Wednesday, July 09, 2014

Your government in action! “After a typically through review by our skilled analysts, their managers and our legal department...”
DHS Mistakenly Releases 840-pages of Critical Infrastructure Documents Via Mishandled FOIA Request
The U.S. Department of Homeland Security (DHS) has released hundreds of documents, some of which contain sensitive information and potentially vulnerable critical infrastructure points across the United States, in response to a recent Freedom of Information Act (FOIA) request about a cyber-security attack.
The Operation Aurora attack was publicized in 2010 and impacted Google and a number of other high-profile companies. However, DHS responded to the request by releasing more than 800 pages of documents related to the 'Aurora' experiment conducted several years ago at the Idaho National Laboratory, where researchers demonstrated a way to damage a generator via a cyber-attack.
The documents are posted on The information request was made May 17. On July 3, the agency replied with the mistaken documents.
Of the documents released by the DHS, none were related to the Operation Aurora cyber attack as requested.
According to information on the MuckRock site, the person who filed the FOIA request received a "no-responsive documents" response from the FBI in reaction to the FOIA request, while the National Security Agency notified him that his request for information is being processed.
The incident the FOIA request was actually about, the Operation Aurora cyber attack, impacted dozens of organizations, including Juniper Networks and aerospace and defense company Northrop Grumman, and is believed by many to have been perpetrated by hackers from China.

What could possibly go wrong.
Verizon’s Transparency Report for the First Half of 2014
by Sabrina I. Pacifici on Jul 8, 2014
“In the first half of 2014, Verizon received approximately 150,000 requests for customer information from federal, state or local law enforcement in the United States. We do not release customer information unless authorized by law, such as a valid law enforcement demand or an appropriate request in an emergency involving the danger of death or serious physical injury… Verizon has teams that carefully review each demand we receive. We do not produce information in response to all demands we receive. In the first half of this year, we rejected as invalid approximately three percent of the subpoenas we received and approximately four and one-half percent of the orders and warrants we received. We might reject a demand as legally invalid for a number of reasons, including that a different type of legal process is needed for the type of information requested. When we reject a demand as invalid, we do not produce any information… In the first half of 2014, the 72,342 subpoenas we received sought information regarding 132,499 information points, such as a telephone number, used to identify a customer. These customer identifiers are also referred to as “selectors.” On average, each subpoena sought information about 1.8 selectors. The number of selectors is usually greater than the number of customer accounts: if a customer had multiple telephone numbers, for instance, it’s possible that a subpoena seeking information about multiple selectors was actually seeking information about just one customer. We have also determined that during the first half of the year, approximately 75 percent of the subpoenas we received sought information on only one selector (and thus only one customer), and approximately 90 percent sought information regarding three or fewer selectors (and thus three or fewer customers).”

Not a bad summary.
The Intersection of Cloud And Internet of Things And What It Means For Security
Last month, and Philips announced their plan to build an open cloud-based healthcare platform. In the initial application, this “platform” will allow healthcare software developers, producers of medical services, insurance companies, and healthcare providers to monitor patients with chronic conditions. Healthcare information utilizing digital patient-sensing devices (internet of things) send information to the cloud to be remotely processed and monitored, allowing healthcare providers to prioritize care.

Another Thing for the Internet of Things.
All Hail the Humble Solar-Powered Trash Bin
The solar-powered trash compactors that have appeared on the streets of Philadelphia and other cities can go 4 times as long as old-fashioned wire baskets before needing to be emptied, saving municipalities millions of dollars, according to CNN. Not only that, they send alerts when they’re full, making pickup much more efficient. Philadelphia was able to reduce the size of its trash-collection crews by 73% as a result.

How negotiations work in the Internet Age?
Amazon offers Hachette authors 100% of ebook sales
… The online retailer and book publisher have been locked in a negotiating battle over how much of a slice of ebook sales each should receive. To put pressure on Hachette, Amazon has started stocking fewer of its books, meaning customers must wait longer for delivery, and refusing to take pre-orders on new titles, hurting their chances in sales charts.
Now, Amazon has sent a letter to Hachette authors, proposing a deal whereby they would receive 100% of the sales price of their ebooks - with not a penny going to Amazon or the publisher - until an agreement is reached.
… However, the publisher said it would be "suicide" to accept the deal, and called on Amazon to "withdraw the sanctions they have unilaterally imposed".
Amazon replied that was "baloney" pointing out that Hachette is part of a $10 billion conglomerate.

Clearly creates the possibility of an “undue reliance” error. (You say “omnipresent,” I say “ubiquitous” – either way we confuse my students.
Complex Operational Decision Making in Networked Systems of Humans and Machines
by Sabrina I. Pacifici on Jul 8, 2014
“Over the last two decades, computers have become omnipresent in daily life. Their increased power and accessibility have enabled the accumulation, organization, and analysis of massive amounts of data. These data, in turn, have been transformed into practical knowledge that can be applied to simple and complex decision making alike. In many of today’s activities, decision making is no longer an exclusively human endeavor. In both virtual and real ways, technology has vastly extended people’s range of movement, speed and access to massive amounts of data. Consequently, the scope of complex decisions that human beings are capable of making has greatly expanded. At the same time, some of these technologies have also complicated the decision making process. The potential for changes to complex decision making is particularly significant now, as advances in software, memory storage and access to large amounts of multimodal data have dramatically increased. Increasingly, our decision making process integrates input from human judgment, computing results and assistance, and networks. Human beings do not have the ability to analyze the vast quantities of computer-generated or -mediated data that are now available. How might humans and computers team up to turn data into reliable (and when necessary, speedy) decisions? Complex Operational Decision Making in Networked Systems of Humans and Machines explores the possibilities for better decision making through collaboration between humans and computers. This study is situated around the essence of decision making; the vast amounts of data that have become available as the basis for complex decision making; and the nature of collaboration that is possible between humans and machines in the process of making complex decisions.”

A project for Law School students? Colorado isn't there yet. (and some of my programmers)
America’s Laws Are the People’s Public Property
by Sabrina I. Pacifici on Jul 8, 2014
The State Decoded software provides you with a people-friendly way to access your local, state, and federal legal code.
  • “Careful organization by article and section makes browsing a breeze.
  • A site-wide search allows you to find the laws you’re looking for by topic.
  • Scroll-over definitions translate legal jargon into common English.
  • Downloadable legal code lets you take the law into your own hands.
  • Best of all, everything on the site remains cost-and restriction-free.”
[From the website:
The America Decoded network is based on The State Decoded platform. This software is freely available for developers to use and modify.
You may want to start with the documentation.

For my Computer Security students. Also grab the Verification Handbook at:
Microsoft Issues New Advice on Defending Against Pass-the-Hash Attacks
Microsoft on Tuesday released new guidance to help customers defend against credential theft stemming from Pass-the-Hash (PtH) attacks.
In a new white paper called Mitigating Pass-the-Hash and Other Credential Theft, version 2, Microsoft encourages IT professionals to “assume breach” to highlight the need for the use of holistic planning strategies and features in Microsoft Windows to become more resilient against credential theft attacks.
Microsoft describes Pass-the-Hash attacks as a technique in which an attacker captures account logon credentials on one computer and then uses those captured credentials to authenticate other computers over the network.
This latest 60-page report is a follow-up to a previously released report from Microsoft on guidance and mitigations for Pass-the-Hash attacks.

For my Computer Security video library.
A Real Story About Successful DDoS Mitigation
This short video will help you gain insight into how a cybersecurity professional like yourself successfully put an end to the damaging effects of a DDoS attack.

For my Computer Forensics students.
Amnesty International launches video tool and website to learn its use
by Sabrina I. Pacifici on Jul 8, 2014
Via Poynter – The YouTube Data Viewer enables you to enter in the URL of a YouTube video and automatically extract the correct upload time and all thumbnails associated with the video. These two elements are essential when verifying a YouTube video, and it’s information that’s difficult to gather from YouTube. The upload time is critical in helping determine the origin of a video. Finding the upload time of a YouTube video can be difficult — it’s not clearly displayed on the video page. The thumbnails are useful because you can plug them into a reverse image search tool such as Google Image or TinEye and see where else online these images appear. “Many videos are scraped, and popular videos are re-uploaded to YouTube several times on the same day,” said Koettl. “So having the exact upload time helps to distinguish these videos from the same day, and a reverse image search is a powerful way to find other/older versions of the same video. The goal is to offer non-technical users a tool and guidance to help them verify video, without requiring an expert such as Koettl. He said now his colleagues “will be able to do this basic research themselves by using the new tool, so not everything has to go through me for a basic assessment.” The same goes for journalists. The YouTube Data Viewer should join tools such as an EXIF reader, reverse image search, Spokeo, and Google Maps/Earth as one of the core, free verification tools in the verification toolkit. (For a list of other tools out there, see this section of the Handbook.)”

Because eventually even my students will be interviewing for jobs.
Brooks Brothers Teaches You How to Tie a Tie - Bow Ties Included
A couple of days ago I clicked on a Brooks Brothers sales advertisement while reading an article on Inc. That advertisement took me to a page featuring neck ties and a set of videos on how to tie five kinds of neck tie knots. The videos are hosted on Vimeo.
Why am I sharing these videos? Whether it's for an interview or a semi-formal affair at some point almost every male student will need to know how to tie a tie. These videos will be helpful when that time arrives in the life of a student.

For my students.
Microsoft Releases Countless Free eBooks
Microsoft has released a huge trove of free eBooks related to its products and services. Almost 300 free Microsoft eBooks and resources can now be found on MSDN, with Windows 7, Windows 8, Microsoft Office, SharePoint, and Azure amongst the products featured.

(Related) Have I mentioned this one recently?
Publishers Are Giving Away Bestsellers For Free
… Publishers and authors discount eBooks for several reasons. For example, in the case of The Da Vinci Code, Random House wanted to prime the pump for the new release of Inferno. Publishers and authors also run free or discounted eBooks to hook readers on a series, or build a following for a new author.
… In order to get the word out on these promotions, publishers and authors feature their deals on sites like BookBub. BookBub is unique in that it does not list every single free eBook on the market. Instead, BookBub’s expert editorial team selectively curates only the best eBooks to be featured in their email and on their website.

No comments: