Thursday, July 31, 2014
Looks like some people are taking Russia's offer seriously.
Tor Warns of Attack Attempting to Deanonymize Users
The Tor Project has disclosed details of an attack which appeared to be an attempt to deanonymize users of the popular anonymity network.
According to Tor Project Leader Roger Dingledine, the attack was detected on July 4 while the organization was trying to identify attacks leveraging a method discovered by researchers at Carnegie Mellon University's CERT.
The researchers, Michael McCord and Alexander Volynkin, planned on detailing a way to break the anonymity network by exploiting fundamental flaws in its design and implementation at the upcoming Black Hat security conference, but their presentation was cancelled because their materials had not been approved for public release by the Software Engineering Institute at Carnegie Mellon University.
Probably small, but not the kind of message you want to send your customers. Points for honesty? Probably not. I wonder if they have records (activity logs) going back to 2011?
Ouch. Lasko is notifying some customers of the Lasko and Air King web sites that on July 2, they became aware that some customers were receiving phishing e-mails. Investigation suggested that it may have been related to a hack of their system that exposed customers’ names, email addresses, phone numbers, credit card numbers and card expiration dates.
“Although most of the activity associated with this unauthorized hacking into our computer network appears to have occurred during March – June 2014, we can not rule out the possibility of unauthorized access to our network leading to the exposure of credit card information dating back to 2011,” writes Edward V. McAssey III, Chief Operating Officer. The meta-data for their submission to the California Attorney General’s Office indicates that the hack may have occurred in December 2011.
Those notified were offered a year of free services through AllClear ID, but there’s no indication in the letter how many customers are being notified.
(Related) People say they are concerned, but they don't seem to act that way.
Customer Loyalty Seriously Affected by Data Breaches: SafeNet
A global survey conducted by data protection solutions provider SafeNet once again confirms that data breaches, especially ones that involve financial data, have a negative impact on customer loyalty.
According to the study, 65% of the roughly 4,500 respondents are unlikely to do business with a company that experienced an incident in which credit card details, bank account numbers or online banking login data was stolen. Consumers in the United States and Germany appear to be the least concerned, with 54%, respectively 53%, saying that they would not do business with a firm that suffered a data breach. Japan is at the other end of the poll with 82%.
… The Q2 Breach Level Index published by SafeNet on Wednesday shows that a total of 175 million records were exposed worldwide in the second quarter as a result of the 237 data breaches that occurred during this period.
Security as “competitive advantage.” Interesting.
Can BlackBerry Become The Next Security Superpower?
BlackBerry announced its intent to acquire Secusmart. It’s a company that offers high-security voice and data encryption and anti-eavesdropping solutions for government organizations, enterprises and telecommunications service providers.
… BlackBerry is hanging its hat on becoming the next security company…and that’s not a bad thing. BlackBerry is making progress with its Enterprise Mobility Management (EMM) solution but this is a tough market to win against the likes of Vmware/Airwarch and Mobileiron.
Is this all in reaction to NSA surveillance?
iPhone App "Signal" Enables Free Encrypted Phone Calls
Open Whisper Systems, the creators of the RedPhone secure calling app for Android, announced on Tuesday the availability of Signal, an iPhone application that lets users make encrypted voice calls worldwide for free.
According to the open source software group, Signal is specifically created for mobile devices and it's fully compatible with RedPhone. The new application uses existing phone numbers and it's designed to display only contacts that area reachable through Signal.
Users don't need any passwords when utilizing the app. Instead, both the caller and the receiver are presented with a pair of words. If the words match on both ends, the connection is secure; if not, someone is possibly eavesdropping on the conversation.
In order to ensure that communications are protected, Signal uses ZRTP, a protocol invented by Phil Zimmermann, who is also the creator of Pretty Good Privacy (PGP). In fact, Zimmermann also co-founded Silent Circle, a company providing encrypted communications services.
Is DNA like fingerprints? I kinda think it is.
Ian Duncan reports:
An appeals court on Wednesday sanctioned the police’s use of genetic material obtained in one investigation to solve other crimes, but agreed with attorneys for a burglar that questions surround the little known practice.
Three judges of the Court of Special Appeals upheld the burglary conviction of George Varriale, a homeless Anne Arundel County man, which was based in part on DNA that he had voluntarily given to police to clear himself in a rape investigation.
Read more on Baltimore Sun.
(Related) Do we need a global DNA database? (No doubt the FBI would volunteer to run it)
A ‘mass exchange’ of DNA profiles between the Netherlands and Belgium may have helped solve hundreds of crimes, Belgian media report on Thursday.
In total, 1,745 matches were found when crime scene DNA held in data banks in the two countries was compared. In 576 cases, DNA found at a crime scene in one country could be linked to someone who had been forced to give a sample in the other.
Belgium will also soon make DNA exchanges with German and French DNA banks.
Since 2005, everyone convicted of a crime punishable by four years or more in jail in the Netherlands must give a dna sample. This is kept on the data base for 20 years.
There’s no mention in this article of any privacy or human rights concerns. How would you feel if the U.S. shared your DNA with other countries for law enforcement purposes? I can see querying in particular cases, but mass exchange?
No decision, but lots of argument.
A National Consensus: Cell Phone Location Records Are Private – EFF
by Sabrina I. Pacifici on Jul 30, 2014
“The Fourth Amendment protects us from “unreasonable” government searches of our persons, houses, papers and effects. How courts should determine what is and isn’t reasonable in our increasingly digital world is the subject of a new amicus brief we filed today in San Francisco federal court. At issue is historical cell site data—the records of the cell towers a customer’s cell phone connects to. The government has long maintained that it’s unreasonable for customers to expect those records to remain private. As a result, the government argues it does not need a search warrant to obtain historical cell site records from cell phone providers. Federal appeals courts are divided on the issue. In 2013, the Fifth Circuit Court of Appeals, which covers Louisiana, Mississippi and Texas, ruled there was no expectation of privacy in historical cell site data. But last month, the Eleventh Circuit Court of Appeals, which covers Alabama, Florida and Georgia, reached the opposite conclusion, ruling people did have an expectation of privacy in this information. Federal magistrate judge Nathanael Cousins in San Francisco, who is not required to follow either the Fifth or Eleventh Circuit–he’s bound to follow the Ninth Circuit which hasn’t ruled on the issue yet–recently requested the local U.S. Attorney’s office to explain why the government believed it did not need a search warrant to obtain cell site records. He invited the San Francisco Federal Defender to file a response as well, and we filed an amicus brief supporting a warrant requirement. The ACLU of Northern California and University of San Francisco law professor Susan Freiwald and EFF special counsel Marcia Hofmann also submitted amicus briefs. A Fourth Amendment “search” is an intrusion upon something in which a person has a subjective expectation of privacy that society considers reasonable. By definition, determining whether a search is “reasonable” requires looking at what society considers to be deserving of privacy protection. So our amicus brief explains why many Americans actually expect this detailed and sensitive location information to remain private, even when it’s stored by phone companies.”
Today it's to study traffic flow, tomorrow it will be for “prevention of terrorism!”
Soo Kim reports:
All mobile phones logged into the Wi-Fi network at Helsinki Airport will be monitored by an in-house tracking system that identifies passengers’ real-time movements.
The technology has been criticised by privacy advocate groups, but is said to be aimed at monitoring crowds and preventing bottlenecking at the airport, which sees around 15 million passengers a year, Bloomberg reports.
Read more on The Telegraph.
Another case of lawyers (and lobbyists) knowing more about health tan mere doctors?
John Commins reports that physician groups will appeal the 11th Circuit ruling upholding Florida’s “Docs vs. Glocks” law. I am glad to hear that as I think the law is not only a gag on health professionals’ First Amendment rights, but a prohibition on professional speech/conduct that is a disservice to public health and safety. In my opinion, states should only be interfering in (regulating) doctor-patient discussions or care when there is sufficient evidence that a practice causes harm or puts patients at unacceptable risk. There has been no such demonstration in this case.
Just as pediatricians and those of us who work with children may routinely inquire about a child’s nutrition and sleep patterns in screening for factors that may contribute to health and functioning, so too do professionals screen for other factors that may affect our patients’ health – including the presence of guns in homes where there are impulsive or curious young children. Mental health issues such as depression or anger issues are not the only reason or justification for asking about guns.
Those supporting the Docs vs. Glocks law seem to believe that inquiring is just an attempt by professional groups to condemn guns or interfere with adults Second Amendment rights to own guns. It’s not. It’s an attempt to do our jobs properly.
And given that we are required to maintain patient confidentiality and no law requires us to record all of a patient’s answers, why is there even a problem?
In any event, the Docs vs. Glocks needs to be struck down - to protect the health and safety of the public and so that health professionals’ hands are not unreasonably tied. If the state wants to regulate our speech, it should have to meet a higher level of scrutiny.
Perhaps my Ethical Hackers could do the same here? Students only? (Not really)
Facebook app gives free Internet to mobile users in Zambia
Facebook introduced an app on Thursday that will give mobile phone subscribers in Zambia access to a set of free basic mobile data services—and Facebook.
The app is part of Facebook’s Internet.org project that aims to bring Internet access to the two thirds of the world’s population that doesn’t have it. With the app, people can browse a set of health, employment and local information services without data charges, Facebook said on Thursday.
“By providing free basic services via the app, we hope to bring more people online and help them discover valuable services they might not have otherwise,” Facebook’s director of product management, Guy Rosen , wrote.
… Facebook has already done something similar in the Philippines where it partnered with service provider Globe to offer services for free. It also has partnered with carrier Tigo in Paraguay in the early stages of the Internet.org project. According to Facebook CEO Mark Zuckerberg the number of Internet users doubled in the Philippines while Tigo saw the growth of Internet users rise by 50 percent as a result as a result of the tests.
I wonder of Facebook et al pay for this?
What Sprint's New Wireless Plan Says About the Future of Mobile
Sprint and Virgin Mobile USA announced phone plans Wednesday that will let you access only four of the most popular social media apps in the country.
Marketed with parental controls and targeted toward families, customers can pay $11.98 for the new Virgin Mobile Custom plan, a no-annual-contract program for unlimited access to one of four social media apps: Facebook, Twitter, Pinterest or Instagram.
Each pre-paid $6.98 base plan includes 20 minutes of voice and 20 texts. Another $5 provides customers with unlimited access to one of those four apps. Or, you can choose to pay $15 for access to all four of those apps.
“Phones have migrated largely away from ‘talking’ at this point and are much more utilized for apps, searching and making purchases,” said Ken Wisnefski, founder and CEO of online marketing agency WebiMax. “Talking is secondary. Who talks on a phone anymore?”
...'cause us teachers love Wikipedia.
– enables you to have the whole of Wikipedia on hand wherever you go. On a boat, in the middle of nowhere or in jail, Kiwix gives you access to the whole of human knowledge. You don’t need the Internet, as everything is stored on your computer, USB flash drive or DVD. Kiwix is free software, which means you can freely copy, modify and distribute it.
[From the webpage:
Kiwix is mostly installed in schools, universities and libraries which can't afford a broadband Internet access. It is much faster than the Internet and also can be used by many institutions to save bandwidth and reader's time. But many people use Kiwix for their own personal purposes, for example, of people suffering from censorship or prisoners.
Translating student speak. (Of course, you can always Google it)
How To Speak Gen Z
Have you ever received text messages from Mum or Dad (maybe Grandma) asking,”What’s ‘LOL’?” or “What’s “FML’?” If you’re still unsure about the lingo of today’s generation Z, here’s a quick cheat sheet to get you back on track.
While you’re at it, you may as well learn the alphabet the geeky way, as opposed to learning the alphabet the obsolete way.
For my students.
Tech Jobs of the Future: What To Study If You Want a Cool Job Tomorrow
… If you’re a student and looking to establish yourself in a field of study that has a bright future in the world of high technology, then you’ll need the mindset of a futurist. Understanding the direction of technology will help you decide how you want to position yourself to succeed, and figure out exactly what you need to study to get there.
Modern state of the art throughout the world of tech ranges across many disciplines, including virtual reality, artificial intelligence, drones, and even biotechnology. How do you know where to start? The following are a few examples of the sort of tech jobs you can expect to see within the next 5 to 10 years if advancements continue along the paths they are going. Review them and decide whether your personality and interests would make you a good candidate for any of these future jobs.
Virtual Reality Designers
Smart Home Programmers
Artificial Intelligence Programmer