Tuesday, October 14, 2014

My Computer Security students need to understand this common follow-on to security breaches.
David Allison provides a litigation update here.
The next question is how many of them will be dismissed because of lack of standing.

(Related) Another reality of security breaches – they just keep on giving you headaches. In this case it seems to have triggered other investigations...
Wow. I suspected Aaron’s problems over spyware in rent-to-own computers weren’t over, but they just agreed to pay $28.4 million to settle California’s charges against them that included privacy violations:
… The complaint alleges that Aaron’s violated California’s Karnette Rental-Purchase Act, which is the strongest rent-to-own law in the country, by charging improper late fees, overcharging customers who paid off contracts early, and omitting important contract disclosures.
In addition, the complaint alleges that Aaron’s violated California state privacy laws by permitting its franchised stores to install spyware on laptop computers rented to its customers. A feature in the spyware program called ‘Detective Mode’, which was installed without consumers’ consent or knowledge, allowed the Aaron’s franchisees to remotely monitor keystrokes, capture screenshots, track the physical location of consumers and even activate the rented computer’s webcam.
… Copies of the complaint and stipulated judgment are attached to the online version of this release at www.oag.ca.gov/news.

Surely Buffy, Muffin, and Chaz would not stoop to such things?
Well, this is tacky, at best. It appears some members of the Sausalito Yacht Club gained access to the membership roster. From the notification letter of October 4:
We are writing to you because of an incident at the Sausalito Yacht Club on or about October 1, 2014,wherein several members gained unauthorized access to our member roster, which includes information linking your name to your private Sausalito Yacht Club member number, the combination of which allows you to charge beverages, goods, services and meals at the club, such amounts being charged at the time and accumulated for inclusion on your next bill.
The data to which unauthorized access occurred also included your personal contact information, and in certain cases, sensitive financial account information, including accounts receivable that were overdue by sixty days or more. As best we can tell, no bank account information or credit card information was involved in this breach.
… We are also undertaking steps to strengthen access [Strange wording Bob] to sensitive financial and membership sites with new passwords required for access by authorized users.
So, will they throw the intrusive and thoughtless privacy invaders out of the Yacht Club or will money triumph?
That was rhetorical.

This seems a bit too generic for me. “Oh look, someone is hacking.”
Russian Hackers Used Bug in Microsoft Windows for Spying, Report Says
Russian hackers used a bug in Microsoft Windows to spy on several Western governments, NATO and the Ukrainian government, according to a report released Tuesday by iSight Partners, a computer security firm in Dallas.
The targets also included European energy and telecommunications companies and an undisclosed academic organization in the United States, the cybersecurity report said.
… While the vulnerability affected many versions of Windows, iSight said the Russian hackers appeared to be the only group to use the bug. The company added, however, that other companies and organizations may also have been affected by the attacks.

Sometimes you get much more than you expected.
Snapchat Hackers Could Be Prosecuted for Child Porn Offenses
Private videos and pictures shared between tens of thousands of Snapchat users -- possibly as many as 200,000 -- were posted online by hackers over the weekend in an episode dubbed the "Snappening." Much of the content is sexual, including many nude photos -- some possibly of minors.
The hackers appear to have gone for maximum embarrassment and humiliation with this particular breach: A document also published online reportedly links many of the hacked images to user names.

One of the most well known downsides of any large database. They become large targets for hackers.
AP reports:
After an avalanche of data breaches, South Korea’s national identity card system has been raided so thoroughly by thieves that the government says it might have to issue new ID numbers to every citizen over 17 at a possible cost of billions of dollars.
The admission is an embarrassment for a society that prides itself on its high-tech skills and has some of the fastest Internet access.
Read more on CBC.

Do you ever talk about company strategy?
Who’s Watching Your WebEx?
KrebsOnSecurity spent a good part of the past week working with Cisco to alert more than four dozen companies — many of them household names — about regular corporate WebEx conference meetings that lack passwords and are thus open to anyone who wants to listen in.
… Many of the meetings that can be found by a cursory search within an organization’s “Events Center” listing on Webex.com seem to be intended for public viewing, such as product demonstrations and presentations for prospective customers and clients. However, from there it is often easy to discover a host of other, more proprietary WebEx meetings simply by clicking through the daily and weekly meetings listed in each organization’s “Meeting Center” section on the Webex.com site.
… Cisco began reaching out to each of these companies about a week ago, and today released an all-customer alert (PDF) pointing customers to a consolidated best-practices document written for Cisco WebEx site administrators and users.

No military, no economists, not even a politician – I think their perspective might be a bit skewed.
Electronic mass surveillance – including the mass trawling of both metadata and content by the US National Security Agency – fails drastically in striking the correct balance between security and privacy that American officials and other proponents of surveillance insist they are maintaining.
We arrived at this conclusion by subjecting a wide-range of surveillance technologies to three separate assessments by three parallel expert teams representing engineers, ethicists, and lawyers. Each team conducted assessments of surveillance technologies, looking at ethical issues they raise; the legal constraints on their use – or those that should exist – on the basis of privacy and other fundamental rights; and, finally, their technical usability and cost-efficiency.

“Comprehensive” is the word. Eventually, every “Thing” will bring its own resources – then we'll never find anything.
New on LLRX – Internet-of-Things (IOT) Resources
Via LLRX - Internet-of-Things (IOT) Resources – This is a comprehensive listing of Internet-of-Things (IOT) research resources and sites available on the Internet. Marcus P. Zillman developed this guide with the goal of highlighting the most current and actionable research resources available on this topic.

For all my students.
New on LLRX – Student Research Resources Library
Via LLRX.comStudent Research Resources LibraryMarcus P. Zillman developed this Student Research Resources Library to provide researchers with a comprehensive listing of reliable topical resources and sites available on the Internet.

(Related) Here's how to get started.
Wiki Summarizer Can Help Students Start Their Research Projects
Wiki Summarizer is a site that allows you to search Wikipedia, have articles summarized by key points, and provides lists of articles that are related to your original search. Wiki Summarizer also offers expandable webs of related articles. For example, I searched for "Maine" and a web of related terms was created. Clicking on the "+" symbol next to each term opens a new element of the web. The final summary aspect of the Wiki Summarizer is the hyperlinked word clouds for every Wikipedia article. You can click on any word in the word clouds to jump to the corresponding Wikipedia article.
Wiki Summarizer could be a good tool for students who are just starting a research assignment and are not quite sure what terms to use or what topics to explore. By using the Wiki Summarizer web view or word cloud view students will be able to find some terms and topics that could help them alter and or direct their searches. In other words, Wiki Summarizer could help students who have a very broad research topic narrow down their searches.

Intended for Press Releases, but might apply to research, publications and resumes.
Get Your Pitch Noticed by a Major Publisher
… So, how should you approach a major publisher? The first thing you need to understand is a writer’s capacity. On average, 45% of writers only publish one story per day. In fact, 60% of writers publish two or fewer stories per day, and 40% said they publish only one story per week. Meanwhile, 40% of these writers get pitched a minimum of 20 times per day, while 11% get 50 pitches per day and 8.4% get more than 100 pitches per day. That’s 100, 250, or 500 pitches a week for only five story spots. When you take into account that only 11% of these writers “often” write a story based on content that was sent through a pitch, 45% “sometimes” do, and 39% “rarely” do, you see the pile of email waste rising well above a person’s threshold to tolerate it.
Here’s the good news: our survey found that 70% of publishers are open to getting pitched a set of ideas that fit their beat, and they prefer collaboration over getting pitched a finished asset without prior contact.
What story angles are these writers interested in collaborating on? 39% of writers said the perfect piece of content possesses exclusive research, 27% said breaking news, and 15% said emotional stories. 19% filled in “other” and stated that content relevant to their audience was most important. Other popular terms included: interesting data, actionable advice, trending/timely angles, and high arousal emotions.

...and 100% believe they are the 15%.
Teen Researchers Defend Media Multitasking – WSJ
“Some teens doing homework while listening to music and juggling tweets and texts may actually work better that way, according to an intriguing new study performed by two high-school seniors. The Portland, Ore., students were invited to the annual conference of the American Academy of Pediatrics in San Diego this past weekend to present a summary of their research, which analyzed more than 400 adolescents. The findings: Though most teens perform better when focusing on a single task, those who are “high media multitaskers”—about 15% of the study participants—performed better when working with the distractions of email and music than when focusing on a single activity. The results are a surprise. Previous research generally has found that people who think they are competent multitaskers actually perform worse than others who try to focus on one thing at a time. But the latest study looked only at teens and is one of the few multitasking-research projects focused on this age group. The student researchers suggest this may explain the different outcomes.”

We have an underutilized 3D printer. Perhaps we could work something out?
123D Catch Turns Pictures Into 3D Models
123D Catch is a free iPad and Android app. The app makes it possible to turn your pictures into a 3D model that you can manipulate on your iPad or on your Android tablet.
To create a model with 123D Catch select a physical object that you can photograph with your tablet or phone. Then take a series of pictures of that object as you either walk around it or rotate it slowly as you take pictures of it. Then select the best images from those that you took (20+ images works best) to let Autodesk process and turn into a 3D model for you. Your completed 3D models can be shared to the Autodesk community where others can view and use them.
123D Catch could be a great app for creating virtual manipulatives to use in a math or science lesson. The app could also be used to create 3D models of interesting landmarks that you visit during a vacation, but that your students would otherwise only see in 2D pictures. Finally, all of the models that you create with 123D Catch can be edited in Meshmixer and printed with a 3D printer.

No comments: