Saturday, January 26, 2013

One way to watch for subpoenas that might impact “Evil Bob” (Imagine printing a page on Osama's printer that says, “Please step to the window, Mr. Target”
"Blogger Adam Howard at Port3000 has a post about Google's exposure of thousands of publicly accessible printers. 'A quick, well crafted Google search returns "About 86,800 results" for publicly accessible HP printers.' He continues, 'There's something interesting about being able to print to a random location around the world, with no idea of the consequence.' He also warns about these printers as a possible beachhead for deeper network intrusion and exploitation. With many of the HP printers in question containing a web listener and a highly vulnerable and unpatched JVM, I agree that this is not an exotic idea. In the meanwhile? I have an important memo for all Starbucks employees."


Og no export fire!”
"The U.S. Department of Defense has stopped updating its main reference list of vital defense technologies that are banned from export, according to a new report from the Government Accountability Office (GAO), The Security Ledger reports. The Militarily Critical Technologies List (MCTL) is used to identify technologies that are critical to national defense and that require extra protection — including bans on exports and the application of anti-tamper technology. GAO warned six years ago that the Departments of State and Commerce, which are supposed to use the list, found it too broad and outdated to be of much use. The latest report (GAO 13-157) finds that the situation has worsened: budget cuts forced the DOD to largely stop updating and grooming the list in 2011. Sections on emerging technologies are outdated, while other sections haven't been updated since 1999. Without the list to rely on, the DOD has turned to a hodgepodge of other lists, while officials in the Departments of State and Commerce who are responsible for making decisions about whether to allow a particular technology to be exported have turned to ad-hoc networks of subject experts. Other agencies are looking into developing their own MCTL equivalents, potentially wasting government resources duplicating work that has already been done, GAO found."


Medicine on your SmartPhone. An interesting video from one of those “news magazine” TV shows. (yes, it surprised me too) I think this one is actually worth watching.
The key to better health care may already be in your pocket... and it's not your wallet


Follow up The case is still interesting.
Man With 4th Amendment Written on Chest Wins Trial Over Airport Arrest
A Virginia man who wrote an abbreviated version of the Fourth Amendment on his body and stripped to his shorts at an airport security screening area won a trial Friday in his lawsuit seeking $250,000 in damages for being detained on a disorderly conduct charge.
… In sending the case to trial, unless there’s a settlement, the 4th U.S. Circuit Court of Appeals ruled 2-1 and reversed a lower court judge and invoked Benjamin Franklin in the process. According to the opinion by Judge Roger Gregory:
Here, Mr. Tobey engaged in a silent, peaceful protest using the text of our Constitution—he was well within the ambit of First Amendment protections. And while it is tempting to hold that First Amendment rights should acquiesce to national security in this instance, our Forefather Benjamin Franklin warned against such a temptation by opining that those ‘who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.’ We take heed of his warning and are therefore unwilling to relinquish our First Amendment protections—even in an airport.
… In dissent, Judge J. Harvie Wilkinson wrote:
Had this protest been launched somewhere other than in the security-screening area, we would have a much different case. But Tobey’s antics diverted defendants from their passenger-screening duties for a period, [They acted outside of normal procedures? I doub't it. Bob] a diversion that nefarious actors could have exploited [What? TSA waved everyone else through while dealing with this? Again I doubt it. Bob] to dangerous effect. Defendants responded as any passenger would hope they would, summoning local law enforcement to remove Tobey—and the distraction he was creating — from the scene.


Could this become a trend? Somehow I think it is more about marketing... (Do either of them have “Automatic Warrant” Apps?)
Yahoo, Like Google, Demands Warrants for User E-Mail
Yahoo demands probable-cause, court-issued warrants to divulge the content of messages inside its popular consumer e-mail brands — Yahoo and Ymail, the web giant said Friday.
The Sunnyvale, California-based internet concern’s exclusive comments came two days after Google revealed to Wired that it demands probable-cause warrants to turn over consumer content stored in its popular Gmail and cloud-storage Google Drive services — despite the Electronic Communications Privacy Act not always requiring warrants.


“We can't think of any reason why the defenants need to know we gathered evidence from ElaborateHoax.net or PhonyEvidence.com.” This is normal?
Court: WikiLeaks Suspects Denied List of Companies Who Received Orders for Records
A federal appeals court has ruled that three suspects targeted in a WikiLeaks investigation have no right to know from which companies, other than Twitter, the government sought to obtain their records.
The ruling, published Friday, upholds a magistrate’s earlier decision that “there exists no right to public notice of all the types of documents filed in a sealed case” and likens the 2703(d) orders in question to grand jury proceedings, which are not subject to public access.
“In fact, they are a step removed from grand jury proceedings, and are perhaps even more sacrosanct,” the judges for the Fourth Circuit Court of Appeals noted in their decision (.pdf). “Because secrecy is necessary for the proper functioning of the criminal investigations at this § 2703(d) phase, openness will frustrate the government’s operations.”


I recall lawyers drooling over the fortune they would make in Y2K litigation.
Eric Roper reports that a lawsuit filed last week following a breach involving an employee of the Department of Natural Resources is not the only lawsuit in the works involving the state’s drivers license database:
A Star Tribune reporter received a letter in the mail from attorney Scott Kelly with Farrish Johnson. It notes that records from the state indicate that misuse of drivers records is “rampant.”
“We are looking at other agencies including the DNR where abuses occured,” the letter says. “If you are interested in pursuing a claim or would like information about your rights, please feel free to contact me.”
In the Rock County case, the firm found some of its 24 plaintiffs by placing an ad in the local newspaper. Kelly said Friday that they only sent letters to two people in relation to the DNR case.
After reviewing state records and filing open records requests, he believes that a minimum of 18,000 drivers records have been breached over the last three years.
Read more on the Star Tribune.
As much as I tend to discourage litigation as it is usually of little benefit to consumers, in cases where I see repeated breaches and the entity still hasn’t adequately hardened their security, I think it’s appropriate. The state has known for a while that they have a problem with authorized users exceeding authorized access. So what have they done to impose better access controls to prevent abuse?
If litigation is what it takes to get the state off the dime to deal with repeated problems, so be it. As I noted on DataBreaches.net, I’m not making any predictions as to any lawsuit’s chances. But if I lived in Minnesota, I’d be calling my state legislator to ask what the legislature is doing in terms of oversight of the Department of Public Safety to ensure and demand greater data protection and security for the driver’s license database. Imposing stiffer penalties on violators is not the same as preventing abuse. [Amen! Bob]
In related coverage Roper reports that the employee involved in the Department of Natural Resources incident was a manager who oversaw training on data handling privacy:
Altogether, [John] Hunt made about 19,000 queries of the Driver and Vehicle Services (DVS) database over nearly five years — 11,800 of them while off-duty.
The agency, which had previously declined to release Hunt’s name, said Friday that it was performing a “top-to-bottom” review of DNR employee access to DVS data and “redoubling” employee training.
“This employee not only violated the law, but betrayed the trust of the agency, his supervisors, and fellow employees,” DNR Commissioner Tom Landwehr said in a statement.
There is no evidence Hunt sold or disclosed the information, but the massive breach spurred lawmakers this week to call for tougher penalties and more disclosure when public employees misuse government data. Two lawsuits, both seeking class-action status, have been filed in federal court by several of the 5,000 people who received data breach letters.
The DVS database, which contains photographs, addresses and driving records on Minnesotans with a license, is protected by state and federal law against illegitimate use. The agency fired Hunt on Jan. 11 and the Duluth city attorney is reviewing the case for possible criminal charges.
Ninety percent of Hunt’s queries were for females, the agency said. The lookups included local celebrities, politicians, judges, athletes, television news people, state employees and “victims of various tragedies,” according to Hunt’s disciplinary letter and an investigative report. Several Star Tribune reporters were among the 5,000 lookups.
Read more on Star Tribune.


Is it up to my standards for teaching App creation? I'm a minor hardware hack from starting my own phone company. Stay tuned...
"WindowsAndroid is a very cool tool from the Beijing-based startup SocketeQ that lets you run Android 4.0 (Ice Cream Sandwich) as a native application on Windows Vista, Windows 7, or Windows 8 machines. The creators tell us they have a deep background in virtualization, operating system, and graphics technologies, and have been working on the project for years. Essentially, WindowsAndroid allows you not only to execute Android apps on your Windows computer, but also use the browser, not to mention every other component of the operating system."

(Related) and possibly redundant...
Remotely controlling your phone through your computer has a number of advantages. When the phone is lost, you can make it ring and find it, you can use your keyboard to type and send text messages, and more. Here to help you offer those features and a few bonus ones is a tool called PocketDo.
Similar tools: LazyDroid, Android Screencast and AirDroid.


...for my amusement.
Georgia State University will offer course credit to students who take MOOCs, according to The Chronicle of Higher Education. Students will have to work with the university and departments to demonstrate mastery over the course material, and if they can will get credits without having to pay additional fees.
… Another week, another new MOOC venture: Academic Partnerships, a company that helps universities offer online courses, unveiled MOOC2Degree, which will allow its clients to offer MOOCs for credit. The universities involved include the University of Arkansas system, the University of Cincinnati, the University of Texas at Arlington College of Nursing, the University of West Florida, and Cleveland State, Florida International, Lamar, and Utah State Universities. “Under the arrangement,” writes The New York Times, “Academic Partnerships will handle recruitment for MOOC2Degree and will receive an undisclosed share of the tuition the universities get from students who continue into a degree program.”
… “The world’s most popular professor,” MIT’s Walter Lewin, will teach a MOOC — 8.02x Electricity and Magnetism — through edX. Lewin’s course materials (published through MIT Opencourseware) and his lecture videos (on YouTube) have been incredibly popular. The latter have had over 11.4 million views. [How would we find “The world's best teacher?” Bob]
… The International Finance Corporation — an investment arm of the World Bank — has invested $150 million equity investment in Laureate Education, a or-profit education company that, according to Inside Higher Ed, “operates 65 career-oriented colleges in 29 countries.” [Why? Bob]


I suspect this illustrates the dream of every high school math teacher... Or at least, the ones who taught my students.

Friday, January 25, 2013

The US military just got a whole lot better. Just because they (got / will get) this one right does not mean they now have a firm grasp of the obvious in other areas...
Here’s How the Military Will Finally Accept (Most) Women in Combat
… As of Thursday afternoon, by act of Defense Secretary Leon Panetta and Army Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff, the 1994 Direct Combat Exclusion Rule for women is no more. But it won’t be gone gone until 2016. Between now and then, the services will present plans for gender integration, due May 15, and then gradually integrate women into combat occupations — as well as assess which tasks they’re going to keep all-male.
… “Female servicemembers have faced the reality of combat,” Panetta recognized in a Thursday press conference at the Pentagon. [A prime example of a “Well, DUH!” moment. Bob]


"Never ascribe to malice that which is adequately explained by incompetence" Napolean (maybe) Key management is an interesting problem.
"Github has killed its search function to safeguard users who were caught out storing keys and passwords in public repositories. 'Users found that quite a large number of users who had added private keys to their repositories and then pushed the files up to GitHub. Searching on id_rsa, a file which contains the private key for SSH logins, returned over 600 results. Projects had live configuration files from cloud services such as Amazon Web Services and Azure with the encryption keys still included. Configuration and private key files are intended to be kept secret, since if it falls into wrong hands, that person can impersonate the user (or at least, the user's machine) and easily connect to that remote machine.' Search links popped up throughout Twitter pointing to stored keys, including what was reportedly account credentials for the Google Chrome source code repository. The keys can still be found using search engines, so check your repos."


Others are echoing my thoughts... Does this mean I got something right?
"The first shot was probably the release of Stuxnet sometime during or before 2009. Even though no one has officially claimed responsibility everyone knows who was behind it. Stuxnet hit with a bang and did a whole lot of damage to Iran's uranium-enrichment capabilities. We followed up Stuxnet with Flame — the Ebola virus of spyware. What did the Iranians fire back with? A series of massive, on-going and ineffective DDoS attacks on American banks. This is a disproportionate response but not in the way military experts usually mean that phrase. It's the equivalent of someone stealing your car and you throwing an ever-increasing number of eggs at his house in response. It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub. Keep that in mind the next time you hear that a 'cyber Pearl Harbor' is imminent."
[From the article:
“Whenever I'm asked whether this or that is an act of war my reply is: would it be in our interests to consider it an act of war,” [Interesting way to phrase the question Bob] Martin Libicki of the Rand Corp. told BankInfoSecurity. “Similarly, would it be in the United States' interests to consider itself at cyber war with Iran? Could we convince others that our perception is reality? Would they reply that, with Stuxnet, the United States fired first?

(Related) Is it a Cyber Pearl Harbor or a Cyber 9/11 or Cyber Sandy or just a bid for a bigger budget?
'Cyber 9/11' may be on horizon, Homeland Security chief warns
"A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11," he said during a speech. "Such a destructive cyber terrorist attack could paralyze the nation."
According to Reuters, Napolitano said today that a massive cyber attack could cause the same amount of damage as last year's Superstorm Sandy, which downed electricity and information networks throughout the Northeastern U.S. [As big as “9/11”, “Sandy” or “The nation” What to believe, what to believe... Bob]


We always have room for an Ethical Hacker. The kid appears to be better at finding security flaws than the college. Are they sure they want him on the outside looking in?
"The Security Ledger writes that the expulsion of Ahmed Al-Khabaz, a 20-year-old computer sciences major at Dawson College in Montreal, has exposed a yawning culture gap between academic computer science programs and the contemporary marketplace for software engineering talent. In an opinion piece in the Montreal Gazette on Tuesday, Dawson computer science professor Alex Simonelis said his department forbids hacking as an 'extreme example' of 'behavior that is unacceptable in a computing professional.' And, in a news conference on Tuesday, Dawson's administration stuck to that line, saying that Al-Khabaz's actions show he is 'no longer suited for the profession.' In the meantime, Al-Khabaz has received more than one job offer from technology firms, including Skytech, the company that makes Omnivox. Chris Wysopal, the CTO of Veracode, said that the incident shows that 'most computer science departments are still living in the pre-Internet era when it comes to computer security.' 'Computer Science is taught in this idealized world separate from reality. They're not dealing with the reality that software has to run in a hostile environment,' he said. 'Teaching students how to write applications without taking into account the hostile environment of the Internet is like teaching architects how to make buildings without taking into account environmental conditions like earthquakes, wind and rain,' Wysopal said."


Rights is rights!
Sex Offenders Can’t Be Banned From Facebook, Court Rules
A federal appeals court ruled Wednesday that a 2008 Indiana law forbidding registered sex offenders from using instant-messaging and social-networking sites like Facebook is an unconstitutional infringement of First Amendment-protected speech.
The 7th U.S. Circuit Court of Appeals said the legislation “broadly prohibits substantial protected speech rather than specifically targeting the evil of improper communications to minors.” (.pdf)

(Related) On the other hand...
Twitter has been criticized in the past for not being as vigilant as other social networks as far as removing offensive content, and it looks like a French court is taking matters into their own hands by ordering Twitter to hand over the usernames and information of users who post racist and offensive tweets.
… The court also ordered Twitter to set up an “easily accessible and visible” system that would allow users to alert the site of illegal content specifically for “crimes against humanity and incitement to racial hatred.” Back in October, Twitter removed a neo-Nazi group that would post racist tweets on the site, but only after German police stepped in.


Ubiquitous surveillance – that pretty much says it all...
Cell phones that can identify you by how you walk. Fingerprint scanners that work from 25 feet away. Radars that pick up your heartbeat from behind concrete walls. Algorithms that can tell identical twins apart. Eyebrows and earlobes that give you away. A new generation of technologies is emerging that can identify you by your physiology. And unlike the old crop of biometric systems, you don't need to be right up close to the scanner in order to be identified. If they work as advertised, they may be able to identify you without you ever knowing you've been spotted.

(Related) ...and when I say ubiquitous... Think they can tell what kind of newly legalized plants we are growing here in Colorado?
Timothy Lord starts this video with these words: "Sensors are a big deal at CES this year. They are small devices that track everything from the location of your pets to how many steps you have taken today." And so he chatted with Phillip Bolliger, founder of Swiss company Koubachi AG, which makes Wi-Fi sensors that help you give your plants the right amount of water and light and to keep them at the right temperature. As of this writing, the prices on their online store are in Euros, not dollars, but the sensors are now available through Amazon with U.S. pricing. Koubachi also has a free app for your iOS device, and a Facebook app for your computer or Android device, that will help you give your plants the right amount of fertilizer and other love even if you don't buy a Koubachi sensor.

(Related) Self-surveillance and cheap drones, what's not to like?
There’s a little quad-helicopter device coming to the market relatively soon known as the MeCam, developed and manufactured by the friendly folks at Always Innovating. This little chopper has its own video camera and will connect to your smartphone as well as follow you around automatically while otherwise accepting voice-commands galore. This little monster will also only cost you $49 USD.


Yes this is a source of Golden Eggs, but we want roast goose!” Can you say, Silicon Death Valley?
"Engineers and hackers don't think much about tax policy, but there's a bizarre development in California that they should know about, since it could reduce the pool of angel-investment money available for tech startups. Under a tax break available since the 1990s, startup founders and other investors in California were allowed to exclude or defer their gains when they sold stock in California-based small businesses. Last year, a California appeals court ruled that the tax break was unconstitutional, since it discriminated against investors in out-of-state companies. Now the Franchise Tax Board, California's version of the IRS, has issued a notice saying how it intends to implement the ruling — and it's a doozie. Not only is the tax break gone, but anyone who claimed an exclusion or deferral on the sale of small-business stock since 2008 is about to get a big retroactive tax bill. Investors, entrepreneurs, and even the plaintiffs in the original lawsuit are up in arms about the FTB's notice, saying that it goes beyond the court's intent and that it will drive investors out of the state. This Xconomy article takes an in-depth look at the history of the court case, the FTB's ruling, and the reaction in the technology and investing communities."


The time has come... Every survey for the last 5 years says the same thing.
"Internet access is as crucial to everyday life as having a phone connection and the loss of connectivity is deserving of financial compensation, the German Federal Court of Justice has ruled. Because having an internet connection is so significant for a large part of the German population, a customer whose service provider failed to provide connectivity between December 2008 and February 2009 is entitled to compensation, the court ruled today. 'It is the first time the court ruled that an internet connection is as important a commodity as having a phone,' said court spokeswoman Dietlind Weinland. The court, however, denied the plaintiff's request of €50 a day for his fax machine not working."

(Related)
From Concerned Privacy Advocates, Internet Activists, Journalists & Other Organizations:
Skype Division President Tony Bates
Microsoft Chief Privacy Officer Brendon Lynch
Microsoft General Counsel Brad Smith
Dear Mr. Bates, Mr. Lynch and Mr. Smith,
Skype is a voice, video and chat communications platform with over 600 million users worldwide, effectively making it one of the world’s largest telecommunications companies. Many of its users rely on Skype for secure communications—whether they are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends.
It is unfortunate that these users, and those who advise them on best security practices, work in the face of persistently unclear and confusing statements about the confidentiality of Skype conversations, and in particular the access that governments and other third parties have to Skype user data and communications.
We understand that the transition of ownership to Microsoft, and the corresponding shifts in jurisdiction and management, may have made some questions of lawful access, user data collection, and the degree of security of Skype communications temporarily difficult to authoritatively answer. However, we believe that from the time of the original announcement of a merger in October 2011, and on the eve of Microsoft’s integration of Skype into many of its key software and services, the time has come for Microsoft to publicly document Skype’s security and privacy practices.
Read the full letter here.
And yes, PogoWasRight.org would have signed on to this – if someone had thought to let this site know or asked for a signature.


Who will scream and how loud?
"The Government of Antigua is planning to launch a website selling movies, music and software, without paying U.S. copyright holders. The Caribbean island is taking the unprecedented step because the United States refuses to lift a trade 'blockade' preventing the island from offering Internet gambling services, despite several WTO decisions in Antigua's favor. The country now hopes to recoup some of the lost income through a WTO approved 'warez' site."


Well this makes me feel all fuzzy. Wait, does the fact that the government commissioned the government to study the government suggest a potential conflict of interest? “Nope. We got ethics!”
Pentagon Watchdog Clears Darpa in Ethics Probe
The Pentagon’s far-out research agency is something of a revolving door. Program managers enter; defense consultants and academics leave; and then they come back a few years later. The Pentagon’s watchdog has concluded that’s completely above board.
Darpa’s ethics training “appropriately mitigated the potential for conflicts-of-interest,” concludes Jacqueline L. Wicecarver, the Pentagon’s assistant inspector general, in a report released on Thursday.


For my entrepreneurial students...
"Network World is running a guest article by Outercurve Foundation's technical director Stephen Walli discussing how FOSS license choice can affect a company's business model. Walli disagrees that a FOSS license dictates the business model or that the business model dictates the license."
[From the article:
Red Hat packages an asset that they neither own nor control. They influence the Linux kernel through participation in the Linux kernel community. They use the Linux kernel in their Red Hat Enterprise Linux and Fedora Project operating systems. They surround the kernel with considerable other software (most of it free and open source project-based from a collection of other project communities in which they participate). They support and warrant their product solution, as well as develop and enable the Fedora project community. They are the most profitable and successful Linux vendor and indeed the most successful open source company to date, finally cracking the US$1B revenue barrier in 2012.


Interesting idea. The White House now requires 100,000 “signitures” but what changes would be possible if petitions started with “I'll vote for you (your party's candidate) if...”
"Internet activists in Finland, upset with the country's strict copyright laws, are ready to take advantage of the country's promise to vote on any citizen-proposed bill that reaches 50,000 signatures. Digital rights group Common Sense in Copyright has proposed sweeping changes to Finland's Lex Karpela, a 2006 amendment to the Finnish copyright law that more firmly criminalized digital piracy. Under it, 'countless youngsters have been found guilty of copyright crimes and sentenced to pay thousands, in some cases hundreds of thousands, of euros in punitive damages to the copyright organizations.' The proposal to fix copyright is the best-rated and most-commented petition on the Open Ministry site."


Thought so...
January 24, 2013
Columbia Journalism Report - Post Industrial Journalism
Post Industrial Journalism by C.W. Anderson, Emily Bell and Clay Shirky
  • "The effect of the current changes in the news ecosystem has already been a reduction in the quality of news in the United States. On present evidence, we are convinced that journalism in this country will get worse before it gets better, and, in some places (principally midsize and small cities with no daily paper) it will get markedly worse. Our hope is to limit the scope, depth and duration of that decay by pointing to ways to create useful journalism using tools, techniques and assumptions that weren’t even possible 10 years ago."


Unlimited free power, version 946.2? Let's hope they don't fall into the ocean and breed..
"Researchers at the University of Buffalo have created spherical silicon nanoparticles they claim could lead to hydrogen generation on demand becoming a 'just add water' affair. When the particles are combined with water, they rapidly form hydrogen and silicic acid, a nontoxic byproduct, in a reaction that requires no light, heat or electricity. In experiments, the hydrogen produced was shown to be relatively pure by successfully being used to power a small fan via a small fuel cell."


For my students...
… You may have put a little thought into your profile at some point and then probably let it stagnate somewhat between moments of enthusiasm for career-building behaviour.
However, this need not be the case. There are a number of great hacks you can use with LinkedIn, some of which will help to keep your profile looking fresh for longer, and all of which will help to further your career in some way. It’s well worth taking a quick look at a few of them to see what you can incorporate into your regular activities.


For my researching students?
The ultimate tablet magazine is ready for your Android. Long an iPad-only offering, Flipboard arrived for Android tablets in December – and I’ve barely put my tablet down since. With the ability to pull in content from thousands of sites, Flipboard can also access your Google Reader, YouTube, Twitter, and Facebook accounts, meaning everything you care about on the web is literally at your fingertips.


Perhaps we could fit this in to our programming classes?
"Yesterday in a post at the White House website, the U.S. government announced that June 1-2 would be the National Day of Civic Hacking. 'Civic Hacking Day is an opportunity for software developers, technologists, and entrepreneurs to unleash their can-do American spirit by collaboratively harnessing publicly-released data and code to create innovative solutions for problems that affect Americans.' It will be a joint project with Random Hacks of Kindness, Code for America. Activities are being planned in many cities across the country, and you can also sign up to host your own event. It's nice to see the government use the word 'hacking' in a positive way, since most uses of the term these days involve malicious activity."

Thursday, January 24, 2013

Seems a bit light to me...
It was one of the biggest hacks of 2011 from a media standpoint, and at least some of those involved were subsequently arrested. But Sony’s woes from the hack are not over and it has now been hit with the biggest monetary penalty ever issued by the U.K. Information Commissioner’s Office for a data breach. From the ICO:
The entertainment company Sony Computer Entertainment Europe Limited has received a monetary penalty of £250,000 from the Information Commissioner’s Office (ICO) following a serious breach of the Data Protection Act.
The penalty comes after the Sony PlayStation Network Platform was hacked in April 2011, compromising the personal information of millions of customers, including their names, addresses, email addresses, dates of birth and account passwords. Customers’ payment card details were also at risk.
An ICO investigation found that the attack could have been prevented if the software had been up-to-date, while technical developments also meant passwords were not secure.
David Smith, Deputy Commissioner and Director of Data Protection, said:
“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.
“There’s no disguising that this is a business that should have known better. It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.
“The penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft.
“If there’s any bright side to this it’s that a PR Week poll shortly after the breach found the case had left 77 per cent of consumers more cautious about giving their personal details to other websites. Companies certainly need to get their act together but we all need to be careful about who we disclose our personal information to.”
Following the breach, Sony has rebuilt its Network Platform to ensure that the personal information it processes is kept secure.
Jay Alabaster of IDG News Service reports that Sony plans to appeal the fine:
“SCE disagrees with the ruling and is planning an appeal,” said Satoshi Fukuoka, an SCE spokesman in Tokyo.
Hopefully, they’ll consider a recent ruling that if an entity appeals a fine and doesn’t take advantage of the 20% off discount for early payment, the discounted offer no longer stands.


Sometimes you don't need terrorists attacking infrastructure, just failure to have a viable rollback plan. “Hundreds of users” sugggests this is not a huge outage.
AT&T's U-verse blacks out for days in several U.S. states
Some AT&T U-verse customers are still without TV, Internet, or phone service after a days-long outage that knocked out access for hundreds of users throughout several Southern states.
"The issue impacting some U-verse subscribers has been tracked back to a software upgrade," the company wrote on its Facebook page earlier this afternoon. "We continue to work to determine when service will be completely restored. [Suggest they have no clue how to fix it Bob] Our continued apologies for the inconvenience."
The outage began on Monday and was confirmed by AT&T on Tuesday.


Just a heads up!
Unlocking Cellphones Becomes Illegal Saturday
In October 2012, the Librarian of Congress, who determines exemptions to a strict anti-hacking law called the Digital Millennium Copyright Act (DMCA), decided that unlocking mobile phones would no longer be allowed. But the librarian provided a 90-day window during which people could still buy a phone and unlock it. That window closes on January 26.
… The new rule against unlocking phones won't be a problem for everybody, though. For example, Verizon's iPhone 5 comes out of the box already unlocked, and AT&T will unlock a phone once it is out of contract.
You can also pay full-price for a phone, not the discounted price that comes with a two-year service contract, to receive the device unlocked from the get-go. Apple sells an unlocked iPhone 5 starting at $649, and Google sells its Nexus 4 unlocked for $300.


So now I don't need a lawyer...
… Gather around, children, for Papa Lockhart is going to tell you the story of the Four Determining Factors And The Big Bad Copyright Infringer.


Perspective
January 23, 2013
Pew - Teens and Libraries
Presentation: Teens and Libraries by Lee Rainie, Jan 23, 2013 at Young Adult Library Services Association. "7 takeaways from our research:
  1. Teens live in a different information ecosystem
  2. Teens live in a different learning ecosystem
  3. Teens’ reading levels match/exceed adult levels
  4. Teens use libraries and librarians more than others, but don’t necessarily love libraries as much
  5. Teens have different priorities in library services
  6. Teens will behave differently in the world to come
  7. The public and teachers recognize this and want libraries to adjust to it"


The market is strong in the Education Bidness...
January 23, 2013
Census Bureau Reports Fast Growth in Ph.D.s and Master's Degree Holders
"From 2002 to 2012, the highest rate of increases in education attainment levels were doctorate and master's degrees, according to new statistics from the U.S. Census Bureau. The population with a doctorate grew by about 1 million, or 45 percent, while those who held a master's climbed by 5 million, or 43 percent. Meanwhile, the population with an associate degree rose by 5 million, or 31 percent. Those whose highest degree was a bachelor's degree grew at a smaller rate: 25 percent to 41 million. Meanwhile, the number of those without a high school or GED diploma declined by 13 percent, falling to 25 million. The rates of increase for doctorate and master's holders were not significantly different from one another. The statistics come from Educational Attainment in the United States: 2012, a series of national-level tables showing attainment levels by a wide range of demographic characteristics, including sex, race, Hispanic origin, marital status, household relationship, citizenship and nativity, labor force status, occupation and industry. Also included are detailed information on years of school completed, showing for each level of attainment exactly how many years of education adults have. A variety of historical time series tables going back to 1940 are also provided, as are graphs illustrating historical data."

Wednesday, January 23, 2013

Willie Sutton robbed banks because “That's where the money's at.” Would any government ignore the wealth of data Google holds?
Governments Requesting More Private Data From Google
Governments around the world, especially the U.S. government, are continuing to request more private data from Google. The search giant released a fresh transparency report this morning, revealing that the U.S. leads the world in information requests about users (8,438 requests for information from about 14,868 users). Google isn’t a fan of how governments force them to hand over data and freak out privacy-happy users, so the regular transparency report has been their (very) clever way of heightening public pressure on issues of government surveillance. [But if not one reads the report, can it have any impact? Bob]


Remember, your MAC (Media Access Control) address is unique to your phone.
"Call it Google Analytics for physical storefronts: if you've got a phone with wi-fi, stores can detect your MAC address and track your comings and goings, determining which aisles you go to and whether you're a repeat customer. The creator of one of the most popular tracking software packages says that the addresses are hashed and not personally identifiable, but it might make you think twice about leaving your phone on when you head to the mall."


Perspective (several versions) I have not heard “better smartphones look more and more like desktop computers” before. Somehow I'm not convinced.
Google Ad Bleeding Slows as Larry Page Dismisses Mobile Fears
Investors like what they’re hearing from Google, despite a sickly-sounding Larry Page. The Google CEO argued on Tuesday’s earnings call that mobile won’t hinder his company’s core ad business because distinctions between devices are becoming moot.
… Money poured into Google’s core advertising business as holiday shoppers hunted for gifts. Google Chief Business Officer Nikesh Arora said Google’s top 25 advertisers are spending an average of $150 million per year. Election spending on Google quintupled in 2012 compared to four years earlier, Arora said during the call, adding that in 9 of 11 “top Senate races … the candidate who spent more with Google was elected.” [How to control congress: “Discounts for Democrats” and “Rebates for Rebublicans” Bob] He also said that Psy, whose “Gagnam Style” video topped 1 billion views on YouTube, made $8 million on YouTube advertising alone.
… Analysts have blamed the steep plunge in the value of Google’s ads, paradoxically, on the company’s success at driving the smartphone revolution. Mobile ads simply aren’t worth as much on smartphones, since users just don’t respond to them as much. Android, the world’s most popular smartphone operating system, puts Google’s ad-supported ecosystem into more hands, but at the same time that spread is diluting those ads’ value.
… As for Page, he said he believes that dollars for mobile ads could as likely as not top the spending on desktop. He pointed to handsets like Google’s own Nexus 4 and other “modern” smartphones that he said render the distinctions among platforms and form factors irrelevant.


This one really twists my brain. Some day I'm sure one of my lawyers friends will show me the logic of this ruling... Maybe.
An individual who inadvertently exposes the contents of his computer over an unsecured wireless network still has a reasonable expectation of privacy against a search of those contents by the police, a federal judge in Oregon ruled last week.
The ruling involves John Henry Ahrndt, a previously convicted sex offender who was sentenced to 120 months in prison for possession of child pornography on his computer.
Read more on Computerworld.
[From the article:
In analyzing the case, Judge King noted that there was nothing to show that Ahrndt was using or had intended to use iTunes or other file-sharing software to share the files in question, with others. "The invasive action at review here is a remote search of computer data transmitted on an unsecured wireless network," he noted.
King conceded that the deputy did not violate Ahrndt's Fourth Amendment protections by merely looking at the list of files on his computer because the list had had already been pulled up by JH. [If she had already pulled up images, would they also be admissible? Bob]
However, the deputy's subsequent action in asking JH to open one of the files did violate reasonable expectations of privacy, particularly since Ahrndt had not intended for the contents of his PC to be shared.
King rejected the government's argument that the highly suggestive file names alone were enough reason for probable cause. In his ruling, the judge said it was unlikely the government could have obtained a search warrant based purely on the deputy's recollection of the file names on Ahrndt's collection. In fact, if the deputy had not seen the image, there would have been no probable cause to ask for a search warrant against Ahrndt, he said.
"The mere act of accessing a network does not in itself extinguish privacy expectations, nor does the fact that others may have occasional access to the computer," the judge said, quoting from a previous case involving a similar issue.


Interesting concept.
Newest Forum for Military’s Ethics Debate: Twitter
There are two major venues for an uncomfortable internal debate about professional ethics currently roiling the U.S. military. One is the Pentagon, where the chairman of the Joint Chiefs of Staff is reviewing leadership training after a spate of embarrassing incidents suggested the military’s moral fibers have frayed. The other is Twitter.
While Rebecca Johnson, an associate professor at the Marine Corps University’s Command and Staff College, prepared to teach her ethics elective to a group of mid-career Marine officers, she decided she’d like to get all of Twitter involved. So she put together a syllabus corresponding to the one she teaches Marines, blogged about it, and started the hashtag #METC — for Military Ethics Twitter Course — for anyone who wants to discuss thorny questions of military ethics for the next five weeks. Essentially, Twitter users are auditing Johnson’s course.


Perspective Another industry or two done in by the digital age?
Keep your Blu-rays and DVDs, Hollywood -- I've gone digital
Buying physical copies of movies seems to make little sense these days, even if they provide digital versions with the purchase, given the frustration involved.


This should keep me busy for several days!
Freebook Sifter finds Kindle freebies
This handy site catalogs some 35,000 free e-books for your Kindle app or e-reader.
E-books are all kinds of awesome. E-book prices? Not so much.
That's why I'm always on the lookout for freebies, relying on sites like Hundred Zeros to help me find gratis reading for my Kindle.
Lately I've been exploring another source: Freebook Sifter, a new site that lists over 35,000 no-cost books available from Amazon. It's not the prettiest site I've ever seen -- all links and text, no cover art or images -- but it definitely delivers on its promise.


Perspective Maybe I should video and then compile some of the answers my studnts give me...
I’m sure a lot of people out there have YouTube accounts, but a lot of people may not realize that if your channel generates enough page views YouTube will often allow you to monetize your videos. The video monetization typically has to do with placing a commercial in front of the video you want to watch that you have to view for at least a few seconds before you can skip it. If you listen to a radio station that plays any popular music, you’ve undoubtedly heard Psy belt out his barely understandable song Gangnam Style.
… The video is the most watched ever to hit YouTube with more than 1 billion views. That 1 billion views has earned $8 million revenue on YouTube alone.


My students will read if their life depends on it... Only 18 textbooks so far, but the idea is interesting and risky (lawsuits)
Free, Open-Source Digital Textbook Provider, Boundless, Releases Its Content Under Creative Commons
Since first emerging early last year, Boston-based startup Boundless has been on a mission to give students a free alternative to the financial and physical costs of bulky backpacks brimming with pricey hard-copy textbooks.
… Boundless has been fighting the Powers That Be by offering a free, digital alternative culled from existing, open educational resources.
Boundless offers an entire section on its website devoted to explaining how it uses open educational resources and describes best practices for users, but users of its free textbooks will find that, at the end of each chapter, sources are cited as a list of links where students can locate the original material.
… To monetize, Boundless will likely turn this into a freemium model, adding optional preemium features on its own platform and in its textbooks, which will help students study more effectively (get smarter, etc etc.) and will be available for a cost.
Diaz also says that the company will now offer additional features (as seen above), like flashcards, quizzes and study guides, for example, that will include Creative Commons-licensed material and will be available within its textbooks. In this way, Boundless wants to go beyond what the traditional textbook offers, pushing the space ahead, along with startups like Inkling and Kno.
To take advantage of those, students will have to create a user account, however, access to its textbooks will remain free, Diaz says.
You can check out a few examples of Boundless textbooks here and here.

Tuesday, January 22, 2013

Does no one know that laptops get stolen from cars? Perhaps we could have the laptop manufacturers print this on the top of the laptop in BIG RED LETTERS!
From their press release, issued yesterday:
Lucile Packard Children’s Hospital at Stanford and the Stanford University School of Medicine are notifying patients by mail that a password-protected laptop computer containing limited medical information on pediatric patients was stolen from a physician’s car away from campus on the night of January 9, 2013. This incident was reported to Packard Children’s and the School of Medicine on January 10. Immediately following discovery of the theft, Packard Children’s and the School of Medicine launched an aggressive and ongoing investigation with security and law enforcement, and began contacting patients potentially affected.
The medical information on the stolen laptop was predominantly from 2009 and related to past care and research. The patient data did not include financial or credit card information, nor did it contain Social Security numbers or any other marketable information. It did include names and dates of birth, basic medical descriptors, and medical record numbers, which are used only by the hospital to identify patients. In some cases, there was limited contact information. There is no indication that any patient information has been accessed or compromised.
They also posted an FAQ on their site, which says, in part, that 57,000 patients are being notified.


So, we don't bother to check them new fangled digital maps against the old paper versions OR was this a subtle test of one possible CyberWar weapon?
Report: Reef-bound Navy ship takes on water
The U.S. Navy ship USS Guardian remains stuck on a reef off the Philippines four days after the minesweeper ran aground.
In a statement, the U.S. Navy said preliminary findings of a review by the U.S. National Geospatial-Intelligence Agency found that digital navigation chart data was inaccurate and had "misplaced the location of Tubbataha Reef." This "may have been a factor in the Guardian grounding."


Now do you understand “We can, therefore we must?”
I couldn’t understand why a regular reader from Texas sent me a link to an article about fining residents if they didn’t clean up their dog poo. After all, that’s the case in many towns and cities by now and didn’t strike me as newsworthy.
But then I read the news story and my jaw dropped:
A Plano apartment complex is set to become the latest North Texas multi-family residential facility to demand DNA tests of all dogs living on the property in an effort to catch owners who fail to pick up their dog’s waste.
Read more on NBC DFW.
So in Texas, students can be RFID-chipped to boost attendance revenues and dogs can be subjected to mandatory DNA testing so their owners can be fined if the dog poo isn’t cleaned up. Surveillance in Texas seems to be a revenue-generating scheme.
Is it too late for me to sign that petition about Texas seceding from the union? Sheesh.


Interesting article, but this summary is just one extreme interpretation, I think.
Konrad Lischka and Christian Stöcker report:
When it comes to hysteria over coming data protection rules in Europe, the most extremist warnings from lobbyists these days are coming out of the law firm Field Fisher Waterhouse. The head of the firm’s privacy and information law group, Eduardo Ustaran, recently told the American technology news service ZDNet that if the EU’s draft privacy and data protection law isn’t changed, Gmail and Facebook may be forced to abandon their ad-supported models and start charging their customers in Europe or stop providing them with these popular services altogether.
Read more on Spiegel Online.

(Related) Another “proof” that we don't have a coherent strategy yet. Whose objectives are we trying to satisfy?
Spandas Lui reports:
The Office of the Australian Information Commissioner (OAIC) has expressed concerns with some of the data-privacy changes that were proposed by a recent Microsoft report.
The Microsoft Global Privacy Summit Report (PDF), entitled “Notice and Consent in a World of Big Data” and released in November 2012, lists the topics that came out of numerous global discussions held by the vendor on data privacy.
“Generally, people agreed that new approaches to privacy protection must shift responsibility away from individuals to organisations which use data, driving a focus on what uses of that data are permitted, as well as [have] accountability for responsible data stewardship, rather than mere compliance,” Microsoft chief privacy strategist Peter Cullen wrote in a blog post.
While the OAIC was supportive of more responsible data-collection processes, it disagreed with some of the changes that the Microsoft report suggested about how collected data could be used.
Read more on ZDNet.


One to request from my local library...
nrothke writes
"In the 4th edition of A Gift of Fire: Social, Legal, and Ethical Issues for Computing Technology, author Sara Baase takes a broad look at the social, legal and ethical issues around technology and their implications. Baase notes that her primary goal in writing the book is for computer professionals to understand the implications of what they create and how it fits into society. The book is an interesting analysis of a broad set of topics. Combined with Baase's superb writing skills, the book is both an excellent reference and a fascinating read."
Read below for the rest of Ben's review.


...and one to download.
"The classic hacker book publisher O'Reilly is releasing their book Open Government for free as a tribute for Aaron Swartz. The book asks the question, in a world where web services can make real-time data accessible to anyone, how can the government leverage this openness to improve its operations and increase citizen participation and awareness? Through a collection of essays and case studies, leading visionaries and practitioners both inside and outside of government share their ideas on how to achieve and direct this emerging world of online collaboration, transparency, and participation. The files are posted on the O'Reilly Media GitHub account as PDF, Mobi, and EPUB files."


Oh! Something for my spare time! (Or for students who don't like how I teach...)
New WordPress Plugin Lets You Build Your Own Online School
… The new WordPress plugin from WooThemes (a popular WordPress premium theme provider) lets you start up your own online school with ease. It’s as simple as installing a WordPress plugin. The actual content and other school-y stuff is, of course, up to you. But the technical stuff is taken care of by this new plugin.