Wednesday, December 31, 2014

Perhaps North Korea will go shopping?
Lizard Squad hackers offer cyberattacking services for fee
… The group’s website offers interested buyers the opportunity to overwhelm a server and push it offline — a somewhat common disabling method that’s been dubbed a “distributed denial of service,” or DDOS attack, The Hill reported.
… “This booter is famous for taking down some of the world’s largest gaming networks, such as Xbox Live, PlayStation Network, Jagex, BattleNet, League of Legends and many more,” the Lizard Squad said in its ad, The Hill reported. “With this stresser, you wield the power to launch some of the world’s largest denial of service attacks.”
The group only accepts bitcoins, The Hill reported.

As we become increasingly “global” it seems we want more “Balkanization” at the same time. Operate businesses globally to unite the world, but obey the laws of every county, even those that kept their companies from becoming global competitors.
Growing European Issues Imperil U.S. Tech Business Models
From Paris to Berlin and from Madrid and London to Moscow, the tech giants find themselves in battles over data privacy, taxation, national politics and other sovereign interests which are foreign to the business environment in the United States.
To say the primary issue is economics oversimplifies a range of nationalistic issues that would usually be reserved for discussions with other nation-states. The root of the emotions driving national demands is a sense of being invaded, even “colonized,” and not knowing where the invasion will end.
As reported in the Wall Street Journal, France and Germany have recently acted to curb the business practices of top U.S. tech firms, with overwhelming approval by the European Parliament of a resolution which calls for actions aimed at possibly breaking up Google.
Issues exist in varying forms. England has recently announced a “Google tax” targeting profits of U.S. tech firms reaped locally. Russia and Turkey, which demand censorship control over information Google, Facebook and Twitter convey regarding “subversive” and selected local political matters.
All of this ultimately leads to the question of who controls the information flowing through the Internet. Pressures on tech firms to comply with nationalistic desires vary. Russia and others threaten to block U.S. social media services if their demands are not met. Other European countries want local data stored in local computer centers.
Bank of America Merrill Lynch analyst Justin Post recently downgraded Google shares, citing European regulatory risk, stating that these clashes pose “one of the greatest threats to U.S. technology giants since their emergence from garages and college campuses over the past four decades.”

How is this useful? If I create a game using stolen code I probably get my joystick sued off. (On the other hand, I can do anonymous.)
Xbox One leak could allow people to make their own games for the console
… Xbox keeps the approval process for games locked down — developers must register with Microsoft and be approved before posting games to the Xbox’s official release channels. That protection will still be in place, but the leak of the SDK could lead to the emergence of a “homebrew” community, of developers making and sharing games for the Xbox One through unofficial channels.

The Internet and email are the most common tools. We don't teach students how to use either to best advantage. (Landlines preferred over cellphones)
Technology’s Impact on Workers
“The internet and cell phones have infiltrated every cranny of American workplaces, and digital technology has transformed vast numbers of American jobs. Work done in the most sophisticated scientific enterprises, entirely new technology businesses, the extensive array of knowledge and media endeavors, the places where crops are grown, the factory floor, and even mom-and-pop stores has been reshaped by new pathways to information and new avenues of selling goods and services. For most office workers now, life on the job means life online. Pew Research surveyed online a representative sample of adult internet users and asked those who have jobs a series of questions about the role of digital technology in their work lives. This is not a sample representative of all workers. It covers online adults who also have full- or part-time jobs in any capacity. The most recent survey data from Pew Research in late 2013 shows that 94% of jobholders are internet users and they work in all kinds of enterprises from technology companies to non-technology firms; from big corporations to small proprietor operations; and from those in urban areas, farms, and places in between. Some of the key findings are highlighted below…”

For my students? Could be interesting but I don't know how many of my students have Chrombooks.
Run Linux In A Window On A Chromebook
It’s now possible to run Linux in a window on a Chromebook. Google evangelist François Beaufort revealed how to do so in a Google+ post, detailing the various steps Chromebook owners must take in order to run their favorite Linux distros in a window.
Essentially, you need to be running Chrome OS in Developer Mode and install David Schneider’s Crouton extension. You can then run Linux in a separate window, saving you from switching between Virtual Terminals, which previously was the only way to run Linux on a Chromebook.
This isn’t recommended for inexperienced users, but then they will probably be happy using Chrome OS as is. Instead, this is for existing Linux users who like the Chromebook hardware but find Google’s operating system too limiting.

The Best Linux Software
Linux is full of awesome apps, both open source and proprietary.

We have to start teaching these devices as well as the rest of the Internet of Things cornucopia. An infographic.
How Do Smartphones Compare To Supercomputers Of The Past?
Most of us carry a smartphone around in our pocket without really thinking twice about just how impressive it is. These tiny little devices can do so many things, and they can do them for a (relatively) low price.
Have you ever thought about what your smartphone can do when compared to the supercomputers of the past? At one point, these computers were the pinnacle of power, and they required massive amounts of space to work. This infographic breaks down how how the devices we have today compare with supercomputers, and the results are truly something to behold.
Check it out, and share your thoughts with us in the comments!
Via FoneBank

For my gamers. At least, for those with friends.
Free Copies For Nuclear Throne Friends
Everyone who currently owns a copy of Nuclear Throne will get a free copy of the game to give away to a friend. The giveaway will commence tomorrow (Jan. 1, 2015), with the idea being to bring fresh blood into the community to enable the game to grow and evolve.
As Vlambeer, the developer behind Nuclear Throne, explained on YouTube, “We need fresh eyes on the game, people that will still get decimated by Big Bandit and that will complain about the ravens in the scrapyard. We need to know how they feel about Nuclear Throne, and we need your help to reach them.” If it’s free then I’m in. Now, to find a friend who owns the game…

Tuesday, December 30, 2014

If there are security measures that can frustrate the NSA's best efforts, would you implement them? “Major problems” is not the same as “impossible,” but would the NSA spend much time or effort trying to read my communications with my bank?
Snowden docs show limit of NSA’s snooping
Documents leaked by Edward Snowden show that the National Security Agency, despite its seemingly best efforts, is unable to crack certain types of cyber defenses.
The German newspaper Der Spiegel uncovered among the former contractor’s document trove new details about the extent of the spy agency’s ability to crack online encryption, which defenders of the agency say is necessary to monitor potential terrorists’ communications. [True if you define “monitor” as read as easily as if they sent you a copy. Bob]
… According to one Snowden document, as of 2012, agents had “major” problems tracking users on the Tor network, which encrypts and relays data all around the Web. The Off-the-Record (OTR) protocol for encrypting instant messages also caused significant problems for the agency, as did the Pretty Good Privacy (PGP) email encryption program, which is decades old and relatively common among security proponents.

Looks like this isn't as resolved as the FBI would hope.
A Bunch Of New Evidence In The Sony Hack Is Pointing Away From North Korea
New evidence emerging in the Sony Pictures cyberattack suggests that the hackers may have been far closer to home than North Korea.
News broke Monday that a security firm working with the FBI has come up with a list of six people who may have been closely involved with the hack. One of the individuals investigated by the firm also happens to be a disgruntled former Sony employee.
Security Ledger reports that Norse investigated a Sony employee known only as "Lena," viewing messages that she posted on social media and group chats. She worked at Sony for over a decade, performing an IT role with a "very technical background."
… A former federal prosecutor has also cast doubt on the FBI's assertion that North Korea was involved with the Sony hack. Mark Rasch of Rasch Technology and Cyberlaw says the claim that North Korea was behind the hack is "doubtful" and that the attack seemed to be carried out by someone with close knowledge of how Hollywood works, leaking only data that was embarrassing to Sony executives.
Many security researchers have been doubtful over the FBI's assertion since the agency announced on Dec. 19 that it was blaming North Korea for the Sony hack. The official US government position is that hackers affiliated with North Korea carried out the attack in retaliation for Sony's releasing the movie "The Interview."

Maury Nichols (one of the few people who admits they read my blog) sent me this article.
What Is Wrong With 'Legal Malware'?
Can malware, malicious by definition, ever be a good thing? Surprisingly, there are law enforcement agencies that would answer yes. There are a growing number of hacking techniques involving malware deployed by governments around the world. Effectively they are using criminal tools, which they claim is a legitimate means to the ultimate, legitimate end – fighting crime, even going so far as deeming their use legal. I disagree. And I think it is a worrying trend generally – one that needs to be nipped in the bud.
My colleague, security-researcher Costin Raiu, just recently published a report summarizing his research findings over the years plus predictions for the future in the murky world of sophisticated advanced persistent threat (APT) cyberattacks.
… Based on the reasons I give above, I think it is fair to say that terms like ‘legitimate malware’ or ‘offensive security’ are oxymoronic and disturbingly dystopian, reminiscent of Orwell’s ‘war is peace’ and ‘freedom is slavery’.

(Related) Convergence (the 'hot sheet' and mug shots?) Eventually police will have a Swiss Army Knife type of system. Need a particular tool? Just pull out a new blade. reports:
The leading suppler of automated license plate reader technology in the US (ALPR, also known as ANPR in Europe) is expanding its offerings to law enforcement. Vehicle owners have already had their movements tracked by the company Vigilant Solutions, which boasts 2 billion entries in its nationwide database, with 70 million additional license plate photographs being added each month. Now passengers can also be tracked if they hitch a ride with a friend and are photographed by a camera aimed at the front of the car. The Livermore, California-based firm recently announced expanded integration of facial recognition technology into its offerings.
Only a handful of states have laws in place to regulate automated license plate reader technology.

(Related) If we gather information on you, deliberately or not, it's an ongoing investigation and we don't have to release the information.
John Ruch reports:
The Boston Police Department embodies the Surveillance Age’s chilling twin principles: more power to spy on law-abiding citizens, and less accountability for doing it. That’s what we at the Jamaica Plain Gazette and Mission Hill Gazette have learned as our attempts to investigate police spying abuses are stymied by the department’s flouting of state public records laws.

I'd like to know how they got this past the Board of Directors. Are they relying on “forgiveness?”
The FBI Is Investigating Whether US Banks Are Launching Cyberattacks Of Their Own
Bloomberg is reporting that the FBI is investigating whether US financial institutions have started fighting back against hackers.
It's reported that JPMorgan Chase proposed to the FBI that the bank work from offshore locations to disable the servers used to launch denial of service attacks against its website. But attendees of the meeting dismissed the idea over concerns of its legality.
Despite ruling out the proposed hack, Bloomberg reports that US investigators found that a third party had carried out the attack after all. Now the FBI is investigating whether US companies broke the law in ordering the hack against the Iranian servers.
Sony Pictures, the movie studio targeted by hackers, allegedly used Amazon Web Services to try to disrupt people downloading the files leaked as part of the hack.

(Related) Interesting article.
Since the alleged North Korean cyber operation against Sony in late November, it has become de rigeur to engage in “enemy at the gate” rhetoric. Referring to “how the Internet and cyber operates,” even President Obama described the situation as “sort of the Wild West,” adding “part of the problem is you’ve got weak States that can engage in these kinds of attacks, you’ve got non-State actors that can do enormous damage.” Such a dire portrayal of the current state of cyber affairs on the part of a world leader not known for hyperbole deserves serious attention.

An interesting use of “Big Data” Will all such uses attract lawsuits?
United and Orbitz sue Skiplagged, a service you should totally use
Skiplagged finds cheap one-way fares by surfacing weird airline pricing strategies, like pricing a NY-SFO-Lake Tahoe flight cheaper than an NY-SFO flight, so you book all the way through to Tahoe, debark at SFO, and walk away from the final leg.
Of course, it only works if you fly without luggage. But given that the airlines' entire business strategy is to hoard information about their pricing and operations from their customers, in the hopes of tricking them into paying more for the same flight than the person in the next seat, it's hard to work up any sympathy for the industry when the tables are turned on them.
Skiplagged doesn't sell plane tickets, they don't even sell information. All they do is document the pricing strategies of the airlines. In the view of United and Orbitz, this is illegal -- they're suing the service (run by a 22 year old New Yorker named Aktarer Zaman), calling it "unfair competition."
Zaman said he knew a lawsuit was inevitable but he points out that there’s nothing illegal about his web site.
He also said he has made no profit via the website and that all he’s done is help travelers get the best prices by exposing an “inefficiency,” in airline prices that insiders have known about for decades.

For my students. We've got a lot to read, so pick a tool that works for you!
5 Best PDF & Ebook Readers For Windows

For my Ethical Hackers.
What Is The OBD-II Port And What Is It Used For?
… OBD-II is a sort of computer which monitors emissions, mileage, speed, and other useful data. OBD-II is connected to the Check Engine light, which illuminates when the system detects a problem.
… Traditionally, hand held scan tools are hooked up, allowing the average vehicle owner to read DTC’s. However, a reference for the code numbers is still needed. You can find such a reference in various handbooks and websites, such as OBD-Codes.
Some modern scan tools can be connected to a Windows desktop or laptop, like ScanTool’s OBDLink SX USB Adapter on Amazon for $29.95, which allows you to turn your laptop into a very detailed scan tool.

Monday, December 29, 2014

Not all downtimes are due to enemy action.
Twitter Back Up After Strange Downtime
Twitter is recovering from a prolonged period of downtime which affected Android and desktop users. For around five hours on Sunday (Dec 28), anyone trying to log in via the official apps was hit with an error message. The iOS Twitter apps remained unaffected by the issue throughout.
Tweetdeck users were hit with a different issue whereby all tweets were dated one year into the future. This could explain the problem, with the premature date change leading to session tokens instantaneously expiring. Either way, Twitter has now fixed the issue… at least until the real 2015 rolls around.

For my Ethical Hackers. For your toolkit.
German Defense Minister von der Leyen's fingerprint copied by Chaos Computer Club
A speaker at the yearly conference of the Chaos Computer Club has shown how fingerprints can be faked using only a few photographs. To demonstrate, he copied the thumbprint of the German defense minister.
… Krissler explained that he didn't even need an object that von der Leyen had touched to create the copy. Using several close-range photos in order to capture every angle, Krissler used a commercially available software called VeriFinger to create an image of the minister's fingerprint.
Along with fellow hacker Tobias Fiebig, Krissler has been working at the Technical University of Berlin on research into weaknesses of biometric security systems. Krissler pulled a similar stunt in 2008 with a fingerprint of then interior minister and current Finance Minister Wolfgang Schäuble.
Krissler intends to show how systems which use these prints or iris scans to verify identity, which are becoming more prevalent and popular, can be outsmarted. He gave the example of facial recognition software that can be fooled by a person's photograph, as well as showing how his fake fingerprint can trick the iPhone fingerprint sensor.

Perhaps a project for my Ethical Hackers. How to safeguard victims of amuse. (How to make anyone less surveilable?)
Exclusive: Abusers using spyware apps to monitor partners reaches 'epidemic proportions'
The use of surveillance software by abusive spouses to monitor the phones and computers of their partners secretly has reached “epidemic proportions” and police are ill-equipped to tackle it, domestic violence campaigners have warned.
… A survey by Women’s Aid, the domestic violence charity, found that 41 per cent of domestic violence victims it helped had been tracked or harassed using electronic devices. A second study this year by the Digital Trust, which helps victims of online stalking, found that more than 50 per cent of abusive partners used spyware or some other form of electronic surveillance to stalk their victims.
… “However, in many cases the police are not trained to recognise and understand the impact of online abuse, including tracking, and action is rarely taken against abusers.”

Will this spur new laws?
The data breach payment fight heats up
The spat between retailers and banks over who foots the bill and bears the responsibility following a data breach is ramping up heading into 2015.
A group of retail trade groups on Monday fought back against what they call a misleading survey from the Independent Community Bankers of America (ICBA), which alleged banks are shelling out millions of dollars because retailers can’t secure their networks.
… The ICBA survey, released Dec. 18, said community banks had to reissue nearly 7.5 million credit and debit cards at a cost of $90 million in the wake of the massive Home Depot data breach, which exposed 56 million customers’ payment card information.
“We continue to advocate that the costs associated with data breaches be borne by the party that experiences the breach,” ICBA Chairman John Buhrmaster said at the time. “Communities and customers should not suffer for the faults of retailers.”
… Retailers bear equal or greater costs after a data breach, they argued, pointing to a 2013 Federal Reserve study of debit card fraud.
Banks are also disingenuous about their switch to chip-enabled cards, the retailers said.
“While ICBA supports the movement to embedded-chip technology for credit and debit cards, the organization appears to only do so grudgingly, questioning its efficacy against data breaches,” they said.

Does this report tell us anything we did not already know?
Competition Among U.S. Broadband Service Providers
“More than one quarter of American homes have not adopted Internet service, many citing cost as their primary reason.
… Looking at Internet service options available to households in December 2013, using data from the Census Bureau and National Telecommunications and Information Administration, we find that more service providers offer lower-speed than higher-speed service. [Duh! Bob] At download speeds of 3 megabits per second (Mbps), which is the Federal Communications Commission’s current approximate standard for basic broadband service, 98 percent of the population had a choice of at least two mobile ISPs and 88 percent had two or more fixed ISPs available to them. However, as multiple household members increasingly consume video streaming services music streaming, and online games, the adequate broadband speed bar has been raised.
To understand just how slow 3 Mbps is, it takes about 2.25 hours to download a 6 gigabyte movie. The same movie would only take 16 minutes to download at 25 Mbps.
… only 37 percent of the population had a choice of two or more providers at speeds of 25 Mbps or greater; only 9 percent had three or more choices. Moreover, four out of ten Americans did not live where very-high-speed broadband service – 100 Mbps or greater – is available.
… The report examines both fixed and mobile ISPs. We separate our analysis of these two types of Internet access because some groups consider them to be imperfect substitutes, especially for higher-bandwidth applications.
Mobile ISPs typically charge high fees if consumers exceed data usage limits. Furthermore, the service is less reliable, companies have not fully deployed newer generation technologies with higher download speeds and reduced latency, and mobile service is virtually non-existent at download speeds of 25 Mbps or greater.
In sum, the report finds that the number of ISPs from which consumers can choose varies by speed; there are multiple providers of lower speed broadband but this number dwindles at higher speeds. All else equal, having fewer competitors at a given speed is likely to drive up prices. As a result, some consumers will decide not to adopt Internet access at all, some will choose a slower speed that otherwise, and some will economize in other ways.”

I want to develop a “Math in the 21st Century” course, using tools like this. These tools are already available to my students, why not teach them the proper way to use them? No. it doesn't do everything for you, any more than power tools will build a house for you. These Apps are available for iPhones, Droid, etc.
Wolfram|Alpha Apps and Math Course Apps for Windows—Just Released
… We’re also happy to announce the release of several of our Course Assistant Apps on Windows 8.1 devices:
These apps also feature our custom keyboards for the quick entry of your homework problems. View Step-by-step solutions to learn how to solve complex math queries, plot 2D or 3D functions, explore topics applicable to your high school and college math courses, and much more.

For my students. Get in the habit now. (Why only paper planners?)
How To Create A Custom Planner To Meet Your Goals In 2015

Sunday, December 28, 2014

So, what's next? (Because the hackers are having way too much fun to leave them alone.)
Sony restores Playstation but doubts linger
Ending several days of interruption, Sony Corp on Sunday finally restored services to its PlayStation online gaming network after a Christmas Day cyber attack shuttered access to large numbers of customers, including holiday recipients of new game consoles.
… "It's not yet clear whether it's just an outage of the PlayStation Network or if some personal data has been stolen too," Hideki Yasuda, a Tokyo-based analyst at Ace Research Institute, said.

Once upon a time: “On the Internet, nobody knows you're a dog!” That had a certain appeal.
Now: “On the Internet, everyone thinks you're a terrorist!”
Ben Westcott reports:
Innovative Australian online mental health providers could be deserted by clients under the government’s controversial new metadata laws.
One of the developers of a widely used Canberra-based online mental health program said the new policy would affect the site’s ability to provide anonymity and freedom from stigma.
But the Attorney-General’s Department said the government was limiting metadata access to agencies with a clear operational or investigative need.
The Abbott government has introduced a bill to make it mandatory for telecommunications companies to store customer information for two years.
Read more on Sydney Morning Herald.

You are worth too much to these companies, they can't let you opt out.
Do Not Track is History?
New York Times: “Four years ago, the Federal Trade Commission announced, with fanfare, a plan to let American consumers decide whether to let companies track their online browsing and buying habits. The plan would let users opt out of the collection of data about their habits through a setting in their web browsers, without having to decide on a site-by-site basis. The idea, known as “Do Not Track,” and modeled on the popular “Do Not Call” rule that protects consumers from unwanted telemarketing calls, is simple. But the details are anything but. Although many digital advertising companies agreed to the idea in principle, the debate over the definition, scope and application of “Do Not Track” has been raging for several years. Now, finally, an industry working group is expected to propose detailed rules governing how the privacy switch should work. The group includes experts but is dominated by Internet giants like Adobe, Apple, Facebook, Google and Yahoo. It is poised to recommend a carve-out that would effectively free them from honoring “Do Not Track” requests. If regulators go along, the rules would allow the largest Internet giants to continue scooping up data about users on their own sites and on other sites that include their plug-ins, such as Facebook’s “Like” button or an embedded YouTube video. This giant loophole would make “Do Not Track” meaningless.”

(Related) For my Business Intelligence and Data Mining students. Multiple business opportunities! If the current price is $2,000 per website per month, what is the software worth?
Priceonomics Launches a Platform to Crawl and Analyze Web Data
Priceonomics has launched a new offering that enables developers to crawl and analyze web pages on a large scale.
… Once a web page is crawled, the Priceonomics Analysis Engine analyzes the data it contains using applications that, for instance, can extract email addresses and phone numbers or retrieve information about where and how much the page has been shared on social media.
… Currently, Priceonomics is offering free access to its Analysis Engine. Developers can either use a shared API key that may produce slow results, or sign up for a private API key that is limited to 1,500 requests per day.
Data is the gold of the digital age and scraping is increasingly akin to gold mining. According to Priceonomics, "Tech companies and hedge funds pay us between $2K to $10K per month to crawl web pages, structure the information, and then deliver it to them in analyzed form. This is a pretty significant amount of money because acquiring data is a burning problem for some companies."
… Because data is so valuable and scraping it can be such a challenging task, a growing number of companies are hoping to build big businesses by offering self-serve tools that essentially allow anyone to turn web pages into APIs.
… Right now, it looks as if the market is large enough to support multiple companies but as more and more companies come face to face with the fact that their data is being scraped and incorporated into unofficial APIs, it's possible that offerings like Priceonomics' Analysis Engine will eventually have the ironic effect of encouraging companies to build official APIs that they can control and monetize.

Something for my Criminal Justice students?
Social Media Directory – DHS
“The Department of Homeland Security and its component agencies use numerous social media accounts to provide you with information in more places and more ways [the listing is quite long – what appears below is only a portion of the total]. The Department uses non-government sites to make information and services more widely available.

Saturday, December 27, 2014

The theory du jour.
New theory emerges in Sony hacking suggesting Russian hackers
… Writing samples from hackers claiming responsibility for leaking finance reports and emails by Sony employees suggest the native language was Russian, according to Taia Global, a cyber security consulting group.
“Our preliminary results show that Sony's attackers were most likely Russian, possibly but not likely Korean and definitely not Mandarin Chinese or German,” the Seattle-based company wrote in a Christmas Eve blog post.
… The emails and other online posts were compared to four major languages used by hackers and learned that the majority of the phrasing originated from a Russian speaker.
The New York Time reports 15 out of 20 phrasings translated to English in the emails matched the Russian language. Only nine matched Korean and none matched Mandarin or German.

(Related) Probably many more than would have seen it under normal conditions.
'The Interview' Illegally Downloaded 750,000 Times on Christmas

Pakistan has hackers, perhaps we should turn off everyone's TV?
Pakistani officials upset with 'Homeland'
Pakistani officials are not happy with how the Showtime TV Series “Homeland” portrays the country.
Pakistani diplomats reportedly watched all 12 episodes of season four, which is set in Islamabad showing Claire Danes’ new role in the Central Intelligence Agency after a tumultuous three previous seasons.
… Mostly, officials were upset with how the show shows Pakistani government protecting terrorists.
“Repeated insinuations that an intelligence agency of Pakistan is complicit in protecting the terrorists at the expense of innocent Pakistani civilians is not only absurd but also an insult to the ultimate sacrifices of the thousands of Pakistani security personnel in the war against terrorism,” a source told the paper.

(Related) Denial if everything related to WWII is very common in Japan.
Angelina Jolie's 'Unbroken' stirs resentment in Japan
Nationalists in Japan are denouncing Hollywood filmmaker Angelina Jolie's new movie about an American airman brutalized in Japanese prison camps during World War II as anti-Japanese propaganda and are calling for a boycott of the film and its star director.

Perspective and an interesting infographic. Clearly this will impact data analysis.
2014 Bot Traffic Report
“As Incapsula’s prior annual reports have shown, bots are the Internet’s silent majority. Behind the scenes, billions of these software agents shape our web experience by influencing the way we learn, trade, work, let loose, and interact with each other online. Bots are also often designed for mischief, however. In fact, many of them are used for some kind of malicious activity—including mass-scale hack attacks, DDoS floods, spam schemes, and click-fraud campaigns. For the third year running, Incapsula is publishing our annual Bot Traffic Report—a statistical study examining the typically-transparent flow of bot traffic on the Web. This year we build upon our previous findings to report year-to-year bot traffic trends. We also dig deeper into Incapsula’s database to reveal an even more substantial data sample, providing new insights into bot activity… In 2013, bots accounted for over 60 percent of all traffic flowing through Incapsula-protected domains. This year bot traffic volumes decreased to slightly 56 percent of all web visits—a reversal of the upward trend we’ve observed the past two years, but still the majority of website visitors.” [emphasis added]

I find it interesting that the bank accepted these transactions without question. Apparently their software does not question unusual transactions.
School error takes money from staff bank accounts
Instead of receiving their paychecks via direct deposit on the day after Christmas, Plymouth Public Schools workers awoke Friday to find that the amount they were to be paid had instead been withdrawn from their bank accounts. About 1,300 workers were affected. reports ( Superintendent Dr. Gary E. Maestas sent an email to employees saying the issue was caused by human error.

Pick a slow news day (Christmas eve) and redact everything that looks like a word.
U.S. Spy Agency Reports Improper Surveillance of Americans
The National Security Agency today released reports on intelligence collection that may have violated the law or U.S. policy over more than a decade, including unauthorized surveillance of Americans’ overseas communications.
The NSA, responding to a Freedom of Information Act lawsuit from the American Civil Liberties Union, released a series of required quarterly and annual reports to the President’s Intelligence Oversight Board that cover the period from the fourth quarter of 2001 to the second quarter of 2013.

Every week, free humor.
Hack Education Weekly News
… The US Fifth Circuit Court of Appeals has ruled that a Mississippi school district violated a student’s First Amendment rights when it punished him for a video he posted to Facebook and YouTube (from off-campus).
Via BoingBoing: “The Appoquinimink, DE school board is contemplating requiring parental permission slips for students who want to check YA novels out of their school library.” [Helping students to gain a love of reading? Bob]
Massachusetts’ Hopkinton High School principal has banned school dances for fear of “twerking” and “dirty dancing.” [Let them find some place where they can do this unsupervised! Bob]
Via the Cleveland Scene: “Nearly 500,000 Fewer Americans Will Pass the GED in 2014 After a Major Overhaul to the Test.” The new test, now administered by Pearson and “Common Core-aligned,” costs more (and there are no more free retakes). It must be taken on a computer. You must have a credit card in order to sign up for it. “The numbers are shocking: In the United States, according to the GED Testing Service, 401,388 people earned a GED in 2012, and about 540,000 in 2013. This year, according to the latest numbers obtained by Scene, only about 55,000 have passed nationally. That is a 90-percent drop off from last year.”

I love lists, even year-end lists. I really like lists I can use.
2014 Top 100 Tools for Learning
The 2014 List is shown in the left hand column, follow the links to find our more about each of the tools. The slideset appears below. You can view some of the individual contributions here.
… The annual lists have also become a useful longitudinal study into how the way we learn is changing. Take a look at this year’s analysis or if you are still surprised at the results, read The Web is 25 years old – so how has it changed the way we learn?
[The slides:

Would you market this as sure-fire weight loss technology?

Friday, December 26, 2014

An excellent article. It's a shame no one in the US writes like this any more...
NKorea outage a case study in online uncertainties
North Korea's microscopic corner of the internet has had a rough couple of days, suffering seven outages in 48 hours, according to one web traffic monitor.
… "A large city block in London or New York would have more IP (Internet Protocol) addresses than North Korea,'' said Ofer Gayer, a security researcher at Redwood Shores, California-based Incapsula Inc.
Even on a good day, web watchers see less internet traffic from North Korea than from the Falkland Islands, a North Atlantic archipelago of fewer than 3,000 people, said Gayer. Media companies like Sony easily dwarf the communist country's web presence.
He said that if the network was targeted by a kind of distributed denial-of-service — or DDoS — attack, the list of suspects is endless.
"Any kid that knows how to run a small-sized DDoS amplification attack can do it from his home."
… "This whole incident is a perfect illustration of how technology is equalizing capability,'' Bruce Schneier, a respected security expert, said in a blog post. "In both the original attack against Sony, and this attack against North Korea, we can't tell the difference between a couple of hackers and a government."

You don't have to live in North Korea to hate Sony.
Alleged hackers tweeted smack talk as PlayStation, Xbox users forced offline

A tool for Big Data? (The opposite of those itsy-bitsy smartphone thingies)
Survey of Mainframe Users
BMC Mainframe Survey points to continued reliance on IBM System z – “In October, BMC released their ninth annual mainframe survey, “2014 Annual Mainframe Research Results: Bringing IT to Life Through Digital Transformation”. The survey is widely regarded as a useful insight into today’s IBM mainframe world. Let’s explore some of the findings from the BMC study, by looking at the key talking points.
Future strategy – The study was pretty clear: the mainframe remains part of the long-term business strategy and continues to shape the future of IT, according to 91% of respondents. A growing need for access on the go, 24/7 – for example internet banking – will increase reliance on the mainframe, and raise the demand for Millions of Instructions per Second (MIPS). Usage is expected to continue growing – with 61% of all shops expecting MIPS growth in the next two years, a clear indication of the faith in the mainframe longer-term. This is no surprise. Whether making a credit card payment, getting an insurance quote or booking a holiday, the mainframe provides today, and will continue to provide, ‘mission critical’ processing. The ongoing evolution of the mainframe continues to play an increasingly important role in today’s enterprise IT environments. Most respondents said they take advantage of the mainframe to benefit from updated technology such as mobile and cloud.

A conversation with one of my favorite high school students reminded me that not everyone is aware of Apps like these. Why not?

Math Hero Photo Calculator

Dilbert on “fully immersive” technology.

Thursday, December 25, 2014

Have a Merry and a Happy!
As often seems to happen, there is little news reported when all the reporters are on holiday. Fortunately, I find there is still plenty happening in the fields I monitor.

We've been hacked!” (No mention of “The Interview”)
Sony says, “Maybe it has something to do with “The Interview”
Hackers say, “It has something to do with The Interview.”
We're going to pull The Interview.”
We pulled The Interview because all the theater chains backed out.”
We'll never release The Interview.”
We may release The Interview someday”
We may let Disk Network release The Interview”
Disk won't release The Interview, we will release it to a few theaters.”
The Interview available online for free.”
Theater Owner Breaks Silence on Sony's Wild Week: "I Was Irritated"
… Having said on Dec. 17 that it had "no further release plans" for the hot potato of a movie starring Seth Rogen and James Franco, it has now lined up about 300 independent theaters that are opening the movie Christmas Day and has engineered an unprecedented VOD release for a major studio with the help of YouTube, Google Play and Xbox, all of which began offering the movie today. But in doing so, it also has alienated most of the larger chains and even annoyed some of owners of the smaller theaters that, from the first, sprang to the movie's defense.
… The larger theater chains, however, aren't ready to give Sony a pass so quickly. Accusing the studio of "throwing its major exhibition partners under the bus," an executive at one of the nation's major chains said today that the studio "continues to speak out of both sides of their mouth."

North Korea: No ‘physical reaction’ to new film
North Korea says it likely will have no “physical reaction,” just condemnation, to the release of the comedy film “The Interview,” which depicts the assassination of leader Kim Jong Un.

It may be good politically to point the finger at North Korea. (Would this fall under “acts of war” on their insurance?) Could be very embarrassing if a group of high school kids turn out to be responsible. There are doubters...
New Study Adds to Skepticism Among Security Experts That North Korea Was Behind Sony Hack

(Related) ...and some outright non-believers.
No, North Korea Didn’t Hack Sony

Please, let's not start blaming the FBI for failing to contact every Security Manager in the US and ensuring they were doing their job.
Jana Winter reports:
Nearly one year before Sony was hacked, the FBI warned that U.S. companies were facing potentially crippling data destruction malware attacks, and predicted that such a hack could cause irreparable harm to a firm’s reputation, or even spell the end of the company entirely. The FBI also detailed specific guidance for U.S companies to follow to prepare and plan for such an attack.
But the FBI never sent Sony the report.
Read more on The Intercept.
[Here is the report:

For your Security Manager.
Nearly 50 Percent of Organizations Hit With DNS Attack in Last 12 Months: Survey
New research from Vanson Bourne found that more than three quarters of organizations in the United States and U.K. have suffered a domain name system (DNS) attack.
Just less than half (49 percent) of the organizations surveyed said they had experienced such an attack in the past 12 months. The most common DNS threats reported were DDoS (74 percent), DNS exfiltration (46 percent), DNS tunneling (45 percent) and DNS hijacking (33 percent) by those who had suffered an attack.
The research surveyed 300 U.S. and U.K. key IT decision makers in organizations with 1,000+ employees. It covered a variety of verticals including financial services, retail, distribution and transport, IT and manufacturing and production. The study was commissioned by Cloudmark.
A third of the respondents confirmed they had lost confidential customer information. Despite this however, 44 percent of those who found it difficult to justify DNS security investment to their company felt it was because their senior management does not see DNS security as an issue. More than half of the IT decision makers polled (55 percent) cited the theft of private or confidential data as a major concern to their organization.

If I had this at the University, it would really change how I taught my classes! (So, why don't I have it?) Looks like a very small ISP can do it, why not the big boys?
Minneapolis residents to get 10-gigabit fiber, for $400 per month
While most parts of the US have to make do with Internet speeds of less than 100Mbps—in many cases much less than 100Mbps—some residents of Minneapolis will soon have access to a ludicrously fast fiber-to-the-home speed tier: 10 gigabits per second.
The service is offered by US Internet, the company that already provides "a couple thousand" Minneapolis residents with 1Gbps service for $65 per month. The 10Gbps service will be available immediately to existing customers willing to pay the $400-per-month fee, though US Internet expects the number of customers who take them up on the deal to be relatively small. All together, US Internet has "a little over 10,000" fiber-to-the-home customers at different speed tiers, all located on the west side of Interstate 35W.