Saturday, September 27, 2014
“Yes, we're vulnerable. No, we don't know how to fix it yet.”
Oracle Shellshocked by Bash bug – but Exalogic folk will have to wait
Oracle has confirmed that at least 32 of its products are affected by the vuln recently discovered in the Bash command-line interpreter – aka the "Shellshock" bug – including some of the company's pricey integrated hardware systems.
The database giant issued a security alert regarding the issue on Friday, warning that many Oracle customers will have to wait awhile longer to receive patches.
"Oracle is still investigating this issue and will provide fixes for affected products as soon as they have been fully tested and determined to provide effective mitigation against the vulnerability," the company said.
Like many (most?) security breaches, initial estimates significantly understate the scope of the problem. It's not just Jimmy John's! So, who is at fault?
Signature Systems Breach Expands
… In a statement issued in the last 24 hours, Signature Systems released more information about the break-in, as well as a list of nearly 100 other stores — mostly small mom-and-pop eateries and pizza shops — that were compromised in the same attack.
“We have determined that an unauthorized person gained access to a user name and password that Signature Systems used to remotely access POS systems,” the company wrote. “The unauthorized person used that access to install malware designed to capture payment card data from cards that were swiped through terminals in certain restaurants. The malware was capable of capturing the cardholder’s name, card number, expiration date, and verification code from the magnetic stripe of the card.”
Meanwhile, there are questions about whether Signature’s core product — PDQ POS — met even the most basic security requirements set forth by the PCI Security Standards Council for point-of-sale payment systems. According to the council’s records, PDQ POS was not approved for new installations after Oct. 28, 2013. As a result, any Jimmy John’s stores and other affected restaurants that installed PDQ’s product after the Oct. 28, 2013 sunset date could be facing fines and other penalties.
[Local victim: Garlicknot - Littleton, CO
Does this mean that electrical records can not be used to justify a search warrant? Perhaps they can't be used as evidence in any form? (Because it tells us nothing about individuals?)
As reported by John Wesley Hall of FourthAmendment.com:
A smart electric meter that transmits information about electric usage every 15 minutes is not a search and seizure. Naperville Smart Meter Awareness v. City of Naperville, 2014 U.S. Dist. LEXIS 134861 (N.D. Ill. September 25, 2014)*
Read an excerpt from the opinion on FourthAmendment.com.
Maybe you should only use that “Fit” App if you are already fit? This article states a hypothetical, but in the future if you don't share this information you could be placed in the “doesn't care about his health” category.
How iPhone apps could impact your insurance
As part of Apple's new mobile operating system, developers can build apps that measure things like heart rate, sleep, weight and blood pressure. If users choose to do so, they can then send that information to doctors for medical advice.
Health insurers, which are barred by Obamacare from denying coverage based on pre-existing conditions, can't base their decisions on this kind of information. But the situation is different for life insurers, who use medical records to make decisions about the relative risks of prospective customers.
Something for my Data Analytics students to try their hand at?
Karen Gullo reports:
Data from two hard drives locked up in the San Francisco federal courthouse may make or break an effort to hold Google Inc. (GOOG) to account for what privacy advocates call an unprecedented corporate wiretapping case.
If 22 people who sued the company can pinpoint their personal data in a massive cache of communications that Google’s Street View cars captured from private Wi-Fi networks, their lawyers may be able to seek billions of dollars of damages from the the world’s largest search engine owner.
If they come up empty-handed, an outcome the company that pioneered search optimization is betting on, the case will join a stack of failed privacy lawsuits accusing Google, Apple Inc. (AAPL), Facebook Inc. (FB) and other technology companies of tracking, capturing or sharing personal information.
Read more on Bloomberg News.
[From the article:
“You have to show that you were the victim,” said Susan Freiwald, a law professor at University of San Francisco School of Law. “If they don’t, then why should they get money?”
The battle for damages against Google gets simpler if the plaintiffs find their communications on the drives, she said. Victims of wiretapping don’t have to show they suffered any harm or that the perpetrator profited from the data collection, said Freiwald, who isn’t involved in the case.
… Google fought unsuccessfully all the way to the U.S. Supreme Court to block the lawsuit, arguing that the federal Wiretap Act barring unauthorized interception of electronic communications didn’t apply to its Street View data gathering.
Last week, a federal judge ruled that the Mountain View, California-based company has to work with opposing lawyers to determine what’s on the hard drives.
A coming kerfuffle? If these allegations are true, the banks already own the press too and we'll hear very little of this until they are cleared of all charges.
Here's A Quick Guide To The Startling New Scandal Involving Goldman And The New York Fed
ProPublica and This American Life published a massive report alleging severe conflicts of interest between the New York Federal Reserve and Goldman Sachs.
"The Ray Rice video for the financial sector has arrived," Michael Lewis said.
This actually matters. Is there anyone to ready to succeed? (Or it maybe it's just gout.)
North Korean TV acknowledges leader Kim Jong Un's health problems
Kim, 31, who is frequently the centrepiece of the isolated country's propaganda, has not been photographed by state media since appearing at a concert alongside his wife on Sept. 3, fuelling speculation he is suffering from bad health.
He had been seen walking with a limp since an event with key officials in July and in a pre-recorded documentary broadcast by state media on Thursday appeared to have difficulty walking.
How to know more about congress than your congressman.
Congress.gov: Removing the Beta Label and New Enhancements
by Sabrina I. Pacifici on Sep 26, 2014
Via Emily Carr - Andrew Weber‘s news: The Library of Congress launched Congress.gov in beta two years ago. Today, I’m happy to announce we officially removed the beta label. That’s roughly three years quicker than Gmail took to remove its beta label, but we won’t give you the option of putting it back on Congress.gov. URLs that include beta.Congress.gov will be redirected to Congress.gov. There are a range of new enhancements in this release. One of the exciting additions is a new Resources section. This section provides an A-to-Z list of hundreds of links related to Congress. If you are not sure where something is located, try looking through this list. I quickly jump through the list using Ctrl+F and searching. You can find the new Resources page in the navigation on the top right or in the footer on every page. Check it out and leave a comment below…” To read more of Andrew’s blog highlighting enhancements, with handy screen shots, visit http://blogs.loc.gov/law/2014/09/congress-gov-removing-the-beta-label-and-new-enhancements/.
Free (and cheap?) stuff for my i-students.
Cheap Music Apps, Warhammer Quest & 2K DRIVE Free [iOS Sales]
For the children of my students. (because I can't figure it out.)
Kids Can Play the Roles of NASA Engineers on the NASA HIAD Game
HIAD is the name for NASA's Hypersonic Inflatable Aerodynamic Decelerator technology. In the NASA HIAD game (available online and as mobile apps) students learn to control HIADs to land them safely back on Earth. In the game students have to navigate the HIAD while accounting for velocity of the HIAD, wind speeds, timing of inflation, and shape of the HIAD. Make a mistake and the HIAD could burn up on re-entry or crash when it misses the landing zone. The game has four progressively more difficult levels. The first level teaches students the basics concepts and skills needed to complete the game.
I must ensure that my students know not to do this!
Pirate Bay Goes To College: Free Textbook Torrent Downloads Soar Amid Rising Costs
American college students struggling to afford textbooks are sharing copies of their books illegally on TextbookNova, the Pirate Bay and some of the same torrent sites that crippled the music industry. Many of the most popular books are available for free, with a correlation between the number of downloaders and the price of the book.
The College Board estimated in January that the average student spends $1,200 annually on textbooks. The price of books skyrocketed by 82 percent in the years between 2002 and 2013, a number high enough to convince 65 percent of students to decide against buying a book, according to a Government Accountability Office survey. Ninety-four percent of the GAO respondents who didn’t buy a book out of financial concerns admitted they did so even with the expectation that it would hurt them academically.
A MOOC by any other name...
The White House Promotes Open Education
The United States is committed to open education and will:
Launch an online skills academy. The Department of Labor (DOL), with cooperation from the Department of Education, will award $25 million through competitive grants to launch an online skills academy in 2015 that will offer open online courses of study, using technology to create high-quality, free, or low-cost pathways to degrees, certificates, and other employer-recognized credentials. This academy will help students prepare for in-demand careers. Courses will be free for all to access on an open learning platform, although limited costs may be incurred for students seeking college credit that can be counted toward a degree. Leveraging emerging public and private models, the investments will help students earn credentials online through participating accredited institutions, and expand the open access to curriculum designed to speed the time to credit and completion. The online skills academy will also leverage the burgeoning marketplace of free and open-licensed learning resources, including content developed through DOL’s community college grant program, to ensure that workers can get the education and training they need to advance their careers, particularly in key areas of the economy.
… “The U.S. Education Department has opened an investigation into charges that the Recovery School District’s policy of closing and chartering New Orleans public schools violated the civil rights of African-American students.” More via The Times-Picayune.
… Not to be left out of the news cycle: “Why Free Online Classes Are Still the Future of Education,” featuring edX’s Anant Agarwal.
… Clemson University has suspended its mandatory online course that required students fill out a detailed set of questions about their sex lives.
… A $15 million XPRIZE for Global Learning to build software so that children can teach themselves basic literacy and numeracy. NPR’s Anya Kamenetz has the most thoughtful reporting in a sea of what was otherwise uncritical churnalism about the project. For $10,000 you can support the effort via the initiative’s IndieGogo campaign and “sponsor a village” to help with testing. Or for $10,000 you can support the effort and get access to some Tony Robbins life-coaching thing.
… Edcast has raised $6 million in funding from SoftBank, Mitch Kapor, Menlo Ventures, Novel TMT Ventures, Cervin Ventures, Aarin Capital, NewSchools Venture Fund/ CoLab, and the Stanford StartX Fund to “build knowledge clouds.” [Lot's of money being tossed at cloudy ideas Bob]
… Tiggly has raised $4 million in Series A funding. The startup, which has raised $5 million total, makes wooden block iPad apps for toddlers. (Seriously: who would give their kid an app instead of wooden blocks?!)