Friday, January 17, 2014

I'm not sure how you would program the site to do this. Random Number generator, I guess. Should be as simple as backing out the last “Update” but I suspect it will be more complicated. The website is still down.
Jon Camp reports:
Navy veteran Sylvester Woodland said he couldn’t believe what he was seeing Wednesday night when he logged onto the Veteran Affairs’ E-Benefits website.
It gave me a different person’s name, each and every time I came back,” Woodland said. At first I thought it was just a glitch, but the more I thought about it, I said, wait a minute, this is more than a glitch, this is a breach.”
Woodland was on the VA’s E-Benefits website trying to track down his own history for a bank loan. Instead, windows kept popping up displaying other veterans’ medical and financial information.
“When you click on these hyperlinks here, it takes you to the bank account, the direct deposit, bank account, last four, what bank is it for,” Woodland said. “I’ll bet he has no idea that I’m sitting here in my house with his information.”
Read more on ABC.

A Guide to stealing 110 Million items? They never say this was used on Target, but that's how it is being reported.
Report to Government on Massive Theft of Credit Card Data From Retail Customers
by Sabrina I. Pacifici on January 16, 2014
KAPTOXA POS Report Overview – “iSIGHT Partners, working with the U.S. Secret Service, has determined that a new piece of malicious software, KAPTOXA (Kar-Toe-Sha), has potentially infected a large number of retail information systems. This software can find, store, and then transmit sensitive information such as credit card and PIN numbers. These findings are part of a need-to-know joint report released today by the Department of Homeland Security, USSS, FS-ISAC and iSIGHT Partners. The use of malware to compromise payment information storage systems is not new. However, it is the first time we have seen this attack at this scale and sophistication. Importantly, this software contains a new kind of attack method that is able to covertly subvert network controls and common forensic tactics, concealing all data transfers and executions that may have been run, rendering it harder to detect. Many retail organizations may not know that they have been infected, or that they have already lost data.”

A bit confusing because the PDF states that they no longer do Criminal Record checks, but then states that they do report prior convictions.
B.C.’s Information and Privacy Commissioner Elizabeth Denham invites public submissions on her investigation into the use of police information checks. Interested citizens or groups are welcome to answer the questions the Commissioner has posed in this consultation letter. In addition, or alternatively, the public can provide our Office whatever views they may have on the subject including any particular experiences they have had with police information checks. We would appreciate receiving these responses by email to no later than February 21, 2014.
Read the background and more about this issue here (pdf)
[From the PDF:
There is an increasing trend towards the use of police information checks as a screening tool for employers to assist in determining the suitability of a prospective employee or volunteer. While these individuals consent to the conduct of the check before it takes place, it is unlikely that an individual who refuses a check will still be considered for an employment or volunteer position.

A bit geeky and still incomplete.
A Closer Look at the Target Malware, Part II
Yesterday’s story about the point-of-sale malware used in the Target attack has prompted a flood of analysis and reporting from antivirus and security vendors about related malware. Buried within those reports are some interesting details that speak to possible actors involved and to the timing and discovery of this breach.

Yes, I can reach your appliances, but I can't use them to empty your bank account. Or can I?
The Internet Of Things Has Been Hacked, And It's Turning Nasty
Don't say we didn't warn you. Bad guys have already hijacked up to 100,000 devices in the Internet of Things and used them to launch malware attacks, Internet security firm Proofpoint said on Thursday.
It's apparently the first recorded large-scale Internet of Things hack. Proofpoint found that the compromised gadgets—which included everything from routers and smart televisions to at least one smart refrigerator—sent more than 750,000 malicious emails to targets between December 26, 2013 and January 6, 2014.
… Pinging one device brought up a login screen that said: Welcome To Your Fridge. She typed in a default password—something like “admin” or "adminadmin," Knight said—and suddenly had access to the heart of someone's kitchen.
… “Embedded operating systems deployed in firmware tend to be old, not patched very frequently, and there are known vulnerabilities to virtually all of them,” Knight said.

Fire up the Gulfstream, I'm heading to Brussels! Oh, wait. I don't have a private jet. Darn! Anyone want to make a large donation to my Blog? NOTE: I get in free, so all I need is the jet.
You are kindly invited to the seventh edition of the ‘Computers, Privacy & Data Protection’ (CPDP) conference, to be held on 22-24 January 2014 in Brussels, Belgium. The conference will include panels covering all current debates in the field: the data protection reform in the European Union, PRISM, big data, privacy by design, cloud computing, biometrics, and e-health and will have special sessions on impact assessments, Roma empowerment in the digital era and other topics. Over 60 panels are scheduled.
Read more of the press release on
[From the article:
For more information about:
Members of the press with an official press card can register free of charge as "press on invitation"

What if that file of random looking characters is a file of random looking characters? How does one prove that gibberish is not encrypted evidence? (Because apparently the police need not prove it isn't)
Clink! Terrorist jailed for refusing to tell police his encryption password
A convicted terrorist will serve additional time in jail after he was found guilty of refusing to supply police with the password for a memory stick that they could not crack.
Syed Farhan Hussain, 22, from Luton, was handed a four-month sentence at the Old Bailey on Tuesday after a jury took just 19 minutes to deliver the guilty verdict.
Judge Richard Marks QC sentenced him for not complying with a notice to give up his password. The refusal was contrary to section 53 of the Regulation of Investigatory Powers Act 2000, the UK's wiretapping law.
Police had issued Hussain with the notice under section 49 of RIPA to force him to let the cops into his USB stick.
The judge said Hussain's deliberate refusal to comply with a police notice and hand over his password was a very serious matter because it served to frustrate a police investigation, the BBC reports.

Imagine deleting (or forcing the deletion) of video showing teachers breaking the law. Really bad idea. Wouldn't the Best Practice be to hold the phone until Mom or Dad can see what the school wants to delete? Or is the school saying, “We don't need no stinking parents?”
Luke Hammill reports:
It’s been almost two months since controversy erupted at Hillsboro’s R.A. Brown Middle School over staff reviewing and deleting video on students’ cell phones. In its first work session since the holiday break, the Hillsboro School Board reacted Tuesday evening by examining its search and seizure policies.
Hungerford said the relevant court cases have given conflicting rulings about how broad searches can be, but school officials must have “reasonable suspicion” that a student violated school rules in order to search him, and the search must be “reasonable in scope.” For instance, if a student is reasonably suspected of stealing a football, Hungerford said, a teacher cannot make him empty his pockets.
He said he doesn’t think it’s a good idea for school officials to ever delete material off of a student’s phone. Hungerford also recommended that in a sensitive situation – he gave the example of students texting each other photos of an exam – teachers or administrators should direct students to delete the photos themselves, and then discipline them for insubordination if they don’t comply.
Read more on Oregon Live.

Oh my, Justin Bieber's privacy has been violated! Seriously, is this now normal police procedure?
Cops searching Justin Bieber's seized cell phone for egging clues
Police investigating vandalism allegations against Justin Bieber are searching his cell phone for clues after seizing the mobile during a raid of his California home on Tuesday (14Jan14).
Cops descended on the Baby hitmaker's Calabasas mansion after a neighbour complained to authorities last week (09Jan14), when the singer was reportedly discovered hurling eggs at his front door.
Detectives took Bieber's iPhone away as evidence during the search, and tech experts at the Los Angeles County Sheriff's Office are currently scanning the device for any potentially incriminating photos, text messages or other material.
… Officers are also studying surveillance footage taken from Bieber's pad, which was equipped with a "well operated" security system.

Justin Bieber is worried about what cops are going to find on his cell phone, but we're told his issues involve nakedness and drugs ... not so much eggs.
Law enforcement sources tell us ... when they searched Justin's house Tuesday, they seized his cell phone ... took it right out of his hot little hands. Sources say cops are interested in texts that could incriminate him. Cops want to see if he texted someone after the fact and bragged about the egging. One law enforcement source called it a "text high 5."
Sources tell us ... he's concerned more about drug discussions and references. Even if cops find drug references, Justin's in the clear given there's no physical evidence -- nonetheless J.B. is afraid it will leak out.
We're told he's also concerned that there are naked photos in his phone, although we don't know if they're action shots, selfies, etc.
And we're not even going to mention bad grammar.

Will this force the addition of a “working” light? Perhaps a little flag?
Ticket for driving in Google Glass dismissed
It may have been the most anticipated traffic court date ever.
Southern California resident Cecilia Abadie appeared in San Diego traffic court on Thursday for speeding and for wearing Google Glass while driving. It is considered the first time someone has been cited for wearing the face-mounted technology while driving.
Commissioner John Blair threw out both charges, stating there wasn't enough evidence to prove beyond a reasonable doubt that the Google Glass was turned on at the time. It is only illegal to wear the device while driving if it is operational.
… "It doesn't necessarily answer the question everybody wanted: Is it legal to drive down the road wearing Google Glass while it's operating?" said William Concidine of My Traffic Guys. Concidine and his partner, Gabriel Moore, are the traffic ticket attorneys who defended Abadie in court on Thursday.

Amusing. I guess you grab anything for a bit of attention when you are fund raising... (This links to the AMA session)
Hi Reddit,
I am Daniel Ellsberg, the former State and Defense Department official who leaked 7,000 pages of Top Secret documents on the Vietnam War to the New York Times and 19 other papers in 1971.
Recently, I co-founded the Freedom of the Press Foundation. Yesterday, we announced Edward Snowden, NSA whistleblower, will be joining our board of directors!
Here’s our website:
I believe that Edward Snowden has done more to support and defend the Constitution—in particular, the First and Fourth Amendments—than any member of Congress or any other employee or official of the Executive branch, up to the president: every one of whom took that same oath, which many of them have violated.
Ask me anything.

Perspective. At the start of each Quarter, I ask if there are any SciFi readers in my classes. I'm happy to find one in 25. Owners of eBook readers is about 1 in 15.
E-Reading Rises as Device Ownership Jumps
The percentage of adults who read an e-book in the past year has risen to 28%, up from 23% at the end of 2012. At the same time, about seven in ten Americans reported reading a book in print, up four percentage points after a slight dip in 2012, and 14% of adults listened to an audiobook.
Though e-books are rising in popularity, print remains the foundation of Americans’ reading habits. Most people who read e-books also read print books, and just 4% of readers are “e-book only.”

Something we could get at our school?
Yale students made a better version of their course catalogue. Then Yale shut it down.
A pair of Yale students and brothers, Peter Xu and Harry Yu, built a site that let students plan out their schedules while comparing class evaluations and teacher ratings for the past three semesters. Thousands of Yale students used it, apparently finding it a better resource than similar sites run by the university. But this week, as the "shopping period" where students are able to try out classes and finalize their schedules began, Yale not only blocked the Web site from campus networks, labeling it "malicious," but forced the brothers to take it down or face disciplinary action.

For my Students. The only concern I have is that $2.99 is $2.99 too much. But then, I didn't spend $300-$500 for an iPad.
Collect, Extract & Organize Research Fast With Summary Pro for iPad
… Web annotation services like Diigo (one of my favorites) and the clipping features provided by Evernote are great for collecting, organizing, and reviewing research, but Summary Pro streamlines the note clipping process and helps keep your research organized.
Summary Pro includes an in-built web browser
… As you browse and read articles and documents, you can tap on one of three cutting tools (rectangle, circle, or free hand) and select content you want to clip and save.
Next, swipe the selection to the left and it gets saved in a folder.
Summary Pro ($2.99)

Too cool for my students? A great way to remind myself of all that Jazz I listened to as a kid.
The History of Popular Music, According to Google
Google unveiled a new way to look at the history of music today, Music Timeline.
Drawing on the songs that reside in the collections of millions of Google Play users, the company created a visualization of the popularity of various artists and genres from 1950 to today.

No comments: