Saturday, March 08, 2014

Clausewitz wrote that, “war is the continuation of politics by other means.” I've always taken that to mean that when politicians fail (i.e. really screw up) the result is war. That does not mean that both sides have to screw up. I also remember a Will Rogers quote, “ Diplomacy is the art of saying 'Nice doggie' until you can find a rock.”
Ukraine crisis 'created artificially' - Russia's Lavrov
Russian Foreign Minister Sergei Lavrov has said the crisis in Ukraine was "created artificially for purely geopolitical reasons".
He confirmed Russia had contacts with Ukraine's interim government but said Kiev was beholden to the radical right.
Russia, he said, was open to further dialogue with the West if it was "honest and partner-like".

Any “new” system runs the risk of unrecognized vulnerabilities. (There is low hanging fruit everywhere) Again we seem to have systems designed without considering “Best Practices.”
The Office of the Inspector General (OIG) of HHS recently released an audit that found pervasive high-risk security vulnerabilities at 10 state Medicaid agencies. The report is written so as not to provide a road map for attackers who might want to exploit the vulnerabilities but to raise awareness of concerns, i.e., the states are not identified in the report. The audit period included calendar years 2010 to 2012.
Seventy-nine individual audit findings were grouped into 15 security control areas within 3 information system general control categories: entitywide controls, access controls, and network operations controls.
You can download the full report here (.pdf).

Now this is nuts. Stingray and Hailstorm are tools, like a radar gun, and it might be useful to know how they work. (and how they fail) Could the vendors of “Red Light Cameras” hide behind a similar NDA?
I thought it was outrageous that law enforcement claimed they couldn’t tell a defendant that they had obtained evidence against him using Stingray because of a nondisclosure agreement with Harris, but it turns out that’s not the only police department citing a nondisclosure agreement with Harris as the basis for withholding information.
Jamie Ross reports:
A reporter sued the Tucson Police Department for records on the surveillance equipment it uses to collect data from cellphones.
Beau Hodai sued Tucson and its Police Department Tucson in Pima County Court, seeking an order to show cause why the Tucson PD should not have to comply with the public records act.
Hodai submitted his first records request to Tucson police on Oct. 11, 2013, “concerning TPD’s purchase and use of Stingray and Stingray II cell phone tracking equipment from Harris Corporation.”
In response to Hodai’s request, TPD provided him with four documents, but redacted them, citing exemptions in the Freedom of Information Act and a nondisclosure agreement with Harris Corp. and the Federal Bureau of Investigation.
The Tucson PD, however, failed to provide Hodai with “work product resulting from the use of Stingray or Stingray II,” requests or authorizations of Harris Corp. products in any police operations, training materials, and internal policies. The agency also failed to produce TPD memos describing when to use Stingray and external correspondence concerning the program.
The nondisclosure agreement between Harris Corp. and Tucson states: “The City of Tucson shall not discuss, publish, release or disclose any information pertaining to the Products covered under this NDA to any third party individual, corporation, or other entity, including any affiliated or unaffiliated State, County, City, Town or Village, or other governmental entity without the prior written consent of Harris … The City of Tucson is subject to the Arizona Public Records Law. A.R.S. sec 39-121, et seq. While the City will not voluntarily disclose any Protected Product, in the event that the city receives a Public Records request from a third party relating to any Protected Product, or other information Harris deems confidential, the City will notify Harris of such a request and allow Harris to challenge any such request in court. The City will not take a position with respect to the release of such material, beyond its contractual duties, but will assist Harris in any such challenge.”
Read more on Courthouse News.
Wow. So the city will assist business in trying to keep information from the public that the public has a right to know? Impressive.

Makes me think that the government should try to hire lawyers who have actually been to law school.
A federal judge with a secret court has refused the Obama administration’s request to extend storage of classified National Security Agency telephone surveillance data beyond the current five-year limit.
The Justice Department had argued several pending lawsuits over the bulk data collection program require it to preserve the records for a longer period of time.
Judge Reggie Walton, who presides over the Foreign Intelligence Surveillance Court, concluded on Friday the government had not overcome larger privacy concerns.
Read more on KEYT.
[From the article:
"The government makes no attempt to explain why it believes the records that are subject to destruction are relevant to the civil cases," said Walton in his 12-page order.

Is “they've screwed up before” a sufficient argument?
Seth Rosenblatt reports:
The proposed sale of WhatsApp to Facebook will violate the privacy expectations of WhatsApp’s users, two privacy groups argued Thursday in a formal complaint to the Federal Trade Commission.
Filed by the Washington, D.C.-based Electronic Privacy Information Center and the Center for Digital Democracy, the “unfair and deceptive practices” complaint states that WhatsApp’s privacy policy is incompatible with Facebook’s. They request that the FTC “halt Facebook’s proposed acquisition of WhatsApp” until the issues listed in the complaint are “adequately resolved.”
Read more on CNET.
[From the article:
Facebook responded with an e-mailed statement to CNET that said, "As we have said repeatedly, Whatsapp will operate as a separate company and will honor its commitments to privacy and security."

For my Computer Security students. This works on Google, Facebook, Apple ID, Microsoft, Twitter, and other social media, gaming services and cloud storage sites.
Lock Down These Services Now With Two-Factor Authentication
Two-factor authentication is the smart way to protect your online accounts using something you know (like a password) and something you have (like a smartphone). Also known as two-step verification, it involves entering a code when logging in on new devices, and provides an excellent level of protection.
… We’ve already taken a look at the intricacies of two-factor authentication, and if a service you’re reliant on offers it; you should enable it. With two-factor authentication, every new log in attempt will require you input a code sent to you – normally via text message to a standard mobile number – before letting you in.

Every now and then, someone looks at old technology and says, “Why have we been doing it that way?”
Manu Prakash: A 50-cent microscope that folds like origami

(Related) A few other examples...
Democratized Science Instrumentation

Good things from strange sources? Should I have my students create a version of this App for Colorado? (If not, why not?) Could this work for ballot initiatives?
Michael Parkin: Internet Party's app will force others to follow suit
The week after next Kim Dotcom's Internet Party will push the go button in a very literal way.
The party is completing testing on its app, to allow would-be party members to sign up, pay their fees and submit their signature all at the flick of their fingers.
The party believes it has the Electoral Commission onside with the app having seen the Commission forced into the iPhone-age by, of all people, Peter Dunne, who was outraged that signatures could not be collected electronically as he tried to keep United Future above the 500 member threshold.
… Whatever the fate of the Internet Party might be two things are likely to result from its campaign:
1) The novelty value of an app to join a political party will ensure the Internet Party gathers the 500 members needed to register.
2) The app's popularity will force most other parties to follow suit by 2017.

For my Database students.
A Brief History of Databases

Friday, March 07, 2014

So, can the employment contract make this Okay?
Venkat Balasubramani and Eric Goldman comment on Maremont v Susan Fredman Design:
We’ve blogged about the dispute between Maremont and Susan Fredman Design Group before. Maremont was employed as SFDG’s social media consultant, and when she was injured in a severe accident, SFDG allegedly continued to access
(1) a Twitter account registered to Maremont’s name but allegedly used to the benefit of SFDG, and
(2) a personal Facebook account that had administrative privileges to SFDG’s business account.
The lawsuit was previously whittled down; this time around, the court gets rid of the Lanham Act claim, but sends the Stored Communications Act claim to trial.

This is the kind of article a “Guest Blogger” can write best.
Phil Lee writes:
As an EU privacy professional working in the US, one of the things that regularly fascinates me is each continent’s misperception of the other’s privacy rules. Far too often have I heard EU privacy professionals (who really should know better) mutter something like “The US doesn’t have a privacy law” in conversation; equally, I’ve heard US colleagues talk about the EU’s rules as being “nuts” without understanding the cultural sensitivities that drive European laws.
So I thought it would be worth dedicating a few lines to compare and contrast the different regimes, principally to highlight that, yes, they are indeed different, but, no, you cannot draw a conclusion from these differences that one regime is “better” (whatever that means) than the other. You can think of what follows as a kind of brief 101 in EU/US privacy differences.
Read more on Field Fisher Waterhouse.

Something new to stir the legal debate?
Robotics and the New Cyberlaw
Ryan Calo University of Washington - School of Law; Stanford University - Law School, February 28, 2014
Two decades of analysis have produced a rich set of insights as to how the law should apply to the Internet’s peculiar characteristics. But, in the meantime, technology has not stood still. The same public and private institutions that developed the Internet, from the armed forces to search engines, have initiated a significant shift toward robotics and artificial intelligence.
This article is the first to examine what the introduction of a new, equally transformative technology means for cyberlaw (and law in general). Robotics has a different set of essential qualities than the Internet and, accordingly, will raise distinct issues of law and policy. Robotics combines, for the first time, the promiscuity of data with the capacity to do physical harm; robotic systems accomplish tasks in ways that cannot be anticipated in advance; and robots increasingly blur the line between person and instrument.
Cyberlaw can and should evolve to meet these challenges. Cyberlaw is interested, for instance, in how people are hardwired to think of going online as entering a “place,” and in the ways software constrains human behavior. The new cyberlaw will consider how we are hardwired to think of anthropomorphic machines as though they were social, and ponder the ways institutions and jurists can manage the behavior of software. Ultimately the methods and norms of cyberlaw — particularly its commitments to interdisciplinary pragmatism — will prove crucial in integrating robotics, and perhaps whatever technology follows.

She's right!
Commissions, oversight boards, and review groups are all the rage these days. Recent weeks have seen hundreds of pages of reports evaluating American intelligence agencies, and there’s a promise of more to come. These reports have recommended dozens of modifications affecting all three branches of government. But there’s an integral part of the surveillance state that has thus far largely escaped the current scrutiny: the FBI. And while failure to “connect the dots” is an oft-cited flaw within the intelligence community, not insisting on examining more closely the FBI’s surveillance activities represents a similar flaw by those outside the intelligence community.

For my Ethical Hackers
Richard Chirgwin reports:
HTTPS may be good at securing financial transactions, but it isn’t much use as a privacy tool: US researchers have found that a traffic analysis of ten HTTPS-secured Web sites yielded “personal data such as medical conditions, legal or financial affairs or sexual orientation”.
In I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis, (Arxiv, here), UC Berkeley researchers Brad Miller, AD Joseph and JD Tygar and Intel Labs’ Ling Huang show that even encrypted Web traffic can leave enough breadcrumbs on the trail to be retraced.
Read more on The Register.

E-Lawyers – There's an App for that! (Is that an iPhone?)
– claims to be the easiest way to fix a parking ticket. Up to 50% of tickets are dismissed when challenged. Fixed has a team of experts that know the parking rules inside-out. Upload your ticket as a photo, and they will take care of the rest. If you win, they charge 25% of the ticket.

I've been thinking about the “reproduction of old maps” market. Skin a sheep, make quill pens, make some iron gall ink, draw the copies by hand... The only thing that was missing was a selection of old maps.
Introducing Google Maps Gallery: Unlocking the World’s Maps
by Sabrina I. Pacifici on March 6, 2014
Google Maps Blog: “If you’ve ever wondered which trails Lewis & Clark traveled for their famous expedition, or looked for maps of the best schools in your region, you may have found yourself scouring the web without much luck. The best results for your search may come from governments, nonprofits and businesses, but historically that information has been hard to find or inaccessible to the public. Well, now, with the new Google Maps Gallery, it’s easier for you to find maps like those all in one place.”

Always worth a look. You never know when you might find a useful tool! (You may need the Speaker Notes)
Best of the Web 2014
Earlier today at NCTIES 2014 I shared an entirely new version of my popular Best of the Web presentation. In this version I shared only tools that are new-to-me since last year's NCTIES conference and or have released significant enhancements in the last year. The slides from the session are embedded below. If you would like a copy of these slides click here to open them in Google Drive then select "File,""Make copy" to save a copy for yourself. I will be updating the speaker notes to include more links.

Thursday, March 06, 2014

It's pretty rare that a “C-level” executive hasn't insulated themselves sufficiently to avoid being held responsible for breaches. I wonder what is really going on here?
Target CIO Resigns After Data Breach
Retail giant Target said Wednesday that its chief information officer, Beth Jacob, has resigned effective immediately after the massive data breach late last year that exposed millions of customer payment card numbers and hurt company profits.
According to Steinhafel, the company is conducting an external search for an interim CIO.
We will also be elevating the role of the Chief Information Security Officer and hiring externally for this position,” he said. “Additionally, we will be initiating an external search for a Chief Compliance Officer."

Something for my Ethical Hackers: “Siri, find an easily hacked bank account and buy me a Bently.” There will be an App for that!
Apple Reportedly Plans To Open Siri To Third Parties (Just As Hackers Force It Open)
For anyone that wants Siri to do more than set iCal appointments and dictate SMS messages, there may be hope beyond a hack. Apple is reportedly working on allowing third-party services to integrate with Siri so that the iPhone’s digital assistant can carry out tasks — book flights or send texts on other messaging apps — which go beyond the services Apple can provide.

I don't suppose you could shut down the old company and spin up a new one each time you get a subpoena...
Robert Richardson writes:
According to one of the nation’s top digital civil liberties attorneys, U.S. companies have little legal recourse when powerful law enforcement agencies like the FBI make overreaching demands for their customers’ sensitive data.
In a presentation at last Thursday’s inaugural TrustyCon event, attorney Marcia Hofmann told attendees that the circumstances in which private email provider Lavabit opted to shutter its business might not be unique. Last summer Lavabit and Silent Circle, two providers of encrypted digital communications services, shuttered their services to avoid forced disclosure of their users’ data to U.S. government agencies.
Read more on SearchSecurity.

Pop quiz for congress and the Senate: 1) When is a background check mandatory? Hint: Not always! 2) If I do not “declare a willingness to break the law,” does that mean I am in compliance? 3) Will Facebook users do a better job that congress? Hint: How could they do worse?
Facebook Cracking Down on Illegal Gun Sales Planned on Site (2)
Facebook Inc. (FB:US) is cracking down on illegal gun sales planned through its website, seeking to prevent criminal activity and setting a precedent other social-media sites could follow.
Facebook will delete posts where users declare a willingness to break the law, such as to sell a gun without a background check or transport it across U.S. state lines, the company said today in a blog post. People who promote private sales of guns -- or other regulated goods and services -- might get a message from Facebook reminding them to comply with the law, while pages related to such activities will have to include language about the importance of following the law.

Students have no rights! Were there threats in these writings?
A former Moon Area School District student and his parents claim in a lawsuit moved to federal court on Wednesday that the township’s police violated his constitutional rights by seizing his personal journals and videos from his home and then showing them to school officials and other third parties.
Colin Schreiber, 20, and his parents Paul and Lora Schreiber, all of Moon, claim police lacked probable cause and obtained an overly broad search warrant in May 2011 after school officials contacted police about writings in Colin Schreiber’s personal journal, which he had with him at school.
Read more on TribLive.

...because all the worst laws are made by lawmakers?
Eric Goldman writes:
As regular readers know, I view state legislatures as currently the #1 threat to the Internet’s integrity. In the name of “protecting the kids” and “helping the Internet”, state legislatures are manufacturing a slew of anti-innovation laws that cumulatively threaten to “love” the Internet to death. Just try to keep pace with California’s legislature. This morning, I did a search at the legislative portal for the keyword “Internet” and found *415* bills in the current legislative session (2013-14). I don’t have time to peruse this legislative tsunami to find and analyze the numerous stinkers; but the pending bills that people are highlighting for me are characteristically horrifying.

Dude, nothing works! We're doomed!
Deven Desai writes:
A core issue in U.S. v. Jones has noting to do with connecting “trivial” bits of data to see a mosaic; it is about the simple ability to have a perfect map of everywhere we go, with whom we meet, what we read, and more. It is about the ability to look backward and see all that information with little to no oversight and in a way forever. That is why calls to shift the vast information grabs to a third party are useless. The move changes little given the way the government already demands information from private data hoards. Yes, not having immediate access to the information is a start. That might mitigate mischief. But clear procedures are needed before that separation can be meaningful. That is why telecom and tech giants should be wary of “The central pillar of Obama’s plan to overhaul the surveillance programs [which] calls for shifting storage of Americans’ phone data from the government to telecom companies or an independent third party.” It does not solve the problem of data hoards.
Read more on Concurring Opinions.

Boo! (But they have huge PACs)
Obama administration sides against Aereo
The Obama administration has sided with the nation's television broadcasters in a pending Supreme Court case against Aereo, the Internet service that scoops up freely available television signals and streams them to paying subscribers.

A surefire indication that a game is popular?
Report: New Flappy Bird clone hits App Store every 24 minutes
Flappy Bird may be gone, but it's certainly not forgotten. A new report from Pocket Gamer has found that 60 new Flappy Bird clones were added to Apple's App Store February 28-March 3. That breaks down to 2.5 new clones per hour or one every 24 minutes.
To qualify as a Flappy Bird clone, games needed to have players guiding characters through a course of pipes (or pipe-like objects) hanging from the ceiling or emerging from the ground.
Some notable Flappy Bird clones have included Fall Out Bird (based on the band Fall Out Boy) and Flappy Bert, which was inspired by the beloved Sesame Street character. The original Flappy Bird saw more than 50 million downloads before created Dong Nguyen pulled the game down in early February, saying the game was "too addictive."

Another job for my Ethical Hackers!
Apple security rules leave inherited iPad useless, say sons
A man whose mother bequeathed her iPad to her family in her will says Apple's security rules are too restrictive.
Josh Grant, 26, from London, told BBC Radio 4's You & Yours his mother bought the tablet during her cancer treatment.
Since her death, they have been unable to unlock the device, despite providing Apple with copies of her will, death certificate and solicitor's letter.
Apple says its security measures have led the industry in helping customers protect lost or stolen devices.

I could make this blog pretty!
Getty’s Images Are Now Free for Twitter, Tumblr and Personal Blogs
Since its founding, Getty Images has charged for its photos. If a media company wanted to use a Getty photo, the company paid Getty for the rights to that photo. But the stock-photo agency noticed its photos increasingly appearing on social media and blogs that hadn’t paid for the rights—one result of images being easy to find in Google Image searches and on news sites.
So the Seattle-based photo agency has decided to make a huge portion of its photos free. On Wednesday, the company unveiled the embed tool, which will allow users to include images on websites, such as non-commercial WordPress blogs. The eligible images also come with buttons for Tumblr and Twitter, where a link to the image can be shared.

Take 8 minutes to watch this video.
Government surveillance — this is just the beginning
Privacy researcher Christopher Soghoian sees the landscape of government surveillance shifting beneath our feet, as an industry grows to support monitoring programs. Through private companies, he says, governments are buying technology with the capacity to break into computers, steal documents and monitor activity — without detection.

Wednesday, March 05, 2014

Why would the CIA provide computers? Are Senate computers not adequately secured? Why did this not raise red flags? (Didn't the NSA provide security?)
McClatchy News is reporting that the CIA may have monitored computers that the agency provided to the Senate Intelligence Committee. The computers were used by Senate aides to prepare the Committee’s (still unreleased) report on the CIA’s secret detention and interrogation programs.
… The CIA Inspector General has reportedly requested the Justice Department to investigate the case as a criminal matter. Notably, McClatchy suggests that Senator Wyden was “apparently” referring to these monitoring practices when he asked CIA Director John Brennan earlier this year, “Does the Federal Computer Fraud and Abuse Act apply to the CIA?” Wyden did not get an answer, at least not at the hearings (full transcript). Close observers of those hearings had speculated that Wyden’s questions suggested that the CIA was accessing the American public’s computers (here and here). The McClatchy report provides a new and different explanation.

Are “professionals” more “understanding” or just crazy?
Fewer Than Half of RSA Attendees Think NSA Overstepped: Survey
A survey of 341 attendees of the recent RSA Conference in San Francisco revealed that less than half (48 percent) felt the NSA overstepped its boundaries with its surveillance programs.
This year's conference faced controversy due to allegations that RSA accepted a $10 million payment from the NSA several years ago to use a weak number generating algorithm by default in its BSAFE toolkits. The resulting furor led several scheduled speakers to pull out of the conference, while other people created a rival event known as Trustycon, which took place Feb. 27 at a nearby location.
… Of the 52 percent of the respondents who felt the NSA did not overstep, 21 percent believe the government needs to be aware of citizens' communications data in order to protect the nation from terrorist activity. Thirty-one percent meanwhile, said they were conflicted about the issue.

After spending $19 Billion, this is chump change. What's it worth to capture all the Internet users on an entire continent?
Facebook reportedly in talks for drone maker Titan Aerospace
Facebook is in talks to acquire Titan Aerospace, the maker of a solar-powered high-altitude drone that can stay aloft for five years, according to a TechCrunch report.
The acquisition would reportedly further the efforts of, a coalition of mobile technology companies spearheaded by Facebook that is working to bring Internet access to the 5 billion or so people around the world without it. The acquisition is valued at $60 million, a source "with access to information about the deal" told TechCrunch.
… Facebook is interested in dispatching some 11,000 unmanned aerial vehicles over parts of the globe that lack Internet access, beginning in Africa, according to the report. The company is said to be especially interested in the Solara 60, a featherweight aircraft built of composite materials that the New Mexico-based company claims can maintain an altitude of 65,000 feet for years without refueling, thanks to thousands of solar cells blanketing the aircraft.

Some day, all TVs will be streamed from your computer/smartphone.
Roku unveils updated Streaming Stick with support for all HDMI TVs

This would be the kind of project I would expect from a Privacy Blog. Written by law school students (guided by practicing lawyers?) and updated every year or so.
FREE EBOOK: How To Write A Privacy Policy For Your Website
Launching a website? This guide goes through what you need to know about creating, and writing, a privacy policy for your website. Don’t know if you do need a privacy policy? A very simple question will answer this for you: do you collect any kind of personal data from your users? If yes, then you need a privacy policy – it’s required by law in most countries.
Read online or download PDF, EPUB version free of charge; Kindle version $1

For my peers.
New Draft of Framework for Information Literacy for Higher Education
by Sabrina I. Pacifici on March 4, 2014
Association of College and Research Libraries - Draft Framework for Information Literacy for Higher Education, February 2014 [snipped]
“Introduction. The changes in higher education, coupled with a more complex information ecosystem than existed at the end of the last century, demand new engagement with the concept of information literacy. This Introduction explores the reasons for the dramatic shift from standards to a framework; discusses the key elements upon which the new Framework rests, threshold concepts and metaliteracy; and includes the components of the Framework that help to move it from a conceptual rendering to a full-fledged, living entity upon which to develop collaborative programs suitable for unique situations. The concluding section acknowledges the stakeholders and community who are engaged in this conversation.”
[From the Draft:
Information Literacy: A New Definition
Information literacy combines a repertoire of abilities, practices, and dispositions focused on expanding one’s understanding of the information ecosystem, with the proficiencies of finding, using and analyzing information, scholarship, and data to answer questions, develop new ones, and create new knowledge, through ethical participation in communities of learning and scholarship.

This might be a simple way to organize my Math formulas.
Lucid Chart Adds Interactive Tables and Notations to Mind Maps
Lucidchart is a great tool for creating flowcharts, mindmaps, and graphic organizers. This week Lucid Chart added the option to include interactive tables and notations to your charts. Now you can right-click on any shape in your mind map to write and add a note about it. The new tables option allows you to add spreadsheets to your Lucid Chart flowcharts.
Lucidchart offers a simple drag and drop interface for creating flow charts, organizational charts, mind maps, and other types of diagrams. To create with Lucidchart just select elements from the menus and drag them to the canvas. You can re-size any element and type text within elements on your chart. Arrows and connecting lines can be re-sized, repositioned, and labeled to bring clarity to your diagrams. Google Chrome users can use Lucidchart offline through the Lucidchart Chrome app.
Applications for Education
Lucidchart charges business customers, but makes all of their tools free for teachers and students. Lucidchart is a good tool for students to use to create charts that explain processes in science or to simply show the connections between key concepts in a course.

This is not funny. Who said this was funny?

Found all my Dave Brubeck albums too.
– is a music encyclopedia that contains everything you ever wanted to know about artists, what they released, what tracks they have written, recorded or produced, who they’ve been involved with, the latest news, etc. Bandtrace can be described with one word – simplicity.

Can I make it work with my Maverick Missile App?

Tuesday, March 04, 2014

Vladimir is angry that the Ukraine doesn't like him best, so he considered beating them until they loved him. Then he thought he would take their resources. Sounds like politics as taught at the old KGB schools.
Putin ends army exercise, Russian markets rally

(Related) “The Ukraine is worth 1/19th as much to the US as WhatsApp was to Facebook! But you have to pay us back.” (I'm sure this terrified Vladimir.)
Kerry arrives in Kiev, announces $1 billion in loan guarantees

(Related) Kind of an FYI...

This is unusual. It suggests they can't find the hack or can't find a permanent fix. Either way this is a big deal. (Perhaps there is no Plan B?)
Illinois Bank: Use Cash for Chicago Taxis
First American Bank in Illinois is urging residents and tourists alike to avoid paying for cab rides in Chicago with credit or debit cards, warning that an ongoing data breach seems to be connected with card processing systems used by a large number of taxis in the Windy City.
… We have also made repeated attempts to deal directly with Banc of America Merchant Services and Bank of America, the payment processors for the taxis, to discontinue payment processing for the companies suffering this compromise until its source is discovered and remediated. These companies have not shared information about their actions and appear to not have stopped the breach.”
… “I’m shocked, and it’s pretty amazing that they put that out there publicly, because everyone is usually so scared that they’re going to piss off Visa and MasterCard,” Litan said. “I’ve never seen any bank speak up like that. They’re probably just fed up.”

This could be the prelude to a new attack, or the remnants of an old one.
Nicole Kobie reports:
A London-registered company appears to be at the centre of a massive attack that’s redirecting traffic from 300,000 routers, a security firm has said.
Florida-based security firm Team Cymru said it was examining a “widespread compromise” of consumer and small office/home office (SOHO) routers in Europe and Asia.
Read more on PC Pro.
[From the article:
The routers' DNS settings were changed to two IP addresses, both of which are for machines that are physically in the Netherlands, but registered with UK company 3NT Solutions, he said.

FireEye Publishes 2013 Advanced Threat Report
According to FireEye, malware activity has become so pervasive globally that attack servers communicating with malware are now hosted in 206 countries and territories.
A full copy of the Advanced Threat Report is available online (PDF).

Does this change the equation? If I can sell my (lawyer's) data, can I sue all the sites that take it without paying me?
Adam Tanner writes:
For years, entrepreneurs have floated the idea of paying people for their personal data rather than just taking it without asking, the standard approach of many marketers.
Now, a few entrepreneurs are advancing plans to get cash or benefits into your hands in exchange for letting marketers have direct access to your social network activity, Internet browsing, purchases and other transactions. This information helps marketers pitch the right products to interested customers.
Read more on Forbes.

I assume I'd still need to clean things up, but at least everything would be in one format.
– can combine/merge multiple files of varying formats (PDF, MS Word, MS PowerPoint, MS Excel, images, html, and/or .txt files) into one consolidated PDF, MS Word, MS Excel, or MS PowerPoint document. There is no software to download, and it is 100% free.

I didn't know Amazon had coupons!
– everyone is always looking to save money, and clipping coupons is a popular way of doing that. Amazon Coupons combines the popularity of clipping coupons and saving money, on the world’s most popular e-commerce website. Simply add the item to your cart, clip the coupon, and check out.

Monday, March 03, 2014

You never need professional website developers, until you want to develop a website.
Commentary reveals how e-health gov site was rescued by Silicon Valley pros
by Sabrina I. Pacifici on March 2, 2014
Obama’s Trauma Team, By Steven Brill, TIME, March 10, 2014.
“…This is the story of a team of unknown–except in elite technology circles–coders and troubleshooters who dropped what they were doing in various enterprises across the country and came together in mid-October to save the website []. In about a tenth of the time that a crew of usual-suspect, Washington contractors had spent over $300 million building a site that didn’t work, this ad hoc team rescued it and, arguably, Obama’s chance at a health-reform legacy… Had the Obama team brought in its old campaign hands in the first place to run the launch, there would have been howls about cronyism. But one lesson of the fall and rise of has to be that the practice of awarding high-tech, high-stakes contracts to companies whose primary skill seems to be getting those contracts rather than delivering on them has to change. “It was only when they were desperate that they turned to us,” says Dickerson. “I have no history in government contracting and no future in it … I don’t wear a suit and tie … They have no use for someone who looks and dresses like me. Maybe this will be a lesson for them. Maybe that will change.” [Maybe the horse will learn to talk? Bob]

Lots of potential problems and too much adware. I wonder if my Ethical Hackers could load a clean and protected OS and make this thing safe?
New on LLRX – $38 Datawind UbiSlate 7Ci tablet as an e-reader
by Sabrina I. Pacifici on March 2, 2014
David Rothman is spearheading chronicling the progress of expanding low cost access to e-readers as libraries engage in mission critical outreach efforts to reach underserved communities. In this article, Rothman asks: Suppose you could buy an iPad for $38, read OverDrive library books, even hear text to speech from them, and enjoy Kindle books, too. And how about social media, photos, basic video chat, and production of low-res videos? What if you could even use voice recognition to dictate e-mail or other documents for work or school? Programs to loan out low-cost e-readers are on the horizon, but David cautions there are indeed impediments, including operating system security and lack of now ubiquitous high-end audio/video performance.

Another project for my Ethical Hackers?
Can Dashcams Stop ‘Crash For Cash’ Fraud?
The car in front of you suddenly brakes without warning… and you plough into the back of it. It’s not your fault, but you’re not alone in being a victim of the Crash For Cash insurance fraud. In fact, with nearly 70,000 personal injury claims potentially linked to the scam in the UK alone, it’s fair to call it a phenomenon. It’s already cost lives in America and England.
But motorists across the world are fighting back – with the aid of a small camera fitted to their dashboards.
… You can even get dashcam apps for your mobile devices!
… The aforementioned apps are generally less than $5. Witness Driving for iOS and Android is generally well-received and is just $0.99.
… There’s a plethora of free apps for Android, all of which are pretty divisive, including AutoGuard Blackbox and DailyRoads Voyager.
One issue is privacy. Dashcams are banned in Austria, and it’s illegal to leave any surveillance equipment on unattended in Sweden. Of course, it’s not so much an issue now, mainly as they’re still in their infancy, but if all cars had one, effectively your every move could be monitored.

Could be handy for my Computer Forensics students. Something for the toolbox folder?
– can open over 200 file types right inside the browser. Your files are automatically converted so they can be viewed online. The Jumpshare app brings real-time file sharing to your desktop. Just drag & drop your files to the menu bar to share instantly.

Sunday, March 02, 2014

You know this is important when it gets its own wikipedia page. Let's hope it stops at that.
2014 Crimean crisis

What is going on here? Has my favorite boondoggle agency found new boons to doggle?
TSA Harasses Traveler After 'Seeing Bitcoin' In His Bag
The TSA attempted to "screen" airline passenger Davi Barker for the virtual currency Bitcoin.
Barker is co-founder of BitcoinNotBombs, a Bitcoin advocacy group that gets donation-based organizations and social entrepreneurs set up to handle the currency. He's written a very detailed telling of what happened right here. After going through security (he opted out of the body scanner but was successfully cleared through the checkpoint), two people stopped him, and it got uncomfortable quickly.
I was about to ask for my attorney, who happens to be my wife, when [the person wearing] the orange shirt said, “What about Bitcoin?” I was flabbergasted. This was above and beyond any scrutiny I had ever received from the TSA, and a little frightening that they were looking for Bitcoin. I said I didn’t understand the question. He continued, “We saw Bitcoin in your bag and need to check.
… If this sounds weird to you, it's because it is. Bitcoin is digital and doesn't exist in the physical world — to "see Bitcoin" in a bag would be like seeing email in a bag.

For my wino friends.
5 great (and free) wine apps

I'm not sure how to use this, yet.
Starting to Demo the Wolfram Language
by Sabrina I. Pacifici on March 1, 2014
A knowledge based language: “We’re getting closer to the first official release of the Wolfram Language—so I am starting to demo it more publicly. Here’s a short video demo I just made. It’s amazing to me how much of this is based on things I hadn’t even thought of just a few months ago. Knowledge-based programming is going to be much bigger than I imagined…”