Attention
Ethical Hackers! Now everyone can have your hotel room key!
Smartphones
Replace Room Keys At Starwood Hotels
…
Starwood Hotels and Resorts realized the importance of smartphones
and extended its use further. In an official press release, the
chain of luxury hotels and resorts announced the new SPG Keyless to
replace the traditional keys to unlock rooms. Guests can simply use
their smartphones to unlock their rooms and can skip the stop by at
the front desk.
This
has implications for Computer Security as well as Management (and
schools.)
Most
obviously, the Internet of Things has the power to profoundly change
operations — that’s where much of the coverage of this burgeoning
network has focused. But companies should also be preparing for
profound shifts in their competitive strategies as the IoT takes off.
It will change the category you compete in, the products and
services you sell, and how you market them, and even
the talent you acquire. These three mini case studies
will show you just how profound those shifts will be.
In
any(?) government, each department, agency, office or branch wants to
be “all powerful.” As scope increases, effectiveness decreases.
Daniel
Solove and Woodrow Hartzog write:
This past Tuesday the Federal Trade Commission (FTC) filed a
complaint
against AT&T for allegedly throttling the Internet of its
customers even though they paid for unlimited data plans. This
complaint was surprising for many, who thought the Federal
Communications Commission (FCC) was the agency that handled such
telecommunications issues. Is the FTC supposed to be involved here?
This is a question that has recently been posed in the privacy
and data
security arenas, where the FTC has been involved since the late
1990s. Today, the FTC is the most active federal agency enforcing
privacy and data security, and it has the broadest reach. Its
fingers seem to be everywhere, in all industries, even those
regulated by other agencies, such as in the AT&T case. Is the
FTC going too far? Is it even the FTC’s role to police privacy and
data security?
Read
more on LinkedIn,
where Dan and Woody also discuss the significance of the Wyndham and
LabMD challenges to FTC authority.
Related:
The
Scope and Potential of FTC Data Protection. Hartzog &
Solove’s paper, available for download on SSRN.
Tools
& Techniques for Data Security. Clearly, lots of organizations
don't use or deliberately ignore tools like this.
Database
Activity Monitoring: What it is and What it Isn’t
…
Database
Activity Monitoring is a fairly established technology, existing over
a decade. DAM monitors all activity on the database and provides
alerts and reports on that activity. Every time an admin logs in to
the database, every activity is recorded. In fact, if the admin does
not log in, that too is reported, so you can identify people with
permissions who aren’t using them. Depending on the product you
use and the configuration, you’ll get different types of reports
and alerts.
One
of the crucial elements of DAM is that the data about database use is
stored outside the database it is monitoring, so the people who are
being monitored cannot tamper with the data. Another crucial element
is the ability to send real-time alerts, so that as soon as a
violation of policy is detected, it can be handled immediately.
(Related)
Another management failure.
Everything
old is new again? Warwick Ashford reports:
Businesses are at serious risk of data loss and compliance violations
due to risky file-sharing practices, a study by the Ponemon
Institute has revealed.
Business leaders are failing to respond to the escalating risk of
ungoverned file sharing and regular breaches of security policies by
staff, according to the study commissioned by Intralinks.
Almost half of the more than 1,000 information security professionals
polled in the UK, Germany and US believe their
company lacks clear visibility of staff-use file-sharing or file
sync-and-share applications.
Read
more on Computer
Weekly.
But
wait, there’s more
Speaking
of over-shared or exposed files, DataBreaches.net heard from someone
who pointed us to this
blog post suggesting that a Google-HP partnership, “SMBITinaBox,”
is responsible for millions
of sensitive do-not-share files being indexed and exposed in Google.
Inspection of the Google search results suggests that yes, the firms
probably did not intend to have many of these files indexed or
available. DataBreaches.net does not have the resources to properly
investigate the allegation that SMBITinaBox is responsible for the
problem, but hopefully, some researcher(s) will look into this and
either confirm or refute the allegations.
Extend
this for a moment. What “public” behavior should be reported to
police?
Gareth
Corfield writes:
Earlier this week suicide prevention and counselling charity the
Samaritans launched an app that scans
Twitter timelines and alerts users whenever anyone appears to be
depressed. Yet the backlash against this creepy automated scanning
is astonishing – and the Samaritans appear to be ducking their
legal obligations.
Read
more on The
Register, where Gareth really outlines some of the concerns and
attempts to convince Samaritans that their good idea is well…
beyond creepy.
It’s
not clear to me whether the app really does violate law, and I’ll
be interested to see what the ICO says after his review. In the
interim, because the Samaritans have not responded as privacy
advocates hoped they would, some have taken this to the next level,
as this recent tweet indicates:
It's
clear @samaritans
won't listen. Please sign the petition to get @twitter
@safety
to turn off #SamaritansRadar
https://www.change.org/p/twitter-inc-shut-down-samaritans-radar
…
(Related)
How well is the data analyzed? If I drive by the scene of a “drive
by” shooting am I flagged as a possible suspect? I could see why
police might want to talk to me if I drove by a few minutes before or
after, but would it still make sense 20 minutes before? 2 hours
before? The night before?
Steve
Orr reports:
Privately owned license-plate imaging systems are popping up around
Rochester and upstate New York — in parking lots, shopping malls
and, soon, on at least a few parts of the New York state Thruway.
Most surprisingly, the digital cameras are mounted on cars and trucks
driven by a small army of repo men, including some in Rochester and
Syracuse.
Shadowing a practice of U.S. law enforcement that some find
objectionable, records collected by the repo companies are added to
an ever-growing database of license-plate records that is made
available to government and commercial buyers.
At present that database has 2.3 billion permanent records, including
hundreds of thousands gathered locally. On
average, the whereabouts of every vehicle in the United States —
yours, mine, your mother’s — appears in that database nine times.
Read
more on Democrat
& Chronicle.
Even
Twits make sense?
Why
IBM and Twitter did a data analytics deal
Last
week, IBM and Twitter announced
a data analytics partnership that in essence allows the former to
incorporate the latter’s data into its products for businesses.
They’re unlikely bedfellows to say the least, but there’s a
method to the madness, says IBM’s Alistair Rennie, general manager
of the company’s Business Analytics group, and Twitter’s Chris
Moody, its vice president of data strategy.
Rennie:
There are three basic elements. First, we are going to
integrate Twitter data with our cloud analytics tool to make it easy
for customers to reach it. The second is we’ll team up to make
solutions for very specific business needs, such as marketing and
customer care. Lastly, IBM will train and certify 10,000 consultants
on a global basis to be experts of the Twitter platform.
…
Twitter is ultimately the
most important archive of human thought that has ever existed. [???
Bob] It really does represent the voice of the planet.
The question I would pose to business leaders is, if you were
thinking of a particular business decision, would you want the world
to weigh in? If I’m a retailer and my inventory system says 15
items are out of stock, my
system can’t tell me which to restock and which to stop carrying.
[Sure it can!
Bob] If we ask customers, they could be upset or not
talking about it at all. It’s an additional lens into a human
decision.
A
tool to help us geeks understand the law? It's not that logical, is
it?
Law
is Code: A Software Engineering Approach to Analyzing the United
States Code
William
Li, Pablo Azar, David Larochelle, Phil Hill & Andrew Lo, Law
is Code: A Software Engineering Approach to Analyzing the United
States Code, October 31, 2014.
“The
agglomeration of rules and regulations over time has produced a
body of legal code that no single individual can fully comprehend.
This complexity produces inefficiencies, makes the processes of
understanding and changing the law difficult, and frustrates
the fundamental principle that the law should provide fair notice to
the governed. In this article, we take a quantitative,
unbiased, and software-engineering approach to analyze the evolution
of the United States Code from 1926 to today. Software engineers
frequently face the challenge of understanding and managing large,
structured collections of instructions, directives, and conditional
statements, and we adapt and apply their techniques to the U.S. Code
over time. Our work produces insights into the structure of the U.S.
Code as a whole, its strengths and vulnerabilities, and new ways of
thinking about individual laws. For example, we
identify the first appearance and spread of important terms
in the U.S. Code like “whistleblower” and “privacy.” We also
analyze and visualize the
network structure of certain substantial reforms,
including the Patient Protection and Affordable Care Act (PPACA) and
the Dodd-Frank Wall Street Reform and Consumer Protection Act, and
show how the
interconnections of references can increase complexity and create the
potential for unintended consequences. Our work is a
timely illustration of computational approaches to law as the legal
profession embraces technology for scholarship, to increase
efficiency, and to improve access to justice.”
- See also: Daniel Martin Katz & Michael J. Bommarito II, Measuring the Complexity of the Law: The United States Code, 22 Journal of Artificial Intelligence & Law 1 (2014) and Michael J. Bommarito II & Daniel Martin Katz , A Mathematical Approach to the Study of the United States Code, 389 Physica A 4195 (2010). 1
Faster
obsolescence?
Microsoft
Stops Selling Windows 7 And Windows 8
…
From 31 October there will be no more sales to consumers of Windows
7 Home Basic, Home Premium or Ultimate. There will also be no more
sales of Windows 8 retail box copies.
There
will be retail box sales of Windows 8.1
Perspective.
It may take a few centuries to catch up to South Korea.
Study:
U.S. to have more WiFi hotspots than France by 2018
The
United States will be the top provider of WiFi in the world by 2018,
passing France and staying ahead of China as WiFi availability
explodes across the globe, according to a new study.
France
has the most WiFi hotspots right now, according to new research by
iPass as reported by FierceWireless.
The change at the top indicates more than a surge by the United
States in providing WiFi — the world as a whole will see the number
of hotspots multiply in the next four years.
By
the end of 2014, iPass’ study suggests that there will be 47.7
million public WiFi hotspots worldwide, which is about one hotspot
for every 150 people today. In 2018, that number could grow to 340
million, or one for every 20 people.
Potentially
free. If you don't have their insurance, will they sell your carrier
this information?
Track
Your Mileage, Fuel Costs And More With A Free OBD2 Device
…
The device is the Metronome, a device developed by Metromile
that plugs into the OBD2 port of any car manufactured after 1996, and
it’s accompanied by free Android
and iOS
apps.
Unfortunately,
this venture is currently limited to the US only. Residents of
Washington, Oregon, California, and Illinois can receive a Metronome
for free, while residents
of other states will be added to a waitlist. If you’re
outside these states, don’t despair; there are some other great
ways to monitor your car’s performance with Android.
…
Once you find the OBD2 port in your car, usually somewhere
underneath the steering wheel, you can plug it in and forget about
it. It has wireless radios and GPS built-in, so it doesn’t need
external power or to sync with your phone. In fact, I
got an email from Metromile informing me that my device was ready to
go within minutes of plugging it in, without ever even turning on my
car.
…
After the installation, you’ll need the app to get anything out of
it.
…
The Car Health section can help you determine what exactly is wrong
with your car when the check engine light comes on or it’s having
other issues.
Also
included in this section is an “Ask Our Mechanic” button which
allows you to directly email
one of Metromile’s mechanics, as well as a “Find
Mechanic” option which will open your chosen map application and
show you nearby mechanics.
…
Metromile also offers car insurance, though it is certainly not
required to use the app or device. I don’t have the Metromile
insurance, but it is an interesting proposition.
Using
the Metronome, they track how much you’re driving and charge
you on a per-mile basis. For those who don’t drive a
lot, it could be a good deal.
Oh
if I could get my students to do even this much textbook reading...
How
To Read Non-Fiction Books In Record Time
…
there is a method (other than speed
reading) that will enable you to sail through that reading list
at a pace you never thought possible.
This
article will attempt to show how you can understand the main premise,
arc and arguments of a non-fiction book without actually
having to read it.
For
students in the gaming club.
Internet
Arcade gives you access to 900 classic games in your browser.
Buh-bye, productivity
Kiss
your free time goodbye because the Internet Archive, best known for
preserving and backing up old websites, has added a massive project
to its database.
Jason
Scott, the leader of the effort, undertook a massive emulation
project to port coin operated arcade games into Javascript.
The
results of the dozens of programmers working on the project for
months has been uploaded for posterity on the Internet Archive - a
collection of 900 retro arcade games from the 1970's and 80's.
…
The games are free to play online on any browser that supports
Javascript, although since it is so new, bugs are to be expected.
The games also do not come with instruction manuals so players will
have to figure out the controls for the games.
No comments:
Post a Comment