Saturday, May 25, 2013

Apparently Stuxnet gave them some ideas and taught them some sophisticated techniques.
New Computer Attacks Traced to Iran, Officials Say
American officials and corporate security experts examining a new wave of potentially destructive computer attacks striking American corporations, especially energy firms, say they have tracked the attacks back to Iran.
… The goal is not espionage, they say, but sabotage. Government officials describe the attacks as probes looking for ways to seize control of critical processing systems.

For my Ethical Hackers
"We've pointed out some problems with Twitter's new two-factor authentication. For example, since just one phone number can be associated with an account, Twitter's two-factor authentication won't work for organizations like the Associated Press, The Onion, or The Guardian. They were hacked; they could still be hacked again in the same way. However, security experts indicate that the problem is worse than that, a lot worse."

I'm for anything that helps hold down the cost of my 3-D printed Gattling gun.
"A UC Berkeley group, in a bid to drive down the costs of 3-D printing, has been focusing on more natural materials such as salt, wood, ceramics and concrete (the last two, while not naturally occurring, are made of naturally occurring components). The use of these materials create new avenues for architecture, such as printing buildings. Professor Ronald Rael, the head of the project, stated that these materials and the designs they enable will require new IP protections — 'This is going to require some IP protection for designs, so if you design architecture in the computer, you're protected, just as music and movies are.' I wonder if he's ever heard of design patents?"

Change, the only constant.
From Arrested Development to Dr. Who, How Binge Watching Is Changing Our Culture
Never mind the fact that Arrested Development is coming back this weekend as a revived fourth season of a show that ended six years ago — yes, six years ago, which is a lot in today’s cultural time. (To put that in perspective, just remember that 2006 was the same year that Twitter was founded. And that Foursquare, Google Plus, Instagram, Pinterest, and the recently acquired Tumblr didn’t even exist yet.)
Instead, let’s focus on the fact that all 15 episodes of the new season are being released all at once — precisely at midnight tomorrow, exclusively on Netflix. This is interesting because just one month ago, Netflix was touting its House of Cards “binge watching” strategy of original content released all at once. Not only did people really gorge on a bunch of episodes, but Netflix shares were up 19 percent after its last earnings report. Instead of losing momentum for the show in one bang, Netflix CEO Reed Hastings observed that several months later “huge numbers” of viewers were just starting the series every week.

History, for my Intro to IT students.
The First Long-Distance Telegraph Message, Sent This Day in 1844: 'What Hath God Wrought?'

MOOC University
… The latest bit of MOOC-news comes from the Georgia Institute of Technology, which just last week announced that, in partnership with Udacity and AT&T , it will offer a full-on master’s degree in computer science in MOOC format — or rather, Georgia Tech College of Computing Dean Zvi Galil corrected me, a “MOOC 2.0” format. The program begins in 2014, and seems worth keeping an eye on. Galil certainly isn’t shy about its potential: “We’re doing it because we want to lead the revolution,” he tells me.

Friday, May 24, 2013

Don't bank on your phone...
"A new piece of Android malware has been discovered that can intercept your incoming text messages and forward them on to criminals. Once installed, the trojan can be used to steal sensitive messages for blackmailing purposes or more directly, codes which are used to confirm online banking transactions. The malware in question, detected as "Android.Pincer.2.origin" by Russian security firm Doctor Web, is the second iteration of the Android.Pincer family according to the company. Both threats spread as security certificates, meaning they must be deliberately installed onto an Android device by a careless user."

I don't recall them using the term “surge” in relation to drones.
Obama Swears Drone Surge Is Done
Drones will play a big role in U.S. counterterrorism for the foreseeable future. But the frenetic pace of drone strikes that have come to define President Obama’s war on terrorism is at an end, Obama declared today.
In the months and years ahead, drone strikes once conducted by the CIA will become more of a U.S. military responsibility. The rules for launching the strikes will become stricter — there must be a “near certainty” that no civilians will be killed, for instance — and they’ll become less frequent.

It's okay to have the printer and it's okay to have the template for a gun, so how will they know you haven't actually used them to make a gun?
"'Untraceable, undetectable, cheap and freely available.' That's how Australian police have described the 3D-printable gun known as The Liberator today as they announce that they will be seeking to make the download, construction and possession of these weapons illegal. In their tests, Police printed the 15 parts required to assemble The Liberator in 27 hours and assembled it within 60 seconds with a firing pin fashioned out of a steel nail. The two guns were test fired into a block of resin designed to simulate human muscle, and the first bullet penetrated the resin block up to 17 centimeters. [That's 6.69291 inches – what caliber weapon did they print? That seems low, even for a .38 Bob] NSW Police Ballistics division confirm that it would be a fatal wound if pointed at someone."
[From the article:
“[3D-printed weapons] are truly undetectable, truly untraceable, cheap, easy to make. [This] weapon cost us $35 to make. We made that on a base entry level 3D printer. That printer cost us $1700. It truly is a home printer for so many people to make untraceable weapons. It is an emerging threat.

I guess I'll have to live with the fact that I'll never understand bureaucracies – which is probably easier than suddenly realizing I do understand them.
The Declassification Engine: Your One-Stop Shop for Government Secrets
The CIA offers an electronic search engine that lets you mine about 11 million agency documents that have been declassified over the years. It’s called CREST, short for CIA Records Search Tool. But this represents only a portion the CIA’s declassified materials, and if you want unfettered access to the search engine, you’ll have to physically visit the National Archives at College Park, Maryland.
Using the Freedom of Information Act, historians and researchers have urged the CIA to provide them with their own copy of the CREST electronic database, so that they can seek greater insight into U.S. history and even build up additional checks and balances against the government’s approach to official secrecy. But the agency won’t do it. “Basically, the CIA is saying that the database of declassified documents is itself classified,” explains Steve Aftergood, a senior research analyst with the Federation of American Scientists, who oversees the federation’s government secrecy project.
… “The state of the declassified archives is really stuck in the middle of the 20th Century,” says Aftergood. He calls it a “fairly dismal picture,” but he also says there’s an enormous opportunity to improve the way we research declassified materials — and improve it very quickly — through the use of modern technology.
That’s the aim of a new project launched by a team of historians, mathematicians, and computer scientists at Columbia University in New York City. Led by Matthew Connelly — a Columbia professor trained in diplomatic history — the project is known as The Declassification Engine, and it seeks to provide a single online database for declassified documents from across the federal government, including the CIA, the State Department, and potentially any other agency.

This on the other hand, is easy to understand.
"The Wall Street Journal is reporting that AT&T Mobility, the second-largest wireless carrier in the U.S., has added a new monthly administrative fee of 61 cents to the bills of all of its contract wireless lines as of May 1, a move that could bring in more than a half-billion dollars in annual revenue to the telecom giant. An AT&T spokeswoman said the fee covers 'certain expenses, such as interconnection and cell-site rents and maintenance.' The increased cost to consumers comes even though AT&T's growth in wireless revenue last year outpaced the costs to operate and support its wireless business. The company has talked of continuing to improve wireless profitability. Citigroup analyst Michael Rollins noted that the new administrative fee is a key component for accelerating revenue growth for the rest of the year. He said the fee should add 0.30 of a percentage point to AT&T's 2013 revenue growth; he predicts total top-line growth of about 1.5%. Normally, consumers could vote with their wallets by taking their business elsewhere. AT&T would be required to let customers out of their contracts without an early termination fee if it raised prices, but it is avoiding this by simply calling the increase a 'surcharge,' effectively forcing millions of people to either pay more money per month or pay the ETF."

Perspective ...and this is just so kids can play games! (and Microsoft can make a few more billions)
Xbox One: Our Servers Will Have More Power Than All the Computers in 1999! Us: Really?! Expert: Almost.
Watching the reveal of the Xbox One this week, one particular claim about Microsoft's new console caught my ear. Marc Whitten, the executive in charge of Xbox Live, the company's online gaming network, charted its historical progression.
"When we launched Xbox Live in 2002, it was powered by 500 severs. With the advent of the 360, that had grown to over 3,000," Whitten said. "Today, 15,000 servers power the modern Xbox Live experience."
Then Whitten said something extraordinary, "This year, we will have more than 300,000 servers for Xbox One, more than the entire world's computing power in 1999."

Amazing to me that my students (who write Apps all the time) were not aware of this.
Meet the Man Who Sold a Month-Old App to Dropbox for $100M
When Mailbox sold itself to Dropbox for a reported $100 million or so this March, the month-old iPhone app wasn’t even available to the public. People could download the email organizer, but using it required joining a mailing list that stretched to nearly 800,000 names at one point.
Mailbox was popular because it provided innovative new ways to organize and clear an inbox. Users can swipe a message to the left to “snooze” it, a command that instructs Mailbox to resurface the email after a set period of time. Other swipes — hard left, right, or hard right — archive, delete, or file messages.

What is the “Next Big Thing?” (178 page PDF) Some perspective for my Intro to IT class
May 23, 2013
Disruptive technologies: Advances that will transform life, business, and the global economy
"Disruptive technologies: Advances that will transform life, business, and the global economy, a report from the McKinsey Global Institute, cuts through the noise and identifies 12 technologies that could drive truly massive economic transformations and disruptions in the coming years. The report also looks at exactly how these technologies could change our world, as well as their benefits and challenges, and offers guidelines to help leaders from businesses and other institutions respond. We estimate that, together, applications of the 12 technologies discussed in the report could have a potential economic impact between $14 trillion and $33 trillion a year in 2025. This estimate is neither predictive nor comprehensive. It is based on an in-depth analysis of key potential applications and the value they could create in a number of ways, including the consumer surplus that arises from better products, lower prices, a cleaner environment, and better health."

This may or may not be useful. I can't get to the URL because it keeps timing out – possibly this report is in high demand OR they are under a Denial of Service attack
May 23, 2013
Report - The Condition of Education 2013
"The Condition of Education 2013 [May 2013] summarizes important developments and trends in education using the latest available data. The report presents 42 indicators on the status and condition of education, in addition to Spotlights that look more closely at 4 issues of current interest. The indicators represent a consensus of professional judgment on the most significant national measures of the condition and progress of education for which accurate data are available."

This is enough to make my geeks giggle...
… Where this becomes practical is if the different operating systems are Live CDs, that is, small operating systems designed specifically to provide maintenance to a computer from outside of the computer’s own operating system. This can be handy if the computer’s own operating system is corrupted through misuse, poor maintenance, or worse, malware.
MultiBootUSB is available on SourceForge and appears to be a pretty popular program for just this kind of task. The MultiBootUSB software is also a portable application, meaning you simply put the MultiBootUSB-6.4.1.exe file onto your USB drive and run it all from the USB drive.
One thing that I immediately noticed is that XBoot has a lot more documentation than MultiBootUSB, which is to say that it has some documentation.
… Installation of XBoot is really easy; double-click the executable file and it opens in seconds. From there it’s quite simple to add your ISOs – just drag and drop them into the main box.
There seemed to be a lot of recommendations for YUMI around the web, so I added it to the crop to be tested
… Once you get to the part where you are adding distributions to your USB stick, YUMI lays out exactly which ones are known to work, as well as where to download the distributions from.

It's kind of a teacher's in-joke...
Integrate iPads Into Bloom’s Digital Taxonomy With This ‘Padagogy Wheel’

Thursday, May 23, 2013

Who guards the guardians? Apparently, DHS was not auditing this vendor nor did the vendor keep access logs. Does not make me feel secure...
Jason Miller reports:
Tens of thousands of current and former Homeland Security Department employees are at risk of identity theft after officials discovered a vulnerability in the vendor’s system for processing background investigations.
All DHS employees working in the headquarters office, for the Customs and Border Protection and for the Immigration and Customs Enforcement components from 2009 to 2013 are the most affected, according to an internal notice sent to employees, which was obtained by Federal News Radio and confirmed by a DHS spokeswoman.
“As a result of this vulnerability, information including name, Social Security numbers (SSN) and date of birth (DOB), stored in the vendor’s database of background investigations was potentially accessible by an unauthorized user since July 2009,” the internal notice stated.
Related: DHS Notice
[From Federal News Radio:
A DHS spokeswoman emphasized there is no evidence [No logs? Bob] that any employee data was stolen or lost.
DHS said it found out about the breach from a law enforcement partner [DHS didn't detect the breach? Bob] and is investigating if the vendor had any data stolen.

Faster detection by the organizaton itself. See DHS, this is how it should be done.
Krister Rollins reports:
The Maine Attorney General’s office is issuing an alert for people who may have used an out-of-state service for buying tickets for shows and other forms of entertainment recently.
The service, Venidini (sic), Inc., has been hacked, exposing financial information for tens of thousands of customers.
Vendini sent a letter to Maine’s Attorney General about the breach. Vendini’s letter says that on March 29th, someone broke into a server that contains the names, addresses, email addresses, credit card numbers and credit card expiration dates of tens of thousands of people, 22,900 Mainers among them.
Read more on WCSH. A statement on Vendini’s blog, posted yesterday, reads:
… We regret to inform you that on April 25, 2013, Vendini, Inc. detected an unauthorized intrusion into its systems.

This is new.
Sue Reisinger writes:
Earlier this month the U.S. Equal Employment Opportunity Commission filed—and quickly settled—its first lawsuit accusing an employer of gathering illegal genetic information during a job applicant’s medical exam. The agency followed it up last Thursday by filing its first class action suit against another employer on similar grounds.
The Genetic Information Nondiscrimination Act went into effect in 2009, and some individuals have sued companies under it. But not until this month did the government take official action to enforce GINA, as the law is called.
“Employers need to be aware that GINA prohibits requesting family medical history,” said David Lopez, general counsel of the EEOC, in a statement. “When illegal questions are required as part of the hiring process, the EEOC will be vigilant to ensure that no one be denied a job on a prohibited basis.”
Read more on Corporate Counsel.
[From the article:
And, according to the law, it doesn’t matter if a company doesn’t know about the medical examiner’s request. In other words, it is the company’s responsibility to make sure any third-party medical examiner it hires doesn’t ask an illegal question.
However, GINA provides a “safe harbor” for employers if they attach language to any request for information from a health care provider that tells the applicant not to answer questions about family or genetic information.

There seem to be a few holes in the planned coverage...
Travelers visiting the US may have to prepare for more hassles at customs: All foreign nationals leaving the country at 30 airports must have their fingerprints taken, according to a new amendment to a planned immigration reform bill.
The amendment, which was approved by the Senate Judiciary Committee in a 13-5 vote, will see departure terminals at major US airports – including JFK, LaGuardia and Newark Liberty – equipped with high-tech systems for fingerprinting foreign nationals and scanning their passports and visas.
Read more on RT.
[From RT:
Currently, foreigners are only required to submit their fingerprints when entering the United States.
Not tracking exits is “a hole in the system,” said Senator Orrin Hatch (R-UT), one of the amendment’s proponents. "Biometric data provides the government with certainty that travelers (and not just their travel documents) have or have not left the country," the Senator’s office said in a statement, according to the Salt Lake Tribune.
The new departure procedure is being introduced in order to prevent foreigners from overstaying their visas. [I must be missing the “prevention” part... Bob]
… Advocates for the provision cite the recent high-profile case of Azamat Tazhayakov. A Kazakhstani, Tazhayakov was a friend of Dzhokhar Tsarnaev, a Boston Marathon bombing suspect, and was charged with obstruction of justice after he allegedly attempted to dispose of possessions belonging to Tsarnaev. Tazhayakov reportedly entered the United States in January on an invalid visa. [Why was it undetected? Shouldn't we fix that hole first? Bob]

Perhaps a new area of Psychology: Data Breach Distress Experts?
In a recently published judgment, the Court said that the Data Protection Act (DPA) does not oblige businesses to pay individuals compensation for distress that causes damage where the distress caused is not attributable to a breach of the Act.
Under section 13 of the DPA a person is generally entitled to compensation if they suffer damage as a result of violations of a section of the DPA by organisations that hold their personal data. Individuals are also generally entitled to compensation from those data controllers if they suffer distress that causes damage.

More coverage than ship based radar, more detail than satelites.
Navy’s High-Flying Spy Drone Completes Its First Flight
… The MQ-4C Triton took off today for the first time from a Palmdale, California airfield, a major step in the Navy’s Broad Area Maritime Surveillance program.
… The Navy even announced it via Twitter.
… The idea is for the Triton to achieve altitudes of nearly 53,000 feet — that’s 10 miles up — where it will scan 2,000 nautical miles at a single robotic blink. ... Its sensors, Northrop boasts, will “detect and automatically classify” ships, giving captains a much broader view of what’s on the water than radar, sonar and manned aircraft provide. Not only that, Triton is a flying communications relay station, bouncing “airborne communications and information sharing capabilities” between ships. And it can fly about 11,500 miles without refueling.

It's always easier to sell a bad idea if you can introduce a bit of misdirection.
"Supporters of the Communications Data Bill (also known as the Snooper's Charter) have lost no time in calling for the Bill to be revived, in response to yesterday's brutal murder of a soldier on the streets of Woolwich, South London. The Bill would have allowed monitoring of all online communications — including who people contact and what websites they visit — but was shelved after Deputy Prime Minister Nick Clegg opposed it, effectively splitting Britain's coalition government on the issue. Now the fear of new terrorism could rekindle support, based on the argument that even 'lone wolf' attackers use the Internet."

Even a non-lawyer can see the government will fight this one tooth and nail...
May 22, 2013
"EFF Takes FOIA Fight Over Secret Wiretaps to the Foreign Intelligence Surveillance Court"
"Today, EFF filed a motion in a secret court. This secret court isn’t in a developing nation, struggling beneath a dictatorship. It’s not in a country experimenting for the first time with a judiciary and the rule of law. And, as Wired recently noted, it’s “not in Iran or Venezuela, as one might expect.” No, the court is here, in the United States (it’s in Washington, D.C., in fact). It’s called the Foreign Intelligence Surveillance Court (or the FISC), and it reviews the federal government’s applications to conduct surveillance in national security cases. It’s comprised of 11 district court judges from around the country, and its opinions and orders are the law of the United States, like other federal courts. But the FISC is different from typical courts in one fundamental way: almost everything about the FISC is secret. In fact, just being able to publicly say that we filed a motion with the FISC is unusual. Most proceedings are done ex parte (in this context, meaning just with the government and the judge), and any non-governmental parties involved in proceedings are typically forbidden from ever disclosing it. Even when the FISC finds that the government has acted illegally, so far, that illegality has been been kept hidden from public scrutiny and accountability. EFF is trying to change that. We filed a lawsuit under the Freedom of Information Act (FOIA) after the Department of Justice refused to disclose a FISC opinion we requested. The FISC opinion held that the government engaged in surveillance that was unconstitutional and violated the spirit of federal surveillance laws. We only know the opinion exists because Senators, like Ron Wyden and Mark Udall, essentially forced the government to publicly acknowledge its existence."

Interesting perspective
What Google Glass Reveals About Privacy Fears
Marketing professionals have learned the hard way that no matter what they do or do not plan to do with consumer information, privacy matters. In part, that's because marketing has always been something of a black art. When an ad appears to speak to a consumer directly, of course, it's likely to be most effective. But that's also the moment when the creepy response kicks in. How did they know what I wanted, perhaps even before I did?
Couple the lack of transparency of marketing generally with the shock of new technology, and you get anxiety over information use that increasingly translates into calls for legislation or regulatory intervention.

Our favorite 'character' in the wacky world of Copyright disputes now becomes a patent troll?
Nyder writes
Techdirt points out that Dotcom isn't just asking for financial help: Instead, he's asking companies which use two-factor authentication "to help fund his defense, in exchange for not getting sued for the patent. He points out that his actual funds are still frozen by the DOJ and (more importantly) that his case actually matters a great deal to Google, Facebook and Twitter, because the eventual ruling will likely set a precedent that may impact them -- especially around the DMCA." Update: 05/23 14:23 GMT by T : Why is this relevant to Twitter? If you're not an active Twitter user, you might not realize that (after some well publicized twitter-account hijackings), the company is trying to regain some ground on security. Nerval's Lobster writes "Twitter is now offering two-factor authentication, a feature that could help prevent embarrassing security breaches. Twitter users interested in activating two-factor authentication will need to head over to their account settings page and click the checkbox beside 'Require a verification code when I sign in.'"

Not sure I understand what is going on here
"According to an announcement on a French government website, police have stopped current searches for missing adults and will not accept new search requests. 'Such 'searches in the interests of the family' were conducted under an administrative procedure almost a century old, introduced to help families separated during the upheavals of World War I to find missing relatives,' according to the French Ministry of the Interior. In a letter to police chiefs announcing the changes, the Ministry advised them to instead 'direct people towards social networks on the Internet, which offer interesting possibilities.'"
[From the article:
… unless there are signs that the person is in danger.
… Requests for the searches have fallen considerably in recent years, and are now most often used to find those behind on alimony payments
… Searches will continue for minors, and for those who disappear in worrying circumstances -- for example those with suicidal intent, or victims of a crime -- as they are conducted under a different procedure.

Might be fun to take a peek...
May 22, 2013, currently in beta test, to eventually replace THOMAS
Library of Congress Magazine: "The Law Library and CRS, working with the Library's web services experts, maintain THOMAS, the Internet-accessible database that makes legislative information-bills, resolutions, treaties and the Congressional Record-available to Congress and the public., a beta website operated jointly by the Library of Congress, the House, the Senate and the other legislative branch sources, provides the same information through mobile devices and eventually will replace THOMAS. The Law Library responds to all queries related to THOMAS and the beta site. "Since the launch of the public legislative information system known as THOMAS in 1995, Congress has relied on the Library to make the work of Congress available to the public in a coherent, comprehensive way," said Rep. Gregg Harper (R-Miss.) at the September 2012 launch of the beta site. "The Library staff has a strong working relationship with the House, Senate and the Government Printing Office, which will enable the Library to successfully develop the next generation legislative information website."

For my Ethical Hackers. Remember to documant your hacks – they may have 'historical significance” some day.
May 22, 2013
Scanned PDFs of about 800 historical documents related to phone phreaking are now available on the Exploding The Phone web site
"While researching the book...Exploding the Phone...Phil Lapsley amassed a bibliographic database of roughly 1,000 documents related to phone phreaking history. You can search this database by typing search terms into the box below. Many (but alas, not all) of the documents are available as scanned PDFs. For more information on what is and isn't in the database, and tips on searching it, please see the search help page."

For my Geeks. Republish government data for fun or profit! Worth reviewing the list. There is a Federal Register searh app, for example. Even some limited PACER access.
May 22, 2013
NextGov: Massive Catalog of Streaming Government Data Set to Launch
NextGov: "Government data officials have nearly completed an exhaustive list of nearly 300 application programming interfaces that will allow outsiders to stream up-to-date information from government agencies straight to their computers, websites and mobile apps. The final version of the federal API catalog will be released Thursday on the government dataset trove to mark the one-year anniversary of the White House’s federal digital strategy, the site’s administrator Jeanne Holm told Nextgov by email Wednesday. A nearly complete version of the API catalog includes hyperlinks to about 280 government APIs, listed individually and broken down by federal department and agency. Holm called the current site a “transparent work in progress.” Officials will continue to add more APIs to the list after Thursday as agencies launch them, she said. An API is essentially computer code that allows one machine to automatically gather updated information from another. A community organization could use the API for a national farmers’ market database recently launched by the Agriculture Department, for instance, to stream information about local farmers’ markets on its website. APIs were a key component of the digital strategy, which required agencies to have at least two of them up and running by the strategy’s one-year anniversary. (The official deadline arguably won’t come for several months because it was also tied to the six-month anniversary of a government open data policy, due in November 2012, that wasn’t published until earlier this month). A major goal for the API program is that private sector and non-profit developers will build mobile apps and other products off of streaming government data about home prices, health outcomes and other topics, either to serve the public, to turn a profit or both. One model for the initiative is the multi-billion industry built off government-gathered Global Positioning System data, which is used by industries ranging from airlines to mobile app developers."

I normally don't teach 'lit-er-a-chore' but I can see myself incorporating one of these into my classes. See if you can guess which one.
5 Good Resources for Teaching & Learning About Shakespeare
Shakespeare Uncovered … a nice resource for helping students understand the things that influenced Shakespeare's writing.
Shakespeare Animated … Some of the animated plays that appear in the Shakespeare Animated playlist are Romeo and Juliet, Hamlet, MacBeth, and The Taming of the Shrew.
Crash Course videos about English literature includes two videos about Romeo & Juliet.
Insults by Shakespeare … In addition to explaining the insults used by Shakespeare the lesson also explores some of Shakespeare's other uses of dialogue.
L.A. Paun used LiveBinders to create and share a nice collection of Shakespeare resources. The LiveBinder has a section for Shakespeare in general and sections devoted to Romeo & Juliet, MacBeth, Hamlet, and Twelfth Night.
Shakespeare's Original Pronunciations could be a good resource to support classroom readings of some of Shakespeare's works. Take the guess work out of the pronunciations by hearing them.

For my Intro to IT students: This is Convergence.
… Our gadgets have also replaced a significant amount of physical objects, to the point where many of us wouldn’t consider buying a product when there is an equivalent piece of software that is up to the task.
In light of this here are a list of things many of you might not consider purchasing ever again.
The Diary
Remote Controls
Trackpad & Mouse
Alarm Clock
The Landline
Notebooks & Scrap Paper

Another onerous task for my Intro to IT students.
… now it’s time to list the best playable Google Doodles released to date. Good Guy Google doesn’t delete these games, so they remain playable long after they appear on the Google homepage

Wednesday, May 22, 2013

Oh darn. Now congress will go into “we gotta do something” mode and overreact while the under think. If (almost) everyone is in compliance, its the standards that are Inadequate.
"Despite warnings that a cyberattack could cripple the nation's power supply, a U.S. Congressional report (PDF) finds that power companies' efforts to protect the power grid are insufficient. Attacks are apparently commonplace, with one utility claiming they fight off some 10,000 attempted attacks every month. The report also found that while most power companies are complying with mandatory standards for protection, few do much else above and beyond that to protect the grid. 'For example, NERC has established both mandatory standards and voluntary measures to protect against the computer worm known as Stuxnet. Of those that responded, 91% of IOUs [Investor-Owned Utilities], 83% of municipally- or cooperatively-owned utilities, and 80% of federal entities that own major pieces of the bulk power system reported compliance with the Stuxnet mandatory standards. By contrast, of those that responded to a separate question regarding compliance with voluntary Stuxnet measures, only 21% of IOUs, 44% of municipally- or cooperatively-owned utilities, and 62.5% of federal entities reported compliance.'"

Kind of a good news, bad news kind of thing.
May 21, 2013
Pew - Teens, Social Media, and Privacy
Teens, Social Media, and Privacy by Mary Madden, Amanda Lenhart, Sandra Cortesi, Urs Gasser, Maeve Duggan, Aaron Smith. May 21, 2013
  • "Teens are sharing more information about themselves on social media sites than they have in the past, but they are also taking a variety of technical and non-technical steps to manage the privacy of that information. Despite taking these privacy-protective actions, teen social media users do not express a high level of concern about third-parties (such as businesses or advertisers) accessing their data; just 9% say they are “very” concerned."

Perhaps the old school guys rely too much on technology they reported on when they started their careers (and which is now hopelessly out of date)
Snow Fail: The New York Times And Its Misunderstanding Of Copyright
You remember Snow Fall, don’t you? It was that awesome interactive reporting piece by The New York Times that everyone talked about for a week.
It even won a Webby! (Oh yeah, and a Pulitzer.)
The New York Times spent months and had an entire team working on the creation of Snow Fall, and it shows. But what if I told you that you could recreate the same interactive experience in just about an hour? You’d like that, wouldn’t you?
Well, The New York Times wouldn’t.
Cody Brown, co-founder of interactive web design tool Scroll Kit, did just that.
He recreated the Snow Fall piece using Scroll Kit to show that you didn’t need an army of developers or designers to create the same type of interactive storytelling.
… The video lived there for about a month, Brown tells me, before receiving a letter from The New York Times legal team, demanding that the video be taken down.

Interesting to compare Florida with Colorado. Florida must be really screwed up... Or perhaps Colorado is?
May 21, 2013
Directory of Oversight Agencies
Association of Inspectors General - John Jay College of Criminal Justice: Directory of Oversight Agencies

For my computer security students
"The Microsoft Digital Crimes Unit has been spearheading botnet takedowns and other anti-cybercrime operations for many years, and it has had remarkable success. But the cybercrime problem isn't going away anytime soon, so the DCU is in the process of building a new cybercrime center here, and soon will roll out a new threat intelligence service to help ISPs and CERT teams get better data about ongoing attacks. Dennis Fisher sat down with TJ Campana, director of security at the DCU, to discuss the unit's work and what threats could be next on the target list."

Tuesday, May 21, 2013

How big a straw is this on the “Let's not go to war again” camel?
"Government institutions are among the targets of an attack on Pakistani bodies, which originates in India, according to reports. The campaign is using vulnerabilities in Microsoft software to install the HangOver malware, according to Norwegian security firm Norman Shark (PDF). From the article:
'In the attacks on Pakistani organizations, spear phishing emails were sent out purporting to contain information on "ongoing conflicts in the region, regional culture and religious matters," according to Norman.
Norman could not provide direct attribution to the attacks, but its report did note the following: "The continued targeting of Pakistani interests and origins suggested that the attacker was of Indian origin." Snorre Fagerland, principal security researcher in the Malware Detection Team at Norman, told TechWeekEurope it appeared Pakistani government bodies had been attacked.'"

Why would this information be online? I can see a need for parts of the subpoenas you are currently working on, but why keep all of them online?
Ellen Nakashima reports:
Chinese hackers who breached Google’s servers several years ago gained access to a sensitive database with years’ worth of information about U.S. surveillance targets, according to current and former government officials.
The breach appears to have been aimed at unearthing the identities of Chinese intelligence operatives in the United States who may have been under surveillance by American law enforcement agencies.
Read more on Washington Post.
[From the article:
The database included information about court orders authorizing surveillance — orders that could have signaled active espionage investigations into Chinese agents who maintained e-mail accounts through Google’s Gmail service.

When the “government before citizens” folks are in charge, “wrongs overrule rights.”
Feds Tracked Reporter’s Movements, Personal E-Mail in Criminal Conspiracy Investigation
In an effort to unmask a leaker who fed a reporter classified information about North Korea, FBI investigators tracked the journalist’s movements in and out of a government building, obtained copies of e-mails from his personal account and also took the unprecedented step of alleging that the reporter engaged in a criminal conspiracy simply for doing his job.
Investigators tracked the reporter’s movement using security badge access records as he left and returned to the State Department’s headquarters in Washington, DC, and also obtained two days’ worth of e-mail correspondence from his Gmail account.
The FBI took the aggressive steps in 2009 against Fox News reporter James Rosen, the news outlet’s chief Washington, DC correspondent, over a story Rosen published online in June that year, according to the Washington Post.
Never in the history of the Espionage Act has the government accused a reporter of violating the law for urging a source to disclose information,” Ben Wizner, director of the ACLU’s Speech, Privacy and Technology Project said in a statement. “This is a dangerous precedent that threatens to criminalize routine investigative journalism.”
… According to the affidavit (.pdf), FBI Agent Reginald Reyes told the judge there was probable cause to believe that Rosen had violated the Espionage Act by serving “as an aider, abettor and/or co-conspirator” in the leak. The federal judge found there was probable cause to believe that Rosen was a co-conspirator and approved the warrant.

May 20, 2013
DOJ IG Report of Investigation Concerning the Improper Disclosure of DOJ Information to a Member of the Media
  • "...In Section II of this report, we provide background information about the Dodson memorandum and the Department policies that govern the disclosure of information to the media by Department officials, including U.S. Attorneys. Section III describes our factual findings concerning the disclosure of the Dodson memorandum. We also include in this section a description of relevant information the Department learned during its review of another disclosure to the media in the summer of 2011 of confidential Department information relating to Operation Fast and Furious. Section IV sets forth our analysis and conclusions."

The ayes have it! (But is the language too restrictive?)
California continues to lead the way in protecting consumers whose data have been breached. By a vote of 37-0-1 last week, the Senate passed S.B. 46, a bill introduced by Senator Ellen Corbett.
The bill amends existing law to expand required notification to situations involving access to an online account. The law would still incorporate an acquisition standard as a trigger for notification, but the definition of personal information is amended to replace “username, password” with “(2) A user name or email address, in combination with a password or security question and answer that would permit access to an online account.”
The bill now moves to the House.

Must have missed this. I wonder if it is still downloadable at their website? (Yes, they are!)
By Dissent, May 20, 2013 1:48 pm Via PPR:
Tonight “The Willis Report” starts an investigative series titled “Medical Privacy Week.” The opening night will feature Patient Privacy Rights’ Founder, Dr. Deborah Peel, and Marc Rotenberg, Executive Director of the Electronic Privacy Information Center. Tomorrow the show features Pam Dixon with the World Privacy Forum. This is the first series on national TV news to examine Americans’ lack of control over their sensitive electronic health information, from prescription records to DNA to diagnoses.
Date: Monday, May 20, 2013 Time: 6:00pm ET / 5:00pm CT
Please check your local listings or use the Fox Business Channel Finder

The current (May) issue of Harvard Law Review has papers from a Privacy and Technology Symposium. You can download the full papers from the links below:
Introduction: Privacy Self-Management and the Consent Dilemmas Daniel J. Solove
What Privacy is For Julie E. Cohen
The Dangers of Surveillance Neil M. Richards

Bad lawyers! Bad, bad lawyers!
rudy_wayne writes with news that the Prenda lawyers recently sanctioned by a federal judge are starting to face consequences. From the article:
"On Friday, Paul Hansmeier, a Minnesota attorney who has been pointed to as one of the masterminds of the Prenda copyright-trolling scheme, filed an emergency motion to stay the $81,000 sanctions order while he and his colleagues could mount an appeal. Today the appeals court flatly denied his motion. Two appellate judges signed this order, and it gives Hansmeier the option to make a plea for delay with the district court judge. That would be U.S. District Judge Otis Wright, the judge who sanctioned Hansmeier in the first place. Hansmeier is also getting kicked off a case he was working on that was totally unrelated to Prenda's scheme of making copyright accusations over alleged pornography downloads. On Friday, the 9th Circuit Commissioner ordered Hansmeier, in no uncertain terms, to withdraw from a case involving Groupon since he has been referred to the Minnesota State Bar for investigation. The commissioner has delayed Hansmeier's admission to the 9th Circuit because of Wright's order, which refers to Wright's finding of 'moral turpitude.'"

Told ya!
"Had Locked Down: Information Security for Lawyers not been published by the American Bar Association (ABA) and 2 of its 3 authors not been attorneys; one would have thought the book is a reproach against attorneys for their obliviousness towards information security and privacy. In numerous places, the book notes that lawyers are often clueless when it comes to digital security. With that, the book is a long-overdue and valuable information security reference for anyone, not just lawyers."
… A pervasive aspect of the book is ABA rule 1.6 regarding the confidentiality of information regarding client-lawyer relationships.

For my Intro to IT students. A Swiss Army Tool for tour Swiss Army folder on your thumb drive...
… Ubiquitous Player is a completely portable application that runs on any version of Windows from XP onward. It’s 100% free and even works on tablet or touchscreen devices. This application aims to serve every purpose of your daily PC routine. It’s packed with a media player, image viewer, file manager, text editor, browser, bookmark manager, notes keeper, calculator, color picker, screenshot tool, clipboard monitor, and even more.

Perspective for my Intro to IT students. Infographic
The Digital Footprint Of 3 Different Generations
… We currently create 5 billion gigabytes worth of data every two days. By 2014 we will create that every 10 minutes.

I was thinking of reprinting (in nice leather with gold tipped pages) “The Care & Feeding of Waterbuffalo” NOTE: It does look like they have some interesting stuff on law, education, etc.
May 20, 2013
UNESCO to make its publications available free of charge as part of a new Open Access policy
New Policy: "UNESCO will make its digital publications available to millions of people around the world free-of-charge with an open license. Following a decision by the Organization’s Executive Board in April, UNESCO has become the first member of the United Nations to adopt such an Open Access policy for its publications. The new policy means that anyone will be able to download, translate, adapt, distribute and re-share UNESCO publications and data without paying."
[From the UNESCO website:
Contains over 130 000 free downloadable documents in six official languages covering all UNESCO fields of competence since 1945 and publications edited by the Organization.

Hey, why not... (I like the first one: 'Advice for Liberal Arts majors')
Strategic Humor: Cartoons from the June 2013 Issue

Monday, May 20, 2013

I didn't think this was worth posting about, but it seems TerraCom has never heard of the Streisand Effect.
More on the Lifeline breach involving TerraCom and its affiliate YourTel America:
Scripps Howard News Service has its report on the breach here, and has also published a companion piece with video of how they discovered the breach. As reported previously, Scripps reports that when notified of the leak, TerraCom had accused Scripps of accessing the records illegally.
At least two states are now investigating the breach. According to Scripps:
The Indiana attorney general’s office, responding to Scripps’ reporting, has launched an investigation into the release of TerraCom applicants’ personal records. The Texas attorney general’s office is also making inquiries about the publicly posted information.
Indiana and Texas have the highest numbers of applicants potentially at risk — 17,419 and 10,799, respectively — a partial analysis of the records shows.
According to Scripps, personal information used to verify eligibility for the federally supported Lifeline program was not supposed to have been retained. If it turns out TerraCom was retaining the information, that’s a serious matter apart from the inadequate security that led to the leak. And blaming the entity that discovers and reports the breach will likely backfire. your phone listens for voice commands or like Shazam listens to music.
"Lights, sounds and magnetic fields can be used to activate malware on phones, new research has found. The lab-style attacks defined in a paper (PDF) used pre-defined signals hidden in songs and TV programmes as a trigger to activate embedded malware. Malware once activated would carry out programmed attacks either by itself or as part of a wider botnet of mobile devices."

Something for my Ethical Hackers?
May 19, 2013
Technology Review - What Happened When One Man Pinged the Whole Internet
  • "HD Moore’s census involved regularly sending simple, automated messages to each one of the 3.7 billion IP addresses assigned to devices connected to the Internet around the world (Google, in contrast, collects information offered publicly by websites). Many of the two terabytes (2,000 gigabytes) worth of replies Moore received from 310 million IPs indicated that they came from devices vulnerable to well-known flaws, or configured in a way that could let anyone take control of them. On Tuesday [April 23, 2013], Moore published results on a particularly troubling segment of those vulnerable devices: ones that appear to be used for business and industrial systems. Over 114,000 of those control connections were logged as being on the Internet with known security flaws. Many could be accessed using default passwords and 13,000 offered direct access through a command prompt without a password at all."