Saturday, June 08, 2013

More on the Kerfuffle-du-jour...
More From the 'Leaked Document' File: Obama's Cyber-Attack Directive
The Guardian has just posted a new revelation about top-secret U.S. government activities, based on a new leaked document: a directive that President Obama, late last year, sent to senior national security and intelligence officials. The directive orders them to, among other things, create a list of potential overseas targets for U.S. cyber-attacks.
The 18-page, classified document, Presidential Policy Directive 20, was issued in October 2012. (It was discussed in a November article in The Washington Post, but not published until now.) The memo was sent to Joe Biden, Hillary Clinton, and pretty much every other high-ranking member of the Executive branch, and it proposes what it calls Offensive Cyber Effects Operations (OCEO) -- essentially, a plan for strategic cyber-attacks against other countries, carried out abroad and, potentially, within the U.S.

(Related) Reliance on technological information rather than boots on the ground was cited as one of the intelligence failures of 9/11. Looks like they continued in the techie direction.
Imagine an intelligence brief that starts, “Someone at 202-456-1414 called someone at 303-866-2471 and talked for seven minutes. One hour later, someone at 303-866-2471 called someone at 202-456-1414 and they talked for three minutes. Then suspect 303-866-2471 immediately called 303-398-2500 which we know is the number for Extreme Pizza. The 82nd Airborne is being deployed to Denver...”
7 Unanswered Questions About PRISM (Such As, How Could It Only Cost $20 Million?)
… The PowerPoint indicated that "the new tool [was] the most prolific contributor to the President's Daily Brief, which cited PRISM data in 1,477 items last year," making it the "raw material" for "nearly 1 in 7 intelligence reports," according to the Post. Yet it supposedly only costs $20 million a year to operate.

(Related) “Don't worry, I know all about it and it's okay. Trust me.”
NSA snooping has foiled multiple terror plots: Feinstein
… Sen. Dianne Feinstein did not specify how many attempted attacks had been prevented, or the nature of the threats, but the California Democrat said there had been more than one.

(Related) If not, why not?
Is This Who Runs Prism?

Government Surveillance: The Essential Reading List
A collection of reports and analyses to get you caught up on this week's scandals

A first shot at a Complete History of CyberWar?
Silent War
On the hidden battlefields of history’s first known cyber-war, the casualties are piling up. In the U.S., many banks have been hit, and the telecommunications industry seriously damaged, likely in retaliation for several major attacks on Iran. Washington and Tehran are ramping up their cyber-arsenals, built on a black-market digital arms bazaar, enmeshing such high-tech giants as Microsoft, Google, and Apple.

Applying the results of your Big Data analysis... (Well, I find it interesting.) Qantas has something to teach anyone holding your dossier.
When Digital Marketing Gets Too Creepy
The digital marketer who effectively runs Qantas Airlines' highly regarded — and very successful — loyalty program has an unusual iPad problem. Flight attendants on Australia's flagship carrier can now get up-to-the-minute data on the airline's most elite and valued frequent flyers displayed on their onboard tablets. The information is useful, helpful and the app was a digital innovation actually sought by Qantas staff.
The unhappy catch? Too many flight attendants sounded like they were reading from a script when using this information with these valued customers. They couldn't smoothly incorporate the customized data to authentically connect with their frequent flyers. Instead of making their best customers feel special, the data-driven app too often creeped them out.

How does Apple (a company that leaves prototype iPhones in bars) protect itself before applying for a patent? Also, crossindex under Industrial Espionage.
… you will probably want to know an awful or awesome secret, depending on your perspective: the iPhone 5 has a cheap knock-off that’s almost indistinguishable from the real thing.
… The GooPhone became a legal brand when a Chinese firm acquired leaked photos of the iPhone 5 before Apple filed a patent on the design. The GooPhone’s makers then hurriedly manufactured and patented the design before Apple. This revealed deep issues with the US patent system as well as international intellectual property laws.
… Our readers will likely feel a sense of surprise when they hear about the price of a 32GB dual-core Android phone — $150, and that’s at the higher end of the price spectrum. If a buyer purchases in bulk, it’s possible to acquire a similar model for $50 each.
… Are iPhone replicas as good as the real thing? Definitely, not. But should you buy one? That answer depends entirely on your opinion on international intellectual property rights law. Essentially, what GooPhone did was technically legal in Chinese courts, but ethically barren. Even so, the end product is shockingly quite good for the price.

How clever are my students, really?
The web is a great place to find bargains, but these days there just seems to be so many of them. While you’re browsing Amazon for the latest eBooks that have been marked as free, some great music might be available on iTunes to download for a similar price. You might just miss out if you’re not fast.
… Perhaps the best way to stay informed of special offers online is to embrace IFTTT, the popular data combination service that allows you to process data from websites and RSS feeds into something useful for you.
… The process is simple. Using a trigger (If This), you can then specify an action (Then That) which will be saved as a “recipe” and used by you and shared with other IFTTT users.
When it comes to using recipes that are already setup by other users, all you need to do is view the recipe’s description page, check it does what you want it to do, and click Use Recipe – IFTTT will do the rest!
More information about using IFTTT can be found in How To Create Your Own IFTTT Recipes For Automating Your Favorite Sites & Feeds.
Free Books!
If you have a Kindle, Nook or corresponding tablet/smartphone apps, the following recipes might prove extremely valuable to you.
First of all, if you use Kindle and want to bump up your library, this recipe sends an email when a free title is added to the Kindle Top 100 Free eBooks list. Similar recipes can be found for books in particular genres such as sci-fi or romance.
Barnes and Noble releases free eBooks most Fridays, and this recipe sends an email when the Nook blog is updated with a list of free titles. Another great way to increase your library!
If you’re less of a reader and more of a listener, meanwhile, this recipe will alert you to free audiobooks when they are released on iTunes.
… For iPad users looking for a bargain – namely premium apps reduced to free – you could use this very useful recipe that informs you when links to apps that have been discounted to $0.
The AppShopper recipe is no good for finding brand new, free apps however. For this task, you will need to employ a different recipe, one that uses Apple’s RSS feed to report new free apps to you by email.
Similarly, another recipe will send details of the iOS Free App of the Week directly to your email inbox
… Here’s a great selection of IFTTT recipes that alert you when free music is available:
Finally, if you use Dropbox and, this recipe will save free music to Dropbox based on the your recommendations.
… I’ve developed my own eBay-based IFTTT recipe that generates around £30 a month,

I feel a project coming on... Students! Make me a movie!
… A screencast, also known as a video screen capture, is a recording of your computer screen outputted in video format. In other words, a screencast is to a screenshot as a video is to a photo. It can include the audio sounds from your computer, or a voiceover using a microphone, or both.

I've got to get something like this so I don't miss “National Donut Day” (which was yesterday) next year. An early reminder and a visit to, enter my zipcode and I can plot a multi-stop trip to work with a free donut at each stop!
… Holiline Reminder is a freeware desktop application for computers running Windows. The app comes in an archive sized at nearly 7 MB. The app’s function is to let you set up reminders for any upcoming holidays in your taskbar.
Related: BirthdayAlarm.

Friday, June 07, 2013

As expected, Verizon was not alone. This is only a few of the articles flooding the newsfeeds.
NSA taps in to user data of Facebook, Apple, Google and others, secret files reveal
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
The NSA access is part of a previously undisclosed program called PRISM, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.
The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims "collection directly from the servers" of major US service providers.
Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.
In a statement, Google said: "Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data." [Why use a back door when you have a key to the front door? Bob]
… Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.
Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.
It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.
… A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.

(Related) A little gasoline for the fire
In the wake of last night’s revelation that everyone in the world has a creepy NSA-shaped stalker, defenders of online liberty and generally angry internet people Anonymous have leaked a treasure trove of NSA documents, including seriously important stuff like the US Department of Defense’s ‘Strategic Vision’ for controlling the internet.
The documents — 13 in total — were posted online, along with an accompanying message full of the normal Anonymous bluster: people won’t be silenced, they have the memory of trivia-master elephants, the governments of the world will fall, your average press release really.

(Related) How does this help?
US declassifies phone program details after uproar
Moving to tamp down a public uproar spurred by the disclosure of two secret surveillance programs, the nation's top intelligence official is declassifying key details about one of the programs while insisting the efforts to collect America's phone records and the U.S. internet use of foreign nationals overseas were legal, limited in scope and necessary to detect terrorist threats. [...and we haven't seen a single terrorist since we started doing this! Bob]

How Americans Got Used To Surveillance
The last detailed new revelation of a domestic surveillance program came on December 16, 2005, when the New York Times published an article it had held, at the Bush Administration’s request, for months: “Bush Lets U.S. Spy on Callers Without Courts.”
The public reacted with a shrug: It was the age of terror, and the program was directed at monitoring specific terror suspects. “Americans Taking Abramoff, Alito and Domestic Spying in Stride,” was the headline on the Pew Poll in January of 2006.
There was good reason to think even then — as Glenn Greenwald conclusively reported Wednesday, more than seven years later — that the National Security Agency is scooping up pretty much all of our phone calls. And there was good political reason that the government has fought so hard to keep that program — widely enough known that one imagines professional terrorists are on to it — secret.

(Related) “A TIA by any other name would stink as much.” Willy S.
Welcome to the era of Total Information Awareness and ain't it grand?
The problem isn't the National Security Agency. It's the Patriot Act and what it represents as we watch the modern surveillance state take shape -- in secret.

You Have No Control Over Security on the Feudal Internet
Facebook regularly abuses the privacy of its users. Google has stopped supporting its popular RSS feeder. Apple prohibits all iPhone apps that are political or sexual. Microsoft might be cooperating with some governments to spy on Skype calls, but we don't know which ones. Both Twitter and LinkedIn have recently suffered security breaches that affected the data of hundreds of thousands of their users.
If you've started to think of yourself as a hapless peasant in a Game of Thrones power struggle, you're more right than you may realize. These are not traditional companies, and we are not traditional customers. These are feudal lords, and we are their vassals, peasants, and serfs.

(Related) Perhaps this doesn't bother politicians because they know “everybody does it!” Although the Chinese will protest that it really wasn't them, it was a 12-year-old from Cleveland who spoofed a Chinese web address
Chinese hackers reportedly stole Obama and McCain documents
On the eve of President Barack Obama's high-level meeting with Chinese President Xi Jinping, U.S. intelligence officials have revealed that a slew of documents and e-mails were stolen during the 2008 presidential campaign from both the president and then GOP presidential candidate John McCain. Officials are accusing China's government for the hack.
According to NBC News, officials said that they first detected the major cyberattack in the summer of 2008 and were then able to trace the culprits back to China.

Perspective Corporations can ban technology before it is released, but Congress waits until the voters are aroused before they think about holding hearings to consider new laws.
Google Glass in casinos? Don't bet on it
Eyeglasses that would let users snap a photo or shoot a video with a slight head movement are being banned in gambling establishments across the U.S.

In time for summer! Similar devices could help guide my pool game, kendo, sniper training, you name it.
Crave giveaway: SwingTip golf gizmo for analyzing your game
… The SwingTip from Mobiplex is a tiny 3D Bluetooth motion sensor device that clips on to your golf club and transmits real-time swing analysis to your smartphone or tablet. The sensor pairs with a free mobile app for Android or iOS that reproduces a 3D photo-like animation of your swing along with performance metrics like swing speed, tempo, and path, and where the ball's hitting your club.
The apps also let you sync your data to the cloud, where you can view performance trend reports on your personal MySwingTip Web page.

Thursday, June 06, 2013

What can I say? When they're right they're right.
"Huang Chengqing, China's top internet security official, alleged that cyberattacks on China from people in the U.S. are as serious as those from China on the U.S. 'We have mountains of data, if we wanted to accuse the U.S., but it's not helpful in solving the problem.' Huang, however, does not necessarily attribute them to the U.S. government just because they came from U.S. soil, and he thinks Washington should extend the same courtesy. 'They advocated cases that they never let us know about. Some cases can be addressed if they had talked to us, why not let us know? It is not a constructive train of thought to solve problems.' In response to the recent theft of U.S. military designs, he replied with an observation whose obviousness is worthy of Captain Hammer: 'Even following the general principle of secret-keeping, it should not have been linked to the Internet.'"
A few experts think China's more cooperative attitude has come about precisely because the U.S. government has gone public with hacking allegations.

They have got to be kidding, right? What is the 'per PC' cost in the US?
Government £6,000 per year per desktop spend a frightening insight into public sector IT
The government has always faced criticism that its IT is slow, unwieldy, inflexible, unnecessarily complex and overpriced. It’s one thing when you face this criticism from your rivals, the press or members of the public – but you know you’ve reached a dire point when it’s your own chief operating officer (COO) twisting the knife.
At a government spending review attended earlier this week by V3, the government’s new COO Stephen Kelly shed some light into the world of technology at Whitehall and across the public sector.
“I came into the office and I pressed my PC and it took me seven minutes to boot up,” he told attendees. “That’s government in the old world, that’s three days of the year I waste of my time booting up.”
… Aside from the huge waste in productivity outlined by Kelly, the government seems to be throwing huge amounts down the drain maintaining this outdated kit. The COO said he thought the cost of a single desktop PC was around £6,000 per year – for which he could go and buy 10 Apple iPads.
… According to my estimations – verified by a CIO – this figure should be less than £1,000 per year taking into account the cost of the hardware, office suite, and support and server costs over a three-year period, so it looks like the government is getting completely swindled by their PC supplier – or Kelly needs to go back and re-sit his maths GCSE.

What does this help them find? If they are not looking for anything specific, they have to examine every link as possibly hostile.
UK Guardian – Verizon forced to hand over telephone data – full court ruling
“The US government is collecting the phone records of millions of US customers of Verizon under a top secret court order. Read the Foreign Intelligence Surveillance Court order.”
[From the Guardian:
Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.

(Related) Did anyone think they would say, “Oops, we goofed!” There is a lot you can learn after the event, but detecting threats before they occur is much more difficult.
White House defends collecting phone records
The White House on Thursday defended the National Security Agency's need to collect telephone records of U.S. citizens, calling such information "a critical tool in protecting the nation from terrorist threats."
While defending the practice, a senior Obama administration official did not confirm a newspaper report that the NSA has been collecting the telephone records of millions of U.S. customers of Verizon under a top secret court order.

What exactly does DHS expect to find when they search a device at the boarder? Anyone too stupid to email their files across the boarder probably deserves to be caught.
What records are kept of the results of 'intuition and hunch?' Are the results better than for searches based on psychological “tells?” or random searches for that matter... Does DHS even care what works best?
DHS Watchdog: ‘Intuition and Hunch’ Are Enough to Search Your Gadgets at Border
The Department of Homeland Security’s civil rights watchdog has concluded that “intuition and hunch” are among the primary reasons why it is “inadvisable” to establish constitutional safeguards protecting travelers’ electronics from being searched for any reason along the U.S. border.
The DHS, which secures the nation’s border, on Wednesday released a redacted report of its “Civil Rights/Civil liberties Impact Assessment” (.pdf) pertaining to border searches of electronic devices, including laptops and mobile phones. In February, the DHS disclosed an executive summary of the 21-page report, concluding then that “imposing a requirement that officers have reasonable suspicion in order to conduct a border search of an electronic device would be operationally harmful without concomitant civil rights/civil liberties benefits.”

Perspective Has the next generation (SmarterPhones) become available? And when will we get “Smarter than their owner” phones?
Pew – Smartphone Ownership 2013
Smartphone Ownership 2013, by Aaron Smith, June 5, 2013
“For the first time since the Pew Research Center’s Internet & American Life Project began systematically tracking smartphone adoption, a majority of Americans now own a smartphone of some kind. Our definition of a smartphone owner includes anyone who says “yes” to one—or both—of the following questions:
  • 55% of cell phone owners say that their phone is a smartphone.
  • 58% of cell phone owners say that their phone operates on a smartphone platform common to the U.S. market.”

Worth mentioning to my students?
"Did you buy an Acer laptop with Vista and less than 1 GB of RAM? The company has a thumb drive it would like to send you. Did you get an unwanted text from Papa John's? The company would like to make it up with you with $50 worth of free pizza. These and other little rewards are available as a result of class action lawsuits that have wound their ways through the court systems and now, years later, are paying off for very large groups of tech users."
I wonder how many USB drives the lawyers took as their share.

Some students may find this useful. I seem to recall similar sites for teachers. Perhaps we could get a full Computer Forensics site this way?
"Q. What do Chris Brown and Steve Ballmer have in common? A. They both want you to Beg for It. GeekWire reports that Microsoft is touting its new Chip In program, a crowdfunding platform that allows students to 'beg' for select Windows 8 PCs and tablets that they can't afford on their own. Blair Hanley Frank explains, 'Students go to the Chip In website and choose one of the 20 computers and tablets that have been pre-selected by Microsoft. Microsoft chips in 10% of the price right off the bat, and then students are given a link to a "giving page" to send out to anyone they think might give them money. Once their computer is fully funded, Microsoft ships it to them.' Hey, what could go wrong?"

For my Ethical Hackers looking for that perfect graduation gift.
"The Today Show had a piece this morning showing video of thieves apparently using a small device to open and enter cars equipped with keyless entry. Electronic key fobs, which are supposed to be secure, are replacing keys in more and more new cars, but the evidence suggests that a device has been developed which effortlessly bypasses this security (at least on certain makes and models). 'Adding to the mystery, police say the device works on some cars but not others. Other surveillance videos show thieves trying to open a Ford SUV and a Cadillac, with no luck. But an Acura SUV and sedan pop right open. And they always seem to strike on the passenger side. Investigators don't know why.' Police and security experts say they are 'stumped.'" [Never a good sign Bob]

Wednesday, June 05, 2013

Send a copy to your CEO immediately!
Does Your CEO Really Get Data Security?
… First off, if the company doesn't have a CSO and the chief executive thinks the "S" has something to do with sustainability, just fire him. If it does have a CSO and the CEO chooses to eliminate that position, do the same thing, because it's the wrong answer. While you're firing him, inform the CEO that data security is the number one critical need for U.S. corporations today, and that the CSO is kind of like the chairman of the joint chiefs of staff. You wouldn't get rid of the chairman of the joint chiefs in wartime.

(Related) Not so sure I would endorse any of these...
Four Things the Private Sector Must Demand on Cyber Security

This Facebook App could become the next be “Piracy” tool.
Facebook App ‘Pipe’ Bets Big on File Sharing
After more than a year of beta testing, a Berlin startup’s sophisticated new Facebook app will launch today. The app, Pipe, melds peer-to-peer technology with your social graph to enable a cutting-edge new way to share… files?
Indeed, Pipe will be the only file transfer utility on Facebook. It allows two friends to send files of up to 1GB — 40 times the maximum attachment size on Gmail, Yahoo Mail, and Hotmail — by simply dragging and dropping them into Pipe. If one of the friends is offline, Pipe can keep the file in an online locker.

The pendulum of justice swings back...
Declan McCullagh reports:
Jeffrey Feldman has won a reprieve from a federal court order that had given him until today to decrypt his hard drives for the FBI — or face contempt of court.
A federal judge in Wisconsin today granted an emergency motion filed by Feldman’s attorney for additional time to establish that her client’s Fifth Amendment right to self-incrimination would be violated.
Read more on CNET.
[From the article:
Shellow also argued that the decryption order was improper because the previous proceedings were held before a magistrate judge with only prosecutors -- not defense counsel -- permitted to attend.
… Banner said agents did find evidence that suggested Feldman was using a peer-to-peer program called eMule to exchange files with titles suggestive of child pornography.
While the U.S. Supreme Court has not confronted the topic of the Fifth Amendment and encryption, a handful of lower courts have.
A federal judge in Colorado ruled last year that a woman accused of being involved in a mortgage scam would have to decrypt her laptop. A Vermont federal judge reached the same conclusion in 2009.
But in March 2010, a federal judge in Michigan ruled that Thomas Kirschner, facing charges of receiving child pornography, would not have to give up his password. That's "protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination," the court ruled (PDF).

What would be the point other than, “Maybe we can find something we didn't know about!” Do they look at every student's social media or do they just single some out for additional review?
Hannah Taylor reports:
Many employers request various social media sites before hiring a new employee, but should universities and colleges have those same liberties?
The Oregon House of representatives passed legislation on June 3 to protect the rights and privacy of college students. Senate Bill 344A, a bill that prevents colleges and universities from accessing private student and faculty social media pages. The House and Senate in Salem passed the bill with bipartisan support, and is now ready for a signature from the governor.
Read more on Daily Emerald.

Would the same argument apply to fingerprints and mug shots? Was there a similar argument when they were adopted or was that before we cared about such things? i.e. pre-Brandeis
There’s already been a lot of commentary around the Internet on SCOTUS’s ruling in Maryland v. King on warrantless DNA collection. But if you haven’t seen this, read this analysis by Hanni Fakhoury and Jennifer Lynch of EFF:
You lost some important Fourth Amendment protection when the Supreme Courtruled yesterday in Maryland v. King that the police can take a DNA sample from an arrestee without a search warrant for purposes of general law enforcement rummaging.
The court was reviewing the constitutionality of Maryland’s practice of collecting DNA from all arrestees — without a search warrant or any individualized suspicion that the DNA will lead to evidence of a crime.
Read more on EFF.

Missed the notice for this one...
Privacy Law Scholars Conference
The PLSC aims to assemble a wide array of privacy law scholars and practitioners from around the world to discuss current issues and foster greater connections between academia and practice.

Copyright kills another deal? Perhaps it is time for 'open source' journals.
"Disagreement between scientists and publishers has grown on a thorny issue: how to make it easier for computer programs to extract facts and data from online research papers. On 22 May, researchers, librarians and others pulled out of European Commission talks on how to encourage the techniques, known as text mining and data mining. The withdrawal has effectively ended the contentious discussions, although a formal abandonment can be decided only after a commission review in July. Scientists have chafed for years at limitations on computer-aided research. They would like to use computer programs to crawl over thousands or millions of articles and other online research content, extracting data to build up databases or to pick out patterns such as associations between genes and diseases. But in many parts of the world, including Europe (though perhaps not in the U.S. — the situation is unclear), this sort of use currently requires permission from the content's copyright owner. Even if an institution has paid to access a journal, its academics do not necessarily have permission to mine the text."

I seem to recall a “museum?” that keeps copies of old software. Could you access their software for a fee? Is there a viable business model here somewhere?
"Vinton Cerf is warning that digital things created today — spreadsheets, documents, presentations as well as mountains of scientific data — may not be readable in the years and centuries ahead. Cerf illustrates the problem in a simple way. He runs Microsoft Office 2011 on Macintosh, but it cannot read a 1997 PowerPoint file. 'It doesn't know what it is,' he said. 'I'm not blaming Microsoft,' said Cerf, who is Google's vice president and chief Internet evangelist. 'What I'm saying is that backward compatibility is very hard to preserve over very long periods of time.' He calls it a 'hard problem.'"
We're at an interesting spot right now, where we're worried that the internet won't remember everything, and also that it won't forget anything.

For my graduating students...
Today, if you can just motivate yourself to self-learn, there are many ways to reach the promised land of knowledge. Free education is all around us.
Open Courseware Consortium is a free and open digital publication of high quality educational materials for colleges and universities. It also means free education from some of the best universities in the world.
Catch the entire list of participants.
Skilled Up is trying to position itself as an educational search engine as well as a portal to “portals of wisdom” that is accessible on the web today. Searching for online courses with the help of the engine gives you free and paid courses and tutorials. Skilled Up lists nearly 73,000 courses.
Redhoop You can go through the catalog of courses or use the educational search engine on the homepage.

Victims students in my Intro to IT class are getting a crossword puzzle midterm exam today, Maybe I'll use this for their final?
EQuizShow is a simple and free site that lets teachers design Jeopardy-type games online. This tool lives completely in the cloud, letting your create quiz shows and input your questions and answers within minutes.
Similar Tools: Quizmaker, Blubbr, and Quizslides

Tuesday, June 04, 2013

I wish I could say this was the first “shocking lack” I had ever reported. This relates to the ATM cash withdrawal incident. (Note that if this had been a CyberWar exercise by a state actor, passing some information to a criminal gang along with instructions on how to withdraw cash from ATMs would shift blame to them. Just saying...)
More fascinating reporting by Brian Krebs:
A 2011 hacker break-in at banking industry behemoth Fidelity National Information Services (FIS) was far more extensive and serious than the company disclosed in public reports, banking regulators warned FIS customers last month. The disclosure highlights a shocking lack of basic security protections throughout one of the nation’s largest financial services providers.
Read about it on
[From the article:
FIS management now recognizes that the security breach events of 2011 were not just a pre-paid card fraud event, as originally maintained, but rather are that of a broader network intrusion.”
Indeed, the FDIC’s examiners found that there was scarcely a portion of the FIS network that the hackers did not touch.

For my Ethical Hackers: Using the other guy's program means you don't leave any “programming fingerprints” during your attack. (Also see: False Flag)
American Gets Targeted by Digital Spy Tool Sold to Foreign Governments
The email appeared to come from a trusted colleague at a renowned academic institution and referenced a subject that was a hot-button issue for the recipient, including a link to a website where she could obtain more information about it.
But when the recipient looked closely at the sender’s email address, a tell-tale misspelling gave the phishing attempt away — the email purported to come from a professor at Harvard University, but instead of, the email address read “”. [Always use your spell checker! Bob]
Not exactly a professional con-job from nation-state hackers, but that’s exactly who may have sent the email to an American woman, who believes she was targeted by forces in Turkey connected to or sympathetic to the powerful G├╝len Movement, which has infiltrated parts of the Turkish government.
The email contained a link to a web site in Turkey, where a malicious downloader file was waiting to install on her computer — a downloader that has been connected in the past to a spy tool purportedly sold exclusively to law enforcement and intelligence agencies around the world.

For my Ethical Hackers. Think we could borrow Denver's machines?
Bruce66423 submits a report from The Independent, writing that "a French primary election is made the stuff of farce after journalists defeat the 'secure' election system." From the article:
An 'online-primary,' claimed as 'fraud-proof' and 'ultra secure,' has turned out to be vulnerable to multiple and fake voting. The four-day election has also the exposed the poisonous divisions created within the centre-right Union Pour un Mouvement Populaire (UMP) by the law permitting gay marriage which took effect last week. ... What was already shaping up as a tense and close election was thrown into utter confusion at the weekend. Journalists from the news site Metronews proved that it was easy to breach the allegedly strict security of the election and vote several times using different names."

So this does not sound like his squad mates packing things up. Who searched his computer? writes:
Defendant was injured by an IED while serving in the Army in Iraq, and he was medically evacuated from Iraq. His property was inventoried pursuant to Army regulation. His computer was subject to inventory for things “gore, inappropriate, or porn” and for classified material before the computer was returned to him, and child pornography was found. The Court of Appeals for the Armed Forces held that the inventory of the computer violated the Fourth Amendment and M.R.E. 313(c). United States v. Kelly, 2013 CAAF LEXIS 569 (C.A. A.F. May 23, 2013)
[From the article:
It appears that the initial inventory of Kelly's belongings in Iraq by the SCMO was a proper inventory. The SCMO secured Kelly's PE and properly made an accounting of Kelly's belongings. The SCMO's sworn statement indicates that he inventoried Kelly's belongings and "personally ensured" that they were dropped at the Mortuary and he was given a memo that served as a "hand receipt" which was eventually provided to CID.

The first step on that slippery slope? Like fingerprints, a DNA profile will never be deleted.
Mark Memmott reports:
By a 5-4 vote, the U.S. Supreme Court has upheld a Maryland law that allows police to collect DNA, without first getting a warrant, from persons who are arrested.
“When officers make an arrest supported by probable cause to hold for a serious offense and bring the suspect to the station to be detained in custody, taking and analyzing a cheek swab of the arrestee’s DNA is, like fingerprinting and photographing, a legitimate police booking procedure that is reasonable under the Fourth Amendment,” writes Justice Anthony Kennedy in an opinion joined by Chief Justice John Roberts and associate justices Clarence Thomas, Stephen Breyer and Samuel Alito.
Read more on NPR.

I don't get it...
Pete Williams and Andrew Rafferty report:
Lawyers for Jill Kelley — the Florida woman whose complaint to federal authorities about harassing emails last year led to the resignation of former CIA Director David Petraeus — on Monday filed a lawsuit claiming the FBI and Department of Defense officials violated her privacy by failing to keep information about her role in the investigation confidential.
Read more on NBC.

Perhaps I could write up some guidelines for a “Facebook for Employers” page? Include some “Likes” from President Obama and the Pope? Or just some discussions about 'searching for the perfect circumstances for a privacy lawsuit?”
Daniel Solove writes:
In 2012, the media erupted with news about employers demanding employees provide them with their social media passwords so the employers could access their accounts. This news took many people by surprise, and it set off a firestorm of public outrage. It even sparked a significant legislative response in the states.
I thought that the practice of demanding passwords was so outrageous that it couldn’t be very common. What kind of company or organization would actually do this? I thought it was a fringe practice done by a few small companies without much awareness of privacy law.
But Bradley Shear, an attorney who has focused extensively on the issue, opened my eyes to the fact that the practice is much more prevalent than I had imagined, and it is an issue that has very important implications as we move more of our personal data to the Cloud.
Read more on Concurring Opinions.

What should the FDA be doing?
FDA Can’t Hold Back Stream of Mobile Health Apps
It was bound to happen. As smartphones, tablets and all those wearable computer gizmos get more and more powerful — and just as important — become ever more constant in our lives, they will enable apps that no one anticipated. Not even the fine people of the Food and Drug Administration
We wrote about one such app called uChek, after witnessing its founder Myshkin Ingawale at this year’s TED conference perform a urinalysis check on stage with nothing more than a very full plastic cup, test strips, and an iPhone. The app, recently made available in Apple’s iTunes store, uses the iPhone’s powerful camera to analyze standard medical supply chemical strips by first taking photos with your phone at predetermined times, and then comparing the colors that emerge on the urine-soaked strip to a color-coded key. Depending on how the colors match up (and what is being measured), users get a simple positive or negative result, a number, or the descriptors “trace” or “large” corresponding to the levels of such things as glucose, bilirubin, proteins, specific gravity, ketones, leukocytes, nitrites, urobilinogen, and hematuria present in your urine.
When the app launched stateside, Ingawale sent Wired an excited email. What James Woods, the FDA’s 
Deputy Director of 
Patient Safety And Product Quality
 in the Office of In Vitro Diagnostics and Radiological Health
, sent him recently was an “It Has Come to Our Attention Letter.”
Woods, in the very politely worded missive, informs Ingawale that: “Though the types of urinalysis dipsticks you reference for use with your application are cleared, they are only cleared when interpreted by direct visual reading. Since your app allows a mobile phone to analyze the dipsticks, the phone and device as a whole functions as an automated strip reader. When these dipsticks are read by an automated strip reader, the dipsticks require new clearance as part of the test system.”

(Related) Another “What is government's proper role” that highlights how poorly we deal with technology. The 'rules of the road' are unlikely to change, so are we merely looking to afix blame?
The Feds Have No Clue How to Legislate Autonomous Cars
With everyone from Audi to Google to Volvo developing autonomous vehicles, the federal government is cautiously getting behind the wheel to regulate how self-driving cars should be operated and legislated. But its recommendations are far from clear-cut, underscoring just how far behind the times Washington is with regard to emerging technology.
Still, by stepping into the fray and attempting to codify when, where and how autonomous vehicles are developed and deployed, the National Highway Traffic Safety Administration is all but admitting that the day is coming when we’ll all let the robot drive.

Perspective: “We don't need no stinking cameras!”
"the reporters of the Chicago Sun-Times are being given training in iPhone photography, to make up for the firing of the photography staff. From the CoM story: 'The move is part of a growing trend towards publications using the iPhone as a replacement for fancy, expensive DSLRs. It's a also a sign of how traditional journalism is being changed by technology like the iPhone and the advent of digital publishing.'"

(Related) “We need more stinking cameras!”
"The Montreal Policemen's Brotherhood is proposing that officers be equipped with uniform-mounted cameras that can be used to record various interactions. The union says in other jurisdictions where police officers are equipped with point-of-view cameras, the use of force by officers and assaults on officers drops by as much as 60%. One system is currently being tested in Edmonton, Alberta."

How to expand “summary” RSS feeds into full text feeds. (Personnaly, I like the summaries)
[MakeUseOf just changed from full text to a summary feed Bob]
… The reason is that too many unethical sites were “scraping our feed” and passing off MakeUseOf’s stories as their own. This meant that these low quality sites were duplicating our content and ranking for it on Google and other search engines. We don’t have a problem with sites using our articles but in return, we insist on a clear linkback, as well as author attribution. These content thieves were not doing this, and they are not the kind of people to honor any takedown requests. Therefore, we began a fiendishly clever plan and moved to summary feeds.
If you absolutely cannot live without your full text RSS feeds, you can still have them and at the same time help us defeat the scrapers. Simply plug the RSS feed into Full Text RSS Feed. Then put the RSS feed address it gives you into your RSS reader, and hey presto, you have your full MakeUseOf feed back.

For my Computer Security students. Risk analysis does not stop with a determination that an event is “low probability.” You must also consider the cost of recovery.
Presentation: Survey of Government IT Professionals – Disaster Unpreparedness
“So, how confident are Fed IT professionals in their agencies’ DR2 capabilities? How ready and resilient are the systems, and do agencies verify by testing? To find out, MeriTalk surveyed 150 Federal DoD and civilian IT professionals in December 2012. The Disaster Unpreparedness report reveals that few agencies are actually prepared to recover their data in the event of a natural or man-made incident… The amount of data agencies must backup and recover is growing, yet only 8% of Feds are confident they can recover their data today.”

For my Math students. The problem is that many of these websites are targeted to K-12 students and unless I can point to individual videos, my students feel the sites are too juvenile for them. This one at least has a “College” section.
ULearniversity - Online Math Lessons and Practice
ULearniversity is a free site featuring arithmetic and algebra lessons. On ULearniversity you can watch tutorial videos and practice the concepts taught in the videos. ULearniversity provides instant feedback on your practice problems. As a registered ULearniversity user you can track your progress.

For all my students...
… this is the digital age and there’s a substantial demographic that is working from home. That’s nearly 10% in the U.S. alone and rising. [And all of my students. Bob]

Monday, June 03, 2013

“...and if we cave in here, every country will want us to log everything each of their citizens does.”
UK Guardian – 5 largest internet companies challenge tracking legislation
Alan Travis, home affairs editor, The Guardian: “The five biggest internet companies in the world, including Google and Facebook, have privately delivered a thinly veiled warning to the home secretary, Theresa May, that they will not voluntarily co-operate with the “snooper’s charter”. In a leaked letter to the home secretary that is also signed by Twitter, Microsoft and Yahoo!, the web’s “big five” say that May’s rewritten proposals to track everybody’s email, internet and social media use remain “expensive to implement and highly contentious”.”

It might be possible to learn something here.
UN Special Report on the promotion and protection of the right to freedom of opinion and expression
Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue. United National General Assembly, Human Rights Council, April 17, 2013.
  1. “The present report analyses the implications of States’ surveillance of communications for the exercise of the human rights to privacy and to freedom of opinion and expression. While considering the impact of significant technological advances in communications, the report underlines the urgent need to further study new modalities of surveillance and to revise national laws regulating these practices in line with human rights standards.
  2. Innovations in technology have increased the possibilities for communication and protections of free expression and opinion, enabling anonymity, rapid information-sharing and cross-cultural dialogues. Technological changes have concurrently increased opportunities for State surveillance and interventions into individuals’ private communications.
  3. Concerns about national security and criminal activity may justify the exceptional use of communications surveillance technologies. However, national laws regulating what would constitute the necessary, legitimate and proportional State involvement in communications surveillance are often inadequate or non-existent. Inadequate national legal frameworks create a fertile ground for arbitrary and unlawful infringements of the right to privacy in communications and, consequently, also threaten the protection of the right to freedom of opinion and expression.”

For my Computer Forensics students.
Whenever you delete a file from your computer it is never 100% deleted but simply the space it occupied is freed for other files to take place. Until that freed space is overwritten by a new file you have the possibility to recover your accidentally deleted files and folders. So if you are looking for a way to recover your deleted files, check out Undelete Navigator. It is a free downloadable program for Windows that lets you detect, browse and recover deleted files.
Related tools – DiskDigger for Android.

This might be a fun project for my students...
Hackers Spawn Web Supercomputer on Way to Chess World Record
Based in San Francisco, the Hack Reactor is one of many crash software development courses that seek to teach computer programming through several weeks of complete immersion in code. Pethiyagoda enrolled in the school this past March, and over the past several weeks, he and three other hackers-in-training have teamed with one of the giants of the tech industry — the Pivotal Initiative, the big data spin-off company from EMC and VMware — to approach a new world record for what’s called the N-Queens Problem, a classic math puzzle that plays out on a chess board.
But more importantly, in working to solve this problem, this four-person team — Cameron Boehmer, John S. Dvorak, and Tim Sze, as well as Pethiyagoda — has developed a new breed of software that lets you pool the processing power of potentially thousands of machines just by pointing them to a single website. They call this creation Smidge. It’s a kind of ad hoc supercomputer built with JavaScript, the standard programming language of the web.
Though little more than an experiment at this point, the project is yet another way the net is stretching the boundaries of “distributed computing,” where thousands — or even tens of thousands — of machines are pooled together to solve a common task. Popular web outfits like Google and Amazon operate in this way, and these web giants have spawned a whole new breed of distributed software that lets others benefit from the same tricks of the trade.

Something for the Summer?
Three Places to Search for Free Online Courses
The summer is a great time for us to learn new skills, refresh our memories on topic that we'll be teaching in the fall, and just satisfy intellectual curiosities. The boom in MOOC and other online course offerings means that we don't have to go far to find courses that meet our needs. Here are three places to find your next free, online course.
Open Culture, which I've featured here many times, has a list of more than 700 free online courses. Some of the courses are canned content in the form of recorded lectures while others are course that will be available this summer. Unfortunately, there isn't a search tool on Open Culture just for the courses so you'll have to scroll through the lists to find what you want.
RedHoop is a search engine for online courses that I learned about from a recent Life Hacker post. RedHoop allows you to search for courses from popular providers including Coursera, Udemy, and Udacity. You can refine your search to show only free courses.
SkilledUp, like RedHoop, is a search engine for online courses. You can filter search results according to cost and course provider. SkilledUp indexes more course providers than RedHoop, but many of those course providers are paid services. I do like that SkilledUp allows you to refine your search according to content delivery method. For example, I can filter out courses that are lecture-based.