Saturday, December 22, 2012

“Getting to know you.
getting to know all about you.”
Originally from “The King and I” but now from “Google & Me”
Google starts watching what you do off the Internet too
December 21, 2012 by Dissent
The most powerful company on the Internet just got a whole lot creepier: a new service from Google merges offline consumer info with online intelligence, allowing advertisers to target users based on what they do at the keyboard and at the mall.
Without much fanfare, Google announced news this week of a new advertising project, Conversions API, that will let businesses build all-encompassing user profiles based off of not just what users search for on the Web, but what they purchase outside of the home.

Are we overreacting? Let's hope there is some follow-up here. Nothing in the article makes this any clearer, but there must be more to this than has been reported, right?
"'The Superintendent of the Greater Egg Harbor Regional High School District said around 2 pm Tuesday, a 16 year old student demonstrated behavior that caused concern. A teacher noticed drawings of what appeared to be weapons in his notebook. [Did he do the drawings? Bob] School officials made the decision to contact authorities. Police removed the 16-year-old boy from Cedar Creek High School in Galloway Township Tuesday afternoon after school officials became concerned about his behavior. [No indication what that “behavior” was. The drawings? Bob] The student was taken to the Galloway Township Police Department. Police then searched the boy's home on the 300 block of East Spencer Lane and found several electronic parts and several types of chemicals that when mixed together, could cause an explosion, police say. The unidentified teen was charged with possession of a weapon an [sic] explosive device [Not exactly a “device” was it? Bob] and the juvenile was placed in Harbor Fields.' If 'chemicals that when mixed together, could cause an explosion' is a crime, I'm pretty sure everyone's cleaning cabinets are evidence just waiting to be found. Bottle of Coke and Mentos... BRB, someone knocking at the door."

Cedar Creek student had chemicals at home that could be used for bomb, police charge
… Ciccariello said that the student was not in conflict with anyone, but could not discuss his disciplinary record.
"I wouldn't expect this type of behavior," he said.
Police Chief Pat Moran stressed Tuesday night no threats were made by the student and there was no indication there was any danger posed to anyone or property at the school.
“There was no indication he was making a bomb, or using a bomb or detonating a bomb,” he said.
… "I'll say that, regardless of the incident last week, we would have handled this exactly the same way," he said.
It is clear that the area is taking all threats seriously. Ciccariello said there was an increased police presence at Absegami High School Wednesday morning after police got a report of a rumor of a hit list circulating on Facebook.
He said that no such list has been found and that there is no threat to anyone in the Absegami community.
A 15-year-old girl was arrested at Mainland Regional High School and charged with false public alarm after she allegedly sent a text message to a friend stating that she had heard a rumor that there would be a shooting at the school on Friday.

(Related) New Jersey must be much more dangerous than I remember...
Cedar Creek Student's Drawings Prompted Investigation, Led to Arrest
Some security measures that the three Galloway Township schools already employ include:
  • cameras inside and outside each school;
  • one armed school resource officer in each building;
  • a lobby guard that runs the identification of each visitor to each school;
  • proximity card readers for staff members, who must swipe their cards before gaining access to the building; and
  • security officers at each school 24 hours a day, every day of the year.

First On Fox. Teen's Mom Speaks Out On Her Son and 'Explosive' Chemicals
"It's ridiculously blown out of proportion."
… The teenager was taken from his class at Cedar Creek High in Egg Harbor City after a teacher said he demonstrated behavior that caused concern. She saw him doodling in a notebook during class.
"He drew a glove with flames coming out of it," his mother said.
… The 16-year-old was charged as a juvenile with possession of an explosive device.

Perhaps a crowdsourced review of the “take?”
"The Air Force has a problem: Its drones generate thousands of hours of video (I almost said 'footage.') And most of it is miles of endless desert. USAF needs to distill the highlights, if you will, and nobody does it better than ESPN, the TV sports network. Air Force officials have asked ESPN for help in analyzing the 327,384 hours collected just this year. [There are 8760 hours in a year, so that in 37+ years of tape Bob] What we really need in times like these is sportscaster Warner Wolf. 'Let's go to the videotape, pick it up right here, Taliban in the home black.'"

Been there, blogged that, working on the T-shirt
If You're Serious About Ideas, Get Serious About Blogging
Indeed, if you want to shape public opinion, you need to be the one creating the narrative. A fascinating study last year by Yahoo Research showed that only 20,000 Twitter users (a mere .05% of the user base at the time) generated 50% of all tweets consumed. A small number of "elite users" sets the conversational tenor, just as in the general world of blogging.

Because it amuses me...
… The FTC unveiled the latest version of COPPA (the Children’s Online Privacy Protection Act) this week. I covered this news a bit in my recent look at the “politics of ed-tech” because certainly some of the wording here is a result of lobbying from the Internet tech industry. The FTC says it’s updated the language to strengthen privacy protections, but it looks like Facebook, Google, and Apple are winners here.
Inside Higher Ed reports on a new program from New Charter University that will “provide an online education at no out-of-pocket cost to workers in three California cities whose employers provide them with tuition assistance reimbursement funds.” That means that workers in San Francisco, Oakland, and Sacramento might be eligible for a free college education.
edX unveiled several new classes in its catalog this week, including: The Challenges of Global Poverty, Justice, The Ancient Greek Hero, Copyright, Human Health and Global Environmental Change, Introduction to Statisticsl, and Quantum Mechanics and Quantum Computation. I’m really interested in the Copyright class (taught by the director of the Harvard Berkman Center Professor William Fisher), but I have to apply as the class is capped at 500 students. (I’m not sure I’m a good enough MOOC student to apply.)
Google says it’s partnering with several universities in Spain to offer UniMOOC, “an online course intended to educate citizens in Spain and the rest of the Spanish-speaking world about entrepreneurship. It was built with Course Builder, Google’s new open source toolkit for constructing online courses.”

Friday, December 21, 2012

Interesting claim. If true, this will really shake things up. However, it looks like you still need an active hack before the decrypt. Follow Best Practices for Encryption (particularly Key Control) and you should be secure.
"Russian firm ElcomSoft on Thursday announced the release of Elcomsoft Forensic Disk Decryptor (EFDD), a new forensic tool that can reportedly access information stored in disks and volumes encrypted with desktop and portable versions of BitLocker, PGP, and TrueCrypt. EFDD runs on all 32-bit and 64-bit editions of Windows XP, Windows Vista, and Windows 7, as well as Windows 2003 and Windows Server 2008."
All that for $300.
[From the article:
So, how does it work? Elcomsoft Forensic Disk Decryptor acquires the necessary decryption keys by analyzing memory dumps and/or hibernation files obtained from the target PC. You’ll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack. Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off.

This looks too smart to have come out of Congress. Making carriers actually do what they calim they are doing? Radical! I love it, but what's really going on?
Mobile data users have been exceptionally unhappy over data caps since they were first introduced. Many argue that these data caps have nothing to do with controlling congestion on mobile networks and everything to do with charging customers as much as possible. A white paper was published this week from the New America Foundation arguing that data caps were designed to maximize revenue rather than minimize congestion.
Apparently, the white paper caught the attention of a Democratic senator from Oregon named Ron Wyden. Wyden has introduced legislation to regulate the use of data caps this week. The Senators Bill would allow the use of data caps only to control congestion on a network and would not allow them to be used to maximize a carrier’s revenue.
Wyden plans to address three major issues with his bill. He wants to increase the accuracy and amount of information carriers provide consumers. This bill also proposes to allow the FCC to regulate methods used by carriers for measuring bandwidth. The second major issue the bill seeks to address would be to require any data caps used by ISPs to “reasonably limit network congestion without unnecessarily restricting Internet use.”
A statement released along with the legislation noted that some data caps might work to discourage Internet use even when it has no effect on network congestion. The third thing the legislation seeks to address could be the most controversial. The bill would require any data cap in place not be used to provide preferential treatment of data based on the source or content of the data. That would mean the legislation would eliminate any paid fast lane for data, which has been proposed by some users.

Big Brother knows best. Put your trust in Big Brother and nothing can go wrong (and survive)
"Jobseekers will be offered the chance to look for work through the new Universal Jobmatch website, which automatically pairs them up with opportunities that suit their skills after scanning their Cvs. It will also allow employers to search for new workers among the unemployed and send messages inviting them to interviews. However, their activities may also be tracked using cookies, so their Job Centre advisers know how many searches they have been doing and whether they are turning down viable opportunities. Iain Duncan-Smith, the Work and Pensions Secretary, said the scheme would 'revolutionize' the process of looking for work. He said anyone without a job after signing up to the scheme would be lacking 'imagination.'"

If the computer understands the words, you have “Voice Control” of your computer. That's the big game changer. Right Hal?
"Nataly Kelly writes in the Huffington Post about Google's strategy of hiring Ray Kurzweil and how the company likely intends to use language translation to revolutionize the way we share information. From the article: 'Google Translate is not just a tool that enables people on the web to translate information. It's a strategic tool for Google itself. The implications of this are vast and go beyond mere language translation. One implication might be a technology that can translate from one generation to another. Or how about one that slows down your speech or turns up the volume for an elderly person with hearing loss? That enables a stroke victim to use the clarity of speech he had previously? That can pronounce using your favorite accent? That can convert academic jargon to local slang? It's transformative. In this system, information can walk into one checkpoint as the raucous chant of a 22-year-old American football player and walk out as the quiet whisper of a 78-year-old Albanian grandmother.'"

How many Middle Eastern countries have chemical weapons?
December 20, 2012
Chemical Weapons: A Summary Report of Characteristics and Effects
Chemical Weapons: A Summary Report of Characteristics and Effects, Dana A. Shea - Specialist in Science and Technology Policy. December 13, 2012
  • "Civilian protection from and detection of chemical agents is an area of federal concern. Whether terrorist groups are capable of using chemical agents as weapons of mass destruction is unclear. Some experts have asserted that the volumes of chemicals required to cause mass casualties makes that scenario unlikely. They claim that chemical terrorism is more likely to be small in scale. Other experts have suggested that there has been an increase in terrorist interest regarding chemical agents, and that this interest could lead to their use in terrorist attacks. Some experts assert that insecure stockpiles of military-grade chemical agents would lower the barrier to terrorist acquisition of chemical agents and thus increase the possibility that terrorists might use them. The change of regimes in Libya and Egypt and recent events in Syria have increased concern that such military-grade chemical agents might transition into terrorist hands and then be used to attack U.S. sites either domestically or abroad."

For all my students...
Thetrainline Okay, this one in the UK only!

For my handouts and my student hand-ins
3 Ways To Quickly Share Bunches of Links With Your Students
If you have ever tried to get all of your students to the same set of websites at the same time, you know that just a couple of mistyped characters can create a frustrating experience. One solution is to post all of the links on your course blog. Another solution is to use a link bundling service that will group all of your links together into one package. Then instead of sending out a bunch of individual links you can just send one link that will open all of the bundled links for your students. Here are three services that you can use for just that purpose.
Bundlenut is a simple service for organizing a set of links and sharing them with others. To use the service just visit Bundlenut and start entering the links that you want to include in your bundle. You can include comments about each of the links. When you have added all of links that you want to include in your bundle, Bundlenut will assign a unique url to your bundle. Anyone with access to that url will be able to see all of your links and comments about those links. You can use the service with or without registering. The advantage of registration is that you can go back and modify your bundle whenever you would like to.
LinkBunch is a free service that you can use to quickly send a group of links to your friends, colleagues, and students. To use the service just visit LinkBunch, enter the links that you want to share, and click "Bunch." When you click on "Bunch" you will be given a URL to share with anyone you want to see the links in your bunch. When someone clicks on the URL for your Bunch he or she will be able to open the links you bunched together.
Bitly is one URL shortener that I have been using for years. It's simple to use, especially if you use the bookmarklet, allows you to customize URLs, and it offers good statistics about the use of your links. Bitly offers an option for bundling bookmarks into one package that you can share with just one link. Bitly bundles can be created collaboratively if you invite other Bitly users to bundle links with you.

For your Holiday reading.
Happy Holidays! Here's a Free E-Book of Our Best Stories From 2012

Thursday, December 20, 2012

Another Year End list.
Verizon DBIR Researchers’ Predictions for 2013 Threats
December 20, 2012 by admin
BASKING RIDGE, N.J. – Although many security experts predict that the most likely data breach threats organizations will face in 2013 include cloud exploits, mobile device attacks and all-out cyber war, “Verizon Data Breach Investigations Report” (DBIR) researchers have reached a far different conclusion: The most likely threats involve authentication attacks and failures, continued espionage and “hacktivism” attacks, Web application exploits and social engineering.
The findings of the researchers — members of the company’s RISK (Research Intelligence Solutions Knowledge) Team – are based on data that spans eight years and thousands of cases and is contained in the 2012 data breach report, released earlier this year.
”Many security experts are using anecdote and opinion for their predictions, whereas Verizon’s researchers are applying empirical evidence to help enterprises focus on what will be truly important in the coming year — and also what isn’t,” said Wade Baker, principal author of the DBIR.
“First and foremost, we don’t believe there will be an all-out cyber war, although it’s possible,” he said. “Rather, an enterprise’s 2013 data breach is much more likely to result from low-and-slow attacks.”
Verizon’s RISK team has identified the following most likely data threats:
  • Topping the list – with a 90 percent change of probability — are attacks and failures related to authentication, including vulnerable or stolen usernames and passwords, which often represent the initial events in a breach scenario. “Nine out of 10 intrusions involved compromised identifies or authentication systems, so enterprises need to make sure they have a sound process for creating, managing and monitoring user accounts and credentials for all of their systems, devices and networks,” Baker said.
  • Web application exploits which are most likely to affect larger organizations and especially governments, rather than small to medium-sized businesses. The chances of such attacks occurring are three in four, according to the data compiled by the RISK Team. “Given these odds, organizations that choose to take their chances and ignore secure application development and assessment practices in 2013 are asking for trouble,” said Baker.
  • Social engineering, which targets people rather than machines and relies on clever — and sometimes clumsy — deceptions to be successful. “The use of social tactics like phishing increases by a factor of three for larger enterprises and governments,” said Baker. “It’s impossible to eliminate all human error or weaknesses from an organization, but vigilance and education across the employee population help to control and contain such schemes.”
Baker also said that targeted attacks from adversaries motivated by espionage and hacktivism — breaking into a computer system, for a politically or socially motivated purpose — will continue to occur, so “it’s critical to be watchful on this front.”
In addition, the RISK team does not foresee the failure of an organization’s cloud technology or configuration as being the root cause of a breach. However, an organization’s service provider could inadvertently increase the likelihood of a breach by failing to take appropriate actions or taking inappropriate ones.
As for mobile devices, the Verizon researchers believe that lost and stolen – and unencrypted — mobile devices will continue to far exceed hacks and malware.
The RISK Team also projects that attacks on mobile devices by the criminal world will follow closely the push to mobile payments in the business and consumer world. “There’s a good chance we’ll see this shift in 2013, but our researchers think mobile devices as a breach vector in larger enterprises will lag beyond 2013,” Baker said.
Large organizations tend to pride themselves on their security strategy and accompanying plans, but the reality is that a large business is less likely to discover a breach itself than being notified by law enforcement. “And, if you do discover it yourself,” Baker said, “chances are it will be by accident.” He concluded:
“Keep in mind that all of these breaches can still be an issue for enterprises. However, what we’re saying is that they’re over-hyped according to our historical data and are far less likely to factor into an organization’s next breach than is commonly thought.”

Grab them quick, before thay are declaired state secrets. After all, any discussion of secrets reveals what we think secrets should be, which is a topic that should remain secret.
Introducing the ‘State Secrets’ Drinking Game
We reported Friday of a three-hour hearing in San Francisco federal court in which the Justice Department repeatedly invoked the state secrets privilege and demanded U.S. District Judge Jeffrey White dismiss a lawsuit accusing the government of siphoning Americans’ electronic communications from willing telecoms and funneling them to the National Security Agency without warrants.
As it turns out, the San Francisco federal court produced two roughly 90-minute videos of the hearing as part of a pilot project and just published them on its website. Normally, cameras in the court are not allowed.

Very familiar language to someone who got their MBA in the 80s “Hey, we have lots of data but it isn't consistant and no one is in charge...”
"President Obama on Wednesday released a national strategy designed to balance the sharing of information with those who need it to keep the country safe, while protecting the same data from those who would use it to cause harm. 'The National Strategy for Information Sharing and Safeguarding' outlines how the government will attempt to responsibly share and protect data that enhances national security and protects the American people. The national strategy will define how the federal government and its assorted departments and agencies share their data. Agencies can also share services and work towards data and network interoperability to be more efficient, the President said. The President aimed to address concerns over Privacy by noting, 'This strategy makes it clear that the individual privacy, civil rights and civil liberties of United States persons must be — and will be — protected.' The full document is available here in PDF format from the White House website."

Is this true of all retention laws that exceed operational requirements?
An anonymous reader writes in with a story about the Constitutional Court of Austria objecting to the EU's data retention law.
"The European Union's data retention law could breach fundamental E.U. law because its requirements result in an invasion of citizens' privacy, according to the Constitutional Court of Austria, which has asked the European Court of Justice (ECJ) to determine the directive's validity. The primary problem with the data retention law is that it almost exclusively affects people in whom government or law enforcement have no prior interest. But authorities use the data for investigations and are informed about people's personal lives, the court said, and there is a risk that the data can be abused. 'We doubt that the E.U. Data Retention Directive is really compatible with the rights that are guaranteed by the E.U. Charter of Fundamental Rights,' Gerhart Holzinger, president of the Constitutional Court of Austria said in a statement."

Two years of thoughtful preparation or two years to get a majority to agree?
FTC Strengthens Kids’ Privacy, Gives Parents Greater Control Over Their Information By Amending Children’s Online Privacy Protection Rule
December 19, 2012 by Dissent
From the FTC:
The Federal Trade Commission adopted final amendments to the Children’s Online Privacy Protection Rule that strengthen kids’ privacy protections and give parents greater control over the personal information that websites and online services may collect from children under 13.
… The final amendments:
  • modify the list of “personal information” that cannot be collected without parental notice and consent, clarifying that this category includes geolocation information, photographs, and videos;
  • extend the COPPA Rule to cover persistent identifiers that can recognize users over time and across different websites or online services, such as IP addresses and mobile device IDs;
The Commission vote to issue the amended Final Rule was 3-1-1, with Commissioner J. Thomas Rosch abstaining. Commissioner Maureen Ohlhausen voted no and issued a dissenting statement on the ground that she believes a core provision of the amendments exceeds the scope of the authority granted by Congress in COPPA.
The final amended Rule will be published in a notice in the Federal Register. The amendments to the Final Rule will go into effect on July 1, 2013.

(Related) Sometimes a cigar is just a cigar, but not in New York.
It’s no small feat taking on the entire internet when you’re making sure the world is safe for children – that’s why New York attorney general Eric Schneiderman has removed approximately 2,100 registered sex offenders from online gaming communities instead. Targeting groups like Gaia Online, NCSoft, and THQ, Scheiderman has made it clear that if it’s possible that a child is playing a video game online, he doesn’t want sex offenders anywhere on the digital premises.
… “The Internet is the crime scene of the 21st century, and we must ensure that online video game platforms do not become a digital playground for dangerous predators. That means doing everything possible to block sex offenders from using gaming systems as a vehicle to prey on underage victims.”

Where are we going? Toward Privacy or just droning on...
Markey Introduces Legislation to Ensure Privacy, Transparency in Domestic Drone Operations
December 19, 2012 by Dissent
Press release from Rep. Ed Markey:
Congressman Edward J. Markey (D-Mass.), co-Chair of the Bi-Partisan Congressional Privacy Caucus, today introduced legislation to ensure standards for informing the public and establish safeguards to protect the privacy of individuals as the federal government develops a comprehensive plan for the use of drones in U.S. Airspace. H.R. 6676, the Drone Aircraft Privacy and Transparency Act (DAPTA) amends the Federal Aviation Administration (FAA) Modernization and Reform Act to include privacy protection provisions relating to data collection and minimization, disclosure, warrant requirements for law enforcement, and enforcement measures in the licensing and operation of “unmanned aircraft systems”, commonly known as drones.
… The FAA has already begun issuing limited drone certifications for government entities and educational institutions.
A copy of the Drone Aircraft Privacy and Transparency Act can be found HERE.
… In April, Reps. Markey and Joe Barton (R-Texas) sent a letter querying the FAA about the potential privacy implications of non-military drone use. The FAA response can be found HERE.

(Related) If anyone can build and fly a drone, how will the FAA cope with this new freedom?
"People have made UAVs out of wood, aluminum, even 3D-printed plastic. But now comes the tale of C#/C++ developer Ed Scott who, after damaging his Gaui 330x, got the idea of designing and building a Lego quadcopter. And it worked! 'Most people go to their favourite hobby store to get parts for their UAV, I go to my kids playroom.'"

So many questions, so little time. If I own an asteroid one mile in diameter, can I park it in orbit above Colorado?
"A number of companies have announced plans in the last couple of years to undertake private development of space. There are asteroid-mining proposals backed by Larry Page and Eric Schmidt, various moon-mining proposals, and, announced just this month, a proposed moon-tourism venture. But all of these — especially the efforts to mine resources in space — are hampered by the fact that existing treaties, like the Outer Space Treaty, seem to prohibit private ownership of space resources. A new essay in The New Atlantis revisits the debates about property rights in space and examines a proposal that could resolve the stickiest treaty problems and make it possible to stake claims in space."

The evidence that you are a twit grows larger... Tools for e-Discovery? Certainly a target for hackers.
December 19, 2012
Your Twitter archive is now downloadable
"Today, we’re introducing the ability to download your Twitter archive, so you’ll get all your Tweets (including Retweets) going back to the beginning. Once you have your Twitter archive, you can view your Tweets by month, or search your archive to find Tweets with certain words, phrases, hashtags or @usernames. You can even engage with your old Tweets just as you would with current ones. Go to Settings and scroll down to the bottom to check for the option to request your Twitter archive. If you do see it, go ahead and click the button. You’ll receive an email with instructions on how to access your archive when it’s ready for you to download."

For my students...
Introduction to Statistics from Ani Adhikari, the UC Berkeley lecturer in statistics and recipient of UC Berkeley’s Distinguished Teaching Award.
Copyright from William Fisher III, WilmerHale Professor of Intellectual Property Law, Harvard Law School, and Director, Berkman Center for Internet & Society, will explore the current law of copyright and the ongoing debates concerning how that law should be reformed.
… All of the courses will be hosted on edX’s innovative platform at and are open for registration as of today. EdX expects to announce a second set of spring 2013 courses in the future.

Geeky, but cool!
If you are a web programmer, you know that every programming language has it own language syntax including weird characters and spacing. Now, thanks to you can practice typing based on the programming language(s) you use. It includes typing lessons for 14 most popular web programming languages
… Simply login with your Google account, choose your programming language and start typing. If you mistype a character or miss a space you will get a red arrow poiting to the location where you mistyped.

A good idea (and a track record) makes funding easy.
Record-Breaking Kickstarter Turns Hamlet Into a Choose-Your-Adventure Epic
On Friday, an unlikely book will break the all-time record for Kickstarter’s most successful publishing project: a comedic choose-your-own-adventure-style novel by popular webcartoonist Ryan North that transforms Shakespeare’s Hamlet into an interactive story where readers can actually choose whether to be — or not to be. It’s a quirky idea that couldn’t get any traction at book publishing houses, but as a crowdsourced, collaborative online project, To Be or Not to Be: That Is the Adventure has earned over $425,000 in less than a month.

Wednesday, December 19, 2012

The problem with targeted attacks is that they often won't stay targeted...
"Iran's computer emergency response team is reporting new malware targeting computers in the country that is wiping data from partitions D through I. It is set to launch on only particular dates. 'Clearly, the attacker was trying to think ahead. After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure. Next to these BAT2EXE files there's also a 16-bit SLEEP file, which is not malicious. 16-bit files don't actually run on 64-bit versions of Windows. This immediately gives away the malware's presence on a x64 machine.' While there has been other data-wiping malware targeting Iran and other Middle East countries such as Wiper and Shamoon, researchers said there is no immediate connection."
[From the ThreatPost article:
“Other than the geographic region, there doesn’t seem to be any commonality with this file-deleting malware and the previous attacks we’ve seen,” Schouwenberg said. “Even though the code is extremely simplistic, it looks like the author managed to slip in a mistake by not deleting a line of old code.”
The giveaway is a 16-bit SLEEP file that won’t run on 64-bit Windows machines.
“This is as basic as it gets,” Schouwenberg said. “But if it was effective, that doesn’t matter. If it wasn’t clear already, the era of cyber sabotage has arrived.”

Crime is better wholesale...
The Wii may be on the way out with the recent arrival of the Wii U, but don’t tell this band of very gutsy thieves that. This past weekend, a group of crooks managed to steal 7,000 Wii consoles from a Nintendo distribution site within SeaTec’s Seattle Air Cargo. That equates to about $2 million in stolen hardware, so we’ve got some big time thieves on our hands.

3,600 iPad minis stolen from JFK cargo hold

Perhaps someone should actually read the ToS before dropping it on an already suspicious user community? Is this a job for a cynical old fart like me?
"Earlier, we discussed news that Instagram introduced a new version of their Privacy Policy and Terms of Service that will take effect in thirty days. The changes seemed to allow Instagram to sell users' photos, and many users were upset. Instagram now says 'it is not our intention to sell your photos' and that 'users own their content and Instagram does not claim any ownership rights over your photos.' This is good news for Instagram users."
And so closes another chapter of "We Let Lawyers Write a Legal Document and The Internet Freaked Out."
[From the ToS:
Some or all of the Service may be supported by advertising revenue. To help us deliver interesting paid or sponsored content or promotions, you agree that a business or other entity may pay us to display your username, likeness, photos (along with any associated metadata), and/or actions you take, in connection with paid or sponsored content or promotions, without any compensation to you.

This happens when you don't bother with cost/benefit analysis. Security at any cost leads to the mythical, "In order to save the village we had to destroy it."
"A 2011 ProPublica series found that the TSA had glossed over the small cancer risk posed by its X-ray body scanners at airports across the country. While countries in Europe have long prohibited the scanners, the TSA is just now getting around to studying the health effects."
[From the article:
… , the Transportation Security Administration has agreed to contract with the National Academy of Sciences to study the health effects of the agency's X-ray body scanners. But it is unclear if the academy will conduct its own tests of the scanners or merely review previous studies.

Tuesday, December 18, 2012

Wow! I'm going to put a notice in my secure file area that I store nude photos – if that's not enough to scare hacker off, the 10 year sentence might be. Actually, this is more a “sex crime” than a hacking crime.
Hacker Who Leaked Nude Scarlett Johansen Photos Gets 10 Years in Prison
December 18, 2012 by Dissent
I generally don’t cover leaks of celebrities’ private info – whether it’s sex tapes or the contacts in their address books, etc. But the sentencing in this case is so severe compared to others, that it seems worth mentioning. Jason Mick reports:
Between November 2010 and October 2011, there were a rash of hacking of high-profile celebrities smartphones. Starlets like Scarlett Johansson, Christina Aguilera, Mila Kunis had sexually explicit or provocative pictures stolen from their devices and released onto the internet.
In Scarlett Johansson’s case fully nude pictures, meant to be seen by then-husband Ryan Reynolds were exposed for the world to see. She recalls, “I have been truly humiliated and embarrassed.”
But intrusions weren’t the work of a team of savvy hackers; they were the twisted hobby-horse of a single man, according to federal prosecutors – Christopher Chaney, a 35-year-old Jacksonville, Fla. resident.
On Monday, justice was served… The federal judge gave the hacker a prison sentence of 10 years after pleading guilty of several criminal counts under the Computer Fraud and Abuse Act of 1986 (18 USC § 1030) — unauthorized access to a computer and illegal wiretapping.
Read more on DailyTech.
[From the article:
Mr. Chaney could have faced a maximum sentence of 60 years in prison, but the sentence he did receive wasn't exactly lenient either. Prosecutors were only seeking a sentence of 6 years, but Judge Otero was concerned that Mr. Chaney hadn't truly changed his ways and needed longer away from the world of electronics. According to the Judge, prosecutors presented evidence that Mr. Chaney continued to pursue and harass women online after his arrest in October 2011.

That's not true, is it? Did I miss that line in the Constitution or is it a “Double Secret Probation” kind of law?
Feds spying on innocent Americans just in case we might commit future crimes
December 17, 2012 by Dissent
Darlene Storm reports:
As an innocent American, have you ever wondered how the National Counterterrorism Center (NCTC) agency gets around your privacy rights when it holds your information in databases for five years to analyze it for suspicious patterns of behavior. . . just in case you might commit future crimes? “All you have to do is publish a notice in the Federal Register and you can do whatever you want,” stated Robert Gellman who assists U.S. government agencies in developing policies on how to comply with the Federal Privacy Act.
Read more on Computerworld.

(Related) On the other hand...
"A leading Australian Internet service provider has pulled out of negotiations to create a warning notice scheme aimed at reducing online piracy. iiNet, the ISP that was sued by Hollywood after refusing to help chase down alleged infringers, said that it can't make any progress with rightsholders if they don't make their content freely available at a reasonable price. The ISP adds that holding extra data on customers' habits is inappropriate and not their responsibility."

As I read this, the guy left the drive at the school and someone looked inside to see if they could determine who owned it? (None of this is in the article) When they saw all this personel information they called the cops, suspecting that the schools info had been compromised? (speculation on my part) Interesting that the police got a search warrant before going any further.
Arizona man arrested for fraud after illegal info found on flash drive
December 18, 2012 by admin
KVOA reports:
A 34-year-old man was arrested Friday in Tempe after a tax fraud and identity theft investigation that began early this year, when authorities found a flash drive containing hundreds of names and personal information at Cochise College.
Back in February, the Sierra Vista Police Department was contacted by Cochise College employees after a flash drive was left in a school computer. On it were 800 to 900 names and associated personal information, according to a news release from SVPD.
The data seemingly had nothing to do with Cochise College, however, and law enforcement’s investigation revealed that Osabuohien Odyssey Oronsaye had purchased the identity info and financial info online. The data and details were reportedly acquired from phishing schemes.
Read more on KVOA.
So for $1.50, your details can be purchased for a tax refund fraud scheme that could lead to big headaches for you for years to come. And all because you fell for a phishing scheme. Kinda makes you want to slow down a bit before you click on links, doesn’t it? [Nopt in my experience Bob]
[From the article:
Detective Colin Festa obtained a search warrant for the drive and uncovered files with stolen identities and financial information, the release states. Because much of the information involved people from other states, assistance was obtained from the IRS and the Secret Service.

Have we learned nothing? It's hard to teach children the difference between “can” and “may” but it's even harder to teach the marketing department to run their great ideas past the lawyers...
Google Maps for iPhone violates European data protection law, German watchdog says
December 18, 2012 by Dissent
Loek Essers reports:
When users install Google Maps on their iPhone, the option to share location data with Google is switched on by default. By doing this, Google violates European data protection law, according to a German data protection watchdog.
Google Maps for iPhone appeared in the App Store on Wednesday and was welcomed by many after Apple stumbled with its own maps application. Google Maps quickly became the most popular free app in the App Store.
When the app is downloaded, Google prompts users to accept its terms of service and privacy policy in the startup screen.
Read more on Computerworld.
You really can’t read this story without thinking how here, Microsoft turning on DoNotTrack by default in IE10 resulted in such strong resistance and plans to disable it. Maybe I’m living in the wrong country when it comes to privacy.

"A German privacy regulator ordered Facebook to stop enforcing its real name policy because it violates a German law that gives users the right to use nicknames online. 'We believe the orders are without merit, a waste of German taxpayers' money and we will fight it vigorously,' a Facebook spokeswoman said in an emailed statement."

"Many Instagram users have reacted angrily to a proposed change to the apps terms of service by owner Facebook, which would give the social network 'perpetual' rights to all photos on Instagram, allowing it to sell the photos to advertisers without notice — or payment to the user. The new policy will come into effect on 16 January, just four months after Facebook completed its $1bn acquisition of Instagram. It states that Facebook has a right to distribute any content posted on Instagram without paying the user royalties:"
Also worth reading Declan McCullagh's take on it.
If Instagram‘s change of policy allowing it to sell photos has turned you off the sharing service, then you’ll be pleased to hear that there are tools to help you extract your digital life before shutting down your account. The terms of service tweaks which give Instagram license to sell rights to user images to advertisers and others has many looking for an escape route: read on for the free tools you’ll need.

Would you like some spam with those fries?
December 18, 2012 by Dissent
Hamish Barwick reports:
The Australian Communications and Media Authority (ACMA) has issued a formal warning to McDonald’s Australia for sending emails which did not meet the requirements of the Spam Act.
An ACMA investigation found that emails sent via the McDonald’s Happy Meal website using the ‘send to friends’ option were sent without ensuring friend’s consent. The emails had no unsubscribe option either, which is required under the Act.
Read more on Computerworld (AU)

There are some examples we shouldn't follow.
Colombia Adopts Mandatory Backdoor and Data Retention Mandates
December 18, 2012 by Dissent
Katitza Rodriguez writes:
It seems like only yesterday that the Colombian government misused United States’ aid to spy on political opponents and human rights activists. Back in 2009, the “Las Chuzadas” scandal surrounding former Colombian President Alvaro Uribe landed former head of the intelligence agency Jorge Noguera in jail for 25 years for targeting political activists and collaborating with paramilitary death squads. This, and other various surveillance scandals, ultimately led to the dissolution of the Colombian intelligence agency.
But despite this history of human rights abuses, the Colombian Ministry of Justice and Technology has issued a decree that will further undermine the privacy rights of law-abiding Colombians.
Read more on EFF.

How to do it...
Deep Web Research and Discovery Resources 2013
By Marcus P. Zillman, Published on December 18, 2012
Bots, Blogs and News Aggregators ( is a keynote presentation that I have been delivering over the last several years, and much of my information comes from the extensive research that I have completed over the years into the "invisible" or what I like to call the "deep" web. The Deep Web covers somewhere in the vicinity of 1 trillion plus pages of information located through the world wide web in various files and formats that the current search engines on the Internet either cannot find or have difficulty accessing. The current search engines find hundreds of billions of pages at the present time of this writing. This report constantly updated at .

It's that time of year when we start seeing lists of “The Best” or “The Top” or “The Next”
"Shaun McGlaun of Slashgear writes: IBM has offered up its annual list of five innovations that will change our lives within five years. IBM calls the list the 'IBM 5 in 5.' The list covers innovations that IBM believes that the potential change the way people work, live, and interact over the next five years. The five innovations IBM lists this year include touch, sight, hearing, taste, and smell. "

From Apple Maps to Epic Hacks: The Year’s Top Tech Fails

Tools for my AI class...
Mahout, There It Is! Open Source Algorithms Remake
Judd Bagley set out to build a web app that would serve up a never-ending stream of news stories tailored to your particular tastes. And he did. It’s called MyCurrent. But in creating this clever little app, Bagley also pushed online retailer away from the $2-million-a-year service it was using to generate product recommendations for web shoppers, and onto a system that did the same thing for free — and did it better.
… In building MyCurrent, Bagley and his O Labs cohorts stumbled onto an open source software project known as Mahout. Founded in 2009, Mahout provides the world with a set of freely available machine learning algorithms — algorithms that give computing systems at least a modicum of artificial intelligence, letting them adjust their behavior according to what’s happened in the past.

Tools for home...
… These nifty tools can help you optimize your PC and get the best out of it. The best part is that all these tools are freeware! So check them out and pick the ones you like the best.

Monday, December 17, 2012

A question for the lawyers or the insurers?
AU: Hackers’ extortion bid on schools
December 16, 2012 by admin
I don’t recall ever seeing an media report on an extortion/ransom attempt on a school, but here’s a case out of Australia, where they also seem to have more media reports of ransomware in the healthcare and small business sectors than we do. As reported by the Herald Sun:
Schools have emerged as a new cybercrime battleground, after a north coast community school had its records seized by hackers.
Byron Bay Community School had its student records and accounts seized by hackers who demanded payment in return for access to files.
Police advised the school not to pay up and the NSW Police Cybercrime squad is investigating the attempted extortion.
Are market forces at work here, too? Do hackers demand as much from schools as from medical practices or businesses? The paper doesn’t disclose the amount demanded, but the problem of ransomware seems to be mushrooming globally.

...but you knew that. Didn't you?

Not everyone is ignoring the mentally ill, although I don't think this is the best way to do it....
"The Westboro Baptist Church stated earlier this week that they would be picketing the funerals of the victims of Newtown Connecticut's tragic shooting in an effort to bring awareness to their hate messages. In response, the Anonymous hacker collective has hacked their website and posted the personal information of all of its members."

Using this model, what other industries are dead or dying?
December 16, 2012
Post Industrial Journalism: Adapting to the Present
Post Industrial Journalism: Adapting to the Present, a report by C.W. Anderson, Emily Bell, Clay Shirky. Columbia Journalism School, Tow Center for Digital Journalism
  • "This essay is part survey and part manifesto, one that concerns itself with the practice of journalism and the practices of journalists in the United States. It is not, however, about “the future of the news industry,” both because much of that future is already here and because there is no such thing as the news industry anymore. There used to be one, held together by the usual things that hold an industry together: similarity of methods among a relatively small and coherent group of businesses, and an inability for anyone outside that group to produce a competitive product. Those conditions no longer hold true. If you wanted to sum up the past decade of the news ecosystem in a single phrase, it might be this: Everybody suddenly got a lot more freedom. The newsmakers, the advertisers, the startups, and, especially, the people formerly known as the audience have all been given new freedom to communicate, narrowly and broadly, outside the old strictures of the broadcast and publishing models. The past 15 years have seen an explosion of new tools and techniques, and, more importantly, new assumptions and expectations, and these changes have wrecked the old clarity."

Talking points for the coming debate...
Gun” “Control”
Please note that this is a post about technology, not politics.
… What is a gun? A barrel is not a gun, nor is a stock, or a sight, or a trigger. But at some point you put these and a few other objects together and you have a gun. As it turns out, strictly speaking, the receiver is how such things end up being defined in this country, at least as a rule of thumb. Buying, selling, and creating the receiver, into which a cartridge passes from the magazine and is prepared for discharge, is buying, selling, and creating a gun.
You may have read that there is already a 3D model of an AR receiver that can be printed, combined with other parts, and turned into a working firearm. The most recent news on that front was such a gun failing after firing just six rounds, leading to no small amount of derision online regarding the possibility of printed guns.
This allows people to ignore the issue, since if they aren’t making real guns, it’s not a real problem. In fact, some reading this probably consider the issue a little silly.
This skepticism is misplaced for two reasons.
First, the problem is strictly technical, and the team that made the gun was already analyzing and correcting for the problem by the end of the day. If they had a high-quality printer, they could have the improved part overnight, which is a capability that is changing other industries as well.
Second, the problem is not a problem. They created a working firearm. In World War II, the U.S. manufactured one million FP-45 Liberator handguns. These crude, single-shot pistols were designed to be dropped from the air by the thousand over occupied territory, to give the resistance there the advantage of a firearm, be it only for one shot. The fundamental difference was not between six shots and a hundred shots, but between zero shots and any shots at all.
A 3D-printed gun, were it only to fire one shot before melting or failing, is still a gun. After that, the difference is only in what kind of gun it is.
… if you were to discuss a law that allows or restricts the creation and distribution of firearms, would you attempt to do so without acknowledging the existence of 3D-printed weapons and the ability to transfer blueprints for them online?
Here’s the problem, though. Like the digitization of music, the digitization of objects, guns or otherwise, is a one-way street. Every step forward is ineffaceable. Once you can make an MP3 and share it online, that’s it, there’s no going back — the industry is changed, just like that.

(Related) It's a law, but I'm not sure what it means... Is it designed to keep guns out of certain areas or only concealed guns?
Bill allowing concealed weapons in schools approved by House committee
… Michigan now prohibits people licensed for concealed weapons from carrying them in schools, day care centers, sports arenas, bars, places of worship, hospitals, dorms and casinos. They can, however, openly carry their guns in schools and all other places except federal buildings, courthouses and casinos.
The bill would let CPL holders apply for an exemption so they could carry concealed guns in those gun-free zones, though they no longer could openly carry there under the legislation.

(Related) Try to be factual..
December 16, 2012 provides evidence-based, public health-oriented information on armed violence around the globe
"The international bulletin of firearm injury prevention since 1997, Gun Policy News provides daily global and regional bulletins of small arms policy, armed violence prevention and gun control news published in mass media. is hosted by the Sydney School of Public Health, the University of Sydney. The School provides internationally recognised leadership in public health by advancing and disseminating knowledge — in this case, supporting global efforts to prevent gun injury. With its partners and contributors, promotes the public health model of firearm injury prevention, as adopted by the United Nations Programme of Action on illicit small arms." Users may Search Gun Policy News by Keyword or Phrase, News by Country, News by Region

Stuff I find interesting...
Georgetown has joined edX. (edX member institutions now includes Harvard, MIT, UC Berkeley, the University of Texas system, Wellesley College, and Georgetown.)
Straighterline has launched “Professor Direct” — something that Fast Company’s Anya Kamenetz describes as an “eBay for professors” — which will allow individual professors to offer their own online courses, set their own tuition, and offer (ACE) credit.
… More international test score data — the TIMSS (the Trends in International Math and Science Study) and PIRLS (Progress in International Reading Literacy Study) — were released this week, providing lots of fuel for the ol’ “American education is broken” narratives. The U.S. scores are “unacceptable if our schools are to live up to the American promise of giving all children a world-class education,” [Who promised that? Bob] said Arne Duncan. But University of Oregon education professor Yong Zhao has the best response to this handwringing and notes wryly “The fact the U.S. as a nation is still standing despite of its abysmal standing on international academic tests for over half a century begs two questions: Is education as important to a nation’s national security and economy as important as believed? If it is, are the numbers telling the truth about the quality of education in the U.S. and other nations?”