Saturday, January 25, 2014

Interesting that this could go on for 20 months before anyone noticed. I suspect they noticed when they looked at the child porn TOR emails (and all the other email)? How else would they have a reason to ask for a search warrant?
Feds Infiltrate, Bust Counterfeit Card Shop
Federal authorities in New Jersey announced a series of arrests and indictments of 14 individuals thought to be connected to an online one-stop shop selling embossed, counterfeit credit cards and holographic overlays.
According to documents released by prosecutors in New Jersey and North Carolina, the men ran or otherwise profited from the Web site fakeplastic[dot]net, which specializes in selling high-quality, custom-made counterfeit credit and debit cards, as well as holographic overlays used to create fake driver’s licenses.
The FBI and the U.S. Postal Investigative Service began investigating fakeplastic[dot]net in January 2013. Charged with running the site is 39-year-old Sean Roberson of Palm Bay, Fla. Investigators allege that Roberson began selling counterfeit cards in April 2011, and launched the site in June 2012. Since then, Roberson and two accomplices fulfilled orders for approximately 69,000 counterfeit cards — both embossed and unembossed; more than 35,000 holographic stickers used to make counterfeit cards appear more legitimate; and more than 30,000 state identification card holographic overlays. All of the orders — 36,000 parcels in total — were shipped by the site to customers via the U.S. mail.
… Interestingly, the feds used information gleaned from an incident last summer in which federal agents compromised TorMail as part of an investigation into a child pornography network. To wit:
Between July 22, 2013 and August 2, 2013, in connection with an unrelated criminal investigation, the FBI obtained a copy of a computer server located in France via a Mutual Legal Assistance Treaty request to France, which contained data and information from the Tormail email server, including the content of Tormail e-mail accounts. On or about September 24, 2013, law enforcement obtained a search warrant to search the contents of the Platplus Tormail Account, which resided on the seized Tormail server.

Just in time for Data Privacy Day. Does the “need” for new laws always assume that the old laws were poorly written? Does new technology create new “Privacy” that we didn't know needed protection? Must the "right to be left alone" be restated for each new technology?
Bradley Shear writes:
Students and schools around the country are utilizing new digital technologies in ways many people did not imagine at the turn of the century and those technologies offer great promise. Just ten years ago, terms like “big data”, “the cloud”, “data mining”, and “social media” were not well known by students, parents, and school officials. To lower costs and to help our students learn more effectively, thousands of schools across the country have adopted new digital technologies. Unfortunately, the current legal framework designed to protect student privacy and safety has not kept up with the rapid advancements that have been created by the Digital Age.
Read more of his commentary on Shear on Social Media Law.

Orin Kerr writes:
The final version of my new article, The Next Generation Communications Privacy Act, 162 U. Pa. L. Rev. 373 (2014), has just been published. The article considers how Congress should update the privacy laws that regulate government access to e-mail and other Internet communications, both for contents and metadata, in criminal investigations.
Read more on WaPo The Volokh Conspiracy. And yes, it will take me time to get to used to that.

Because you can get “Security” wrong!
Lorraine Bailey reports:
Government agencies must face claims that they wrongly placed a U.S. citizen on the No Fly list and had him tortured in a Kuwaiti prison, a federal judge ruled.
A No Fly List designation transforms a person into a second class citizen, or worse,” U.S. District Judge Anthony Tsenga said. “The issue, then, is whether and under what circumstances the government should have the ability to impose such a disability on an American citizen, who should make any such decision, according to what process, and by what standard of proof.”
Read more on Courthouse News.

An interesting risk with BYOD. Got Backups? Or perhaps a business opportunity for my Ethical Hackers, “Remote Phone Wiping for fun and profit.)
Yes, Your Company Can Wipe Your Personal Phone (for Now)
The most common complaint the nonprofit National Workrights Institute receives from workers is phone wiping — companies remotely clearing out the contents of personal smartphones that employees sometimes use for work purposes. In fact, a recent survey by Acronis found that 21% of companies "perform remote wipes when an employee quits or is terminated." Why is this happening? More and more companies require workers to be connected when they leave the office, though that doesn't necessarily mean the employers are providing phones to be connected on.

Interesting industry shift.
China's Lenovo to Buy IBM's Low-end Server Business for $2.3 Billion
IBM will receive $2.07 billion in cash and the rest in shares for the x86 business, Lenovo said, in a deal that would help the Chinese firm diversify away from the slumping market for PCs.
IBM will still provide maintenance on behalf of Lenovo, while some 7,500 members of staff worldwide will be offered employment by the Chinese company, according to a statement from the American technology giant.

Because I like lists, and I know a few lawyers who will be writing a blog... Perhaps they can come up with a better list?
8 Great Legal Research and Writing Blogs
by Sabrina I. Pacifici on January 24, 2014
Einstein once said “if we knew what it was we were doing, it wouldn’t be called ‘research,’ would it?” The following blogs about legal research and writing will help shorten the time it takes to get from research to knowledge:
  1. Adams Contract Drafting provides practical posts about contract drafting, language and contract automation, as well as critiques of the various available document assembly systems.
  2. Briefly Writing provides valuable detailed articles covering issues related to writing appellate and complex trial court briefs.
  3. eDiscoveryDaily offers tips on conducting electronic discovery, data searches, management techniques and new e-Discovery technologies.
  4. InternetForLawyers covers the plethora of low-cost and free investigative and legal research tools available on the Internet and provides tips and tricks for getting great results when using Internet search engines with a focus on Google.
  5. Legal Research Plus posts are penned by the law librarians who also happen to be the legal research instructors at Stanford Law School who cover what they know and continue to learn “about the ins and outs of legal research.”
  6. LLRX is a web journal that covers legal research and technology topics and resources relevant to librarians, lawyers and law firms. Its companion beSpacific blog has been posting articles on accurate, focused research about law, technology and knowledge discovery since 2002 and offers a searchable database of 32,000 postings.
  7. MyCase blog posts provide practical legal management tips, tricks and suggestions ranging from cloud storage to rainmaking for today’s legal professionals.
  8. Witnesseth provides “insights from quantitative legal research on corporate law, capital markets, finance, and mergers and acquisitions.”

Another resource for my Digital Design students?
Download Over 250 Free Art Books From the Getty Museum
by Sabrina I. Pacifici on January 24, 2014
“Yesterday, we wrote about the Wellcome Library’s opening up of its digital archives and making over 100,000 medical images freely available online. If you’ve already made your way through this choice selection (or if the prospect of viewing a 19th century leg amputation doesn’t quite pique your curiosity) have no fear. Getty Publications just announced the launch of its Virtual Library, where readers can freely browse and download over 250 art books from the publisher’s backlist catalogue. The Virtual Library consists of texts associated with several Getty institutions.
All of the Getty’s virtual library volumes are available in PDF format, and can be added to your Google Books library. If you’re looking for more free art books, don’t miss our post from last year: The Metropolitan Museum of Art and the Guggenheim Offer 474 Free Art Books Online. [via Connie Crosby]
[...and if you would rather have the ePub format:

Tools for my Math students!
– there are incredible educational lessons all over the web but they’re hard to find. Glean helps find the best ones for students. Hundreds of amazing teachers post educational videos online every day. Glean has structured and organized these videos, tagged them by educational standard, and wrapped them in interactive tools (like Q & A and practice exercises).

Friday, January 24, 2014

Tiny, compared to Target.
Associated Press reports that retailer Neiman Marcus now says that up to 1.1 million customers’ card may be compromised by a breach that occurred between July and October.
In their updated statement on their website, CEO Karen Katz writes:
We deeply regret and are very sorry that some of our customers’ payment cards were used fraudulently after making purchases at our stores. [Note that they can not say, “We have no evidence that the information was used illegally.” Unusual. Bob] We have taken steps to notify those affected customers for whom we have contact information. We aim to protect your personal and financial information. We want you always to feel confident shopping at Neiman Marcus, and your trust in us is our absolute priority.
Here is the information we have learned so far, based on the ongoing investigations:
• Social security numbers and birth dates were not compromised.
• Our Neiman Marcus card has not seen any fraudulent activity.
• Customers that shopped online do not appear to have been impacted.
• PINs were never at risk because we do not use PIN pads in our stores.
We have also provided a Question and Answer section for additional information.
While the forensic and criminal investigations are ongoing, we know that malicious software (malware) was clandestinely installed on our system. It appears that the malware actively attempted to collect or “scrape” payment card data from July 16, 2013 to October 30, 2013. During those months, approximately 1,100,000 customer payment cards could have been potentially visible to the malware. To date, Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently.
We are notifying ALL customers for whom we have addresses or email who shopped with us between January 2013 and January 2014, and offering one free year of credit monitoring and identity-theft protection.
There is also an FAQ on the breach.

(Related) Is the FBI telling us, “The sky is falling?” How does it help to say, “We're so cool, we are investigating crimes against you that you don't even know about yet!”
The FBI has warned U.S. retailers to prepare for more cyber attacks after discovering about 20 hacking cases in the past year that involved the same kind of malicious software used against Target Corp in the holiday shopping season.
The U.S. Federal Bureau of Investigation distributed a confidential, three-page report to retail companies last week describing the risks posed by “memory-parsing” malware that infects point-of-sale (POS) systems, which include cash registers and credit-card swiping machines found in store checkout aisles.
Read more of this report on Reuters.
[From the article:
"The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors," the FBI said.
… The United States Secret Service usually takes the lead in credit card breach investigations for the federal government, though the FBI sometimes opens its own cases or asked to assist. The Secret Service is leading the investigations into the breaches at Target and Neiman Marcus. [Because my students thought the FBI did everything! Bob]
A spokesman for the Secret Service declined to comment on the FBI report to retailers.

“We improved security by changing the password from “OK” to “OkeyDokey” No doubt someone will report that this “bug” was mandated by the Chinese version of the NSA.
Bug Exposes IP Cameras, Baby Monitors
A bug in the software that powers a broad array of Webcams, IP surveillance cameras and baby monitors made by Chinese camera giant Foscam allows anyone with access to the device’s Internet address to view live and recorded video footage, KrebsOnSecurity has learned.
The issue came to light on the company’s support forum after camera experts discovered that the Web interface for many Foscam cameras can be accessed simply by pressing “OK” in the dialog box when prompted for a username and password. Reached via email, the company’s tech support division confirmed that the bug exists in MJPEG cameras running .54 version of the company’s firmware.
Foscam said it expects to ship an updated version of the firmware (Ver. 55) that fixes the bug by Jan. 25. The new firmware will be published on the company’s website.

Remember what you learn here when you read the next report...
Predictive Modeling With Big Data: Is Bigger Really Better?
by Sabrina I. Pacifici on January 23, 2014
Junqué de FortunyEnric, MartensDavid, and ProvostFoster. Big Data. December 2013, 1(4): 215-226. doi:10.1089/big.2013.0037. Published in Volume: 1 Issue 4: January 7, 2014 Online Ahead of Print: October 24, 2013.
“With the increasingly widespread collection and processing of “big data,” there is natural interest in using these data assets to improve decision making. One of the best understood ways to use data to improve decision making is via predictive analytics. An important, open question is: to what extent do larger data actually lead to better predictive models? In this article we empirically demonstrate that when predictive models are built from sparse, fine-grained data—such as data on low-level human behavior—we continue to see marginal increases in predictive performance even to very large scale. The empirical results are based on data drawn from nine different predictive modeling applications, from book reviews to banking transactions. This study provides a clear illustration that larger data indeed can be more valuable assets for predictive analytics. This implies that institutions with larger data assets—plus the skill to take advantage of them—potentially can obtain substantial competitive advantage over institutions without such access or skill. Moreover, the results suggest that it is worthwhile for companies with access to such fine-grained data, in the context of a key predictive task, to gather both more data instances and more possible data features. As an additional contribution, we introduce an implementation of the multivariate Bernoulli Naïve Bayes algorithm that can scale to massive, sparse data.”

(Related) I give you part of a typical “Case Study” from an Intelligence Analyst school. The first indication of a terrorist active in the United States comes from an intercepted phone call to a known terrorist organization in a terrorist-supporting country. The message is, “We are ready to strike.” What information would you like to have available to help you find these guys?
Privacy and Civil Liberties Oversight Board Issues Report on NSA Massive Metadata Surveillance
by Sabrina I. Pacifici on January 23, 2014
“The PCLOB is an independent bipartisan agency within the executive branch established by the Implementing Recommendations of the 9/11 Commission Act of 2007.6 The Board is comprised of four part-time members and a full-time chairman, all appointed by the President and confirmed by the Senate. The Board’s authorizing statute gives it two primary responsibilities: 1) To analyze and review actions the executive branch takes to protect the Nation from terrorism, ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties; and 2) To ensure that liberty concerns are appropriately considered in the development and implementation of laws, regulations, and policies related to efforts to protect the Nation against terrorism….”
“The Section 215 bulk telephone records program lacks a viable legal foundation under Section 215, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value. As a result, the Board recommends that the government end the program… Based on the information provided to the Board, including classified briefings and documentation, we have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack…”

This is one of those “Privacy invaders” that improves human abilities, but does not create new ones (like the bite of a radioactive spider).
Woodrow Hartzog and Evan Selinger write:
Privacy concerns have been ignited by “NameTag,” a facial-recognition app designed to reveal personal information after analyzing photos taken on mobile devices. Many are concerned that Google Glass will abandon its prohibition on facial recognition apps. And, there are open questions about the proper protocols for opting customers in and out of services that identify people through facial comparisons in real time. These kinds of services are technically “face matching” services, though they are colloquially referred to here as “facial-recognition technologies.”
Ultimately, the coming wave of consumer facial-recognition technologies brings bad and good news. The bad news is obvious: Automatically identifying one of our most unique and personal traits raises serious privacy concerns ranging from stalking to loss of obscurity in public.
The good news is that facial-recognition technology—at least the kind that could be used at scale to identify most people in any given place—has an Achilles heel that buys society enough time to respond appropriately.
Read more on The Atlantic.

More for my lawyer friends than my students, but you can never have too many tools!
– is a desktop application for sending and receiving files. It’s easy to use, can transmit files of any size very fast, and uses end-to-end encryption. WireOver’s end-to-end encryption ensures that only your recipient can access the files you send, making it much more secure than most file sending tools. WireOver can transfer over your local network and the Internet.

Well, I find it interesting...
The 2013 Survey Of Online Learning
The report quantified many things that those involved in education already knew (or at least, suspected). Participation in online learning is increasing. Learning outcomes are largely positive. Interestingly, what this study does show is something that I hadn’t quite expected – that many of the numbers that had been continually rising over the past years were starting to show a slight decline. For example, the proportion of chief academic leaders that say online learning is critical to their long-term strategy dropped from 69.1 percent to 65.9 percent. Many believe that MOOCs are not a sustainable form of online learning for higher education institutions to pursue.
Please click here for a PDF of the full findings of the report.

I may have a few students who could do this. Many more with a bit of help. Would look good on their resume.
How To Get Published On MakeUseOf
Have you ever wanted to reach thousands of people with your words? If you love technology, enjoy explaining it to others, and can express yourself well, you should give writing for MakeUseOf a try.
We are now accepting applications. The Infographic below explains everything you need to know, so please read it thoroughly. We are happy to answer additional questions in the comments.

Thursday, January 23, 2014

Makes me wonder if law enforcement is doing anything else?
Brian X. Chen reports:
Verizon Communications on Wednesday published a so-called transparency report describing when and why it receives requests for customer data, like phone records or emails, from law enforcement and government agencies.
Verizon is the first major phone carrier to publish a report of this kind — other carriers, like AT&T, Sprint and T-Mobile US, have yet to take a similar step.
Verizon said it received roughly 320,000 requests for customer information last year from law enforcement agencies in the United States, including 164,000 subpoenas, 36,000 warrants and 70,000 court orders. It also received 1,000 to 2,000 requests from the National Security Agency.
Read more on the New York Times.

Perspective for Student Privacy Day...
DJ Pangburn reports:
The Online Trust Alliance (OTA) yesterday announced its 2014 Data Protection & Breach Readiness Guide, and within it were some statistics that truly boggle the mind. Working on data from the Open Security Foundation and the Privacy Rights Clearinghouse, the OTA estimated that over 740 million online records were exposed in 2013, the worst year for data breaches in history. That’s stark news in advance of Data Privacy Day, which is coming January 28.
Read more on Motherboard.

If not new, at least a summary of what everyone (else) is (or should be) doing?
Staying Safer in Cyberspace: Cloud Security on the Horizon
by Sabrina I. Pacifici on January 22, 2014
Staying Safer in Cyberspace: Cloud Security on the Horizon, January 2014. Karen S. Evans, Julie M. Anderson, Brian D. Shevenaug.
“Cloud computing brings with it both risks and rewards. In recent years, senior Federal officials from the Secretary of Defense to the Director of National Intelligence and even the President have stressed that securing our information systems and computer networks is a crucial element of the nation’s security architecture. At the same time, the Federal government is turning to cloud computing to resolve some of the problems that have chronically plagued its information technology (IT) environment. But until now, efforts to implement cybersecurity and cloud computing initiatives have been too fragmented and lacked the type of overarching coordination needed to mitigate the risks while reaping the rewards. This paper offers a plan to help agency CIOs realize the benefits of cloud technology while meeting current Federal cybersecurity requirements.”

MIT Technology Review – Data and Decision Making
by Sabrina I. Pacifici on January 22, 2014
“In this business report, MIT Technology Review explores a big question: how are data and the analytical tools to manipulate it changing decision making today? On Nasdaq, trading bots exchange a billion shares a day. Online, advertisers bid on hundreds of thousands of keywords a minute, in deals greased by heuristic solutions and optimization models rather than two-martini lunches. The number of variables and the speed and volume of transactions are just too much for human decision makers. When there’s a person in the loop, technology takes a softer approach (see “Software That Augments Human Thinking”). Think of recommendation engines on the Web that suggest products to buy or friends to catch up with. This works because Internet companies maintain statistical models of each of us, our likes and habits, and use them to decide what we see. In this report, we check in with LinkedIn, which maintains the world’s largest database of résumés—more than 200 million of them. One of its newest offerings is University Pages, which crunches résumé data to offer students predictions about where they’ll end up working depending on what college they go to (see “LinkedIn Offers College Choices by the Numbers”). These smart systems, and their impact, are prosaic next to what’s planned. Take IBM. The company is pouring $1 billion into its Watson computer system, the one that answered questions correctly on the game show Jeopardy! IBM now imagines computers that can carry on intelligent phone calls with customers, or provide expert recommendations after digesting doctors’ notes. IBM wants to provide “cognitive services”—computers that think, or seem to (see “Facing Doubters, IBM Expands Plans for Watson”). Andrew Jennings, chief analytics officer for FICO, says automating human decisions is only half the story. Credit scores had another major impact. They gave lenders a new way to measure the state of their portfolios—and to adjust them by balancing riskier loan recipients with safer ones. Now, as other industries get exposed to predictive data, their approach to business strategy is changing, too. In this report, we look at one technique that’s spreading on the Web, called A/B testing. It’s a simple tactic—put up two versions of a Web page and see which one performs better (see “Seeking Edge, Websites Turn to Experiments” and “Startups Embrace a Way to Fail Fast”)…”

For my students
eCampus: Easily Rent or Buy Affordable Textbooks, And Sell Them Back
Another outrageously-priced textbook? You’ve got to be kidding! How much of this are you going to take? You know there’s a better option than getting ripped off by your university bookstore, right? There are several reputable websites for saving students money on textbooks, eCampus being one of the very best.
Did you know you can rent textbooks, instead of purchasing them? Or perhaps you have a pile of textbooks you no longer need, eCampus will buy them from you. Whether you want to buy, rent or sell your textbooks, eCampus is one way to beat college on a budget.

For my MBA students. Dilbert on instinctive (follow your gut) management.

Wednesday, January 22, 2014

Some breaches seem worse than others... (Would anyone in the US resign in disgrace?)
That latest data breach in South Korea is causing waves there, with estimates that 15-20 million have been affected by an insider breach at the Korea Credit Bureau:
Worried Koreans on Tuesday packed into branches of one of the banks hit by the theft to ensure their money was safe, while lawyers said 130 people joined a class action suit against their credit card providers in what is expected to be the first of multiple litigations.
Financial regulators said a contractor with the Korea Credit Bureau, a private firm that manages the credit information of millions of Koreans for financial services providers, simply loaded details of 105.8 million accounts held by KB Kookmin Card Co Ltd, Lotte Card Co Ltd and NH Nonghyup Card onto a portable hard drive.
The technician was allegedly working on forgery-proofing credit cards when he committed the theft in February, June and December last year, according to regulator Financial Supervisory Service (FSS), citing the prosecutor’s office leading the investigation. The man then sold the information to at least two people including a loan marketer and a broker, the FSS said. The contractor and at least one other person have been arrested.
Read more on DNA from Seoul Reuters.
The Financial Times reports that so far, three dozen financial executives have resigned in disgrace over the breach and over 500,000 people have cancelled their credit cards since the breach was announced last week.
The Financial Supervisory Service, South Korea’s regulatory agency, has issued advice for worried cardholders:
The chance of copying credit cards is very slim, as passwords and card validation codes (CVC) were not stolen. If you are concerned about the financial damage from the information leakage, you can ask credit card companies for the change of passwords, or reissuance of credit cards. In addition, you can join identity protection service provided by personal credit ratings firm Korea Credit Bureau (KCB) for free for one year. The service prevents identity theft as KCB checks whether financial companies inquire a consumer’s credit data, by stopping credit inquiries.
Consumers who concern about any financial losses at overseas merchants can register with credit card companies for the departure confirmation system. It can prevent fraudulent payments of credit cards by checking whether a cardholder stays in Korea at the point of approval of overseas card transaction.
In addition, you can ask credit companies to stop newly issuing credit cards in order to prevent fraudulent issuance of credit cards using stolen identities. You can use the existing cards, while stopping issuance of new ones.
You can read FSS’s full guidance here.

What could possibly go wrong?
IRS Announces Program to Obtain Copies of Past Returns Online or by Mail
by Sabrina I. Pacifici on January 21, 2014
Get Transcript – “Get a record of your past tax returns, also referred to as transcripts. IRS transcripts are often used to validate income and tax filing status for mortgage applications, student and small business loan applications, and during tax preparation.

The lead article in this digest. An update claims it was DHS not the FBI. Does the MPAA have enough clout to scramble a team on a moment's notice? Apparently they do.
Google Glass Movies, Android Malware, LogMeIn Logs Out [Tech News Digest]
Google Glass At The Movies
If the experience of one man in Ohio is anything to go by, Google Glass is likely to be banned from movie theaters. The unnamed man was, according to his account on The Gadgeteer and later confirmed by Business Insider, enjoying watching ‘Jack Ryan: Shadow Recruit’ when he was escorted outside and accused of illegally recording the movie.
His only crime was to be wearing a Google Glass device in the theater. It wasn’t switched on and recording, and he was only wearing it because it had prescription lenses fitted. None of which helped convince the FBI (Federal Bureau of Investigation) or the MPAA (Motion Picture Association of America) that he had done nothing wrong.
The ordeal lasted more than an hour and only ended when the contents of the man’s Google Glass device were examined. [Because you must prove you are innocent! Bob] At which point he was allowed to leave, with four free passes to the theater in his hand. But no apology.
This may not seem like an important story but it demonstrates several things. Firstly, that Google Glass is likely to cause mayhem if and when it becomes mainstream. Second, that the MPAA has far too much power. Third, that the FBI is woefully unprepared to deal with this new wave of wearable technology. Exciting, huh?!

I called my brother last night to ask how he was dealing with Global Warming (they had 6 inches already) Damn you, Al Gore!
NOAA Product Highlight: U.S. Climate Extremes Index
by Sabrina I. Pacifici on January 21, 2014
“The U.S. Climate Extremes Index or USCEI brings together several climate indicators to illustrate the occurrence of specific extreme events in the contiguous United States from 1910 to the present. These climate indicators include extremes in average monthly maximum and minimum temperatures, heavy one-day precipitation events, drought severity, the number of days with and without precipitation, and the wind intensity of tropical cyclones that make landfall in the country. The USCEI helps paint the picture of how often and how much of the country is dealing with extreme weather throughout time. It does this by tracking the highest and lowest 10% of extremes in these climate indicators. One way to visualize how this works is by thinking of a football field. With temperatures for example, it would be as if the scientists took all of the average monthly maximum, or minimum, temperatures for a specific location and lined them up on a football field from the coolest at one goal line to the warmest at the other goal line. The USCEI incorporates those values that are within the 10-yard line on each end of the field. Scientists can then look at those values and see when most of the high and low extremes occurred, giving them an idea of how they are evolving over time.”

Answers that age old question, “Where were you on the night Col. Mustard was murdered?”
– transforms the photos and videos on your iPhone into a beautiful journal, presenting you with a delightful way to rediscover your most important memories. And since life happens when you least expect it, Heyday automatically chronicles the places you go and the things you see so you’ll never forget a meaningful place or moment again.

This one is interesting. Start with the free account...
– Build an API in seconds with Kimono to power your apps, models and visualizations with live data without writing any code. The Kimono smart extractor recognizes patterns in web content allowing you to get the data you want quickly and visually. App Builder lets you create responsive web apps on top of your APIs without writing any code.

Remember students, I get 10%
FREE EBOOK Earn Money Online: Writing, Transcribing and Tutoring Gigs
Want to earn a little money on the side, but don’t want to leave your house? Check out our latest free manual: Earn Money Online: Writing, Transcribing and Tutoring Gigs. In it, Alexander Cordova shows you a few places where anyone willing to work hard can earn some cash.
No password or registration required. Read online or download PDF, EPUB version free of charge; Amazon version $1

Tuesday, January 21, 2014

I was kind of worried that this might be the case.
Hang on to your credit cards and start checking your free credit reports: The latest news about retail breaches is not good.
Numerous sources are now reporting that the recent Target and Neiman Marcus data breaches may be the tip of the cyber heist iceberg, and there are likely more related breaches that have not yet been announced.
Writing in BankInfoSecurity, Tracy Kitten reports that banks that issue credit cards say fraud patterns may reveal additional breaches at other well-known brands—possibly a leading hotel company and a restaurant chain. Banks are often the first ones to detect retail breaches, even before the merchants themselves realize what is happening.

Another little problem with the government database.
Darlene Storm reports:
When it comes to the atrocious state of security, white hat hacker David Kennedy, CEO of TrustedSec, may feel like he’s beating his head against a stone wall. Kennedy said, “I don’t understand how we’re still discussing whether the website is insecure or not. It is; there’s no question about that.” He added, “It is insecure – 100 percent.”
Read more on Computerworld.
Related: TrustedSec testimony (pdf) to the House Science, and Technology Committee on Jan. 16

(Related) Okay Privacy lawyers, what are you going to do about it?
Dr. Deborah Peel of Patient Privacy Rights kindly gave me permission to reprint this blog post:
The biggest myth about ‘Big Data’ users of the entire nation’s health information is that personal health data was acquired legally and ethically.
Just ask anyone you know if they ever agreed to the hidden use and sale of sensitive personal information about their minds and bodies by corporations or “research” businesses for analytics, sales, research or any other use. The answer is “no”.
Americans have very strong individual rights to health information privacy, ie to control the use of their most sensitive personal information. If US citizens have any “right to privacy”, that right has always applied to sensitive personal health information. This was very clear for our paper medical records and is embodied in the Hippocratic Oath as the requirement to obtain informed consent before disclosing patient information (with rare exceptions).
The IPO filing by IMS Health Holdings at the SEC exposed the vast number of hidden health data sellers and buyers. Buying, aggregating, and selling the nation’s health data is an “unfair and deceptive” trade practice.
Does the public know or expect that IMS (and the 100′s of thousands of other hidden health data mining companies) buys and aggregates sensitive “prescription and promotional” records, “electronic medical records”, “claims data”, and “social media” to create “comprehensive”, “longitudinal” health records on “400 million” patients? Or that IMS buys “proprietary data sourced from over 100,000 data suppliers covering over 780,000 data feeds globally”? Again, the answer is “no”.
Given the massive hidden theft, sale, and misuse of the nation’s health information how can any physician, hospital, or health data holder represent that our personal health data is private, secure, or confidential?

See? I told you they had laws in Australia.
New on LLRX – Researching Australian Law
by Sabrina I. Pacifici on January 20, 2014
Via - Researching Australian Law - Nicholas Pengelley and Sue Milne have revised, updated and expanded their guide which covers a comprehensive range of sources on topics that include: Parliaments and Laws; Finding Australian Legislation; Courts and Judgments; Finding Australian Cases; Treaties; Journal Literature; Legal Encyclopedias; Law Reform; Government Information; Dictionaries; Directories; Legal Research Guides; Publishers; Current Awareness; Discussion Lists; and Major Texts.

Unfortunately, this doesn't surprise me. What I don't get is why a dozen cops were required to search for evidence of eggs. That is what the search warrant was after, isn't it? Is it common to issue search warrants for “egging?” I don't recall that ever happening when I was a kid.
Justin Bieber had ‘cookie jars’ full of weed, empty codeine bottles in house during cop raid: report
Justin Bieber’s mansion reportedly was stuffed with drugs and paraphernalia when cops rolled up to serve an egging-related search warrant last week.
Two large cookie jars loaded with marijuana sat in plain view of the dozen detectives from the Los Angeles County Sheriff’s Department, an unidentified source told
… Luckily for the Biebs, the deputies were raiding the house for surveillance equipment and other evidence that could tie him to a recent egging of his neighbor’s mansion – not drugs.
… Bieber, 19, is under investigation for allegedly hurling raw eggs at his next-door neighbor’s house two weeks ago.
The irate neighbor has claimed he saw the Canadian crooner from his second-floor balcony and even videotaped some of the verbal exchange.
Neighbor Jeffrey Schwartz quickly called police and claimed Bieber threw at least 20 eggs at his home, causing about $20,000 worth of damage to his plaster and stained wood exterior. [Flimsy houses in California... Bob]

Welcome to the land where competition is based on the value of the service, not who has the best Super Bowl Ad. There's a business opportunity here. Unfortunately, I seem to be the only serious geek in my neighborhood. Perhaps if I toss in free phone service, free TV, free music, and free MOOCs? By the way, I clock out at 2.12mbps.
South Korea set to get 300 Mbps service, one carrier prepping 450 Mbps for MWC
If you thought your Verizon or AT&T LTE was fast, South Korea is about to start laughing at us. In that country, two providers are preparing a new LTE network that will outdo anything we’re seeing domestically by a wide margin. At 300 Mbps, LG Uplus is setting a standard, but a 450 Mbps network from another is said to be shown of at MWC.

I see a future for “less than Bachelor” skills testing. Take a free MOOC to learn the skill, then pay to be tested or certified.
One-Quarter of Adults Hold Educational Credentials Other Than an Academic Degree
by Sabrina I. Pacifici on January 20, 2014
“The U.S. Census Bureau reported that in fall 2012, more than 50 million U.S. adults, or one in four, had obtained a professional certification, license or educational certificate apart from a postsecondary degree awarded by colleges and universities. This is the Census Bureau’s first-ever report on this topic. Among the adults included in the report, 12 million had both a professional certification or license and an educational certificate; 34 million had only a professional certification or license; and 7 million had only an educational certificate. “Getting an academic degree is not the only way for people to develop skills that pay off in the labor market,” said Stephanie Ewert, a demographer with the Census Bureau’s Education and Social Stratification Branch and co-author of the report, Measuring Alternative Educational Credentials: 2012. “In this report, we’ve been able to measure for the first time how many people take another route to a productive career: holding an alternative educational credential independent of traditional college degrees. It turns out that millions of people have taken this path,” added Ewert. These alternative credentials include professional certifications, licenses and educational certificates. The fields of these professional certifications and licenses were wide-ranging and include business/finance management, nursing, education, cosmetology and culinary arts, among others. The report shows that, in general, these alternative credentials provide a path to higher earnings. Among full-time workers, the median monthly earnings for someone with a professional certification or license only was $4,167, compared with $3,433 for one with an educational certificate only; $3,920 for those with both types of credentials; and $3,110 for people without any alternative credential. “For people with at least a bachelor’s degree, earnings didn’t really differ between those with an alternative educational credential and those without,” said report co-author Robert Kominski, assistant chief for social characteristics at the Census Bureau. “But at lower levels of regular education, there is routinely an earnings premium for a professional certification or license, or an educational certificate.” Professional certification or license holders earned more than those without an alternative credential at each level of education below a bachelor’s. Among people with some college but no degree or less education, educational certificate holders earned more than people without an alternative credential.”

Same argument for providing my students with e-textbooks.
New on LLRX – Should public libraries give away e-book-friendly tablets to poor people?
by Sabrina I. Pacifici on January 20, 2014
Via - Should public libraries give away e-book-friendly tablets to poor people? $38 tablet hints of possibilities - David Rothman proposes that e-book-capable tablets, especially with national digital library systems in place, could multiply the number of books matching students’ precise needs. Paper books could serve as gateways to E, and then children and parents could digitally follow their passions to the max, whether for spaceships, basketball, or knitting. … Learning, independent of income – access to knowledge regardless of often round-the clock-work schedules for increasing numbers of parents and young people who are struggling to get by – this is a cause around which many communities of best practice can rally.

Why not? If nothing else, think of how easily a foundation could be poured.
DefenseTech – Navy Helps Fund 3D Printing of Buildings
by Sabrina I. Pacifici on January 20, 2014
Bryant Jordan: “Add to guns and prosthetic hands something much bigger and heavier forming from the nozzle of a 3D printer — buildings “printed” out of concrete. Partially funded by the Office of Naval Research and the National Science Foundation Countour Crafting is trying to develop 3D printed buildings using concrete. Company founder Behrokh Khoshnevis is a professor and director of Manufacturing Engineering Graduate Program at the University of Southern California. Concrete printers would be able to build a 2,500-square-foot building within a single day, according to Khoshnevis. For the military, that means soldiers deploying to a remote location with little or no infrastructure could be operating out of permanent structures pretty soon after a combat engineer unit arrived with printers and material aboard a C-17.”

Analyze data like the NSA? But, this might work for my Statistics students.
Doing Data Science in the Cloud With ScraperWiki
If you’ve got the mental chops, a flair for programming and storytelling, and an eye for design, you can do worse than getting into data science. It’s the new big thing in technology; highly trendy and highly paid, with data scientists being sought by some of the largest companies in the world.
ScraperWiki is a company that has long been associated with the data science field. For the past few years, this Liverpool based startup has offered a platform for coders to write tools that get data, clean it and analyze it in the cloud.
… ScraperWiki markets itself as a place to get, clean and analyze data, and it delivers on each of those counts. In its simplest form, it allows you – the user – a place where you can write code that retrieves data from a source, tools to convert it into a format that is easy to analyze, and storage to keep it for later visualization – which you can also handle with ScraperWiki.
It also comes with a number of pre-built tools that automate repetitive tasks, including getting data from PDFs, which are notoriously difficult to decode. This is in addition to Twitter searching and scraping utilities. You don’t need any software development experience to use these.

For my student toolkit.
Read Write Think Timeline - A Timeline Tool for Almost All Devices
Read Write Think offers a bunch of great web, iOS, and Android applications for students. One of those that I recently learned about from David Kapuler is Read Write Think's Timeline creator. RWT Timeline is available as a web app (Flash required), as an Android app, and as an iPad app. All three versions make it easy for students to create timelines for any series of events.
To create a timeline with RWT Timeline students first tap or click along a blank line to add an event. Events can include dates in any format. Each event has room for a brief description and an image. Longer descriptions can be written but they won't appear on the timeline, they'll only appear in the printed notes about the timeline. Students can drag and drop events on their timelines to create appropriate spacing between each event.

(Related) Because too many is never enough.
Teaching With ChronoZoom - A Timeline of Almost Everything
A couple of years ago Microsoft launched an open source timeline tool called ChronoZoom. At that time ChronoZoom was an impressive interactive timeline of the history of the world. But that's all it was. Recently, I learned that ChronoZoom now allows students and teachers to create their own timelines. Timelines created in ChronoZoom can include multiple layers so that you can see how events and eras overlap. Within each section of your a time multiple videos, images, and texts can be displayed.
The "zoom" part of the name ChronoZoom comes from the way in which you navigate the timelines by zooming-in and zooming-out on elements of the timeline. In that sense ChronoZoom's display will remind some users of the Prezi interface.

To paraphrase Forrest Gump, “Management is as management does!”

Monday, January 20, 2014

When you put all your eggs in one basket, you need to really, really protect that basket!
AFP reports:
The personal data of at least 20 million bank and credit card users in South Korea has been leaked, state regulators said Sunday, one of the country’s biggest ever breaches.
Many major firms in the South have seen customers’ data leaked in recent years, either by hacking attacks or their own employees.
In the latest case, an employee from personal credit ratings firm Korea Credit Bureau (KCB) has been arrested and accused of stealing the data from customers of three credit card firms while working for them as a temporary consultant.
Seoul’s financial regulators on Sunday confirmed the total number of affected users as at least 20 million, in a country of 50 million.
The stolen data includes the customers’ names, social security numbers, phone numbers, credit card numbers and expiration dates, the Financial Supervisory Service (FSS) said in a statement.
The employee later sold the data to phone marketing companies, whose managers were also arrested earlier this month, prosecutors and the FSS said.
The information was taken from the internal servers of KB Kookmin Card, Lotte Card and NH Nonghyup Card.
Read more on AFP. There is no statement about today’s news on FSS’s website at this time. On January 13, however, the Financial Supervisory Service (FSS) had a meeting with financial company executives in charge of the safety and security of customer data. At the meeting, about 90 Chief Information Security Officers and Chief Privacy Officers were present (see press release).
The AFP report also mentions earlier incidents, including one from last month involving Citibank Korea that I was not previously aware of. In researching that one, I found this article that explains:
The South Korean prosecutors’ office said in a Dec. 11 statement it arrested an employee of “Bank C” for leaking information on 34,000 clients, including details of lending contracts.
Citibank Korea confirmed in an e-mail yesterday that it was “Bank C.” The Seoul-based unit conducted its own investigation at the FSS’ request following the arrest, it said, without elaborating on the results of the probe.
And Korea Times reported:
The employee at Citibank printed the data of 34,000 customers on 1,100 pieces of paper [Very unusual Bob] and gave them to private loan service providers in April, while the worker at SC’s subcontracted IT center accessed the computer files of the lender, transferred the personal data of about 104,000 customers onto a portable storage device between November 2011 and February 2012 and sold it to a broker.
The prosecution said the leaked information includes customers’ names, phone numbers, their employers and the amount of any outstanding loans, which are also suspected of being used in a voice-phishing scam.

Not many details, but they will come out eventually.
Neiman Marcus Data Breach May Be 6 Months Old
Even as security analysts are wading through the issues with the Target breach, new information is emerging about Neiman Marcus’ woes. According to the New York Times, hackers infiltrated the luxury retailing giant’s computer network as far back as July.
… “In mid-December, we were informed of potentially unauthorized payment card activity that occurred following customer purchases at our stores.

Replace credit and debit cards and all forms of ID?
CES 2014: Could a palm scanner make transactions safer?
A device called the Pulse Wallet could create a new and secure way to confirm financial transactions.
The technology, which is currently in use in cash machines in Brazil and Japan, uses an infrared camera to scan the vein pattern in a person's hand.
While signatures can be forged and pin codes cracked, vein patterns are thought to be unique and more difficult to copy.

Dang! I thought everyone was was protected. Sorry readers.
Eugene Volokh – Bloggers = Media for First Amendment Libel Law Purposes
by Sabrina I. Pacifici on January 19, 2014
So holds today’s Obsidian Finance Group v. Cox (9th Cir. Jan. 17, 2014) (in which [Eugene Volokh] represented the defendant). To be precise, the Ninth Circuit concludes that all who speak to the public, whether or not they are members of the institutional press, are equally protected by the First Amendment. To quote the court,
The protections of the First Amendment do not turn on whether the defendant was a trained journalist, formally affiliated with traditional news entities, engaged in conflict-of-interest disclosure, went beyond just assembling others’ writings, or tried to get both sides of a story. As the Supreme Court has accurately warned, a First Amendment distinction between the institutional press and other speakers is unworkable: “With the advent of the Internet and the decline of print and broadcast media … the line between the media and others who wish to comment on political and social issues becomes far more blurred.” Citizens United, 558 U.S. at 352. In defamation cases, the public-figure status of a plaintiff and the public importance of the statement at issue — not the identity of the speaker — provide the First Amendment touchstones.”

Now you can be as secure as James Bond! Or at least as the British version of the NSA can make you.
UK – 10 Steps to Cyber Security
by Sabrina I. Pacifici on January 19, 2014
“The Government and intelligence agencies are directly targeting the most senior levels in the UK’s largest companies and providing them with advice on how to safeguard their most valuable assets, such as personal data, online services and intellectual property. The Cyber Security Guidance for Business, produced by CESG (the Information Security arm of GCHQ), the Department for Business Innovation and Skills (BIS) and the Centre for the Protection of National Infrastructure (CPNI), will help the private sector minimise the risks to company assets. The guidance includes:

You say FOIA compliance, I say thoughtless. Either way, I have no say. Government knows best?
Sometimes what we typically think of as non-sensitive information can be problematic in the wrong hands. This case is a useful reminder of that.
J Allen Carnes who owns about 4000 acres of farmland in Uvalde, Texas, 90 minutes from the Mexican border, today reacted to the Environmental Protection Agency’s weak apology for releasing private information on farmers and ranchers across the United States.
Carnes says he is outraged that the EPA gave farmers’ and ranchers’ personal information, from their home addresses, to email addresses, telephone numbers, personal notes and more, to environmental activists under the guise of the Freedom of Information Act putting the agriculture community at risk for agro-terrorism.
Read more on Fort Mill Times.

Coming soon to a Health Care database near you!
Randeep Ramesh reports:
Drug and insurance companies will from later this year be able to buy information on patients – including mental health conditions and diseases such as cancer, as well as smoking and drinking habits – once a single English database of medical data has been created.
Harvested from GP and hospital records, medical data covering the entire population will be uploaded to the repository controlled by a new arms-length NHS information centre, starting in March. Never before has the entire medical history of the nation been digitised and stored in one place.
Once live, organisations such as university research departments – but also insurers and drug companies – will be able to apply to the new Health and Social Care Information Centre (HSCIC) to gain access to the database, called
If an application is approved then firms will have to pay to extract this information, which will be scrubbed of some personal identifiers but not enough to make the information completely anonymous – a process known as “pseudonymisation”.
Read more on The Guardian.
Given the NHS’s repeated failures to adequately secure patient information, this just seems to be a privacy Chernobyl waiting to happen. And no, I’m not just talking about the risk of re-identification, which they identify as a “small, theoretical risk.” I’m thinking of hacks, insider breaches, and other sources of compromise, too.

Should I file this under “Humor” or “Branding?” My students thought McDonald should sell McJoints and McMunchies, but it looks like we were too slow to copyright our ideas.
Companies woo the weed crowd with artful, edgy ads
… Fast-food restaurants such as Jack in the Box have been delicately plying the pot pitch with ads such as "Jack's Munchie Meal."
… This month, playing off the approved use and sale of marijuana in the Rocky Mountain State, Spirit Airlines further nudged that content needle by dangling discounted fares in Colorado where, its ad informs, “the no smoking sign is off," beckoning flyers to "get mile high."

For my programming students.
Write Mobile Apps For Any Platform With Intel XDK
Intel ... just threw their hat back into the mobile ring again with the Intel XDK IDE. This free development environment allows you to write applications using HTML5, Javascript and CSS3 and then test them against multiple devices. Once finished, you can publish to a multitude of app stores, including Google Play, Nook, Kindle, iTunes and the Windows 8 Store. It really is a ‘write once, run anywhere’ deal.

Not perfect, but useful. (Should be matched with a pronunciation site)
– is a Google Translate mashup where you can enter a phrase and then the phrase is automatically translated and placed over each country. Just remember, translations are generated automatically, and some may be inaccurate. Just one translation is provided for each word; watch out for words with multiple meanings, and if Google Translate cannot find a translation, it simply shows the English word.

For my nephew, and my students who appreciate the classics...
15 Free Classic Rock Music Downloads [Sound Sunday]

Rdio Goes Free After Spotify Drops Time Limits
It’s a good time to be a streaming music fan at the moment, as each of the big players tries to grab the headlines from the other. The news at the moment is that Rdio is now completely free to users, after Spotify dropped all remaining time limits with regards to usage.
There are two catches to the Rdio offer – one, it is only available to US residents, and secondly, you will have to listen to occasional adverts
… Speaking of Spotify, … Now you can listen to music for as long as you want for free – along with the adverts. Upgrading to a paid plan now will remove those adverts.