Saturday, October 20, 2012

How to phrase your “Get out of jail Free!” card?
Judge Dismisses Much of PlayStation Hacking Suit
October 19, 2012 by admin
Lucille Scott reports that a federal judge has thrown out much of the potential class action lawsuit by PlayStation users who say that the Sony security breach exposed more than 69 million personal and credit card accounts to theft. Scott reports:
The 36-page order dismisses several claims such as negligence, unjust enrichment, bailment and violations of California consumer protection statutes.
Sony did not violate consumer-protection laws “because none of the named plaintiffs subscribed to premium PSN services, and thus received the PSN services free of cost,” Battaglia wrote.
Read more on Courthouse News.
Somewhat disturbingly, the judge held that Sony’s Privacy Policy included “clear admonitory language that Sony’s security was not ‘perfect,’” therefore “no reasonable consumer could have been deceived.”
So as long as a site puts in some disclaimer like “we’re not perfect in our security,” there is no recourse for what might be really sloppy security? Wow. How would that play out in other cases that have been litigated already or in the hopper to be litigated?
Venkat Balasubramani also blogged about this dismissal last week, but I missed it somehow. Do check his blog entry for more on the various issues raised in the case.

Attention Ethical Hackers. Technique #406 is out of the bag.
St. Scholastica hack sheds light on Macalester IT security
October 19, 2012 by admin
Emma WestRasmus reports:
“What was the name of your first pet? What’s your favorite color? What’s your mother’s maiden name?”
We all know the drill. Whenever we start a new account we are prompted for answers to challenge questions that will surely be easy to remember. But for more than two dozen students at the College of St. Scholastica in Duluth the answers to questions needed to reset their student account passwords might have been just a little too easy to figure out. Earlier this month 28 students’ email accounts at St. Scholastica were hacked when hackers were able to answer the student’s challenge questions on their Self-Service Password Reset service simply through information obtained through the students’ social media pages.
Read more on The Mac Weekly. Once the hackers were able to access the e-mail accounts, they reportedly used information found in the accounts for fraudulent purposes.

Attention my fellow vets! Is encryption required on all Consultant computers (since that's where the data resided last time.)
VA Computers Remain Unencrypted, Years After Breach
October 19, 2012 by admin
Patience Wait reports:
Following a high-profile data breach six years ago, the U.S. Department of Veterans Affairs spent almost $6 million on encryption software for its PCs and laptops. But an investigation by the department’s inspector general determined that the encryption software has been installed on only 16% of its computers.
Read more on InformationWeek.
Related: Department of Veterans Affairs Review of Alleged Incomplete Installation of Encryption Software Licenses. OIG report, October 11, 2012.

“We have lots of room left in Gaantanamo and we're trying to fill it.”
"The New Matilda reports how the U.S. is now able to extradite people for minor offences, and asks why foreign governments so willingly give up their nationals to the U.S. to 'face justice' over minor crimes committed outside US borders? Lawyer Kellie Tranter writes 'the long arm of the Government is using criminal enforcement powers to enforce commercial interests at the behest of corporations and their lobbyists.' A Former NSW Chief Judge said it was bizarre 'that people are being extradited to the US to face criminal charges when they have never been to the U.S. and the alleged act occurred wholly outside the U.S.' He said although copyright violations are a great problem, a country 'must protect its nationals from being removed from their homeland to a foreign country merely because the commercial interests of that foreign country.' Australia recently 'streamlined' its laws to make extradition to the U.S. even easier."

Ah, English! Such a confusing language, espically when spoken by bureaucrats... “They didn't withhold anything, but we need to determine if the didn't disclose something...”
SEC finds Facebook didn't hold back info from investors -- report
The Securities and Exchange Commission didn't find any evidence that Facebook withheld pertinent information from investors prior to its initial public offering, Bloomberg reported today.
… While the investigation isn't over, the commission has determined that Facebook did not act wrongly, an unnamed source told Bloomberg. The SEC is still looking at whether or not retail investors lost money because the company didn't disclose certain information about mobile's impact on Facebook's business.

It's a simple technique (operative word: “simple”) that anyone including my students can use. Since it allow you to plant or remove evidence, you do need to use it only with adult supervision. Why would the cops want to remove evidence? (Perhaps the RIAA wants them to?)
Dutch government seeks to let law enforcement hack foreign computers
October 19, 2012 by admin
Lucian Constantin reports:
The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations.
In a letter that was sent to the lower house of the Dutch parliament on Monday, the Dutch Minister of Security and Justice Ivo Opstelten outlined the government’s plan to draft a bill in upcoming months that would provide law enforcement authorities with new investigative powers on the Internet.
According to the letter, the new legislation would allow cybercrime investigators to remotely infiltrate computers in order to install monitoring software or to search them for evidence. Investigators would also be allowed to destroy illegal content, like child pornography, found during such searches.
Read more on IT World.

Essentially, they pretend to be a cell phone tower, but with a stronger signal that others in the neighborhood.
FBI Accused of Dragging Feet on Release of Info About “Stingray” Surveillance Technology
October 19, 2012 by Dissent
Ryan Gallagher reports:
Tracking cell phones by tricking them into operating on a bogus network is a law enforcement tactic shrouded in secrecy. Now the FBI is under pressure to release information about it—but the bureau doesn’t want to let go of 25,000 pages of documents on sophisticated cell surveillance technology.
Read more on Slate.
[From the article:
The FBI has found 25,000 pages of documents that relate to the request, about 6,000 of which are classified—but says it may need up to three years to process the files before they can be released. [We don't read so good... Bob]
In a bid to appease EPIC’s grumbles about timescale, earlier this month the bureau released a 0.3 percent slither of the 25,000. The meager 67 pages were heavily redacted—containing only a glossary of jargon that related to cell networks along with blanked out copies of an internal manual called "GSM cell phone tracking for dummies.”
… But this isn’t just a federal-level issue. According to a report by LA Weekly last month, state cops in California, Florida, Texas, and Arizona have also used Stingray technology. Farther afield, in the Czech Republic, there are concerns that similar devices may be in the hands of criminals. And DIY Stingrays can be built by anyone with $1,500 to burn and a bit of hacker savvy. One way to help protect yourself is to use encryption.

Another shot at protecting data. Can the US be far behind? (unfortunately, yes)
Colombia Enacts Data Protection Law
October 19, 2012 by Dissent
Colombia enacted an omnibus data protection law this week. Read about it on Privacy and Information Security Law Blog.

(Related) There must be something we can learn from this...
National Comprehensive Data Protection/Privacy Laws and Bills 2012 Map
October 19, 2012 by Dissent
A great resource by David Banisar, Senior Legal Counsel of, has been updated and uploaded to SSRN. Here’s the abstract:
Over 90 countries and jurisdictions around the world have adopted comprehensive data protection/privacy laws to protect personal data held by both governments and private companies. This map shows which countries have adopted laws or have pending initiatives to adopt one. The new version now includes small jurisdictions and island states.
You can download the map here.

“You were right to think your computer was private, unfortunately for you we're not going to let that get in the way of sending you to jail.”
Supreme Court of Canada finds reasonable expectation of privacy in work-issued laptop
October 19, 2012 by Dissent
David T. Fraser writes:
The Supreme Court of Canada just released its decision in R v Cole, 2012 SCC 53, in which a majority of justices of the Court held that a teacher at a school had a reasonable expectation of privacy in the contents of his work-issued laptop. Nevertheless, evidence of child pornography found on it by the school, which was then given to the police, was found to be admissible evidence.

Google’s Knowledge Graph Now Explains Connections Between Your Query And Items In “People Also Search For” Section
Google just announced a small but interesting update to its Knowledge Graph panels. Instead of just showing you a list of related items that other people also searched for, hovering over these icons now shows you how they are related to your search query.
Currently, Google says, this works for actors, movies and TV shows, as well as “family connections amongst famous people in the Knowledge Graph.”
… Just recently, for example, Google used this information to power its Bacon Number calculator and started highlighting the Knowledge Graph boxes even more prominently by moving the results to the top of the screen for some searches.

Just for me...
British Columbia announced its support for open textbooks at the Open Education 2012 conference this week, becoming the first Canadian province to do so. BC will create openly licensed textbooks for the 40 most popular first- and second-year courses in its university system.
Random House says that libraries own their e-books. That’s the headline of a LibraryJournal article, and it’s a pretty big deal considering that many of the other Big 6 Publishers have been acting as though libraries license rather than own e-books when they purchase them.
… The University of Phoenix will be closing 115 locations, its parent company the Apollo Group announced, following a fall by 60% in its fourth quarter net income. Some 13,000 students will be affected.
[From the article:
University of Phoenix currently has about 328,000 students, down from a peak of more than 400,000. Following the closures, it will be left with 112 locations in 36 states, the District of Columbia and Puerto Rico.
Udacity announced several new classes this week that point to a possible business model and curriculum trajectory for the startup. The new classes are a collaboration with corporations — Google, NVIDIA, Microsoft, Autodesk, Cadence, and Wolfram to start — and teach skills and systems pertaining to those companies’ products.

If you go to the same sites each day, this might make your life simpler...
If you’re a big fan of RSS feeds for getting your daily dose of news and fun, then you’ll love Feedly. It’s one of the most stylish, intuitive ways to read RSS feeds and Twitter content. So, Firefox users will also be pleased to note that it’s available as a Firefox extension and works beautifully in the browser.
… Now, to make Feedly amazing you really need to start an account and customise your feeds and social networks. Feedly works closely with Google Reader RSS feeds, so it should come as no surprise that you need to log in to Feedly using your Google account. Feedly will then regenerate your Feedly page using your RSS feeds from Google Reader.
… Feedly is not just available in Firefox. It’s also available as a Chrome extension and for various mobile devices, so you can keep using Feedly as your main RSS reader and social network catch-up anywhere you go.
Similar Tools
There are plenty of great RSS readers, and many recently have taken to the magazine style format. If you want to see some similar alternatives, check out Pulse and iPad RSS readers such as Flipboard.

I'll be posting this for my students
Resources for Data Literacy
The single most important tool I’ve found for improving Digital Literacy is Wolfram Alpha. At your fingertips, whether on your phone, tablet, or laptop, you have access to all the world’s readily available data. All you have to do is ask. The best thing I can do to improve data literacy is to teach students (and other adults I know) to question the facts they are being quoted as gospel. Here are a bunch of searches I’ve done recently to verify or refute data someone has told me in conversation.
While my top choice for digital literacy is Wolfram Alpha, there are some other resources that are great for understanding, interpreting, and visualizing data. Here are a few:
  • Gapminder (the software used by Hans Rosling in his many, many TED Talks)
  • Worldmapper (territories are scaled/resized according to the subject of interest)
  • Measure of America (look at interactive maps and data about Social Science in the U.S.)
  • Human Development Reports (explore public data from the United Nations using a variety of visualizations)
  • (create your own infographic around a set of data)
  • Many Eyes (from IBM, create a visualization around your data)
  • Google Trends (explore how a search term has fared over time)
  • Google Correlate (find searches that correlate with real world data)
  • Google Fusion Tables (fuse two sets of data together and visualize)
There are also a few sites that do a fantastic job of creating and sharing data visualizations:

You should really really watch this! A really short video that promises a lot!
Ryan Merkley: Online video -- annotated, remixed and popped
Talks: In less than 6 minutes
Videos on the web should work like the web itself: Dynamic, full of links, maps and information that can be edited and updated live, says Mozilla Foundation COO Ryan Merkley. On the TED stage he demos Popcorn Maker, a new web-based tool for easy video remixing. (Watch a remixed TEDTalk using Popcorn Maker -- and remix it yourself.)

Friday, October 19, 2012

The correct question is, “Who should NOT use encryption technology?”
New “Surveillance-Proof” App To Secure Communications Has Governments Nervous
October 18, 2012 by Dissent
Ryan Gallagher reports:
Lately, Mike Janke has been getting what he calls the “hairy eyeball” from international government agencies. The 44-year-old former Navy SEAL commando, together with two of the world’s most renowned cryptographers, was always bound to ruffle some high-level feathers with his new project—a surveillance-resistant communications platform that makes complex encryption so simple your grandma can use it.
This week, after more than two years of preparation, the finished product has hit the market. Named Silent Circle, it is in essence a series of applications that can be used on a mobile device to encrypt communications—text messages, plus voice and video calls.
Read more on Slate.

(Related) Here's a small breach to illustrate my point...
By Dissent, October 18, 2012
The Maryville Daily Times reports:
Blount Memorial Hospital has informed patients of the theft of a hospital laptop containing registration records of Blount Heart Consultants.
The laptop was reported stolen from an employee’s home on Aug. 25 and has not yet been recovered.
Read more on The Maryville Daily Times. There does not seem to be any notice on the hospital’s web site at the time of this posting although they apparently sent out a press release. I’ll update this entry if/when I find the full release or notice but The Maryville Daily Times provides details on types of information, etc.

Some conversation may be recorded for quality assurance purposes...” Perhaps they will flash custom ads to their passengers in exchange for free bus service?
MD: MTA recording bus conversations to eavesdrop on trouble
October 18, 2012 by Dissent
Candy Thomson reports:
A Maryland Transit Administration decision to record the conversations of bus drivers and passengers to investigate crimes, accidents and poor customer service has come under attack from privacy advocates and state lawmakers who say it may go too far.
The first 10 buses — marked with signs to alert passengers to the open microphones — began service this week in Baltimore, and officials expect to expand that to 340 buses, about half the fleet, by next summer. Microphones are incorporated in the video surveillance system that has been in place for years. [So it's no big deal... Bob]
Read more on The Baltimore Sun.

Those who do not have security/privacy policies have a policy of failure – they just don't know it yet.
Canadian town employee sends financial info to residents via Facebook account?
October 18, 2012 by Dissent
A town employee in La Scie, Canada, used his personal Facebook email account to send private information to two individuals, who then filed a privacy complaint over, inter alia, the insecure method of sending financial information. The town attempted to justify their action by saying that they had no other way to contact the residents as they had no phone numbers and… wait for it… the account was password protected (insert *facepalm* here).
From the Office of the Information and Privacy Commissioner of Newfoundland and Labrador:
The Information and Privacy Commissioner, Ed Ring, has released his Report P-2012-001 under authority of theAccess to Information and Protection of Privacy Act. A summary of the Report is included below.
To view the Report in its entirety, please go to
Report: P-2012-001 Report Date: September 27, 2012 Public Body: Town of La Scie
Summary: On January 19, 2012 the Office of the Information and Privacy Commissioner received a Privacy Complaint under the Access to Information and Protection of Privacy Act (“ATIPPA”) filed collectively by two individuals regarding the Town of La Scie (the “Town”). The Complainants stated that their personal information had been sent to one of the Complainants by a Town employee via a private message on a social media website (“Facebook”). The message was sent using the employee’s personal Facebook account. The Complainants alleged that their personal information was not adequately protected pursuant to section 36; was improperly used pursuant to section 38; and was improperly disclosed pursuant to section 39.
The Commissioner found that the disclosure of the Complainants’ personal information was not contrary to the ATIPPA as the message was sent only to the Complainants. The Commissioner found that the Facebook message was a use of the Complainant’s personal information and that the method by which this use was carried out (i.e. Facebook) did not meet the limitations set out in section 38(2) or standard of necessity required by sections 38(1)(a) and 40(b) of the ATIPPA and, consequently, amounted to an improper use of personal information. Finally, the Commissioner found that the personal information had not been adequately protected. The Commissioner also provided commentary on the use of social media by public bodies and concluded that outside of community matters, announcements and notices, social media websites should not be used by public bodies to collect, use or disclose personal information regardless of the mechanism of delivery. The Commissioner recommended that the Town create and implement polices and practices regarding the use of social media and ensure that privacy training is provided to all Town employees.

Who'd a thunk it?
Article: Fear and Loathing at the U.S. Border
October 19, 2012 by Dissent
Janet C. Hoeffel and Stephen Singer have an article in Mississippi Law Journal, Vol. 82, No. 4, 2013. Here’s the abstract:
In this paper, we argue that when technology crosses the border in the form of personal electronic devices (PEDs), there is a unique confluence of factors that requires a fresh look at the border search exception. International travel is now commonplace, or at least relatively routine, and personal electronic devices are ubiquitous and often necessary during travel. In this context, combining the Supreme Court’s refusal to question individual officers’ motives for a search with current border search law results in government searches which, we submit, are “unreasonable” under the Fourth Amendment. We demonstrate how the border search exception to the Fourth Amendment has never actually gone through a doctrinal development, and, as such, it is rather thoughtless. We show how the doctrine should appear if developed as an administrative search rather than a sui generis historical exception, and we demonstrate why the doctrine dictates that motive matters, at least when it comes to PEDs. Finally, we suggest that a correct Fourth Amendment analysis would allow a continuance of the suspicionless border searches that everyone undergoes, but that before a person can be targeted for a more intrusive, discretionary secondary search or seizure, agents must have at least reasonable suspicion of criminal activity.
You can download the full article from SSRN.

So what else is new?
Article: Why the Right to Data Portability Likely Reduces Consumer Welfare: Antitrust and Privacy Critique
October 19, 2012 by Dissent
Peter Swire and Yianni Lagos have an article in a forthcoming issue of Maryland Law Review that challenges the EU’s draft Data Protection Regulation on the issue of a right to data portability. Here’s the abstract:
In its draft Data Protection Regulation, the European Union has announced a major new economic and human right – the right to data portability (‘RDP’). The basic idea of the RDP is that an individual would be able to transfer his or her material from one information service to another, without hindrance. For instance, consumers would have a legal right to get an immediate and full download of their data held by a social network such as Facebook, a cloud provider, or a smartphone app.
Although the idea of data portability is appealing, the RDP as defined in Article 18 of the draft Regulation is unprecedented and problematic. Part I explains Article 18, whose text appears to require software and online service providers to create what we call an ‘Export-Import Module,’ or software code that exports data seamlessly from the first service to the second service. The requirements would apply globally, for any entity that sells to an E.U. resident.
Part II critiques the RDP in light of the teachings of E.U. competition and U.S. antitrust law. Competition law has long addressed the problems of lock-in and high switching costs that form a chief justification for the RDP. The RDP, however, applies to small enterprises, where there is essentially no risk of lock-in. In contrast to competition law, the RDP applies to all online services even where there is no market power and no barrier to entry. Article 18 more generally is in conflict with the rules in competition law about exclusionary conduct – it creates a per se prohibition where competition law would apply a rule of reason approach. Competition law would consider the many efficiencies that result from a service provider deciding which functions and formats to include in its products, which undergo rapid innovation.
Part III shows that Article 18 also suffers serious difficulties as a matter of privacy or data protection law. Proponents have claimed the RDP is a new fundamental human right, aiding the individual’s autonomy for online activities. No jurisdiction has experimented with anything resembling the proposed Article 18, however, casting serious doubt on its status as a new human right. Among other difficulties, Article 18 poses serious risks to a long-established E.U. fundamental right of data protection, the right to security of a person’s data. Previous access requests by individuals were limited in scope and format. By contrast, when an individual’s lifetime of data must be exported ‘without hindrance,’ then one moment of identity fraud can turn into a lifetime breach of personal data. Part IV shows that Article 18 goes far beyond previous legal rules that specifically address interoperability.
In conclusion, the novel RDP is justified by the supposed benefits to consumers. As drafted, however, the RDP likely reduces consumer welfare, as articulated after long experience in competition law. It also creates risks to privacy that are not addressed in the current text. The RDP deserves far more scrutiny before becoming a mandate that applies globally to software and online services.
You can download the full paper on SSRN.

For my Computer geeks... (I'm having touble with the video, but there is a transcript)
Eben Moglen, says Wikipedia, "is a professor of law and legal history at Columbia University, and is the founder, Director-Counsel and Chairman of [the] Software Freedom Law Center, whose client list includes numerous pro bono clients, such as the Free Software Foundation." And if that wasn't enough, since 2011 he's been working with FreedomBox, a project working toward "a personal server running a free software operating system, with free applications designed to create and preserve personal privacy." Prof. Moglen is also one of the most polished speakers anywhere, on any topic, ever. That's why, instead of editing this interview Timothy Lord did with him, we simply cut it in half, removed a little introductory and end conversation, and let the Professor roll on. The second half of this interview will run tomorrow. It's at least as worthwhile as the first half, especially if you are interested in Free Software.

Once again, the French may find there are some things they can't control. Once again, that won't stop them from trying.
"Google has threatened to exclude French media sites from search results if France goes ahead with plans to make search engines pay for content. In a letter sent to several ministerial offices, Google said such a law 'would threaten its very existence.' French newspaper publishers have been pushing for the law, saying it is unfair that Google receives advertising revenue from searches for news. French Culture Minister Aurelie Filippetti also favors the idea. She told a parliamentary commission it was 'a tool that it seems important to me to develop.'"

Perspective And here I thought we were talking a lot of money...
October 18, 2012
IAB internet advertising revenue report 2012
IAB internet advertising revenue report 2012 first six months' results, October 2012. An industry survey conducted by PwC and sponsored by the Interactive Advertising Bureau (IAB)
  • "Internet advertising revenues (“revenues”) in the United States totaled $17.0 billion for the first six months of 2012, with Q1 2012 accounting for approximately $8.3 billion and Q2 2012 totaling approximately $8.7 billion. Revenues for the first six months of 2012 increased 14% over the first six months of 2011... “This report establishes that marketers increasingly embrace mobile and digital video, as well as the entire panoply of interactive platforms to reach consumers in innovative and creative ways," said Randall Rothenberg, President and CEO, IAB. “These half-year figures come on the heels of a study from Harvard Business School researchers that points to the ad-supported internet ecosystem as a critical driver of the U.S. economy. Clearly, the digital marketing industry is on a positive trajectory that will propel the entire American business landscape forward.” — Randall Rothenberg, President and CEO, IAB

Fight technology with technology? “Assist law enforcement! Illuminate your plate!” It enahances the lights that come with the car...
License Plate Frame Foils Irksome Traffic-Light Cameras
Traffic-light tickets have ticked off a gazillion drivers, some of whom have had to fork over $500 for running a light. Now there’s a way for you to throw a monkey wrench into that money-making machine.
Jonathan Dandrow has developed noPhoto, which renders the pix snapped by those revenue-generating robo-cams useless. The technology behind noPhoto is fairly simple. At the top of the gadget, which doubles as a license plate frame, there’s an optical flash trigger that detects the flash of the traffic-light camera. That trigger sets off one or both xenon flashes in the sides of the noPhoto, so when the traffic-light camera opens its shutter, there’s too much light and the picture of your license plate is overexposed. Big Brother can’t read your plate.

Send Guido! Done deal. Gimme the $50,000.” Tony Soprano
"It's not clear if the Federal Trade Commission is throwing up its hands at the problem or just wants some new ideas about how to combat it, but the agency is now offering $50,000 to anyone who can create what it calls an innovative way to block illegal commercial robocalls on landlines and mobile phones."

(Related) In New Jersey it's: “Siri, start dis car and dem two ova dare..”
Siri, Start My Car
The latest version of Viper’s SmartStart app also lets you lock and unlock your vehicle directly from your iPhone 4S or 5 running iOS 6.
The promise of Siri’s app integration hasn’t been fully realized since Apple updated iOS last month, but Viper is the first automotive accessory company to tap Siri’s voice controls on its line of SmartStart products.

For my Ethical Hackers.. When numbers identifying people (like SSAN's) or things have “meaning” they are much less random and therefore much less difficult to “hack.”

For my Intro to Computer Security students (Actually, for scaring the bejesus out of them)
… PrivacyFix is an extension for Firefox and Chrome that points out settings you’ll want to change and also helps you stop ad networks from tracking you.
Managing your privacy online can be a hassle. PrivacyFix won’t completely solve the problem, but it makes finding key privacy settings for Facebook and Google trivial. Even more important: it’s incredibly simple to use. Just follow the step-by-step directions, deciding which privacy settings do and do not matter to you.
Head to PrivacyFix to get started. You’ll need to install an extension for Chrome or Firefox, depending on your browser of choice. Sorry, users of other browsers: you’re out of luck for now.

Another in a long line of “there has to be something better than PowerPoint!” software.
… Presentista is a new way to create presentations, and it works right from your web browser.
… When you are creating in Presentista, everything is on one screen. You add your stuff and create a flow, which are akin to slides. The link in the flow is how it determines which section to jump to next. It is a really clean, fluid way to make a presentation.
… Like any presentation, you can include text and graphics. With Presentista, you can also add YouTube videos, Google Images and photos from Flickr.
Similar tools: SlideShark, Appafolio and

Wisdom from the mouths of cartoon characters. The Perfect CEO response to eDiscovery!

Thursday, October 18, 2012

(Yet another plug) What an interesting resource. I searched for UAV and DRONE and now I'm ready to ask questions at the Privacy Foundation ( seminar, “Domestic Privacy and Drones.” The seminar is TOMORROW.
October 17, 2012
Military Policy Awareness Links on Cybersecurity
MiPAL: Cybersecurity - Compiled by the National Defense University Library [MERLN - the Military Education Research Library Network - is a comprehensive website devoted to international military education outreach. It represents a consortium of military education research libraries that work together to provide access to a variety of unique electronic resources for the use of researchers and scholars.] Via Ian Burke.

"NASA today said it wants to gauge industry interest in the agency holding one of its patented Centennial Challenges to build the next cool unmanned aircraft. NASA said it is planning this Challenge in collaboration with the Federal Aviation Administration and the Air Force Research Lab, with NASA providing the prize purse of up to $1.5 million."

(Related) And look at all of the really useful stuff you can do with your UAV! (A pime example of a “Money from Morons” scam?)
The Search for Sasquatch Continues — With a Silent Airship

Could this be preparation for CyberWar? Would terrorists have anything to gain by disrupting hospitals? Would hospital (or manufacturers) have a defense if (when?) a patient is harmed?
Dupple sends this quote from MIT's Technology Review:
"Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable. While no injuries have been reported, the malware problem at hospitals is clearly rising nationwide, says Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, who took part in the panel discussion. [He said], 'Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There's little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches.' ... Despite FDA guidance issued in 2009 to hospitals and manufacturers—encouraging them to work together and stressing that eliminating security risks does not always require regulatory review—many manufacturers interpret the fine print in other ways and don't offer updates, Fu says. And such reporting is not required unless a patient is harmed."

Am I reading this correctly? Someone reported a breach and they charged him with a crime?
By Dissent, October 18, 2012
Thirty-four charges have been laid against an individual under the Health Information Act, along with six additional charges under the Criminal Code. The charges have not yet been proven in Court.
As a result of a self-reported breach to the Office of the Information and Privacy Commissioner, the Commissioner opened an offence investigation into suspicious accesses to health information. Upon completion of the investigation, the matter was referred to Crown prosecutors at Alberta Justice. Thirty-one charges under the Health Information Act were then laid for improperly accessing other individuals’ health information, one charge was laid for inappropriate use of health information, one charge was laid for inappropriate disclosure of health information and one charge was laid for knowingly falsifying a record. Six additional charges were laid under the Criminal Code.
This is the third time charges have been laid under provisions of the Health Information Act. The maximum penalty for a first offence under the Health Information Act is $50,000 for each charge.

If I come up with a better patent system, can I patent it?
concealment writes with news that Amazon's Jeff Bezos has called for new legislation from governments to end abuse of the patent system. He said, 'Patents are supposed to encourage innovation and we're starting to be in a world where they might start to stifle innovation. Governments may need to look at the patent system and see if those laws need to be modified because I don't think some of these battles are healthy for society.' His comments are from an interview with the UK's Metro. Bezos was also optimistic about the future of the private space industry: "If private companies can start to generate profits from this kind of activity then you’ll start to see the flywheel spin more rapidly and we’ll make more progress, because I really do think we want to live in a civilization where millions of people are living and working in space"

People who have never heard of the “Streisand Effect” are doomed to repeat it...
Hulk Hogan Sues Gawker for $100M Over Sex Tape
October 18, 2012 by Dissent
Annie Youderian reports:
Hulk Hogan sued Gawker and its founder for $100 million, claiming the “loathsome defendants” posted a secretly recorded video of him having sex on and refuse to remove it.
Read more on Courthouse News.

My wife trains dogs. One thing I've observed (other than that many “dog people” are certifyable) is what is called the “Clever Hans effect.” ( People who train their dogs to do just what they want without even knowing they are doing it. Perhaps somewhere a lawyer has trained his dog to testify?
Two Supreme Court Cases About Dogs May Profoundly Impact Americans’ Privacy
October 18, 2012 by Dissent
Michael Kelley reports:
On Oct. 31, the U.S. Supreme Court will hear two cases from Florida about drug-sniffing dogs that will either affirm or weaken the constitutional privacy rights of Americans.
Rulings favorable to the government would allow law enforcement to conduct warrantless searches and surveillance on an even more routine basis.
The first case will ask the court to clarify how accurate a drug dog must be to establish probable cause for the search of a vehicle.
The second case asks if police may take a drug dog to the front porch of a home to sniff for evidence of marijuana inside.
Read more on Business Insider.

Apps as tools for Big Brother. Interesting. I'll have this printed for my Intro to Computer Security students.
Sneaky Apps & Your Personal Information
October 17, 2012 by Dissent
Here’s another interesting infographic from Muhammad Saleem of

GAO report: Wireless consumers don’t know how location data are shared
October 17, 2012 by Dissent
Catching up on some news I missed or neglected to post….
Hayley Tsukayama reports:
A study released Thursday by the Government Accountability Office suggests that the government could do more to protect consumer privacy when it comes to mobile device location data.
The report, which was requested by Sen. Al Franken (D-Minn.), concludes wireless companies are not fully explaining how they use location data culled from mobile phones.
Read more on Washington Post.

There must be studies (legal or psychological) that would help explain what laws get enforced and what laws are ignored...
"A former police officer in the Australian state of Victoria has called on law enforcement to prosecute creators of hate pages on social media following Facebook's decision to close down a page mocking Jill Meagher, the 29-year-old Melbourne woman abducted and killed last month. Susan McLean, who spent 27 years with Victoria Police before launching her cyber safety consultancy three years ago, said police have the ability to prosecute the creators of pages that are in breach of Australian laws but appear to be unwilling to use it. 'There have been many cases in the UK where these people have been hunted down and charged and jailed. We need to do that in Australia.' Under section 474.17 of the Commonwealth Crimes Act, it is an offense to use 'a carriage service to menace, harass or cause offense,' punishable by three years in jail."

It's sad to see so many otherwise bright people opting for a career in politics, but I suppose I should point them to useful information, no matter how much they resist...
October 17, 2012
My District Data
"Data matters. It helps us learn about where we live and the challenges we face. It should be handy, simple to understand and relevant. Elected officials -- and you and I -- ought to have access to good data. Over the next three months, we'll release a series of online, interactive reports that allow you to learn more about jobs, money, education and housing in your congressional district. Just click Go on this page, find your district by entering your zip code or typing in your address. Get a summary of statistics for your district or explore a full interactive report with maps and tables comparing your district to the nation. It is simple and it is all right here." [via Andrew F. Young]

“Sure, go ahead. Just don't tell anyone.”
Iron fertilization project in Pacific known to government
Government bodies knew about a controversial experimental project in which 100 tonnes of a dust-like material enriched with iron was dumped into the ocean off B.C.'s north coast, the project's leader says.
… In a written statement, Environment Canada says it told the company that carried out the plan that ocean dumping was not allowed and that it could be violating the Canadian Environmental Protection Act. The agency says it never received an application for ocean fertilization.
… The dumping created a bloom of phyto-plankton — plants at the base of the food chain that are eaten by other creatures. But the bloom grew to cover 10,000 square kilometres and was visible from space.
Disney says the bloom ate up carbon from the atmosphere and sequestered it in the ocean depths. [Has been proposed as a respons to Global Warming! Bob]
"What that does is create what's called a carbon offset credit, and that is a saleable commodity," Disney said. "We've determined that we can raise enough money to make this project sustainable and pay off the loan."

It would be funny, if it wasn't my tax dollars!
October 17, 2012
Sen. Tom Coburn's Wastebook 2012
Wastebook 2012: "100 entries highlighted by this report"

Well IP Lawyers, is this enough?
Megaupload Is Dead. Long Live Mega!
They’ve been indicted by the U.S. government for conspiracy and briefly thrown in jail, but Kim Dotcom and his partners in the digital storage locker Megaupload have no intention of quitting the online marketplace.
Instead the co-defendants plan to introduce a much-anticipated new technology later this year that will allow users to once again upload, store, and share large data files, albeit by different rules. They revealed details of the new service exclusively to Wired.
They call it Mega and describe it as a unique tool that will solve the liability problems faced by cloud storage services, enhance the privacy rights of internet users, and provide themselves with a simple new business. Meanwhile, critics fear that Mega is simply a revamped version of Megaupload, cleverly designed to skirt the old business’s legal issues without addressing the concerns of Internet piracy.
(Dotcom and three of his partners remain in New Zealand, where they were arrested in January 2012. They face extradition to the U.S. on charges of “engaging in a racketeering conspiracy, conspiring to commit copyright infringement, conspiring to commit money laundering, and two substantive counts of criminal copyright infringement,” according to the Department of Justice.)
… And because the decryption key is not stored with Mega, the company would have no means to view the uploaded file on its server. It would, Ortmann explains, be impossible for Mega to know, or be responsible for, its users’ uploaded content — a state of affairs engineered to create an ironclad “safe harbor” from liability for Mega, and added piece of mind for the user.
… Dotcom’s belief is that even the broad interpretation of internet law that brought down Megaupload would be insufficient to thwart the new Mega, because what users share, how they share it, and how many people they share it with will be their responsibility and under their control, not Mega’s.

Geeky stuff The reality Apple ignores...
Learning to jailbreak is a rite of passage for most iOS device owners. After purchasing a new iPod touch, iPhone or iPad; one of the first things you’ll learn to do is to jailbreak it in order to break free from Apple’s tight grasp, install custom tweaks and hacks, as well as cracked apps (let’s be honest, we all do it). So what should you install after you’ve jailbroken your device? That’s what our Best Of Cydia Tweaks page is here to answer!
We’ve published several informative resources on the subject so if you’re unsure about what jailbreaking actually means, please read my evergreen article A Newbie’s Guide to Jailbreaking. Once you’ve managed to muster up the confidence to actually perform the jailbreak, download our handy How To Jailbreak Your iPhone, iPod Touch, Or iPad manual in PDF, ePub or Kindle formats to assist you along the way.
Now that your device is free from Apple’s restrictions, let’s dive into the good stuff! Would you like to control your iOS device with your voice and extend Siri’s capabilities? Would you like to use Google Chrome as the default browser? You can do so much more with a jailbroken device and our Best Of Cydia Tweaks page will assist you in selecting the best tweaks and hacks.

Now I can illustrate Statistics using Dancing Gerbils!
… Rekapi is an animation library for JavaScript that depends on Underscore.js and Shifty.js. It can be used to make some really cool animations very easily.
The library can be used to make and DOM animations. To give the API a try, you can play with it in a live sandbox online and create some animations. The DOM animations you make in Rekapi can also be exported to CSS3 @keyframes to improve performance. The site’s homepage has some sample animations made from Rekapi.

I have good news: “Every day there are hundreds of new free Kindle books on” And I have bad news: “A lot of them suck.” But you should still look, because Free is Good!, with FKB standing for Free Kindle Books, is a web service that picks out good books from the list of books daily uploaded onto Amazon for Kindle devices. The books are hand-picked by real people and not a result of a computer algorithm. These books are sorted into categories of nonfiction, fiction, language learning, food, and children / young adults.

Just cool...
… The application is called Gpredict, and it is about as close as you can get to having a satellite-monitoring ground station right on your own computer screen for free. I usually don’t even bother installing most of the satellite tracking apps out there because they’re usually extremely simple and not very exciting. Many of the Android apps out there that are meant to track satellites are fun and interesting, but limited in what they can do.
That is not the case with Gpredict. It’s very well written, very functional, and it looks really cool maximized up on my second screen while I get work done on my primary monitor. Watching and tracking the path of satellites is a fun way to occupy a screen that you may not be using at any given moment.

For the first time ever, a Forrester survey on Internet usage found that users report spending less time online than they did in 2011, nearly back to the average duration reported in 2009. According to Forrester, this data likely doesn’t demonstrate a true drop in Internet usage, however, instead representing a change in the notion of what it means to be online. The information comes from a survey of 58,000 US adults.
… Not only does the data show a decline in reported Internet usage, it also demonstrates a decline in the number of (US-based) consumers who own a laptop, netbook, or desktop. The data shows that smartphones and tablets are primarily used (in relation to the Internet) to access social networking websites, while consumers still prefer either a laptop or a desktop for performing other, more “serious” tasks. This delineation between PC and mobile device usage may indicate that Internet users don’t consider the times they pull out a smartphone or tablet as “being online,” but rather only when they sit down and perform a specific Internet-related activity on the computer.

Stuff for students?
Ten Terrific Mind Mapping and Brainstorming Tools
Today, I am running a workshop about using mind mapping and brainstorming tools to help students meet some of the Common Core standards in English Language Arts. Below are some of the tools that we will be using today.

A new source of videos for my Math classes (and other subjects)
Check Out These YouTube EDU Gurus
Last month YouTube launched a Star Search of sorts to find the next ten YouTube EDU Gurus. This week those new gurus were revealed and I'm very happy to say that three of them have been featured here on Free Technology for Teachers in the past. Those three are Keith Hughes, Kristen Williams, and Paul Anderson. Their new introductory videos are posted below. Congratulations to all of the new YouTube EDU Gurus. I look forward to all of the new content that you produce.
[Like this one...
Introducing Math Apptician - YouTube Next EDU Guru

Wednesday, October 17, 2012

See? Plenty of time.
"Maybe instead of zero-day vulnerabilities, we should call them -312-day vulnerabilities. That's how long it takes, on average, for software vendors to become aware of new vulnerabilities in their software after hackers begin to exploit them, according to a study presented by Symantec at an Association of Computing Machinery conference in Raleigh, NC this week. The researchers used data collected from 11 million PCs to correlate a catalogue of zero-day attacks with malware signatures taken from those machines. Using that retrospective analysis, they found 18 attacks that represented zero-day exploits between February 2008 and March of 2010, seven of which weren't previously known to have been zero-days. And most disturbingly, they found that those attacks continued more than 10 months on average – up to 2.5 years in some cases – before the security community became aware of them. 'In fact, 60% of the zero-day vulnerabilities we identify in our study were not known before, which suggests that there are many more zero-day attacks than previously thought — perhaps more than twice as many,' the researchers write."

For my Disaster Recovery students... How would you protect data and operations that you were certain were being targeted?
"The Pirate Bay has made an important change to its infrastructure. The world's most famous BitTorrent site has switched its entire operation to the cloud. From now on The Pirate Bay will serve its users from several cloud hosting providers scattered around the world. The move will cut costs, ensure better uptime, and make the site virtually invulnerable to police raids — all while keeping user data secure."
They are still running their own dedicated load balancers that forward encrypted traffic to one of their "cloud" providers, rather than dealing with physical colocation. Seems like a sensible decision any IT manager would make.

Now this is a sanction that hurts! (But weren't we concerned that Iran was counterfeiting US $100 bills?)
"In an interesting problem with physical currency, Iran is now running out of hard currency, due to a combination of inflation, and 'Koenig & Bauer AG of Würzburg, Germany, also says it has not responded to an Iranian request for bids to make the presses to print new rials.' Perhaps they should switch to BitCoin."
In addition to not printing money for them, the European currency presses won't sell Iran the equipment needed to print their currency domestically (not unexpected with the embargo). pigrabbitbear adds: "Eutelsat Communications, one of the largest satellite providers in Europe, has just nixed its contract with IRIB, the Iranian state broadcasting company. While IRIB's programming is still mostly up and running in Iran, the decision means that 19 IRIB TV and radio channels have now been axed from Europe and much of the Middle East."

An interesting question or two. With Pineta claiming a Cyber-Pearl Harbor is near and DHS “concerned” about infrastructure, would you trust a Russian operating system? Why isn't there an American version? (Would Kaspersky's at least serve as a model?) Perhaps Russia will be the only secure nation...
Russian Anti-Virus Firm Plans Secure Operating System to Combat Stuxnet
Russian anti-virus firm Kaspersky Lab announced Tuesday that it plans to develop a secure operating system to protect critical infrastructure systems from online attacks.
Kaspersky hopes to develop a pared-down operating system that would be less vulnerable to attack from malicious programs like Stuxnet – a cyberweapon discovered in 2010 that was designed to target industrial systems that control Iran’s nuclear program.
“Today there exists neither operating systems nor software that could be applied in industrial/infrastructural environments whose produced data on processes could be fully trusted,” wrote company founder Eugene Kaspersky in a blog post. “And this left us with no other option than to begin developing something new ourselves.”

I am an Academic. All those “Hacking for fun and profit” books are purely for research purposes...
Amazon’s Next Big Business Is Selling You
Facebook knows who your friends are. Google knows what you’re interested in finding on the internet. Amazon knows what you’ve bought, and has a pretty good idea of what you might want to buy next.
If you were an advertiser, which company’s data sounds most valuable to you? If you had a product you wanted to sell, which of those things would you most want to know?

(Related) If Amazon can do it, so can Mastercard... The question becomes, “Who can't do it?”
MasterCard Is Selling Your Data Just in Time for the Holidays
Credit card companies make money by taking a cut every time you swipe your plastic at the checkout counter. Now MasterCard has found a way to make those swipes pay over and over again.
As the Financial Times first reported, MasterCard is packaging its transaction data — your transaction data — and selling it to advertisers. The story was based on an apparently confidential pitch MasterCard made to potential clients. Not too confidential, because we found a copy by googling it. [A simple illustration of “Open Source” intelligence... Bob]

(Related) Gosh and golly, maybe everyone is doing it!
Verizon Wireless is facing criticism and possibly even a lawsuit for selling customers’ phone activity to marketers. Such activity consists of geographical location, browsing habits, and app usage. The company began offering this information to marketers just recently, and it shows what Verizon subscribers are doing on their phones, including both iOS and Android devices.

I like it! Do you think we could make “failure to encrypt” a lot more costly too?
"The Information Commissioner's Office has filed a suit for £120,000 against the Greater Manchester Police because officers regularly used memory sticks without passwords to copy data from police computers and work on it away from the department. In July 2011, thousands of peoples' information was stolen from a officer's home on an unencrypted memory stick. A similar event happened at the same department in September 2010. 'This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine,' said ICO deputy commissioner David Smith."

Can you say, “Overreaction?”
"A row over a web article posted five years ago has led to 1.5 million educational blogs going offline. The Edublogs site went dark for about an hour after its hosting company, ServerBeach, pulled the plug. The hosting firm was responding to a copyright claim from publisher Pearson, which said one blog had been illegally sharing information it owned. ... The offending article was first published in November 2007 and made available a copy of a questionnaire, known as the Beck Hopelessness Scale, to a group of students. The copyright for the questionnaire is owned by Pearson, which asked ServerBeach to remove the content in late September."

For my Ethical Hackers... “It's not a bug, it's a feature!” Remember, some day you may be a target...
"Pacemakers seem to be hackable now too, if researcher Barnaby Jack is to be believed. And the consequences of that are deadly. Anonymous assassinations within 30 feet of the pacemaker seem to be possible. From the article: 'In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop. The pacemakers contained a "secret function" which could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity. ... In reverse-engineering the terminals – which communicate with the pacemakers – he discovered no obfuscation efforts and even found usernames and passwords for what appeared to be the manufacturer’s development server. That data could be used to load rogue firmware which could spread between pacemakers with the "potential to commit mass murder."'"

For my Geeky Gawkers... Some photos plus a tour via “Street View”
Google Throws Open Doors to Its Top-Secret Data Center

A way to “Push” information to the troops. (Employees, students, whatever...)
Amazon’s New Whispercast Service Provides Organization-Wide Kindle Content Deployment
Amazon today unveiled its new its new Whispercast for Kindle service, which provides businesses and other organizations like schools a way to easily deploy Kindle content to members, students and employees across not only Amazon hardware, but also Kindle apps for iOS and Android devices. Right now, it allows administrators to buy Kindle books and documents and spread them around, and in the future, Amazon plans to add the ability to push out Kindle Fire apps to the company’s Android-powered tablets as well.
The initiative is clearly designed to give Kindle a greater foothold in the education market, where Amazon is saying that Whispernet allows not only widespread distribution of content, including free classic titles whose copyrights have expired, but also remote device management for Kindles owned by educational organizations. Already, there are programs that have seen Kindles deployed in school systems, including via Amazon’s own community outreach programs. Whispercast provides an easy way for organizations to more effectively deploy those programs, and also support students who may be bringing their own devices from home.

Free is good, but be sure to backup!
… And now if you’re a college student anywhere in world, you qualify as part of Dropbox’s Space Race Program for an extra 3 GB of Dropbox space for two years, plus up to 25 GB of space for your school for two years.
Of course, while Dropbox offers all this free, it does want some of its freeloading customers to make a premium upgrade, but as one of the leading cloud services on the Internet, Dropbox is being pretty generous. Note also, the 3 GB of storage is in addition to the 2 GB of free space given to everyone who signs up for Dropbox.
To be eligible for the Space Race Program, you must meet the following the criteria:
  • You must be an actively enrolled in a college or university or the equivalent of a university.
  • You need to sign up with active email address from the school you attend (note: you also qualify if you already have existing Dropbox account).
  • Your higher education institution must also have at least 25 participants sign up for the program (so announce it in one of your classes).
The program runs from October 15 to December 10, 2012. You sign up by visiting Any additional storage space earned through the program will expire on January 15, 2015, and thus accounts will downgrade to the users’ original, initial free space.

For those of us who can't type worth a darn...
Two Handy Speech to Text Tools
Speech recognition software can be very pricey, but adding a speech recognition option to your computer doesn't have to be expensive. Here are two free speech to text tools to try.
In Google Chrome you can use the Speech Recognizer app available for free through the Chrome Web Store. To use the Chrome Speech Recognizer just install it from the Chrome Web Store, launch it, then click the microphone to start taking and recording your voice. The Speech Recognizer will type out your text when you finish recording. You can then copy and paste your text to the paragraph box below the Speech Recognizer or to a document you have open in Google Docs.
Online Dictation is a free site that will transcribe your speech for you. To use the site just visit it, click on the microphone icon, and start talking. If the transcription inserts the wrong word (for example it inserted "number" instead of "mumble" when I tried it) just click on that word to replace it. You can copy the transcript and paste it anywhere you like.

(Related) Handy for all those new math words students run into in my classes...
Word Talk - A Free Text to Speech Plugin for Microsoft Word
… One podcast that I still consider a must-listen is Tom Grissom's Tech Talk 4 Teachers. During the most recent episode Tom shared Word Talk.
Word Talk is a free text to speech plugin for Microsoft Word. Word Talk highlights text as it is narrated for you. An audio dictionary is also included in Word Talk.
Applications for Education
For students that need to hear a word pronounced or need sentences read to them for clarification, Word Talk could be a handy plugin to have installed in Microsoft Word.

(Related) It can't hurt!
… Road To Grammar offers a multitude of games and quizzes to help you practice your grammar skills in a way that is fun. The quizzes are broken down by category, so you can work on exactly the part of grammar you need to practice. In all, there are 365 quizzes available, so you can do one a day for a year, and greatly improve your writing skills.