Saturday, November 15, 2014

If you can't win the argument, leave the room. Did any of this make the news here?
Putin plans to leave G20 early after West blasts Russia over Ukraine
Russian President Vladimir Putin plans to leave the G20 summit early, a member of his delegation said, after Western leaders blasted Moscow on Saturday for the crisis in Ukraine and threatened more sanctions.
Russia denied it was involved in a recent escalation of military activity in Ukraine, where fighting has claimed more than 4,000 lives, but faced strong rebukes from Western leaders, including U.S. President Barack Obama and Canadian Prime Minister Stephen Harper.
… German Chancellor Angela Merkel said the European Union was considering further financial sanctions against Russian individuals because of the crisis in Ukraine.
… Putin also met French President Francois Hollande, and both agreed to protect their ties from the effects of sanctions, the spokesman said.

(Related) France has a Billion reasons to “protect their ties” with Russia.
Russia Just Gave France A Final Deadline To Hand Over The Mistral Warship
Russia has given France until the end of November to deliver the first of two Mistral-class helicopter carriers currently stuck in a shipyard in Saint-Nazaire, according to reports.
… Since the onset of the Ukraine crisis the French government has agonised over the €1.2 billion contract. After tense negotiations, France succeeded in getting existing contracts excluded from the European Union's package of sanctions against Russia over its role in supporting rebels in eastern Ukraine.

This is always on my Computer Security final in one form or another.
Identify stupid things IT can do to defeat your security:
A) Fail to change default passwords.
B) Write the password on a sticky note and leave it attached to the computer.
C) Give every user unlimited access.
Delwyn Pinto reports:
When a small-time Tennessee restaurateur named Khaled Abdel Fattah was running short of cash he went to an ATM machine. Actually, according to federal prosecutors, he went to a lot of them. Over 18 months, he visited a slew of small kiosk ATMs around Nashville and withdrew a total of more than $400,000 in 20-dollar bills. These two individuals managed to hack and reprogram the ATMs using just the keypad. These ATMs in question have an operator mode, using which a lot of variables of the machine can be managed and set to default mode. Most ATMs secure this mode by using a secret passcode. Fattah, being a former bank employee, knew this code and abused it to hack into the machines. Once hacked into the system, they reprogrammed the machine to think it was dispensing $1 bills when it reality it was dispensing $20 dollar bills. Once withdrawn, they programmed the machine back so that their little exercise wasn’t detected. [Surely someone at the bank can count? Bob]
Read more on TechWorm.

A question for the more advanced Management of Computer Security class. How much employee training is enough? Note that “internal controls” detected and stopped the unauthorized changes. (Perhaps as simple as calling or emailing the employee to confirm the change.) But the phishers still had the hacked employee's data.
If seven of your employees fell for a phishing scam, I’d say that’s pretty compelling evidence that you need to do more training of your employees, wouldn’t you?

I'm confused. As I read this, the compromised individuals were in the database, not the subscribers accessing it. If these are “public records,” why would this be considered a breach? Does aggregating the data and making it easily searchable change the nature of “public?”
West Publishing Corporation, a unit of Thomson Reuters, has notified the New Hampshire Attorney General’s Office of a breach involving their Westlaw subscription-only public records database.
In a letter dated November 4th to those affected, Senior Vice President Andy Martens explained that on October 14, they detected unusual search activity. Investigation revealed that some subscribers’ passwords had been compromised and used to access the database. The types of information involved included addresses, date of birth, and in some cases, driver’s license numbers and Social Security numbers. No bank account or credit card information was involved.
In response to the breach, West removed external access to full sensitive identifiers in public records, forced a password reset on all public user accounts, and implemented additional technological controls to detect and respond to searches of more limited public records that also appeared unauthorized. Federal law enforcement was also contacted.
West offered those affected two years of free credit monitoring with Experian ProtectMyID Elite.
Nine NH residents were notified. The total number of individuals notified was not indicated in their report to New Hampshire.

Defending legality by not mentioning the law? This could be similar to driving around town looking for a suspect's vehicle. You look at every car, even if only long enough to dismiss it.
U.S. Defends Marshals in Wake of Secret Cellphone Spying Report
The Justice Department, without formally acknowledging the existence of the program, defended the legality of the operation by the U.S. Marshals Service, saying the agency doesn’t maintain a database of everyday Americans’ cellphones.
… A Justice Department official on Friday refused to confirm or deny the existence of such a program, because doing so would allow criminals to better evade law enforcement. [Because that is Policy, not logic. Bob]

Interesting. Could it be “because we're a monopoly in most markets.” Or is there really an economic reason. Can't wait to see how they spin this.
FCC Questions AT&T: Explain Why Your Fiber-Optic High-Speed Internet Nationwide Rollout Will be Delayed
The Federal Communications Commission is seeking an explanation from AT&T on why the company will be delaying the rollout of the fiber-optic expansion for high-speed Internet.
AT&T CEO Randall Stephenson previously said that the company will be stopping its investments in its planned nationwide fiber upgrade plan until matters on net neutrality are resolved.
… The letter by the FCC is asking AT&T to reveal all the documentation connected with the company's decision to halt its investments and expansion. Included in the information being requested by the FCC are the location and number of households that would have received access to fiber networks in earlier plans of the company and the same data for the company's current plans.
Additionally, the FCC asked whether the investment model of AT&T now shows that the deployment of fiber networks is unprofitable, or if the company is expecting it to become unprofitable after its purchase of DirecTV. [Interesting way to ask if buying DirecTV was a huge mistake. Bob]

(Related) An alternative take... (Translating the political politeness?)
FCC: You, AT&T. Get in here and explain this 'no more gigabit fiber' threat
US watchdog the FCC is calling out AT&T for throwing a hissy-fit over net neutrality and halting its gigabit-a-second fiber rollout.
… The FCC, however, is not so convinced of AT&T's arguments that it could lose money from the wider rollout of gigabit fiber, should FCC enforce net neutrality rules, and so the commission wants to check AT&T's math.

Big Data Analysis. Interesting approach.
Attensity Boosts Ability to Discover 'Unknown' Trends in Data
"Social analytics has largely been limited up to this point by forming hypotheses and testing them – the hunting and pecking for insights that traditional search requires you to do," Matsumoto said. "But there is a growing need for our customers to be presented with findings that they didn’t know to look for. These findings may be within their search topic, adjacent to it or many degrees removed through nested relationships."
… Matsumoto offered the example of the Amazon Firephone. Using traditional search methodology, it is easy to see the product has a low number of mentions. But a recent search on Attensity Q showed a significant spike of interest in the Firephone on Sept. 16 that Attensity attributed to growing interest in Amazon's Firefly technology, which allows users to snap a picture of an object and buy it from Amazon.
… "With this information, an Amazon product marketer knows where to focus his or her energy. At this point, they are much better off than just wondering, 'How can I get more interest in my product,' since they now have a theory to pursue," she said.

I work in a very funny industry.
Coursera announced that it has struck a deal with the Department of Veterans Affairs, making one free verified certificate available to each US veteran. According to Coursera, “this effort will expose Veteran learners to industry relevant education and help them master new skills to succeed in today’s workforce.” It’s fascinating how the Obama Administration says it wants to crack down on for-profit universities, and then happily funnels money to another for-profit higher ed company. Tressie McMillan Cottom responds.
Visit the Veteran Employment Center to learn how to redeem your free credential voucher.
… Muslims in Montgomery County, Maryland asked the district to close schools on their two most important religious holidays – ya know, like schools do for Christian and Jewish holy days. “Instead, the school board voted 7–1 on Tuesday to strip all mention of religious holidays from the calendar, even though Christian and Jewish holidays remain official days off,” reports Libby Nelson for Vox.
… A Huntsville, Alabama school district “expelled 14 students last year based on the findings of a private contractor who monitored students’ social-media activity as part of greater school security efforts, according to a review by The Huntsville Times. Twelve of them were black, drawing concerns that the program unfairly targeted African-American students.” [No indication of specific laws or policies violated. Bob]
… The Thurgood Marshall College Fund and the University of Phoenix announced a partnership that will enable students at HBCUs to take online courses from the for-profit university to supplement their on-campus work. [Future market for “For Profit” universities? Bob]
Google boasted on its blog this week that the Chromebook was the bestselling K–12 device in the third quarter of 2014.
… In a partnership with Nature Education and Roche, UNESCO has launched a free science education resource, World Library of Science.
Clayton Christensen doubles down on his prediction that half of all universities will be bankrupt in the next 15 years.
… “Sixty-six percent of schools nationwide offer ebooks, up from 54 percent in 2013.” More from the School Library Journal’s annual “Ebook Usage in U.S. School (K–12) Libraries” report.

No comments: