Saturday, January 26, 2013
One way to watch for subpoenas that might impact “Evil Bob” (Imagine printing a page on Osama's printer that says, “Please step to the window, Mr. Target”
"Blogger Adam Howard at Port3000 has a post about Google's exposure of thousands of publicly accessible printers. 'A quick, well crafted Google search returns "About 86,800 results" for publicly accessible HP printers.' He continues, 'There's something interesting about being able to print to a random location around the world, with no idea of the consequence.' He also warns about these printers as a possible beachhead for deeper network intrusion and exploitation. With many of the HP printers in question containing a web listener and a highly vulnerable and unpatched JVM, I agree that this is not an exotic idea. In the meanwhile? I have an important memo for all Starbucks employees."
“Og no export fire!”
"The U.S. Department of Defense has stopped updating its main reference list of vital defense technologies that are banned from export, according to a new report from the Government Accountability Office (GAO), The Security Ledger reports. The Militarily Critical Technologies List (MCTL) is used to identify technologies that are critical to national defense and that require extra protection — including bans on exports and the application of anti-tamper technology. GAO warned six years ago that the Departments of State and Commerce, which are supposed to use the list, found it too broad and outdated to be of much use. The latest report (GAO 13-157) finds that the situation has worsened: budget cuts forced the DOD to largely stop updating and grooming the list in 2011. Sections on emerging technologies are outdated, while other sections haven't been updated since 1999. Without the list to rely on, the DOD has turned to a hodgepodge of other lists, while officials in the Departments of State and Commerce who are responsible for making decisions about whether to allow a particular technology to be exported have turned to ad-hoc networks of subject experts. Other agencies are looking into developing their own MCTL equivalents, potentially wasting government resources duplicating work that has already been done, GAO found."
Medicine on your SmartPhone. An interesting video from one of those “news magazine” TV shows. (yes, it surprised me too) I think this one is actually worth watching.
The key to better health care may already be in your pocket... and it's not your wallet
Follow up The case is still interesting.
Man With 4th Amendment Written on Chest Wins Trial Over Airport Arrest
A Virginia man who wrote an abbreviated version of the Fourth Amendment on his body and stripped to his shorts at an airport security screening area won a trial Friday in his lawsuit seeking $250,000 in damages for being detained on a disorderly conduct charge.
… In sending the case to trial, unless there’s a settlement, the 4th U.S. Circuit Court of Appeals ruled 2-1 and reversed a lower court judge and invoked Benjamin Franklin in the process. According to the opinion by Judge Roger Gregory:
Here, Mr. Tobey engaged in a silent, peaceful protest using the text of our Constitution—he was well within the ambit of First Amendment protections. And while it is tempting to hold that First Amendment rights should acquiesce to national security in this instance, our Forefather Benjamin Franklin warned against such a temptation by opining that those ‘who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.’ We take heed of his warning and are therefore unwilling to relinquish our First Amendment protections—even in an airport.
… In dissent, Judge J. Harvie Wilkinson wrote:
Had this protest been launched somewhere other than in the security-screening area, we would have a much different case. But Tobey’s antics diverted defendants from their passenger-screening duties for a period, [They acted outside of normal procedures? I doub't it. Bob] a diversion that nefarious actors could have exploited [What? TSA waved everyone else through while dealing with this? Again I doubt it. Bob] to dangerous effect. Defendants responded as any passenger would hope they would, summoning local law enforcement to remove Tobey—and the distraction he was creating — from the scene.
Could this become a trend? Somehow I think it is more about marketing... (Do either of them have “Automatic Warrant” Apps?)
Yahoo, Like Google, Demands Warrants for User E-Mail
Yahoo demands probable-cause, court-issued warrants to divulge the content of messages inside its popular consumer e-mail brands — Yahoo and Ymail, the web giant said Friday.
The Sunnyvale, California-based internet concern’s exclusive comments came two days after Google revealed to Wired that it demands probable-cause warrants to turn over consumer content stored in its popular Gmail and cloud-storage Google Drive services — despite the Electronic Communications Privacy Act not always requiring warrants.
“We can't think of any reason why the defenants need to know we gathered evidence from ElaborateHoax.net or PhonyEvidence.com.” This is normal?
Court: WikiLeaks Suspects Denied List of Companies Who Received Orders for Records
A federal appeals court has ruled that three suspects targeted in a WikiLeaks investigation have no right to know from which companies, other than Twitter, the government sought to obtain their records.
The ruling, published Friday, upholds a magistrate’s earlier decision that “there exists no right to public notice of all the types of documents filed in a sealed case” and likens the 2703(d) orders in question to grand jury proceedings, which are not subject to public access.
“In fact, they are a step removed from grand jury proceedings, and are perhaps even more sacrosanct,” the judges for the Fourth Circuit Court of Appeals noted in their decision (.pdf). “Because secrecy is necessary for the proper functioning of the criminal investigations at this § 2703(d) phase, openness will frustrate the government’s operations.”
I recall lawyers drooling over the fortune they would make in Y2K litigation.
Eric Roper reports that a lawsuit filed last week following a breach involving an employee of the Department of Natural Resources is not the only lawsuit in the works involving the state’s drivers license database:
A Star Tribune reporter received a letter in the mail from attorney Scott Kelly with Farrish Johnson. It notes that records from the state indicate that misuse of drivers records is “rampant.”
“We are looking at other agencies including the DNR where abuses occured,” the letter says. “If you are interested in pursuing a claim or would like information about your rights, please feel free to contact me.”
In the Rock County case, the firm found some of its 24 plaintiffs by placing an ad in the local newspaper. Kelly said Friday that they only sent letters to two people in relation to the DNR case.
After reviewing state records and filing open records requests, he believes that a minimum of 18,000 drivers records have been breached over the last three years.
Read more on the Star Tribune.
As much as I tend to discourage litigation as it is usually of little benefit to consumers, in cases where I see repeated breaches and the entity still hasn’t adequately hardened their security, I think it’s appropriate. The state has known for a while that they have a problem with authorized users exceeding authorized access. So what have they done to impose better access controls to prevent abuse?
If litigation is what it takes to get the state off the dime to deal with repeated problems, so be it. As I noted on DataBreaches.net, I’m not making any predictions as to any lawsuit’s chances. But if I lived in Minnesota, I’d be calling my state legislator to ask what the legislature is doing in terms of oversight of the Department of Public Safety to ensure and demand greater data protection and security for the driver’s license database. Imposing stiffer penalties on violators is not the same as preventing abuse. [Amen! Bob]
In related coverage Roper reports that the employee involved in the Department of Natural Resources incident was a manager who oversaw training on data handling privacy:
Altogether, [John] Hunt made about 19,000 queries of the Driver and Vehicle Services (DVS) database over nearly five years — 11,800 of them while off-duty.
The agency, which had previously declined to release Hunt’s name, said Friday that it was performing a “top-to-bottom” review of DNR employee access to DVS data and “redoubling” employee training.
“This employee not only violated the law, but betrayed the trust of the agency, his supervisors, and fellow employees,” DNR Commissioner Tom Landwehr said in a statement.
There is no evidence Hunt sold or disclosed the information, but the massive breach spurred lawmakers this week to call for tougher penalties and more disclosure when public employees misuse government data. Two lawsuits, both seeking class-action status, have been filed in federal court by several of the 5,000 people who received data breach letters.
The DVS database, which contains photographs, addresses and driving records on Minnesotans with a license, is protected by state and federal law against illegitimate use. The agency fired Hunt on Jan. 11 and the Duluth city attorney is reviewing the case for possible criminal charges.
Ninety percent of Hunt’s queries were for females, the agency said. The lookups included local celebrities, politicians, judges, athletes, television news people, state employees and “victims of various tragedies,” according to Hunt’s disciplinary letter and an investigative report. Several Star Tribune reporters were among the 5,000 lookups.
Read more on Star Tribune.
Is it up to my standards for teaching App creation? I'm a minor hardware hack from starting my own phone company. Stay tuned...
"WindowsAndroid is a very cool tool from the Beijing-based startup SocketeQ that lets you run Android 4.0 (Ice Cream Sandwich) as a native application on Windows Vista, Windows 7, or Windows 8 machines. The creators tell us they have a deep background in virtualization, operating system, and graphics technologies, and have been working on the project for years. Essentially, WindowsAndroid allows you not only to execute Android apps on your Windows computer, but also use the browser, not to mention every other component of the operating system."
(Related) and possibly redundant...
Remotely controlling your phone through your computer has a number of advantages. When the phone is lost, you can make it ring and find it, you can use your keyboard to type and send text messages, and more. Here to help you offer those features and a few bonus ones is a tool called PocketDo.
Check out PocketDo @ play.google.com/store/apps/details?id=com.unicorntoast.mrroboto.android
...for my amusement.
… Georgia State University will offer course credit to students who take MOOCs, according to The Chronicle of Higher Education. Students will have to work with the university and departments to demonstrate mastery over the course material, and if they can will get credits without having to pay additional fees.
… Another week, another new MOOC venture: Academic Partnerships, a company that helps universities offer online courses, unveiled MOOC2Degree, which will allow its clients to offer MOOCs for credit. The universities involved include the University of Arkansas system, the University of Cincinnati, the University of Texas at Arlington College of Nursing, the University of West Florida, and Cleveland State, Florida International, Lamar, and Utah State Universities. “Under the arrangement,” writes The New York Times, “Academic Partnerships will handle recruitment for MOOC2Degree and will receive an undisclosed share of the tuition the universities get from students who continue into a degree program.”
… “The world’s most popular professor,” MIT’s Walter Lewin, will teach a MOOC — 8.02x Electricity and Magnetism — through edX. Lewin’s course materials (published through MIT Opencourseware) and his lecture videos (on YouTube) have been incredibly popular. The latter have had over 11.4 million views. [How would we find “The world's best teacher?” Bob]
… The International Finance Corporation — an investment arm of the World Bank — has invested $150 million equity investment in Laureate Education, a or-profit education company that, according to Inside Higher Ed, “operates 65 career-oriented colleges in 29 countries.” [Why? Bob]
I suspect this illustrates the dream of every high school math teacher... Or at least, the ones who taught my students.