Saturday, June 07, 2014
Heads-up Ethical hackers, they're talking about another of our tools.
Oh great: Is this new OpenSSL flaw worse than Heartbleed?
The Heartbleed flaw discovered in OpenSSL was one of the worst web vulnerabilities in history, but believe it or not it may have already been dethroned.
Even more incredible is the fact that once again, OpenSSL may be to blame.
The "CCS Injection Vulnerability" was discovered by Tatsuya Hayashi, who said it "may be more dangerous than Heartbleed," according to The Guardian.
Attackers can reportedly use this weakness to intercept and even alter data passing between computer and websites in a classic man-in-the-middle maneuver as long as they're on the same network, like a public Wi-Fi hub.
Isn't that what I've been saying?
Snowden Damage Apparently Less Than Feared: Report
Edward Snowden does not appear to have taken as much as originally thought from NSA files, The Washington Post reported late Thursday.
… "We're still investigating, [I doubt that. They should have finished an investigation like this in hours. Bob] but we think that a lot of what he looked at, he couldn't pull down," [Bologna! CNTL-A, CNTL-C, CNTL-V Any questions? Bob] Clapper said. "Some things we thought he got he apparently didn't," the director was quoted as saying.
Privacy in Canada.
Daniel Tencer reports:
Rogers Communications and internet service sartup TekSavvy have released the first-ever transparency reports from Canadian telecom companies, and what they have to say won’t lessen the concerns of privacy activists.
Rogers reported that it got 174,917 government requests for information about subscribers last year, or about 480 requests per day. That’s nearly one request for government data per 11 Rogers internet subscribers.
Read more on Huffington Post (Canada). In another post this morning, I note that Vodafone and Deutsche Telekom are also being more transparent now.
These are all great developments, and it’s appropriate that they are happening on or around the one-year anniversary of Edward Snowden’s revelations.
Privacy in the USA. This is strange.
Joe Wolverton, II writes:
Federal law enforcement officers recently seized the records of a local police force’s use of a controversial surveillance system known as “Stingray” just before the information was scheduled to be released to the public.
The U.S. Marshals Service “stunned” the American Civil Liberties Union (ACLU), which was waiting on the imminent release of the documents pursuant to a public records request the group filed earlier this year with the Sarasota, Florida, police department. The petition sought to shed light on the scope of the department’s use of the Stingray device.
According to the ACLU, its representatives were scheduled to be given access to the documents last Tuesday, but federal marshals showed up first and took possession of the entire cache, claiming they were the property of the U.S. Marshals Service. The feds forbade the local police from releasing the documents as planned.
Read more on New Amerian.
Some things are classified Top Secret when disclosure would cause "exceptionally grave damage." Other things are classified Top Secret when people think those things are very important. Yet others when the people choosing the classification think they are important.
EPIC v. NSA: EPIC Obtains Presidential Directive for Cybersecurity
by Sabrina I. Pacifici on June 6, 2014
EPIC - After almost five years, EPIC has obtained National Security Presidential Directive 54. The previously classified Presidential Directive contains the full text of the Comprehensive National Cybersecurity Initiative and “establishes United States policy, strategy, guidelines, and implementation actions to secure cyberspace.” This Directive, which is the foundational legal document for all cybersecurity policies in the United States, evidences government efforts to enlist private sector companies, more broadly monitor Internet activity, and develop offensive cybersecurity capability. EPIC first sought public release of NSPD-54 with a Freedom of Information Act request, submitted to NSA in June 2009. After the agency failed to disclose the document, EPIC filed suit. When a federal district court ruled in 2013 that the Presidential Directive was not subject to the Freedom of Information Act, EPIC then filed an appeal with the DC Circuit Court of Appeals. The document has now been disclosed to EPIC. The case is EPIC v. NSA, a Freedom of Information Act lawsuit in D.C. Circuit Court. EPIC has several related FOIA cases with the NSA pending in federal court. For more information see EPIC – EPIC v. NSA (Cybersecurity Authority).
This has potential, but I haven't found a link to check it out, yet.
Sam Evans-Brown reports:
There’s a database in New Hampshire, nestled in hard-drives in the Department of Education, with all sorts of information about student test scores, graduation rates, and achievement. It shows how poor kids do on tests compared to rich kids, and how minorities do compared to whites, and whether schools are improving on those tests.
Whenever the data in it is accessed, it’s totally anonymous; only a handful of employees at the DOE can match these test-scores with student names.
That makes New Hampshire already ahead of the curve, and that was the case before lawmakers passed a new student data privacy law.
National Privacy advocates are praising New Hampshire’s new measure, which Governor Maggie Hassan signed into law last week to basically no fanfare. They are saying it provides clarity in an area that in many states is largely unregulated.
Read more on NHPR
One part of the Net Neutrality debate?
Verizon tells Netflix to stop blaming it for streaming issues
… In a cease-and-desist letter sent to Netflix, Verizon said Netflix is making "false accusations" that have the "potential to harm the Verizon brand" and is engaging in "deceptive behavior."
At issue is a notice Netflix started running in Verizon homes earlier this week when buffering issues arose that said, "the Verizon Network is crowded right now."
"There is no basis for Netflix to assert that issues with respect to playback of any particular video session are attributable solely to the Verizon Network," Verizon General Counsel Randal Milch said in his Thursday letter to Netflix General Counsel David Hyman.
He went on to say that much of the problems consumers may be having are the fault of Netflix and the companies it uses to get its content to Verizon's pipes.
"Netflix has been aware for some time that a few Internet middlemen have congestion issues with some IP Networks and nonetheless, Netflix has chosen to continue sending its traffic over those congested routes," Milch said.
When does “tough business negotiations” tip over to monopolistic practices?
Amazon spat with publishers set to escalate
… The world's largest online retailer is already feuding with Hachette Book Group and Bonnier Media. Simon & Schuster and News Corp's HarperCollins will soon come up for renegotiation, say sources familiar with the matter, which means best-selling authors such as HarperCollins' Veronica Roth, writer of the Divergent trilogy, and Simon & Schuster's Michael Lewis could be entangled in the controversy.
Hachette's tussle will determine whether publishers can gain leverage against Amazon, the biggest seller of e-books, at a time when demand for digital tomes is surging and physical books are losing ground. Amazon is seeking a bigger cut of the retail price of a title so it can continue discounting e-books and boost margins, the sources said. To ratchet up the pressure on Hachette, Amazon started blocking some book pre-orders and delaying shipments - affecting titles such as The Silkworm, J.K. Rowling's new novel written under a pseudonym.
… Amazon commands 60 per cent of the e-books market, according to Forrester Research.
… ''Negotiating for acceptable terms is an essential business practice that is critical to keeping service and value high for customers in the medium and long term,'' Amazon said in an online post last week.
The tactics have hurt Hachette, the publisher of mass-market powerhouses like James Patterson and literary heavyweights like Donna Tartt. A few weeks into Amazon's campaign, Hachette relinquished its No.1 spot on the Digital Book World bestseller list, a sign of Amazon's dominance in the publishing industry.
Would “a personal representative of a deceased person’s estate” include a spouse or other heirs?
Access to Digital Accounts After Death Varies State to State
by Sabrina I. Pacifici on June 6, 2014
“The Uniform Law Commission, a body of lawyers who produce uniform legislation for states to adopt, recently drafted the “Fiduciary Access to Digital Assets Act (FADA).” It would grant fiduciaries (a catch-all term for the various types of people who can be legally appointed to hold assets) broad authority to access and control digital assets and accounts. FADA is considered by many attorneys to be an improvement over existing law because it would clarify and expand who can access a deceased person’s online accounts. The proposal would create four categories of fiduciaries who would be able to take over these accounts in the event of a death:
a personal representative of a deceased person’s estate;
someone carrying out a power-of-attorney;
a trustee of a trust; or
someone appointed by a court to act on behalf of a protected person.
Existing laws typically only apply to personal representatives. The Commission will vote on the proposed law in July. But two issues still remain. The first revolves around “media neutrality,” the idea that the treatment of assets should be the same regardless of whether they are digital or physical. The proposal would require certain fiduciaries to obtain access to digital assets, while it would be automatic for others.”
For my students.
More new jobs went to the college educated
US employers loaded up on college-educated workers in May.
A hefty 332,000 new jobs last month went to those who finished college, the Labor Department said Friday. That caused the jobless rate for college graduates to dip to 3.2 percent from 3.3 percent in April.
It was further evidence that businesses increasingly value educated workers, even when an advertised job doesn’t call for such a degree. The most recent estimate from the Federal Reserve Bank of New York found that, on average, one-third of college graduates work jobs for which their degrees aren’t necessary.
Does this signal an opportunity for Professional Employee Organizations? Security contractors.
Two-thirds of IT Employees Are Ready to Walk Out the Door: Survey
IT professionals are noticing a significant change in how they are regarded within their organizations, according to the latest research report from Wisegate, a private practitioner-based IT research services group. Instead of being treated as a nuisance or necessary evil, IT is increasingly being integrated into and respected by the business, according to the respondents—senior IT practitioners across a variety of industry sectors—who participated in the Wisegate survey.
But there is a gap somewhere, as many of the 362 IT professionals surveyed were looking for opportunities outside their organizations. Almost half of the respondents felt their organizations did not offer the opportunities they needed to advance in their careers. Two-thirds of the respondents said they expected to move on to another organization within the next two years. Respondents weren't just anticipating events beyond their control, as nearly half said they wanted to move within the year.
The full report is available online (PDF) from Wisegate.
I'll share this with my Statistics students, but I doubt they are old enough to appreciate it.
– Do you think time is catching up with you? Perhaps it’s already overtaken you and left you in the dust. Do the years seem to be going ridiculously quickly now? There’s a reason for it. You’re getting old. The site will provide you a report full of interesting stuff. Find out just how bad it’s got. Enter your date of birth.
For my students and fellow professors. Looks like we will get into Big Data (Data Mining and Data Analysis) in a much bigger way. Getting SAS for free is huge!
SAS® University Edition
By 2018, demand for workers skilled in analytics could outpace supply by 60 percent – or 1.5 million jobs – according to a McKinsey Global Institute study. Translation? Anyone with analytic prowess will be in high demand from employers around the world. What's more, a recent Monster.com article, "Job Skills That Lead to Bigger Paychecks," named SAS as the skill that nets the biggest paycheck. Bottom line, if you’re a student, learning SAS is a great way to prepare for – and secure – your future. If you’re a teacher or professor, teaching SAS is a great way to attract top students and to equip tomorrow's workers with the skills they'll need to succeed.
(Related) The “Why” of Big Data education.
What Big Data Needs to Do to Grow Up
We are in an Information Revolution — and have been for a while now. But it is entering a new stage. The arrival of the Internet of Things or the Industrial Internet is generating previously unimaginable quantities of data to measure, analyze and act on. These new data sources promise to transform our lives as much in the 21st century as the early stages of the Information Revolution reshaped the latter part of the 20th century. But for that to happen, we need to get much better at handling all that data we’re producing and collecting.
Consider the more than $44 billion projected by Gartner to be spent on big data in 2014. The vast majority of it — $37.4 billion — is going to IT services. Enterprise software only accounts for about a tenth.
Because it amuses me.
… Connecticut governor Dannel Malloy (D) signed a bill “to create and maintain a state platform for the distribution of electronic books (e-books) to public library patrons.”
… Onarbor is a new site, “intended as a publishing and funding platform for academics, kind of like a Kickstarter for scholarly work.” More via The Chronicle of Higher Education.
… Politico reports that Facebook has applied for a patent for “letting children create accounts with parental supervision”