Thursday, August 21, 2014

An Ethical Hackers scorecard... An infographic for my Computer Security class. (Rankings are subject to debate.)
The 8 Biggest Security Breaches In History
In this digital age, almost all of your personal information stored electronically — credit cards, usernames, passwords, bank details, even photos and videos. Compare that with the past, when we used to only trust certain organisations — banks, for example. Are we now so carefree with our trust to allow almost anyone to store our private details for us?
Here’s a look at the worst security breaches in history, just to remind you that nothing is ever safe online.

Security theater.
Retired US airport body scanners fail to spot guns, knives
A type of body scanner in wide use across U.S. airports through last year fails to spot well-concealed weapons including guns and knives, computer security researchers contend.
The Rapiscan Secure 1000 full body scanner provides only "weak protection against adaptive adversaries," according to their paper, which will be presented on Thursday at the Usenix Security Symposium in San Diego. The researchers also set up a website with their findings.
"It is possible to conceal knives, guns and explosives from detection by exploiting properties of the device's backscatter X-ray technology," the paper said.
Although the Rapiscan Secure 1000 was retired from U.S. airport use last year, it is still used at court houses and prisons. Airports currently use millimeter-wave scanning technology, which the researchers have not tested.
… Part of the problem is that the manufacturers and the government have not allowed independent tests on such scanners for fear the disclosure of weakness could tip-off attackers to effective countermeasures, they wrote.
That strategy might be effective for some time, but it depends on maintaining tight purchase controls, they wrote.
"The root cause of many of the issues we describe seems to be failure of the system engineers to think adversarially," the paper said.

Intro to IT. The user as a test subject.
How Much Should You Know About How Facebook Works?
Every semester, Cornell professor Jeff Hancock asks his students to complete an experiment. First, he has them all Google the same search term. Then, he asks each student to turn to the right or left and compare the results on their screens.
What his students inevitably find, and what stuns many of them, he says, is how feeding Google an identical phrase can yield wildly different results. "They think your Google search is an objective window into the world," Hancock told me. "And they don't have a sense that they're algorithmically curated."
… Hancock co-authored a now infamous study about a secret Facebook experiment he and other researchers constructed to study emotional contagion. The work involved changing what users saw in their News Feeds as a way to manipulate their emotional states.
… One of Hancock's main areas of research has to do with "deception and its detection," according to his university website, a detail that people have asked him about, he says.
… Last month, Kate Crawford—a principal researcher at Microsoft—argued in these pages that users should be able to opt in to experimental groups. "It is a failure of imagination and methodology to claim that it is necessary to experiment on millions of people without their consent in order to produce good data science," Crawford wrote.

It's called, “being a victim of your own success.”
Google Hits Piracy Milestone
Google has a huge piracy problem, and it’s growing on a daily basis. According to TorrentFreak, Google is now asked to remove 1 million links every day, with copyright holders swamping the tech giant with DMCA takedown notices.
In 2008, Google received one request every six days, and now, in 2014, it receives one request every 8 milliseconds. The new record is 7.8 million in a single week, and the numbers are only set to increase from here on in.
Not all of these requests are honored, but the numbers are so vast that it must be getting more difficult for Google to determine which takedown requests are valid and which are bogus.

Remember, there are no weapons of mass destruction in the middle east.
Key Parts Of The Declassified US Report On The Chemical Weapons Attack In Syria
Below is the declassified U.S. intelligence assessment on the chemical weapons attack that took place in the suburbs of Damascus, Syria on August 21.
The administration considers it clear evidence that the regime of Bashar al-Assad carried out the attack with a nerve agent.
… Here's the full document: 08.30.2013++USG+Assessment+on+Syria (1)

Amusing and possibly useful.
Interactive Map of Breach-Notification Status
European member states are in the process of adopting laws and regulations that require businesses operating in their countries to notify government agencies and affected individuals when they experience breaches of personal data. Even as the EU Directive on Data Protection is being reviewed and might be replaced by a regulation, data breach notification laws, when adopted, will already apply in each Member State, mostly to telecommunications companies and Internet service providers. They are also expected to continue to evolve in how they are practically implemented before any Data Protection Regulation comes into force, which could ultimately mean that any entity processing personal data would be bound to data breach notification obligations. For many European companies, this will be a new experience fraught with challenges. American companies, in spite of their long experience with breach notification, will face new constraints and trigger points that will create a need for updating operational procedures and training EMEA staff.
See the map on Data Breaches Map. Rolling your cursor over a country’s name reveals the status of its laws.

For us winos...
Wine Stocks Directory Updated; New Research Shows US spent $21.2 Billion on Wine in 2013
New research from Canadean ( finds that in the US, women drink wine in order to relax and unwind, seeking good value options, whereas men are more likely to be wine buffs, searching for high quality and new drink experiences. In 2013 the US spent a total of $21.2 billion on wine. Women are the biggest drinkers accounting for 59% of consumption by volume compared to 41% for men.
According to Canadean’s new research, women desire products that will help them relax and unwind, with this need motivating over $6.7 billion in wine sales in 2013. Finding good value wine is also highly important to women: 15% of what they buy is driven by the search for products which give the best value for money. According to Catherine O’Connor, senior analyst at Canadean, this is partly due to women’s high wine consumption: Being more regular drinkers of wine than men, women look to find affordable offerings that allow them to enjoy the drink frequently without feeling guilt over their spending. This makes communicating value an essential part of how marketers should target women.”
Although they drink less wine than women, men spend more in the search for quality. Male wine consumers in the US are driven by the search for quality products and new drink experiences. Although they drink less wine than women, they spend considerably more money in their search for high quality products. Men spent $1.8 billion to meet this need in 2013, whereas women only spent $1.0 billion in their search for quality. Men are also driven to find products that offer new experiences, with this need fuelling $2.4 billion of their wine consumption compared to $2.2 billion of female consumption.”

Makes buying a used car safer.
DOT Launches Free, Online Search Tool for Recalls Using Vehicle Identification Number
by Sabrina I. Pacifici on Aug 20, 2014
“Every year, millions of vehicles are recalled in the United States due to safety defects or noncompliance with federal safety standards. To help car buyers, owners and renters know that their vehicles are safe and their safety defects have been address, the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) today unveiled a new, free, online search tool consumers can use to find out if a vehicle is directly impacted by a recall. The new tool is available on and provides consumers with a quick and easy way to identify uncompleted recalls by entering their Vehicle Identification Number (VIN). All major light vehicle and motorcycle brands can be searched… Also effective today, under the new NHTSA mandate, all major light vehicle and motorcycle manufacturers are required to provide VIN search capability for uncompleted recalls on their own websites. This data must be updated at least weekly. NHTSA’s new VIN look-up tool directly relies on information from all major automakers, and regularly updated information from the automakers is critical to the efficacy of the search tool. Consumers can find their vehicle identification number by looking at the dashboard on the driver’s side of the vehicle, or on the driver’s side door on the door post where the door latches when it is closed. Determining whether there is a recall that consumers need to take action on is easy. After entering the VIN number into the field, results will appear if the consumer has an open recall on their vehicle, and if there are none, owners will see “No Open Recalls…” Today’s announcement builds on NHTSA’s current efforts to provide consumers with information to help them make informed decisions, including the New Car Assessment Program (NCAP) 5-Star Ratings System, Recall envelope and Safercar mobile apps which provide on-the-spot information on crash protection features, advanced safety features, and recalls on new vehicles and many older models. In addition, NHTSA is working with the National Automobile Dealers Association (NADA) to help ensure that franchise dealerships across the United States become aware of and understand how to use the new VIN search tool.”

For students everywhere...
– is a global marketplace where you can find thousand of tutors from all parts of the world and learn a vast variety of subjects and topics online. Book quality affordable lessons from as low as $5. Pay for your lessons with your favorite credit card through a secure bank platform. Payments to teachers are only disclosed after lessons are completed and approved.

For my students who try that “TL;DR” stuff, a warning: These don't work all that well.
Too Lazy to Skim? Get The Gist With These Top 3 Summarization Tools
Ever looked at a long piece of writing and thought how convenient a quick summary would be? Felt too lazy to bother even skimming? Curious what the key points of your own writing are?
I tested a number of different free online summarization tools so you don’t have to. Just pick your favourite and off you go, ready to be lazier more efficient than ever at the click of a button.

For my App writing students.
Mobile App Development: Pressure on IT Will Increase
Forget about the frenzy surrounding mobile applications development abating or stabilizing anytime soon. Instead, it is going to increase over the next few years.
And all of those enterprise software vendor efforts to sell prepackaged mobile versions of their apps won’t make a big dent in your workload – internal development will continue to rule. Those and other surprises came out of a global survey and qualitative research report I was involved with over the past several months.
… The average number of mobile applications developed by the respondents’ organizations in the past year was nine. In addition, they purchased another nine from consultants, their enterprise software providers and other vendors. Most of the respondents’ organizations release a new version of a mobile app at least on a quarterly basis; 20% release a new app every month! And updates are even more frequent: 35% of the respondents update apps every month.
… Additional insights about the how and where of mobile applications development are included in the report. It is available here.

Free is good, copyright free is gooder.
The Public Domain Review - A Good Place to Find Public Domain Media
The Public Domain Review is a website that features collections of images, books, essays, audio recordings, and films that are in the public domain. Choose any of the collections to search for materials according to date, style, genre, and rights. Directions for downloading and saving media is included along with each collection of media.
As you might guess, nearly all of what I found in the collections on The Public Domain Review is content of a historical nature. The collections include short descriptions that explain the significance of the media you're accessing.
The Public Domain Review could be a great place to find historical media to use in history lessons, literature lessons, and art history lessons. If you're looking for colorful imagery to use as filler or backgrounds in slide presentations, the collections on The Public Domain Review are probably not your best bet. In that case, I would look to Pixabay for images that are in the public domain.

For my students, because we're a “Technical” university.
How do you Make Money on the Internet

Dilbert explains that even though working for Google is heaven, there's a catch.

No comments: