Tuesday, July 30, 2013

What part of their security strategy covers contacting customers? I find it hard to understand why anyone would want to keep what is at least in part “customer service” a secret. (And today you should assume everyone you contact is a blogger.)
Yesterday morning, I received a call from an 800-number that was only identified on my Caller ID as “Toll-Free.” I didn’t pick up, but Googled the number and found pages of reports, many of which suggested that the number, presumably for Chase Fraud Detection, was a scam. Others claimed it was for real. Not very reassuring.
An hour later, I received another call from the same number. Knowing my husband had made two atypical ATM withdrawals in the past 24 hours, this time I picked up. It was an automated system that knew my husband’s name. It asked me to verify my identity by entering my zip code. I hung up and called the number on the back of my Chase debit card and asked for security and fraud department.
It turns out that the call was for real and they were attempting to verify the charges. The person I spoke with assured me that the (800) 355-5265 number was their authorized number for such calls.
Given how many phishing scams there are and the possibility of spoofing numbers, the way Chase handles this is not particularly wise, in my opinion. At the very least, the caller ID should show Chase as the caller and not “Toll-Free.” Even better, they should have an identified number that calls the customer and says, “We are trying to reach you to verify certain unusual charges on your card. Please call the number on the back of your ATM card and ask for the fraud and security department. If you can’t locate your card, call Chase’s main number, which you can verify online, and ask for the fraud and security department.” Of course, it would help if they actually put a dedicated phone number on the back of the ATM card, too.
I related all of the above to the Chase representative. I somehow doubt it will do any good, but really, their system is not a good one in this day and age.
Update: This seems to be a long-standing problem with Chase: https://www.cs.columbia.edu/~smb/blog/2007-11/2007-11-16.html. So why haven’t they addressed these security concerns? [Corporate inertia Bob]


For my Security Manager (and my Comuter Security students) who must notify students if there is a “problem” on campus...
People set their phones to silent or vibrate mode when in meetings, lectures, theaters, or anywhere else where it would be rude if the phone made noise. But what if there’s an emergency and someone needs to quickly get in touch with you? We’ll show you how to have your Android phone override silent mode and play an alert when a text message containing something like “Emergency” or “SOS” comes through.


Think this might happen?
Orin Kerr has more on the call for the Supreme Court to tackle the issue of cell phone searches:
Two weeks ago, when DOJ petitioned for rehearing en banc in United States v. Wurie, the Fourth Amendment case on searching cell phones incident to arrest, I wrote that the petition for rehearing was a possible preview of a future DOJ cert petition:
I wouldn’t be surprised if this filing offers us a preview of a future cert petition. The arguments in the petition resemble the kinds of arguments that would be made in a cert petition to the Supreme Court, and en banc review is relatively rare in the 1st Circuit. Plus, Deputy SG Michael Dreeben argued Wurie before the original panel. Filing a petition for rehearing may also be a way of keeping other cases out of the Supreme Court in the short term; the possibility of en banc review arguably keeps Wurie out of the split count. Either way, stay tuned.
Well, the denial of rehearing didn’t take long: Today the First Circuit denied rehearing en banc. Notably, both Chief Judge Lynch and Judge Howard authored separate statements asking the Supreme Court to step in and review the issue.
Read more on The Volokh Conspiracy


What would have prevented or mitigated this? How would a manger know that this was anything other than a normal review?
Tim Evans reports:
A Marion County jury Friday awarded a woman $1.44 million after finding Walgreens and a pharmacist violated her privacy when the pharmacist looked up and shared the woman’s prescription history.
The lawsuit filed in Marion Superior Court spun out of a tangled relationship between the pharmacist, her husband and the man’s ex-girlfriend.
The verdict and seven-figure award came at the conclusion of a four-day jury trial.
Read more on IndyStar. Note that in this case, Walgreens was held liable for the conduct of its employee. Walgreens has stated its intent to appeal.


Novel idea. No problem with the search, but pay us for our time.
Apple slapped with lawsuit over mandatory employee bag checks
Apple's policy of requiring its retail store employees to undergo two mandatory bag searches per day has now become grounds for a class action lawsuit.
Two former workers from Apple stores in New York and Los Angeles filed a complaint in San Francisco federal court on Thursday regarding this policy. These employees claim that they had to stand in lines up to 30 minutes long every day for store managers to check their bags and ensure they weren't smuggling home stolen goods.
Adding up these daily waits, the employees say they were deprived of dozens of hours of unpaid wages, which totaled about $1,500 per year.

(Related) Another novel idea. I like this one.
In a recent decision, the Higher Regional Court of Hamburg (Oberlandesgericht Hamburg) held that a privacy policy on a website which is not compliant with the legal requirements under data privacy law constitutes a breach of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb – “UWG”) (decision dated 27 June 2013, case number 3 U 26/12). This decision may not only have consequences for German businesses but also for non-EU companies with German customers or subsidiaries in Germany.
Read more on Hogan Lovells Chronicle of Data Protection.


The economy is changing being redefined. Does this have implications for future tax policy? I have no idea.
McKinsey – Measuring the full impact of digital capital
Measuring the full impact of digital capital July 2013 | byJacques Bughin and James Manyika
“On July 31, 2013, the US Bureau of Economic Analysis will release, for the first time, GDP figures categorizing research and development as fixed investment. It will join software in a new category called intellectual-property products. In our knowledge-based economy, this is a sensible move that brings GDP accounting closer to economic reality. And while that may seem like an arcane shift relevant only to a small number of economists, the need for the change reflects a broader mismatch between our digital economy and the way we account for it. This problem has serious top-management implications. To understand the mismatch, you need to understand what we call digital capital—the resources behind the processes key to developing new products and services for the digital economy. Digital capital takes two forms. The first is traditionally counted tangible assets, such as servers, routers, online-purchasing platforms, and basic Internet software. They appear as capital investment on company books. Yet a large and growing portion of what’s powering today’s digital economy consists of a second type of digital capital—intangible assets. They are manifold: the unique designs that engage large numbers of users and improve their digital experiences; the digital capture of user behavior, contributions, and social profiles; the environments that encourage consumers to access products and services; and the intense big-data and analytics capabilities that can guide operations and business growth. They also include a growing range of new business models for monetizing digital activity, such as patents and processes that can be licensed for royalty income, and the brand equity that companies like Google or Amazon.com create through digital engagement.”


Who says there's nothing new under the sun?
How Category Creation Is Reinvigorating Classical Music
… the demand for classical music was dying, at least in the traditional way. Symphonies were bleeding money and becoming even more dependent on donations. Younger music fans seemed less interested in paying for expensive tickets, wearing fancy clothes, and committing two to three hours listening intently without coughing or falling asleep. For a generation that's come of age in the YouTube world, symphonies feel like an inefficient form of entertainment.
This is where folks like the Piano Guys may be saving classical music. They have created a new category for classical music: Fun, breakthrough innovation in the form of five minute videos that showcase their classical music skills, but also their CGI skills in creating fun, funny and funky parodies. Instead of selling tickets, they post their videos and sell advertising. (They also use the traditional model of selling CDs — they were just signed by Sony last year.) If you haven't seen the Piano Guys, watch a few of their videos and you may be hooked. You'll laugh at their Star Wars parody, be amazed at their rendition of Pachelbel's Canon, or cry at their Les Miserable tribute to our men and women in uniform...but I guarantee you won't fall asleep.


Perspective. For my “Intro to” students (Probably hundreds of Infographics each second too)
Infographic: The Amount Of Online Activity That Goes On Every 60 Seconds
To give us an idea on how fast and big the internet truly is, Qmee has created an infographic that shows us the amount of online activity that goes on every 60 seconds.
According to infographic ‘Online in 60 Seconds’, there are 2 million searches on Google, 72 hours of videos uploaded onto YouTube, 42 thousands post every second and 1.8 million likes on Facebook, and 204 million emails sent every minute.


For my programming students...
… JavaScript has a wealth of amazing tools and libraries, and if you use CoffeeScript, you can make brilliant websites and tools without dealing with syntax which makes your corneas bleed. It’s also CoffeeScript’s time to shine, as more and more beginners look to JavaScript for their first language due to its usage in client and back end web development, as well as much of HTML5.
Aesthetically, CoffeeScript looks and feels like Python or Ruby. It’s genuinely, astonishingly beautiful, and adopts certain language conventions that make it easy to learn.
… And yet, it compiles down to JavaScript, allowing you to use it everywhere you use it, including front end development and node.js. You can even use it with jQuery.
… it’s probably a good idea to grab it using the Node Package Manager. The Node Package Manager (npm) is a little bit like apt-get or Brew, but is only really used for getting Javascript packages and libraries. Handily, NPM comes with node.js and is available for OS X, Windows and all flavors of Linux.


For all my students... Please!
… Etiquette is an important social construct that we tend to forget or ignore, but I would argue that etiquette has never been more important than now.
… Technology etiquette could easily fall under the topic of “common sense” yet there are many who remain ignorant
… There are entire articles dedicated to etiquette tips for email.


For the Swiss Army Software folder.
Lucid Chart Now Works Offline - Create Mind Maps Offline
Lucidchart is a nice tool for creating flowcharts, mindmaps, and graphic organizers. Lucidchart offers a simple drag and drop interface for creating flow charts, organizational charts, mind maps, and other types of diagrams. Google Chrome users can now use Lucidchart offline through the Lucidchart Chrome app.
Lucidchart charges business customers, but makes all of their tools free for teachers and students.


...'cause you can never have enough content.
… More Sites Like … allows you to find all kinds of sites based on any other website.
To use the site, you simply type in a search term or the URL of a website you want compared. It will show you a list of websites based on the search term or URL, ranked by popularity and similarity,

No comments: