Saturday, March 08, 2014
Clausewitz wrote that, “war is the continuation of politics by other means.” I've always taken that to mean that when politicians fail (i.e. really screw up) the result is war. That does not mean that both sides have to screw up. I also remember a Will Rogers quote, “ Diplomacy is the art of saying 'Nice doggie' until you can find a rock.”
Ukraine crisis 'created artificially' - Russia's Lavrov
Russian Foreign Minister Sergei Lavrov has said the crisis in Ukraine was "created artificially for purely geopolitical reasons".
He confirmed Russia had contacts with Ukraine's interim government but said Kiev was beholden to the radical right.
Russia, he said, was open to further dialogue with the West if it was "honest and partner-like".
Any “new” system runs the risk of unrecognized vulnerabilities. (There is low hanging fruit everywhere) Again we seem to have systems designed without considering “Best Practices.”
Audit finds high-risk security vulnerabilities in the automated systems used to process Medicaid claims
The Office of the Inspector General (OIG) of HHS recently released an audit that found pervasive high-risk security vulnerabilities at 10 state Medicaid agencies. The report is written so as not to provide a road map for attackers who might want to exploit the vulnerabilities but to raise awareness of concerns, i.e., the states are not identified in the report. The audit period included calendar years 2010 to 2012.
Seventy-nine individual audit findings were grouped into 15 security control areas within 3 information system general control categories: entitywide controls, access controls, and network operations controls.
You can download the full report here (.pdf).
Now this is nuts. Stingray and Hailstorm are tools, like a radar gun, and it might be useful to know how they work. (and how they fail) Could the vendors of “Red Light Cameras” hide behind a similar NDA?
I thought it was outrageous that law enforcement claimed they couldn’t tell a defendant that they had obtained evidence against him using Stingray because of a nondisclosure agreement with Harris, but it turns out that’s not the only police department citing a nondisclosure agreement with Harris as the basis for withholding information.
Jamie Ross reports:
A reporter sued the Tucson Police Department for records on the surveillance equipment it uses to collect data from cellphones.
Beau Hodai sued Tucson and its Police Department Tucson in Pima County Court, seeking an order to show cause why the Tucson PD should not have to comply with the public records act.
Hodai submitted his first records request to Tucson police on Oct. 11, 2013, “concerning TPD’s purchase and use of Stingray and Stingray II cell phone tracking equipment from Harris Corporation.”
In response to Hodai’s request, TPD provided him with four documents, but redacted them, citing exemptions in the Freedom of Information Act and a nondisclosure agreement with Harris Corp. and the Federal Bureau of Investigation.
The Tucson PD, however, failed to provide Hodai with “work product resulting from the use of Stingray or Stingray II,” requests or authorizations of Harris Corp. products in any police operations, training materials, and internal policies. The agency also failed to produce TPD memos describing when to use Stingray and external correspondence concerning the program.
The nondisclosure agreement between Harris Corp. and Tucson states: “The City of Tucson shall not discuss, publish, release or disclose any information pertaining to the Products covered under this NDA to any third party individual, corporation, or other entity, including any affiliated or unaffiliated State, County, City, Town or Village, or other governmental entity without the prior written consent of Harris … The City of Tucson is subject to the Arizona Public Records Law. A.R.S. sec 39-121, et seq. While the City will not voluntarily disclose any Protected Product, in the event that the city receives a Public Records request from a third party relating to any Protected Product, or other information Harris deems confidential, the City will notify Harris of such a request and allow Harris to challenge any such request in court. The City will not take a position with respect to the release of such material, beyond its contractual duties, but will assist Harris in any such challenge.”
Read more on Courthouse News.
Wow. So the city will assist business in trying to keep information from the public that the public has a right to know? Impressive.
Makes me think that the government should try to hire lawyers who have actually been to law school.
A federal judge with a secret court has refused the Obama administration’s request to extend storage of classified National Security Agency telephone surveillance data beyond the current five-year limit.
The Justice Department had argued several pending lawsuits over the bulk data collection program require it to preserve the records for a longer period of time.
Judge Reggie Walton, who presides over the Foreign Intelligence Surveillance Court, concluded on Friday the government had not overcome larger privacy concerns.
Read more on KEYT.
[From the article:
"The government makes no attempt to explain why it believes the records that are subject to destruction are relevant to the civil cases," said Walton in his 12-page order.
Is “they've screwed up before” a sufficient argument?
Seth Rosenblatt reports:
The proposed sale of WhatsApp to Facebook will violate the privacy expectations of WhatsApp’s users, two privacy groups argued Thursday in a formal complaint to the Federal Trade Commission.
Read more on CNET.
[From the article:
Facebook responded with an e-mailed statement to CNET that said, "As we have said repeatedly, Whatsapp will operate as a separate company and will honor its commitments to privacy and security."
For my Computer Security students. This works on Google, Facebook, Apple ID, Microsoft, Twitter, and other social media, gaming services and cloud storage sites.
Lock Down These Services Now With Two-Factor Authentication
Two-factor authentication is the smart way to protect your online accounts using something you know (like a password) and something you have (like a smartphone). Also known as two-step verification, it involves entering a code when logging in on new devices, and provides an excellent level of protection.
… We’ve already taken a look at the intricacies of two-factor authentication, and if a service you’re reliant on offers it; you should enable it. With two-factor authentication, every new log in attempt will require you input a code sent to you – normally via text message to a standard mobile number – before letting you in.
Every now and then, someone looks at old technology and says, “Why have we been doing it that way?”
Manu Prakash: A 50-cent microscope that folds like origami
(Related) A few other examples...
Democratized Science Instrumentation
Good things from strange sources? Should I have my students create a version of this App for Colorado? (If not, why not?) Could this work for ballot initiatives?
Michael Parkin: Internet Party's app will force others to follow suit
The week after next Kim Dotcom's Internet Party will push the go button in a very literal way.
The party is completing testing on its app, to allow would-be party members to sign up, pay their fees and submit their signature all at the flick of their fingers.
The party believes it has the Electoral Commission onside with the app having seen the Commission forced into the iPhone-age by, of all people, Peter Dunne, who was outraged that signatures could not be collected electronically as he tried to keep United Future above the 500 member threshold.
… Whatever the fate of the Internet Party might be two things are likely to result from its campaign:
1) The novelty value of an app to join a political party will ensure the Internet Party gathers the 500 members needed to register.
2) The app's popularity will force most other parties to follow suit by 2017.
For my Database students.
A Brief History of Databases