Tuesday, October 01, 2013
Can any country adopt a “No Security Needed” strategy?
UK gears up for cyberwarfare offensives
… Speaking at the annual Conservative party conference, Hammond said the United Kingdom was dedicating additional resources and funds to building a strong cyber intelligence and surveillance network, according to Reuters.
As cybercrime continues to prove a lucrative way for hackers to steal valuable data for profit or as part of state-sponsored jobs -- and many governments struggle to catch up and protect networks adequately against rising attacks -- defense budget funds now need to not only consider physical threats, but digital warfare as well.
I wonder if this will help Google?
Wendy Davis reports:
The Internet service provider WOW has defeated a long-running privacy lawsuit stemming from its partnership with defunct behavioral targeting company NebuAd.
On Friday, U.S. District Court Judge Edmond Chang in the Northern District of Illinois dismissed claims that WOW (formerly called Wide Open West) violated federal wiretap laws by intercepting and transmitting information about consumers’ Web activity to NebuAd.
Read more on MediaPost.
I wonder if they can provide better examples than, “sometimes we can't read the handwriting.” What could possibly go wrong? (Question from the Ethical hacking mid-term exam)
Peter Bacqué reports:
Using Department of Motor Vehicles records as its core, the state government is quietly developing a master identity database of Virginia residents for use by state agencies.
The state enterprise record – the master electronic ID database – would help agencies ferret out fraud and help residents do business electronically with the state more easily, officials said.
While officials say the e-ID initiative will be limited in scope and access, it comes at a time of growing public concern about electronic privacy, identity theft and government intrusion.
Read more on Richmond Times-Dispatch
[From the article:
DMV points out that, in today's world, state driver's licenses are the fundamental identification documents used by most Americans. [Except you can't use it to get a drivers' license Bob]
State officials say participation in the e-ID system will be voluntary [Why do I doubt that? Bob]
… "To us, it is a tool that allows individuals to create online accounts," said Craig C. Markva, communications director of the Department of Medical Assistance Services, speaking for Secretary of Health and Human Resources William A. Hazel Jr.
"When someone wants to do this, we need to be able to verify that the person trying to access the account is who he or she claims to be," Markva said. "This requires that they provide basic demographic information ... that we can compare to what is known by DMV or by DSS (Department of Social Services) already."
So far there's been no public discussion in Virginia of the state's electronic personal identity initiative or the use of the Internet for increasingly more transactions with the state government.
… For example, if a Virginian sells a car to another state resident, the deal requires a physical exchange of the registration card and the handwritten information on the card that is often hard for DMV representatives to read [and of course DMV has no record of the car's registration Bob]
… DMV says the $4.3 million Commonwealth Authentication Service system will be safe from abuse because agencies will control individuals' files. Those files will not all be put into a single database open to other agencies.
Agencies using the service to verify a client's identity will get only a yes-or-no reply from the Commonwealth Authentication Service system, DMV said.
“There's an App for that!” and a privacy concern. Note that they don't brag about the service they provide the mother.
April Dembosky reports:
The computer engineers at BabyCenter are often among the first people women tell they are pregnant. Mothers-to-be go to babycenter.com or sign up for the site’s mobile app to get advice long before they clear the first trimester and begin sharing their news with friends. Sometimes even before telling the baby’s father.
“When women register, they tell us their due date,” said Julie Dempsey, BabyCenter’s vice-president of product. “Not many apps are able to capitalise on that the way we are.”
BabyCenter was named on Wednesday as one of 12 companies newly targeted by the US Senate Commerce Committee’s investigation into data brokers and their collection of health information for use in advertising.
Read more on FT.com (sub required)
(Related) Remember this one from February last year? (using Big Data)
(Related) For my App developing students. Perhaps we could turn this into an “App Buying Guide”
Hamish Barwick reports:
The Office of the Australian Information Commissioner (OACI) has unveiled a guide designed to help mobile app developers embed better privacy practices into their products.
The guide, Mobile privacy: A better practice guide for mobile app developers, recommends that developers use short privacy notices rather than lengthy policies which are hard to read on a small screen.
Read more on TechWorld (AU)
An idea whose time has come? But, does anyone think long-term any more?
Nat Hentoff has an OpEd on student privacy that will sound familiar to regular readers of this blog. In it, he describes the case of Andrea Hernandez, a student in Texas who refused to wear an RFID tag, and the strip search of J.C. Cox, a 10 year-old boy, to search for a missing $20 bill.
During the 2016 presidential and congressional elections, I doubt very much that candidates of either party — except maybe insistent libertarians — will raise the issue of how so many of our kids are taught that they are continually under criminal suspicion and surveillance in their schools — in this land of the free and home of the brave.
How many of our students are even taught the Constitution in their schools? How many of their parents bother to find out?
As someone who has watched the erosion of students’ rights over the past 20 years without frustration and outrage – the limitations on protected speech, drug searches and searches without reasonable suspicion, questioning of students without Miranda rights or right to involve a parent, monitoring of students’ extracurricular speech and conduct, and the creation of massive databases that record so many details of a student’s and parent’s information – I share his concerns.
There is a mechanism parents could use to organize to start restoring their children’s rights and civil liberties. It’s called the PTA (Parent-Teacher Association), and most schools have one. Why not start a national campaign on student privacy and rights? Bring in speakers, send home informative literature, and start educating parents and students.
Don’t count on the schools to teach your children their rights – or to respect them. That’s part of your job as a parent. If you sit back and let the schools, the state, and the federal government just erode your children’s rights, well, in 30 years, all the cool clothes and electronics you bought them won’t count for squat when you realize you’ve raised a nation of sheep.
(Related) Some attacks on students ar so off the wall they are easy to slap down.
Principal sues students over parody Facebook, Twitter accounts
… Yes, they happened to be his students. And yes, they appear to have made parody Facebook and Twitter accounts that mocked him, presumably in a middle school sort of way.
But did it seem reasonable to invoke the Computer Fraud and Abuse Act in order to put them (and their parents) into emotional -- and, who knows, financial -- detention?
Yet, as Boing Boing reported, this is what he did.
His complaint was stunningly educative. It alleged that these growing humans had used Facebook and Twitter "without authorization." He also used terms such as "defamation," "negligent supervision," and "parental liability."
… US District Judge Michael J. McShane wasn't impressed. In denying Matot's action, he reminded him that the idea of unauthorized computer behavior meant having no authorization to use a particular computer for any purpose.
… One sentence from the judgment is especially poetic. Referring to another case, it said: "The Court found that 'lying on social media websites is very common.'"
… Matot wasn't going to give up without a battle, however. When he discovered he couldn't persuade the judge on CFAA grounds, he tried to invoke RICO.
Yes, there were two students creating these parody account. They were clearly a criminal organization.
The judge might well have offered a hollow laugh. For, in reply, he offered: "Congress did not intend to target the misguided attempts at retribution by juvenile middle school students against an assistant principal in enacting RICO."
Some dissertations are cooler than others... Some are more... “fluffy.”
Information Sharing and Collaboration in the United States Intelligence Community
Information Sharing and Collaboration in the United States Intelligence Community: An Ethnographic Study of the National Counterterrorism Center by Bridget Rose Nolan, PhD dissertation, University of Pennsylvania, 2013. [via FAS/Secrecy News]
“The National Counterterrorism Center (NCTC) was established to serve as the primary organization in the U.S. Government for the integration, sharing, and analysis of all terrorism and counterterrorism intelligence. To date, no study has sought to illustrate whether and how NCTC overcomes the barriers to information sharing among agencies and the people that comprise them. The purpose of this dissertation is to explore the micro-level ways in which intelligence work is conducted in a post-9/11 world and to examine the circumstances that both facilitate and discourage collaboration. By presenting detailed ethnographic evidence and the in-depth interview perspectives of the people who actually do this work daily, this study provides a sociological analysis and discussion of best practices to help identify ways in which NCTC can move closer to fulfilling its mission.”
For anyone who needs to stay current (like my students, hint hint)
What Is the Best Podcast Manager For Windows?
… If you want to listen to podcasts while at your Windows PC, the best option is still a Windows desktop application that will play them for you. With these programs, you can listen to the MakeUseOf podcast and all your other favorite podcasts.
As with many things in life, there’s no one best podcast manager for everyone.
5 Essential Technology Podcasts That Geeks Should Listen To
Think of it as “Just in Time” learning.
– lets you learn any subject with teachers who are located almost anywhere in the world. You can be at home in London and learn Spanish with a teacher from Argentina, or you could be on the beach in Brazil learning how to make sushi with a chef in Japan. All you need is a computer and a video conferencing program like Skype or Google Hangout. Jukebox Lessons is that simple.
For my website students...
Build HTML5 Sites and More With Google Web Designer
Earlier today Google launched the public beta of Google Web Designer. Web Designer is a desktop application for creating interactive HTML5 sites and advertisements. The tool was built for the purpose of creating advertising units, but it can be used for building webpages and other non-advertising materials.
Web Designer allows you develop pages that contain drawings, animations, and 3D objects. Web Designer includes galleries of pre-made objects to drag, drop, edit, and compile in the creation of animations. The animations come together through a layered timeline.
I gave Web Designer try this afternoon. It is not a tool that most people will master quickly unless they've prior web design experience. Fortunately, Google has produced a lot of tutorials on how to use it. You can read tutorials here and watch tutorials on YouTube. If you decide to try Google Web Designer, you will probably want to try it on a screen larger than 13 inches. I tried it on my 13' MacBook Pro and would have liked to have some more screen space in which to work.
Using Google Web Designer could be an excellent progression for students who are ready to move beyond the basics of building webpages in Google Sites and other free website builders.
What we have to consider for our App programming classes.
Survey: Company apps thwarted by mobile device diversity
… "The survey's top reported obstacle to mobile app delivery is building for multiple devices and platforms," Appcelerator said Tuesday after surveying IT executives, development directors, programmers, and others at 804 companies in August. Fanboys can quibble about how bad fragmentation really is within the realms of Android or iOS, but a higher level, it's definitely a concern.
Of the respondents, 34 percent write apps that support three operating systems, 23 percent support one OS, 20 percent support four OSes, 11 percent support two OSes, and 8 percent support five or more OSes.
That's good news for Appcelerator, which makes a business out of cross-platform programming tools, but bad news for anyone venturing farther away from mainstream devices like iPhones, Samsung's Galaxy Android phones, or Wintel laptops.