brief opposing the FTC-Google settlement.
Consumer Watchdog, a non-profit outfit, has until 21 September to submit a friend-of-the-court brief expressing its views on the deal struck between the FTC and Google.
US district court judge Susan Illston granted [PDF] attorneys representing the group the right to file the brief. She said Google and the FTC would have to respond to Consumer Watchdog’s gripes about the settlement no later than 28 September.
The group is seeking amicus status [PDF] to oppose the settlement.
Read more on The Register.

For those of us with no brain waves, this is no big deal. The future is a remote brain scan...
Researchers Hack Brainwaves to Reveal PIN Numbers, Other Personal Data
August 29, 2012 by Dissent
Geeta Dayal reports:
Don’t you dare even think about your banking account password when you slap on those fancy new brainwave headsets.
Or at least that seems to be the lesson of a new study which found that sensitive personal information, such as PIN numbers and credit card data, can be gleaned from the brainwave data of users wearing popular consumer-grade EEG headsets.
A team of security researchers from Oxford, UC Berkeley, and the University of Geneva say that they were able to deduce digits of PIN numbers, birth months, areas of residence and other personal information by presenting 30 headset-wearing subjects with images of ATM machines, debit cards, maps, people, and random numbers in a series of experiments. The paper, titled “On the Feasibility of Side-Channel Attacks with Brain Computer Interfaces,” represents the first major attempt [With no designed in security, this is not a surprise... Bob] to uncover potential security risks in the use of the headsets.
Read more on Threat Level.

Maybe Kim Dotcom has a point?
Oops! Copyright Cops Return Seized RojaDirecta Domain Names – 19 Months Later
One of Spain’s most popular websites, whose American domains were seized in January 2011 as part of a crackdown on internet piracy, is getting its domains returned 19 months later, as the U.S. government voluntarily dropped its claim Wednesday.
The Rojadirecta .com and .org domains were seized more than a year and a half ago, along with eight others connected to broadcasting pirated streams of professional sports, as part of the government’s “Operation in Our Sites.”
The federal court order mandating return of the domain names marks the second court “victory” for seized sites. Earlier this year, the government reluctantly, and without apology, returned a music blog’s domain name after seizing it at the behest of the RIAA, holding onto it for more than a year, and then failing to even file charges against the site.
The government, which seized the domain names for simply including links to copyrighted content, dropped the Rojadirecta claim, seemingly due to a recent ruling by Judge Richard Posner. Posner, one of the nation’s most respected judges, knocked down charges that a video bookmarking site was infringing copyright law, just because its users linked to copyrighted videos.
In a letter accompanying the motion to dismiss, the government told the New York federal court that it had changed its mind:
The Government respectfully submits this letter to advise the Court that as a result of certain recent judicial authority involving issues germane to the above-captioned action, and in light of the particular circumstances of this litigation, the Government now seeks to dismiss its amended forfeiture complaint. The decision to seek dismissal of this case will best promote judicial economy and serve the interests of justice.
… “The government has not shown and cannot show that the site ever was used to commit a criminal act, much less that it will be in the future. By hosting discussion forums and linking to existing material on the internet, Puerto 80 is not committing copyright infringement, let alone criminal copyright infringement,” (.pdf) according to the site’s legal filing last year.
The site says it also tried to negotiate with the government to get the site back, but were told they would only get it back if the site prohibited its users from linking to any U.S. content anywhere on its sites.
The lawsuit added that “the government effectively shut down an entire website, suppressing all of the speech hosted on it, based on an assertion that there was probable cause to believe that some of the material linked to the website (though not found on the website itself) might be infringing.”
The U.S. government is taking .com, .org. and .net domains with court approval, under the same civil seizure law the government invokes to seize brick-and-mortar drug houses, bank accounts and other property tied to illegal activity.

Are we headed toward global copyright laws or vendor defined law?
"After two private meetings with Microsoft and IBM, New Zealand's proposed new patent legislation has been changed by 'replacing an exclusion in clause 15(3A) (which relates to computer programs) with new clause 10A. Rather than excluding a computer program from being a patentable invention, new clause 10A clarifies that a computer program is not an invention for the purposes of the Bill.' The difference is that the new 10A clause contains the 'as such' loophole — the wording that is used by the European Patent Office to grant software patents. This is the same Patents Bill launched in 2009."

Another “Just let the industry decide”
"GigaOm's Jeff John Roberts has a compelling writeup about patent trials and how juries are detrimental to justice in such cases. Roberts uses the recent Apple-Samsung trial as the backdrop for his article; although the trial lasted three weeks, during which hundreds of documents were presented and the finer points of U.S. patent law were discussed, the jury only took 2-3 days to deliberate. 'Patents are as complex as other industrial policies like subsidies or regulatory regimes. When disputes arise, they should be put before an expert tribunal rather than a jury that is easily swayed by schoolyard "copycat" narratives.'"

Interesting. I wonder where they get their information? CIA Press Releases? Maybe someone at the White House just crosses names off the “Kill List”
Apple Rejects App That Tracks U.S. Drone Strikes
It seemed like a simple enough idea for an iPhone app: Send users a pop-up notice whenever a flying robots kills someone in one of America’s many undeclared wars. But Apple keeps blocking the Drones+ program from its App Store — and therefore, from iPhones everywhere. The Cupertino company says the content is “objectionable and crude,” according to Apple’s latest rejection letter.

(Related) Speaking of undeclared wars...
Marines vs. Zetas: U.S. Hunts Drug Cartels in Guatemala
The war on drugs just got a whole lot more warlike. Two hundred U.S. Marines have entered Guatemala, on a mission to chase [What a bland euphemism Bob] local operatives of the murderous Zeta drug cartel.

For my Website students
August 29, 2012
EFF's "Keeping Your Site Alive" guide
News release: "EFF's Keeping Your Site Alive guide includes tips on choosing an appropriate webhost to provide the security and technical assistance needed to weather an attack. The guide also gives advice on how to back up and mirror content so it can be made available elsewhere in case the site is compromised, and includes tutorial videos with background information on the technical concepts involved. Denial of service attacks are an issue for websites across the globe, so EFF's guide is available in many different translations, including Chinese, Russian, Persian, and Arabic."

Popular ‘HTML5 Boilerplate’ Hits 4.0
The developers behind HTML5 Boilerplate have released version 4 of their boilerplate HTML, CSS and JavaScript templates for quickly prototyping HTML5 designs.
You can grab a copy of HTML5 Boilerplate v4.0 from the HTML5 Boilerplate website.
… Version 4 of Boilerplate also updates the various code libraries that Boilerplate relies on, including jQuery, Modernizer and the very awesome Normalize.css.
You can see the complete changelog for this version over on Github and get any help you might need with HTML5 Boilerplate at Stack Overflow.

A new class of tech users.
How Many Cord Nevers Are There? An Office Survey
There's this idea that young people, who have grown up in a streaming Internet world, aren't getting cable and they never will. We call these people cord nevers and right now they are more of a theory than a scary trend for the cable companies. It makes sense that a younger "Netflix generation" wouldn't feel the need to pay all that money for all those channels they don't want, but there aren't that many cold hard statistics on this demographic to either confirm or deny it since most statistics in the conversation come from cable company subscription numbers. Those numbers allow us to see how many people are cancelling their cable (not too many) but they don't show how many people are never subscribing to cable in the first place leaving us without information on a possibly huge generational shift in media consumption. On the theory that any numbers would be better than no numbers, we decided to gather a bit of our data ourselves: we asked our esteemed 22-34* year-old colleagues at The Atlantic Media Company a simple question: "Do you have cable at home?"

Wednesday, August 29, 2012

I normally skip small ones like this, but on occasion I like to remind you that dumb still exists in the security/privacy arena. What was an employee doing storing (unencrypted?) backup files in his car?
By Dissent, August 28, 2012
Jill Disis reports:
Information on 55,000 patients and employees at an Indianapolis-based cancer center practice is missing.
A spokesman for Cancer Care Group, 6100 W. 96th St., confirmed today that someone stole a computer bag belonging to a Cancer Care Group employee on July 19.
The bag contained information such as names, birth dates, social security numbers, insurance information and addresses.
Read more on IndyStar.
At the time of this posting, the incident is not up on HHS’s breach tool. An article in the Indianapolis Business Journal states that the bag was stolen from an employee’s locked, but unattended vehicle. According to the group’s statement:
The bag contained the “Cancer Care Group’s computer server’s back-up media, which contained some patient demographic information, such as name, address, date of birth, Social Security number, medical record number, insurance information, and/or minimal clinical information used for billing purposes only,” the group said.
The bag also reportedly contained similar information about the group’s employees.

(Related) I suppose it could be worse... This is a BYOD organization.
Dakota County medical examiner investigator’s laptop stolen
August 28, 2012 by admin
Sarah Homer reports:
A computer containing photographs of crime scenes and dead bodies was stolen earlier this month from a medical examiner investigator, according to Roseville police.
The personal Toshiba laptop belongs to 25-year-old Navid Amini, a medical examiner investigator for Regina Medical Center, home to the Minnesota Regional Medical Examiner’s Office, which conducts medical examines in Dakota, Chisago and Goodhue counties.
It was stolen from Amini’s Toyota Rav4 when his car was parked in Roseville’s Central Park parking lot Aug. 8, according to Roseville Police Lt. Lorne Rosand. The laptop is not password protected, Rosand said. [No encryption either Bob]
Read more on Pioneer Press.
[From the article:
The investigators use personal computers to do their work, she said, adding that as far as she knows, Regina Medical Center has no policy in place that mandates that employees secure their computers with passwords.
"I would have thought everyone had a password on their personal computer but I don't know that there is a policy on that ... it certainly seems like a good idea, though," Thomas said.
… In addition to lacking a password, Amini told police he did not have tracking software installed in his computer nor could it be remotely disabled.

It took a while, but was probably inevitable. The hack was last summer, wasn't it?
Second Ariz. man charged in Sony Pictures hack
August 28, 2012 by admin
Associated Press reports:
A second suspected member of the LulzSec hacking group was arrested Tuesday in Phoenix for his alleged role in a computer breach at Sony Pictures Entertainment last year, authorities said.
An indictment filed in Los Angeles and unsealed Tuesday charged Raynaldo Rivera, 20, of Tempe, Ariz., with one count each of conspiracy and unauthorized impairment of a protected computer.
Rivera was known as “Neuron” and “Royal.”
Read more on The Mercury News.

It might be fun to link this to the various laws...
Imation Compliance Heat Map
August 28, 2012 by admin
From Imation:
To help businesses and IT pros navigate the compliance landscape and develop secure and functional infrastructures for data storage and protection, Imation created a Compliance Heat Map to depict the strictness of data breach laws and resulting penalties for breaches by state. Based on first-hand experience working with companies that face compliance challenges, Imation evaluated laws on record at the state level in the 50 United States, the District of Columbia, Puerto Rico and the U.S. Virgin Islands, and reviewed publicly available analyses created by other companies to develop the Compliance Heat Map. The map graphic contains a grid that depicts each state’s compliance score and a color scale – which ranges from light yellow to dark red – to denote the strictness of each state’s compliance laws and regulations.
Download the full Compliance Heat Map for additional information.

Back in New Jersey, “lip service” consisted of grabbing a lower lip and pulling it up and over their head. This sounds like a big fine, but will it be as memorable? Might be worth a read...
Paying Lip Service to Privacy
August 29, 2012 by Dissent
Jeffrey Roman writes:
News of Google’s $22.5 million settlement with the Federal Trade Commission has come and gone, yet privacy issues reflected in the case remain a concern. Where are the gaps and how can companies fill them? Attorney Francoise Gilbert offers details.
“Many companies just pay lip service to privacy,” says Gilbert of the IT Law Group in an interview with Information Security Media Group’s Tom Field [transcript below]. “They have a privacy policy on their website because that’s what’s expected from them, but they don’t go beyond that.”
Two aspects of the Google case that fascinate Gilbert are that Google misrepresented its practices in its privacy policy, and the company misrepresented its compliance with the Self-Regulatory Code of Conduct of the Network Advertising Initiative.
Read more on BankInfoSecurity.
[From the article:
In an interview about the legal ramifications of the Google case, Gilbert discusses:
  • The FTC's message in cracking down on Google;
  • How organizations need to respond to this case;
  • The important takeaways for privacy professionals.

The briefs sum up the argument reasonably well.
Can Magistrate Judges Deny Statutory Surveillance Orders Based on Prospective Fourth Amendment Concerns?
August 29, 2012 by Dissent
Orin Kerr writes:
On October 2, the Fifth Circuit will hold oral argument in case No. 11–20884, In Re Applications of the United States for Historical Cell-Site Data. In this case, the United States applied for a court order under the Stored Communications Act to compel cell phone providers to disclose location information about particular phones suspected in criminal investigations. The magistrate judge denied the applications on the ground that he expected that the orders would be executed in ways that will violate the Fourth Amendment. The government has appealed the denial of the orders, arguing that the orders will be executed in ways that comply with the Fourth Amendment. Although the government is the only party to the litigation, several amici have chimed in on the merits to defend the denial of the applications on the ground that the magistrate judge was right to fear that the orders would be implemented in ways that would violate the Fourth Amendment. You can read the various briefs here, and the government’s reply to the amicus briefs is here.
Read more on The Volokh Conspiracy.

For my Statistics students. No, this is not what I meant when I said Statistics is used in business! (But note that the probability is correct.)

Tuesday, August 28, 2012

How could they not do this? If you have the ability to disrupt an enemy's ability to wage war you are morally required to use that ability. (Kill treasure not people)
Degrade, Disrupt, Deceive’: U.S. Talks Openly About Hacking Foes
There was a time, not all that long ago, when the U.S. military wouldn’t even whisper about its plans to hack into opponents’ networks. Now America’s armed forces can’t stop talking about it.
The latest example comes from the U.S. Air Force, which last week announced its interest in methods “to destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability to use the cyberspace domain for his advantage.” But that’s only one item in a long list of “Cyberspace Warfare Operations Capabilities” that the Air Force would like to possess. The service, in its request for proposals, also asked for the “ability to control cyberspace effects at specified times and places,” as well as the “denial of service on cyberspace resources, current/future operating systems, and network devices.”

My God! Someone is reading my Blog! (Or maybe they are fans of Treasure of the Sierra Madre too)
We Don’t Need No Stinking Warrant: The Disturbing, Unchecked Rise of the Administrative Subpoena
… Meet the administrative subpoena (.pdf): With a federal official’s signature, banks, hospitals, bookstores, telecommunications companies and even utilities and internet service providers — virtually all businesses — are required to hand over sensitive data on individuals or corporations, as long as a government agent declares the information is relevant to an investigation. Via a wide range of laws, Congress has authorized the government to bypass the Fourth Amendment — the constitutional guard against unreasonable searches and seizures that requires a probable-cause warrant signed by a judge.
In fact, there are roughly 335 federal statutes on the books (.pdf) passed by Congress giving dozens upon dozens of federal agencies the power of the administrative subpoena, according to interviews and government reports. (.pdf)

Surveil yourself! If the average citizen can do this, what can a government do?
Wireless Sensor Tags Help You Keep Track of Your Stuff
Stuff goes missing. Maybe you misplaced something, or maybe one of the uninvited guests at your last shindig is “borrowing” it. Regardless, now you need it, and you can’t find it. But what if you could tag your possessions and keep tabs on them, like a researcher tracking so many wildebeests in the Serengeti?
You can, to a degree. CAO Gadget’s descriptively named Wireless Sensor Tags monitor movement, angle and temperature and send alerts to your iOS or Android device when things go awry — something moving that shouldn’t be (indicating theft or maybe an impending mauling by a puppy); the inside of an ice chest getting too warm, or the door to your liquor cabinet opening when only the kids are at home.
You set the parameters of what sort of notifications you want and how sensitive you want the system to be via app or web client. And while the two-inch-square circuit boards wrapped in an elastic theromplastic elastomer aren’t pretty, the system works.
The $15 tags ($12 if you purchase three or more at once) contain a 3-D digital magnetic sensor that tracks angle and motion, plus a temperature sensors. The tags include red a LED and an alarm that can be remotely triggered — perfect for finding misplaced stuff.

Somehow, this doesn't ring true...
"UK police are sad that despite having the most comprehensive driver surveillance system of any developed country, there are still gaps in their coverage. From the article: 'The cameras automatically record plate/time/location information and send it to a central data store, which has complete nationwide records for 6 years.' Also interesting is that an unspecified 'particular driving style' can be used to evade detection by the cameras. It appears, however, that criminals are well aware of the cameras and take other routes. Big Brother technology, coming soon to a country near you!"

Do they really need Twitter evidence to prove “conspiracy to occupy?”
Twitter Appeals Ruling in Battle Over Occupy Wall Street Protester’s Information
August 27, 2012 by Dissent
Aden Fine of the ACLU writes:
Twitter just filed its brief appealing a June decision by a New York criminal court judge requiring the company to give the Manhattan District Attorney detailed information on the communications of Twitter user Malcolm Harris, an Occupy Wall Street protester charged with disorderly conduct in connection with a march on the Brooklyn Bridge.
As we did before, the ACLU will file a friend-of-the-court brief in support of Twitter. You can find Twitter’s brief from today here; the ACLU’s brief will be available here later today. Last week, Harris filed his own appeal as well.
Read more from the ACLU and a big thumbs up to both Twitter and the ACLU for their forceful advocacy to get the courts to recognize that we have standing to challenge subpoenas to providers about our communications.
Of course, if Congress got off its dysfunctional ass and updated ECPA as it should have done and needs to do, some of this might not be necessary. [In an election year, Congress is all talk and no potentially controversial actions Bob]

Who knows what evil lurks in the hearts of Apps? Clueful does!
After Removal By Apple, Privacy App Clueful Returns Via The Web
… Today, Clueful has relaunched … but not on iOS. Instead, it’s now a website where users can search for different apps and get basic facts like which ones are accessing your location, tracking your in-app usage, and reading your address book.

Add a Class Action suit to the governments concern about the facial recognition database and Facebook may need to hire more lawyers.
German consumer protection group threatens lawsuit if Facebook doesn’t stop sharing users’ info with apps without express consent
August 27, 2012 by Dissent
Associated Press reports:
A consumer protection group [in] Germany has sent Facebook a ‘cease and desist’ letter that claims the social-networking website breaches German privacy law.
The Federation of German Consumer Organizations says Facebook has one week to stop automatically giving third party applications information about its users without their explicit consent.
The group said in a statement Monday that if Facebook fails to comply by Sept. 4 it will sue the California company.
Read more on The News Tribune
Getting sued by a consumer protection group isn’t great, but it doesn’t sound as serious as if the government itself goes after them.
Or is that next?

Will amazon be seen as targeting Walmart or the remaining mom & pop stores? How the spin is controlled might make this interesting...
With Prime Service, Amazon Is Set to Crush Offline Retail
“Free” two-day shipping. Streaming video. An e-book lending library. All for $79 per year. Spelled out like that, Amazon Prime sounds like a weird ad hoc chimera of a product. Why those three things? And why that price?
Though the value proposition may come across as clunky, plenty of people are apparently sold. Amazon said Monday that it now ships more items via Prime’s two-day shipping than its free “Super Saver Shipping,” which gets you slower shipping but for no charge when you order at least $25 of stuff.

My Website class uses Notepad++ sometimes...

For my students, even though my mustache is older than most of them...

For the Ethical Hacker toolkit

Free is good, useful is better, good and useful is best. Tools for geeks.
Do you own a website or a blog? If so, do you have any idea how many visitors you get each day? And even if you’ve installed a counter and you’ve figured out how to gauge your traffic, do you have any idea where your visitors are coming from, what browsers most of them use, what search engines they use, or which of your pages is the most popular?
These are the things that Google Analytics can do for you.
… Google Analytics is not at all that complicated once you start digging into how it is organized, and where to find the information you’re looking for.

Monday, August 27, 2012

Claims and counter-claims, but not many facts.
"Saudi Aramco, the world's biggest oil producer, has resumed operating its main internal computer networks after a virus infected about 30,000 of its workstations in mid-August. The group, calling itself the 'Cutting Sword of Justice,' claimed to have hacked Aramco systems in several countries before sending a virus across 30,000 computers, achieving a 75 percent infection rate of all the company's systems. It refuted suggestions that a nation state was behind the attack."

Was the money sufficient to turn this employee to the dark side?
Private Swiss bank Julius Baer confirms another insider data theft
August 26, 2012 by admin
Catherine Bosley reports that Swiss private bank Julius Baer has suffered another insider breach. If the bank’s name sounds familiar, it’s because another former employee claimed to have given WikiLeaks details of clients who were using the private bank to avoid paying taxes. In this case:
According to the SonntagsZeitung, the stolen data on clients found its way into the hands of tax investigators in the German state of North Rhine Westphalia, with the thief paid an undisclosed sum.
The suspect, a bank employee working in Zurich, acted alone and has been arrested, the paper said.
Read more on BusinessInsider.
Switzerland and Germany have been locked in a dispute over tax cheats for years, with officials in Germany repeatedly paying for stolen bank account data, to the anger of their Swiss counterparts.
… Last year, Julius Baer agreed to pay German tax authorities 50 million euros to close a tax probe. Germany has promised to stop buying leaked bank data naming suspected tax cheats if the tax deal comes into force.

(Related) Hackers do it wholesale...
"TeamGhostShell, a team linked with the infamous group Anonymous, is claiming that they have hacked some major U.S. institutions including major banking institutions, accounts of politicians and has posted those details online. The dumps comprising of millions of accounts has been let loose on the web by the hacking collective. The motivation behind the hack, the group claims, is to protest against banks, politicians and the hackers who have been captured by law enforcement agencies."

Security and Privacy implications... (As usual, you need to think about this.)
Cory Doctorow has posted the content of his talk delivered at Google this month on what he calls the coming civil war over general purpose computing. He neatly crystallizes the problem with certain types of (widely called-for) regulation of devices and the software they run — and they all run software. The ability to stop a general purpose computer from doing nearly anything (running code without permission from the mothership, or requiring an authorities-only engine kill switch, or preventing a car from speeding away), he says boils down to a demand: "Make me a general-purpose computer that runs all programs except for one program that freaks me out."
"But there's a problem. We don't know how to make a computer that can run all the programs we can compile except for whichever one pisses off a regulator, or disrupts a business model, or abets a criminal. The closest approximation we have for such a device is a computer with spyware on it— a computer that, if you do the wrong thing, can intercede and say, 'I can't let you do that, Dave.'"

Another reason to stick with my anti-social network?
"The newspaper Kommersant [Google translation] reports that the Russian Foreign Intelligence Service (formerly part of the KGB) has invested 30 million roubles (USD $940,000) on 'blog and social network intelligence' programs. A small part of that money is used for surveillance and analytics, but 22 million roubles (USD $690,000) is invested in 'mass distribution of messages in social networks with a view to the formation of public opinion.' Which presumably can be rephrased as 'launching massive pro-Kremlin astroturfing propaganda spambots in order to stifle and undermine political dissent.' The brazen Russian government acknowledgement of this investment indicates that the Kremlin does not think of such activities to be in any way illegal or unethical. No words whether these spambots would respect any anti-spam laws or the Terms and Conditions of victim websites. But hey, now you can accuse anyone you disagree with online of being a 'KGB bot'!"

We're just a bunch of old dogs...”
August 26, 2012
Report - Internet2 eTextbook Spring 2012 Pilot
"In October 2011, the Provosts at the Committee on Institutional Cooperation (CIC) institutions expressed interest in initiating a quick‐turn‐around multi‐institutional eTextbook pilot. The next month, Indiana University approached the Internet2 organization to put together an eText pilot for the spring 2012 semester, based on IU’s eTexts Initiative. In January 2012 IU, along with Internet2, McGraw‐Hill, and Courseload launched the Spring 2012 eTexts Pilot. The University of Wisconsin, University of Minnesota, Cornell University, and the University of Virginia joined the pilot and evaluation..." Selected research results:
  • The lower cost of an eTextbook was considered the most important factor for students considering future purchase of an eText.
  • The portability of eTexts also ranked very high as a factor leading to future purchase.
  • Other important factors in future eText purchases included that it should be accessible without an internet connection and available throughout a student’s academic career, not just for a semester.
  • Difficult readability of the text (e.g., difficult zoom feature) was mentioned numerous times by students as well as lack of native functionality on tablets such as the iPad.
  • Faculty, for the most part, did not report using the enhanced eText features (sharing notes, tracking students, question/answer, additional links, etc.) and indicated the need for additional training.
  • Because faculty did not use the enhanced features students saw little benefit from the eText platform’s capability of promoting collaboration with other students or with the professor."

For my students... Try taking some notes.
Sunday, August 26, 2012
… Try one or all of these seven apps ff you have students that prefer to handwrite their notes or if you prefer to handwrite your notes, but you're worried about those notes getting lost.

For my students: Go. Find a job.
Top Companies in Colorado on the 2012 Inc. 5000

Sunday, August 26, 2012

I wonder how the other states would measure up?
Data Breach at New York Utility Prompts Enforcement Action and Industry-Wide Data Security Review
August 25, 2012 by admin
Boris Segalis and Nihar Shah provide some follow-up to a data security breach at New York State Electric & Gas and Rochester Gas and Electric that was disclosed in January. As I noted in July, regulators criticized NYSEG over the breach that had affected 1.8 million.
Segalis and Shah write:
The Commission subsequently issued an “Order Directing a Report on Implementation of Recommendations” that expanded on many of the recommendations in the Commissioner’s initial statements, and described in detail the ways in which the Commissioner found NYSEG to have failed to adequately protect its customers’ PII.
The Commission conducted an exhaustive inquiry into NYSEG’s data security practices and found several instances in which the utility was not employing best practices and industry standards to protect PII. The Order referred to the NIST (2010) Recommended Security Controls for Federal Information Systems and Organizations as well as best practices set forth in the Family Educational Rights and Privacy Act (FERPA) as the baseline for benchmarking NYSEG’s relevant practices. The Commission benchmarked NYSEG’s data security practices in eight areas:
Read more on InfoLawGroup.

I suppose that in a city the size of LA they must have a Rodney King-like incident every day. No doubt that's why they need to be airborne at all times. I wish them luck with some of their delusional expectations...
Lancaster’s daily aerial surveillance flights raise privacy fears
August 25, 2012 by Dissent
Abby Sewell and Richard Winton report:
Lancaster this week embarked on what experts say is a first-of-its-kind aerial surveillance over the city, using a small Cessna plane.
The plane, equipped with sophisticated video equipment, is set fly a loop above the city for up to 10 hours a day, beaming a live video feed of what’s going on below to a Los Angeles County Sheriff’s Department dispatch center.
The camera will inevitably pick up scenes of mundane day-to-day life. Officials said they planned to use the video only to track reports of crimes in progress, traffic collisions and other emergency situations.
Read more on the Los Angeles Times.
The videos will be encrypted, but they will reportedly be stored for two years, leading me to wonder how this comports with the police chiefs’ newly adopted code of conduct that recommends:
  1. Unless required as evidence of a crime, as part of an on-going investigation, for training, or required by law, images captured by a UA should not be retained by the agency.
  2. Unless exempt by law, retained images should be open for public inspection.
Yes, I know these aren’t UA’s, but even so….?
[From the article:
"This will allow us within five seconds of a call [I'd like to see the real numbers Bob] to get some eyes on location. If some robber is fleeing deputies, we get to learn where, thanks to this technology," [Because the deputies can't tell where they are? Bob] Parris said. "In law enforcement, for a long time it has been known that it is a deterrent if a criminal believes there is a strong likelihood of apprehension."
When the plane is in the air, it will record every incident deputies respond to, [Unlikely Bob] Sheriff's Capt. Robert Jonsen said.

Another comment on the lack of e-estate planning. How could you divvy up your electronic assets in your will? Perhaps by storing them in a country with useful laws? Would the RIAA or MPAA honor such and inheritance or would they sue your children?
"Many of us will accumulate vast libraries of digital books and music over the course of our lifetimes, reports the WSJ, but when we die, our collections of words and music may expire with us. 'I find it hard to imagine a situation where a family would be OK with losing a collection of 10,000 books and songs,' says author Evan Carroll of the problems created for one's heirs with digital content, which doesn't convey the same ownership rights as print books and CDs. So what's the solution? Amazon and Apple were mum when contacted, but with the growth of digital assets, Dazza Greenwood of MIT's Media Lab said it's time to reform and update IP law so content can be transferred to another's account or divided between several people."

Seems like I have several students with a clear idea of the small businesses they will start (or have already). Perhaps this will inspire the rest.
August 25, 2012
Inc. Magazine's Annual List of America's Fastest-Growing Private Companies -- the Inc. 500|5000
"America’s fastest growers span 25 industries, all 50 states, and metro areas ranging from Boston to San Diego. New York City had the most honorees, with 350--three more than runner-up Washington, D.C. While nearly half the winners had revenues between $2 million and $10 million, more than 50 took in over $1 billion."

Global Warming! Global Warming! This article suggests we only have detailed records since 1979! (Don't mind me. Occasionally I rant about bad reporting or maybe bad science?)
Arctic sea ice likely to hit record low next week

(Related) Another lack of records. Also, dark spots on the sun are apparently hotter that a spotless sun.
Link Found Between Cold European Winters and Solar Activity
Scientists have long suspected that the Sun's 11-year cycle influences climate of certain regions on Earth. Yet records of average, seasonal temperatures do not date back far enough to confirm any patterns. Now, armed with a unique proxy, an international team of researchers show that unusually cold winters in Central Europe are related to low solar activity -- when sunspot numbers are minimal. The freezing of Germany's largest river, the Rhine, is the key.

A New Jersey cell phone case?