- Cybersecurity architecture principles
- Security of networks, systems, applications and data
- Incident response
- Security implications related to adoption of emerging technologies
Saturday, April 26, 2014
If Russia (Putin) can't have the Ukraine, and anything else he wants, he'll just use that capitalism thing to “sanction” Europe until they cave in to his demands.
With World Watching Ukraine, Russia Makes Energy Moves in Africa
… Over the past decade, and especially in recent months, the country has been ramping up natural gas exploration and production in Algeria and other corners of the African continent, including Nigeria, Egypt and Mozambique. The country is seeking "a stranglehold on Western Europe" that it could tighten – or threaten to tighten – anytime it wishes, says Assis Malaquias, a defense economics expert at the Africa Center for Strategic Studies in Washington, D.C.
By 2015, experts say, Moscow's control of Europe’s gas supply could leap by as much as 10 percentage points to 40 percent. Moreover, Southern European countries like Italy and Spain, which draw much of their natural gas from North Africa, would join the list of those affected by an increased Russian presence on the continent.
“Western Europe should be very concerned," Malaquias says. "Very."
Perhaps my Ethical Hackers could test your medical devices? (Before some unethical hacker does!) The initial assessment is free, keeping quiet about our findings – pricey. Note: Apparently a lot of this equipment uses hardcoded (written into the software so you can't change them) passwords.
Add this to your MUST-READ list. It should be required reading for all hospital administrators.
Kim Zetter reports:
When Scott Erven was given free rein to roam through all of the medical equipment used at a large chain of Midwest health care facilities, he knew he would find security problems–but he wasn’t prepared for just how bad it would be.
In a study spanning two years, Erven and his team found drug infusion pumps–for delivering morphine drips, chemotherapy and antibiotics–that can be remotely manipulated to change the dosage doled out to patients; Bluetooth-enabled defibrillators that can be manipulated to deliver random shocks to a patient’s heart or prevent a medically needed shock from occurring; X-rays that can be accessed by outsiders lurking on a hospital’s network; temperature settings on refrigerators storing blood and drugs that can be reset, [Yes, they are connected to the Internet. Bob] causing spoilage; and digital medical records that can be altered to cause physicians to misdiagnose, prescribe the wrong drugs or administer unwarranted care.
Erven’s team also found that, in some cases, they could blue-screen devices and restart or reboot them to wipe out the configuration settings, allowing an attacker to take critical equipment down during emergencies or crash all of the testing equipment in a lab and reset the configuration to factory settings.
Read more on Wired.
Explained, without much logic.
Last week Judge William Alsup (N.D. Cal.) released the unredacted version of his ruling in the first-ever challenge to the no-fly list to be decided on the merits – a case that I and others have discussed on this blog here, here, and here. Jeffrey Kahn has already catalogued most of the newly revealed information over at Concurring Opinions. My goal here is to step back a little, examine the especially noteworthy revelations (of which there are several), and put the case in the context of the broader debates about the appropriate balance between secrecy and transparency.
Some put a lot of thought into these opinions, some not so much.
Yesterday’s Washington Post has an interesting story about the increasingly aggressive role some federal magistrate judges are playing in policing criminal investigations involving digital media. In this “Magistrates’ Revolt”, the judges who review and authorize almost all federal search warrants and digital investigation orders are growing more critical of government assertions–and increasingly publishing their opinions so as to educate and inform their colleagues around the country.
(Related) Apparently the courts are ready for a “world government” (i.e. world-wide jurisdiction) So the remedy is, don't use email providers (any digital service) with a US presence?
Joseph Ax reports:
Internet service providers must turn over customer emails and other digital content sought by U.S. government search warrants even when the information is stored overseas, a federal judge ruled on Friday.
In what appears to be the first court decision addressing the issue, U.S. Magistrate Judge James Francis in New York said Internet service providers such as Microsoft Corp or Google Inc cannot refuse to turn over customer information and emails stored in other countries when issued a valid search warrant from U.S. law enforcement agencies.
Read more on Reuters.
'cause someone needs guidance.
Net Neutrality: A Guide to (and History of) a Contested Idea
This week, news broke that the Federal Communications Commission is considering new rules for how the Internet works.
In short: the FCC would allow network owners (your Verizons, Comcasts, etc.) to create Internet "fast lanes" for companies (Disney, The Atlantic) that pay them more. For Internet activists, this directly violated the principle of net neutrality, which has been a hot-button issue in Silicon Valley for a long time.
Net neutrality is the idea that any network traffic—movies, web pages, MP3s, pictures—can move from one place (our servers) to any other place (readers'
computers phones) without
… If you want a speedy explainer, Vox's Timothy Lee has one for you.
For my Computer Security students.
A few weeks ago I wrote about an opportunity for entry-level information security (infosec) professionals to get some training and “skill up” for their careers. (See Cybersecurity Professionals Are in Big Demand as Staffing Shortages Hit Critical Levels). Now there is a new option for people coming into the infosec profession. Today ISACA is launching a comprehensive new program called Cybersecurity Nexus (CSX).
… There is a Cybersecurity Fundamentals Certificate that is aimed at entry level information security professionals with 0 to 3 years of practitioner experience. The certificate is for people just coming out of college and career-changers now getting into IT security. The foundational level knowledge-based exam covers four domains:
A more advanced level certification is planned for 2015.
Something to add to the “Start-up folder?”
Meet Invoiceable: A Free Invoicing Solution For Small Businesses
It doesn’t get cheaper than free. There are some excellent free invoicing tools out there that your small business can benefit from. Invoiceable is one of them.
Because it amuses me... As Brazil moves into the “first world” club, the FCC is taking us to the “third world”
… The FCC is making moves to change the rules surrounding “Net Neutrality,” the idea that the Internet should not give preferential treatment to certain data or certain companies. The new proposal will give communications carriers and content companies “faster lanes.” This could have a major impact on education, as some have already said that schools will get “the slow lane.”
… Meanwhile, Brazil has passed an Internet Bill of Rights that, among other things, protects Net Neutrality.
… It’s official. The data infrastructure project InBloom is dead. After months of struggling to keep its clients in the face of parent protests about privacy issues, the organization announced this week that it would “wind down” over the coming months.
… A new OER platform, panOpen, has officially launched.
… The Gates Foundation has published the results of a survey on what teachers want from digital tools.
Friday, April 25, 2014
Just because you know how often this happens and how to easily minimize the risk of identity theft is no guarantee that you actually implement any of your own recommendations...
Howard Solomon reports:
Mistakes can happen in any organization, but when the office of the federal privacy commissioner loses an unencrypted hard drive with personal information it must sting.
But that’s what happened on Feb 14 during the agency’s move to Gatineau, Que. from its home across the river in Ottawa.
The Toronto Star revealed the loss in the print edition of the paper this morning, and it was confirmed in an ITWorldCanada.com interview with interim commissioner Chantal Bernier.
Read more on ITWorldCanada.com.
Perhaps well intentioned, perhaps the City Council realizes how easy this will make it to round up all the “defectives” and put them in the camps.
Corinne Lestch reports:
The City Council is pushing for the creation of a medical registry for people with developmental disabilities along with access to GPS tracking devices in the wake of 14-year-old Avonte Oquendo’s death.
The package of legislation, spearheaded by Council members Ruben Wills (D-Queens) and Vanessa Gibson (D-Bronx) calls for a new voluntary database controlled by the NYPD so that parents can register children with disabilities at their local precincts.
Read more on The Daily News.
I do not doubt the good intentions of the legislators, but if this is essentially a medical safety registry, why not create it under the Department of Health or an agency that is covered by HIPAA so that there is greater protection for the data? Turning over personal information of this kind to the police gives them one more database that may wind up misused at some point.
Detailed information about you and your behavior is so valuable that the hot new skill seems to be NSA Analyst experience. Big money in spying today. Perhaps I should allow myself to be lured back?
Verizon Wireless sells out customers with creepy new tactic
The company says it's "enhancing" its Relevant Mobile Advertising program, which it uses to collect data on customers' online habits so that marketers can pitch stuff at them with greater precision.
… "This identifier may allow an advertiser to use information they have about your visits to websites from your desktop computer to deliver marketing messages to mobile devices on our network," it says.
That means exactly what it looks like: Verizon will monitor not just your wireless activities but also what you do on your wired or Wi-Fi-connected laptop or desktop computer — even if your computer doesn't have a Verizon connection.
I've been trying to explain this to my Statistics students. Since everything about you is collected, everything about you is part of someone's analysis. Since you can not use words like “pipe bomb” without being involved in terrorism, your name will pop up. Then you get wiretaps, beepers secretly attached to your car, and black helicopters to take you to Guantanamo. Don't say I didn't warn you.
Elizabeth Joh has an article in Washington Law Review that begins:
The age of “big data” has come to policing. In Chicago, police officers are paying particular attention to members of a “heat list”: those identified by a risk analysis as most likely to be involved in future violence.1 In Charlotte, North Carolina, the police have compiled foreclosure data to generate a map of high-risk areas that are likely to be hit by crime.2 In New York City, the N.Y.P.D. has partnered with Microsoft to employ a “Domain Awareness System” that collects and links information from sources like CCTVs, license plate readers, radiation sensors, and informational databases.3 In Santa Cruz, California, the police have reported a dramatic reduction in burglaries after relying upon computer algorithms that predict where new burglaries are likely to occur.4 The Department of Homeland Security has applied computer analytics to Twitter feeds to find words like “pipe bomb,” “plume,” and “listeria.”5
You can read the full article here (pdf).
If the Internet is dragging us toward a world government, this is just one of the topics we need to debate.
Orin Kerr has an upcoming article in the Stanford Law Review that is available for download on SSRN. Here’s the abstract:
This article considers how Fourth Amendment law should adapt to the increasingly worldwide nature of Internet surveillance. It focuses on two types of problems not yet addressed by courts. First, the Supreme Court’s decision in United States v. Verdugo-Urquidez prompts several puzzles about how the Fourth Amendment treats monitoring on a global network where many lack Fourth Amendment rights. For example, can online contacts help create those rights? What if the government mistakenly believes that a target lacks Fourth Amendment rights? How does the law apply to monitoring of communications between those who have and those who lack Fourth Amendment rights? The second category of problems follows from different standards of reasonableness that apply outside the United States and at the international border. Does the border search exception apply to purely electronic transmission? And if reasonableness varies by location, is the relevant location the search, the seizure, or the physical person?
The article explores and answers each of these questions through the lens of equilibrium-adjustment. Today’s Fourth Amendment doctrine is heavily territorial. The article aims to adapt existing principles for the transition from a domestic physical environment to a global networked world in ways that maintain the preexisting balance of Fourth Amendment protection. On the first question, it rejects online contacts as a basis for Fourth Amendment protection; allows monitoring when the government wrongly but reasonably believes that a target lacks Fourth Amendment rights; and limits monitoring between those who have and those who lack Fourth Amendment rights. On the second question, it contends that the border search exception should not apply to electronic transmission and that reasonableness should follow the location of data seizure. The Internet requires search and seizure law to account for the new facts of international investigations. The solutions offered in this article offer a set of Fourth Amendment rules tailored to the reality of global computer networks.
You can download the article here.
Facebook courts journalists with newswire tool
Facebook said on Thursday that it has created a newswire tool tailored to journalists, part of a broader effort to be the go-to place for conversation for its 1 billion users.
Called FB Newswire, it is designed to help journalists share and embed newsworthy Facebook content that is made public by its members such as photos, status updates and videos. (www.facebook.com/FBNewswire)
… Social media platforms have become a gold mine for journalists. Facebook, Twitter, Google's YouTube and others are rich in source material, as many people around the world use them to communicate, including during periods of upheaval.
Acknowledging that many journalists use Twitter to uncover material, Facebook is also providing a Twitter feed, @FBNewswire.
My concern is not that Netflix will get better service (higher speeds) by paying more. I worry that I'll get lousy service (slower speeds) because I won't pay more.
FCC throws in the towel on net neutrality
It was obvious from the initial leaks that net neutrality advocates would view the new FCC proposals as a sell-out. They're right. And yesterday FCC Chairman Tom Wheeler used a tone of denial in a statement that basically confirms the leaks.
The Commission hasn't had much luck with their net neutrality proposals so far. Even though the Appeals Court, in their last FCC smackdown, essentially wrote the Commission a set of instructions on how to proceed in the future, I get the sense that what the Commission wants right now is something that they can call a victory and that won't be in court until after the current administration is gone. So they wrote rules that they thought the ISPs would go along with. It's a politician's move, but I'm basically happy with it. I've never thought much of net neutrality.
Okay, it's a fad. Guess I'll need to read it.
How a 700-page economics book surged to No. 1 on Amazon
(Related) Perhaps this “Reader's Digest” version is enough.
Now that's interesting.
UPDATE 2-Ban on Tesla's direct-to-consumer sales 'bad policy' -FTC officials
In an unusual move, three top officials with the U.S. Federal Trade Commission on Thursday expressed their opposition to laws that ban automakers such as Tesla Motors Inc from selling their cars directly to consumers.
… Dealers argue that their business model is good for consumers because dealers compete on price and offer long-term service. They see direct sales of any sort as an existential threat.
Change to the business model? Perhaps Cable could learn to provide unbundled choices when they see how much Netflix makes doing it. (Or someone could apply the Netflix model to TV – NetTV?)
Netflix finally comes to cable in the US
For the first time, Netflix will be available in the US from its natural enemy: cable companies. Atlantic Broadband, Grande Communications and RCN all announced that subscribers will be able to access the streaming service through their TiVo DVRs as soon as April 28th. Of course, that's just a different way of delivering regular Netflix streaming; you'll still need a Netflix subscription on top of your DVR TiVo cable contract. However, Atlantic said that accessing it would be as "easy as changing the channel,"
Thursday, April 24, 2014
“Generals are always preparing to fight the last war.” Not sure who said that first, but let's hope this Blog article isn't too accurate.
Putin learning what U.S. didn’t
After America’s ignominious defeat and hurried departure from Vietnam in 1973 — when the world’s richest and mightiest nation was humbled by the stolid determination of ill-equipped, ideologically inspired peasants — it was generally assumed the United States would not wage war again until the lessons of the Viet Cong victory were taken to heart.
When Soviet forces hastily retreated with a bloody nose from their nine-year occupation of Afghanistan in 1989, similar lessons were suggested about the impossibility of militarily holding a country with a universally hostile population.
In his stealth occupation of Crimea and eastern Ukraine, President Vladimir Putin of Russia appears to have learned the lessons of both Vietnam and Afghanistan.
Successive U.S. presidents, however, seem to have failed to understand how military strategy was forever changed by what happened in those two chastening conflicts. Rather, they have gone on to repeat their predecessors’ mistakes.
That’s not all. The fleet of U.S. stealth bombers ($810 million each) and the fleet of nuclear submarines ($8.2 billion each) armed with Trident nuclear missiles ($31 million each) are of little use against Russian intelligence agents provocateurs disguised as Ukrainian protesters arriving by civilian airliner.
For my lawyer friends. Fine him 1000 times what he was paid! (1000 * 0 = 0)
HEARTBLEED: A Lawyer’s Perspective On Cyber Liability and the Biggest Programming Error in History
Always innovative, those evil hackers.
Phishers Divert Home Loan Earnest Money
It looks like it’s time to update my Value of a Hacked Email Account graphic: Real estate and title agencies are being warned about a new fraud scheme in which email bandits target consumers who are in the process of purchasing a home.
In this scheme, the attackers intercept emails from title agencies providing wire transfer information for borrowers to transmit earnest money for an upcoming transaction. The scammers then substitute the title company’s bank account information with their own, and the unsuspecting would-be homeowner wires their down payment directly to the fraudsters.
Is there much demand for this? I can see the need for things like Google's self-driving cars, but I suspect it is focused more on utility companies, gas pipelines, medical devices... You get the idea.
AIG Expands Coverage to Include Physical Damage Caused By Cyber Attacks
Insurance giant American International Group (AIG) announced on Wednesday that it has expanded its cyber insurance offering to include property damage and bodily injury that could be caused as a result of cyber attacks.
The new cyber offering is designed to provide its commercial customers a way to manage physical risks to their operations from cyber attacks and cyber security failures.
“AIG’s expanded cyber insurance solution, CyberEdge PC, is a response to growing incidents and threats of cyber attacks directed at commercial industries that can lead to equipment failure, physical damage to property, and physical harm to people,” AIG said in its announcement.
Was there really a huge customer demand for this product? Drop the 10 second limit and you have a bug that tweets. Why?
Luke Funk reports:
A tiny new spy device aims to automatically transcribe and Tweet overheard conversations. It’s called Conversnitch.
Brian House and Kyle McDonald are behind the eavesdropping device.
They say it bridges the gap between (presumed) private physical space and public space online.
One of the creators, Kyle McDonald, released a video of the device being connected to a table lamp at a bank, in a hanging lamp at a McDonald’s, in a library light, and even a street lamp in a New York City park.
The device needs to have continuous access to an Internet-connected wireless network to work. It continually records 10 second samples, analyzes for interesting audio and uploads a transcribed version of it.
Their Twitter feed shows conversations they say have been captured by their device.
Read more on MyFoxNY.
Improving your image comes with certain risks...
NYPD Twitter campaign 'backfires' after hashtag hijacked
Users were asked to tweet a photo of themselves with officers and add the hashtag #myNYPD as part of a social media campaign.
But instead of a steady stream of friendly photos, the hashtag was quickly adopted by users posting images of possible police aggression.
… By Wednesday, the hashtag had become one of Twitter's top trending terms.
… Other Twitter interactions that have backfired include US Airways posting an explicit photo in response to a customer's tweet and McDonald's using a hashtag to highlight its farmers that quickly got taken over by people sharing their bad experiences of the burger chain.
Siri, met your competition. Windows users, let's hope she is less annoying than that paper clip guy...
Microsoft's Cortana mixes AI with human-added humour
Earlier this month Microsoft unveiled its smart virtual assistant, which will work on Windows Phone smartphones, and eventually across other services too.
Cortana has been described as a cross between Apple's Siri and predictive assistant, Google Now. It is inspired by the digital guide in Microsoft's bestselling console game franchise Halo.
For my vets.
New Website Helps Vets Manage Benefits, Apply for Loans
by Sabrina I. Pacifici on April 23, 2014
“eBenefits is a portal; a central location for Veterans, Service Members, and their families to research, find, access, and, in time, manage their benefits and personal information. eBenefits offers:
- A personalized workspace called My Dashboard that provides quick access to eBenefits tools. Using eBenefits tools, you can complete various tasks. You can apply for benefits, download your DD 214, view your benefits status, in addition to other actions as needed. This workspace is available to you once you have created an eBenefits account
- A catalog of links to other sites that provide information about military and Veteran benefits.”
For my students.
Ace Your Next Exam Using Flashcard Apps for iPhone or iPad
In addition to reading annotations, they offer one of the best proven methods for studying for an exam.
Just as there are some awesome flashcard apps for Android, the iTunes App Store has a healthy selection for iOS too.
Wednesday, April 23, 2014
“Yes, this does sound like one of Hitler's justifications. But, Hitler failed when he ran into Russia. We don't have that problem because we ARE Russia!”
Ukraine crisis: Russia 'to respond if its interests' attacked
Speaking to Russian state TV channel RT, Mr Lavrov also accused the US of "running the show" in Ukraine.
It was "quite telling" that Kiev had re-launched its "anti-terrorist" operation during a visit by US Vice-President Joe Biden, he said.
… "If our interests, our legitimate interests, the interests of Russians have been attacked directly, like they were in South Ossetia for example, I do not see any other way but to respond in full accordance with international law."
The Russian foreign minister did not specify what interests he was referring to. Thousands of Russian troops have massed along Ukraine's borders in recent weeks.
Russian fought a brief war with Georgia in the summer of 2008 after Tbilisi sent troops into the breakaway region of South Ossetia to regain control from the Russian-backed rebels.
Very interesting article. Perhaps the NSA likes it this way? Perhaps it's “Good enough for government work?” Perhaps nothing serious enough to get our attention has happened yet.
The Heartbleed computer security bug is many things: a catastrophic tech failure, an open invitation to criminal hackers, and yet another reason to upgrade our passwords on dozens of websites. But more than anything else, Heartbleed reveals our neglect of Internet security.
The United States spends more than $50 billion a year on spying and intelligence, while the folks who build important defense software—in this case a program called OpenSSL that ensures that your connection to a website is encrypted—are four core programmers, only one of whom calls it a full-time job.
In a typical year, the foundation that supports OpenSSL receives just $2,000 in donations.
Why I want my Ethical Hackers to program these systems. “What works is not always what's best.”
Introducing AISight: The slightly scary CCTV network completely run by AI
Imagine a major city completely covered by a video surveillance system designed to monitor the every move of its citizens. Now imagine that the system is run by a fast-learning machine intelligence, that's designed to spot crimes before they even happen.
… Behavioral Recognition Systems, Inc. (BRS Labs) is a software development company based out of a nondescript office block in Houston Texas, with the motto: "New World. New security."
Headed by former Secret Service special agent John Frazzini, the company brings a crack team of security gurus to bear on its ambitious artificial intelligence projects.
Sometimes whacking a politician with the proverbial 2X4 will get their attention. (If not, you still got to whack them.) I can't find a link to the bill, yet.
Brazil Passes Trailblazing Internet Privacy Law
Brazil's Congress on Tuesday passed comprehensive legislation on Internet privacy in what some have likened to a web-user's bill of rights, after stunning revelations its own president was targeted by US cyber-snooping.
… Still, Brazilian authorities do not control what happens outside their country; the government-backed law stopped short of requiring companies such as Google and Facebook to store local users' data in Brazilian data centers.
I don't think we reached quite so dismal a conclusion in the last PrivacyFoundation.org seminar, but we did have some real concerns.
Erin McCann reports:
The new 2014 Verizon Data Breach Investigations Report [see yesterday's blog Bob] highlights a concerning carelessness regarding privacy and security, specific to the healthcare industry.
“They seem to be somewhat behind the curve as far as implementing the kinds of controls we see other industries already implemented,” said Suzanne Widup, senior analyst on the Verizon RISK team, in an interview with Healthcare IT News discussing report findings.
Read more on Healthcare IT News.
(Related) Perhaps the cost of “failure to encrypt” is going up? ($250,000 / 148 = $1,689.19)
QCA Health Plan, Inc., of Arkansas, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, agreeing to a $250,000 monetary settlement and to correct deficiencies in its HIPAA compliance program.
… On May 3, 2012, HHS notified QCA of its investigation, which found:
A. QCA did not implement policies and procedures to prevent, detect, contain, and correct security violations, including conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI it held, and implementing security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with 45 C.F.R. § 164.306 from the compliance date of the Security Rule to June 18, 2012.
B. QCA did not implement physical safeguards for all workstations that access ePHI to restrict access to authorized users on October 8, 2011.
C. QCA impermissibly disclosed the ePHI of 148 individuals on October 8, 2011.
If this breach comes as a surprise to you, it’s a surprise to me, too. Note that because this breach affected less than 500, it never appeared on HHS’s public breach tool, and this is the first I’m hearing about this incident.
… A copy of the Corrective Action Plan (CAP) can be found here (pdf).
(Related) ($1,725,220 / 870 = $1,983.01)
Concentra Health Services (Concentra) has agreed to pay OCR $1,725,220 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, and will adopt a corrective action plan to evidence their remediation of these findings.
The settlement stems from an incident on November 30, 2011 (previously reported here) in which a laptop with unencrypted PHI of 870 patients was stolen from Concentra’s physical therapy office in Springfield, Missouri.
… A copy of the corrective action plan (CAP) can be found here (pdf).
Ah man, now every patient will want to “accidentally” leave their phone on record! (Unless this is a violation of the doctor's privacy and he counter-sues.)
Ever wonder what your doctors are saying about you while you’re knocked out under anesthesia? One patient found out after he accidentally left his cellphone in record mode during a colonoscopy. Now he’s suing.
I can explain the raw data to my Statistics students, but how do I explain that – no matter how often the WSJ reports what appears to be insider trading, is ignored by the SEC.
Flurry of Allergan Trading Preceded Offer
Investors made outsize bets on Allergan Inc. stock in the 10 days during which activist hedge-fund manager William Ackman was privately accumulating a stake in the Botox maker, according to a Wall Street Journal analysis.
Mr. Ackman's Pershing Square Capital Management LP said Monday after the close of trading that it had bought a 9.7% stake in Allergan and had joined with Valeant Pharmaceuticals International Inc. to buy Allergan. Mr. Ackman and Valeant unveiled the offer, valued at roughly $46 billion, on Tuesday, and Allergan's stock surged 15%.
Even after stripping out Mr. Ackman's buying, the volume of stock trading in Allergan during the 10-day period before Monday's announcement was 86% higher than its average over the previous year, according to the Journal analysis, based on trading data provided by research firm S&P Capital IQ.
There is no indication investors were tipped off about Pershing's and Valeant's offer. And other traders could have bought based on the higher volume. But such a significant surge in trading suggests that information about the potential buyout bid could have leaked to other investors, analysts said.
Perhaps Facebook made a good purchase?
WhatsApp, the world's most popular instant messaging service, has reached a new milestone of 500 million monthly active users despite the Facebook backlash. The $19 billion deal with Facebook may not have been welcoming news for several users, raising concerns over data privacy, but WhatsApp seems unaffected as it continues to grow at a rapid pace. The cross-platform messaging service added 50 million users since February, when Facebook announced the acquisition.
Perspective. The question it raises in my mind is, why slow an effective therapy/cure?
Gilead’s Medicine Sovaldi Beats Estimates by $1 Billion (1)
Gilead Sciences Inc. overwhelmed sales estimates for its new blockbuster hepatitis C pill in what analysts called the biggest drug start ever, raising questions about insurers’ ability to slow the use of the costly therapy.
… Sovaldi sells for $84,000 for a 12-week course of treatment. That cost has attracted scrutiny from health insurers and lawmakers.
Perspective. Seems like another “we can make everyone equal right now!” gambit. Another view might be to make it easier for (even encourage) everyone to make capital investments. Of course, what do I know?
Piketty’s book on capitalism presents policy challenge
American progressives continue to celebrate Thomas Piketty’s new book on capitalism, which says that under present trends the inequality in society will grow inexorably with negative implications for growth and prosperity.
The French economist’s analysis of trends over three centuries in “Capital in the Twenty-First Century” leads him to predict that wealth in the U.S. and other developed countries will continue to grow more concentrated, increasing its share of new wealth, eventually producing a rentier society like that in Europe in the 19th century.
… But there is a hitch. Piketty’s solution, which he defended as the only effective solution in some recent appearances in Washington, is a progressive tax on wealth.
… Schmitt relates how Piketty, in book presentations at the Economic Policy Institute and the Urban Institute in Washington, described other efforts to reduce the return on capital or boost growth as all very worthy but ultimately only “complements” to the solution that gets at the core of the problem — namely, the global progressive wealth tax that he proposes. Watch a video of the EPI event.
Perspective. Colorado likes to legalize stuff. Perhaps we could even bring amateurs into the mix; similar to Uber or Airbnb.
There Is Now an App for Prostitution
The new app, Peppr, is similar to a dating site, but it’s for connecting prostitutes to clients.
In 2002, Germany legalized prostitution, and the industry there has expanded dramatically since then. Some estimates put the number of prostitutes in Germany at about 400,000, many of whom are foreign nationals from economically stressed parts of Europe like Bulgaria and Romania. According to the Telegraph, the country’s sex industry is worth $21 billion a year, and several 12-story megabrothels have opened.
… And now a startup based out of Berlin has launched an app called Peppr, which bills itself as the “first mobile Web app for booking erotic entertainment.” Prospective clients simply list their location, acknowledge they are at least 18 years old, select a gender of choice, and they’re presented with photos and profiles of potential men or women offering to have sex for a fee. Prostitutes set up their profiles for free and clients pay €5 to €10 for booking.
For my students who read.
FREE EBOOK An Unofficial Guide To Goodreads For Readers And Writers
Are you a self-published author who is looking to promote a book? This guide looks at how you can use Goodreads for book promotion and for getting information to your fans.
Are you a bibliophile with a need to discuss the books you’ve read and find new books? Then Goodreads is the site you’ve been looking for.
This guide will tell you all you need to know in order to get the very best book recommendations from Goodreads and to show off what you think about your favourite books.
Read online or download PDF, EPUB version free of charge; Kindle version $1
Tuesday, April 22, 2014
Perhaps a useful “Case Study” for educators?
Jamie Ross of Courthouse News reports that another lawsuit has been filed against Maricopa County Community College District (MCCCD) following a data breach it disclosed in November 2013 (search MCCCD for all previous coverage on this blog).
This latest lawsuit was reportedly filed by Jason Liebich, a current student at Phoenix College. It was filed in in Maricopa County Court by his lawyer, Robert Carey of Hagens Berman Sobol Shapiro in Phoenix.
According to the lawsuit, MCCCD is now “falsely advising class members that no data breach had occurred, including current students who were never informed (in writing or otherwise) that a data incursion had occurred.”
Liebich reportedly seeks class certification, compensatory damages, credit monitoring, credit restoration, and punitive damages for breach of contract and negligence.
So far, all of the lawsuits have been filed within the state. Given that some of those whose information was involved resided out-of-state at the time MCCCD acquired their personal information and/or now reside out-of-state, I’m waiting to see lawsuits filed in other jurisdictions with a possible move to consolidate in a federal court. But time will tell.
I continue to believe that this breach is not only an epic #FAIL on infosecurity, but also highlights why we need more data security enforcement and accountability in the education sector. When colleges amass tremendous amounts of personal information but fail to adequately secure it, who steps in and investigates? Not the U.S. Department of Education. Not the FTC, who has no authority over the education sector and non-profits, and likely not state attorneys general – particularly if the educational institution is a state agency. It shouldn’t require lawsuits by breach victims to hold educational entities accountable for data security.
For another example of a security fail involving an educational institution, see my post about the University of Virginia hack, here.
Here's a thought: Don't do you banking on your smartphone by texting while driving.
Attackers Use Facebook to Target Android Users
Known as iBanking, the mobile malware has the capability to steal SMS messages and redirect incoming phone calls. It can also capture audio using the device's microphone.
The attack doesn't begin with iBanking however; it begins with the infection of the user's computer by a banking Trojan called Win32/Qadars, which researchers at ESET were monitoring. According to ESET researcher Jean-Ian Boutin, the Trojan was spotted attempting to get victims to install iBanking.
More data for my statistics class.
Verizon Publishes Vastly Expanded 2014 Data Breach Investigations Report
… Verizon RISK team researchers found that 92 percent of security incidents from the past 10 years could be categorized in one of nine "threat patterns," or attack types, according to the Verizon 2014 Data Breach Investigations Report released Tuesday.
For my Ethical Hackers. Be the best you can be.
Book Review – The Limits of Social Engineering
by Sabrina I. Pacifici on April 21, 2014
Tapping into big data, researchers and planners are building mathematical models of personal and civic behavior. But the models may hide rather than reveal the deepest sources of social ills, by Nicholas Carr on April 16, 2014, MIT Technology Review.
“…Even if we assume that the privacy issues can be resolved, the idea of what Pentland [Alex “Sandy” Pentland, a data scientist who, as the director of MIT’s Human Dynamics Laboratory] calls a “data-driven society” remains problematic. Social physics is a variation on the theory of behavioralism that found favor in McLuhan’s day, and it suffers from the same limitations that doomed its predecessor. Defining social relations as a pattern of stimulus and response makes the math easier, but it ignores the deep, structural sources of social ills. Pentland may be right that our behavior is determined largely by social norms and the influences of our peers, but what he fails to see is that those norms and influences are themselves shaped by history, politics, and economics, not to mention power and prejudice. People don’t have complete freedom in choosing their peer groups. Their choices are constrained by where they live, where they come from, how much money they have, and what they look like. A statistical model of society that ignores issues of class, that takes patterns of influence as givens rather than as historical contingencies, will tend to perpetuate existing social structures and dynamics. It will encourage us to optimize the status quo rather than challenge it.”
- Social Physics: How Good Ideas Spread—The Lessons from a New Science. By Alex Pentland, Penguin Press, 2014
Perhaps all the flack they've been taking when parents heard what data they wanted to collect will cause them to rename and try again? How can we analyze “Big Data” if we can't gather Big Data?
Jo Napolitano reports:
The technology nonprofit inBloom, created to build a massive cloud-based student data system, announced Monday it will close — just weeks after New York ordered it to delete state student records.
In an open letter posted to the group’s website, inBloom chief executive Iwan Streichenberger said the Atlanta-based organization had become “a lightning rod for misdirected criticism.”
Read more on Newsday (subscription required)
Another example of businesses doing what government should have done, but government didn't even know how to spell Internet.
AT&T's expanded 1 Gbps fiber rollout could go head to head with Google
Perhaps an explanation of why government doesn't/can't compute. Perhaps good news for my techies.
The Flow of Technology Talent into Government and Civil Society – A Report
by Sabrina I. Pacifici on April 21, 2014
A Future of Failure? The Flow of Technology Talent into Government and Civil Society – A Report, Freedman Consulting, LLC. ”Among the key findings of this report:
- The Current Pipeline Is Insufficient: the vast majority of interviewees indicated that there is a severe paucity of individuals with technical skills in computer science, data science, and the Internet or other information technology expertise in civil society and government. In particular, many of those interviewed noted that existing talent levels fail to meet current needs to develop, leverage, or understand technology.
- Barriers to Recruitment and Retention Are Acute: many of those interviewed said that substantial barriers thwart the effective recruitment and retention of individuals with the requisite skills in government and civil society. Among the most common barriers mentioned were those of compensation, an inability to pursue groundbreaking work, and a culture that is averse to hiring and utilizing potentially disruptive innovators.
- A Major Gap Between the Public-Interest and For Profit Sectors Persists: as a related matter, interviewees discussed superior for-profit recruitment and retention models. Specifically the for-profit sector was perceived as providing both more attractive compensation (especially to young talent) and fostering a culture of innovation, openness, and creativity that was seen as more appealing to technologists and innovators.
- A Need to Examine Models from Other Fields: interviewees noted significant space to develop new models to improve the robustness of the talent pipeline; in part, many existing models were regarded as unsustainable or incomplete. Interviewees did, however, highlight approaches from other fields that could provide relevant lessons to help guide investments in improving this pipeline.
- Significant Opportunity for Connection and Training: despite consonance among those interviewed that the pipeline was incomplete, many individuals indicated the possibility for improved and more systematic efforts to expose young technologists to public interest issues and connect them to government and civil society careers through internships, fellowships, and other training and recruitment tools.
- Culture Change Necessary: the culture of government and civil society – and its effects on recruitment and other bureaucratic processes – was seen as a vital challenge that would need to be addressed to improve the pipeline. This view manifested through comments that government and civil society organizations needed to become more open to utilizing technology and adopting a mindset of experimentation and disruption.”
Proof positive! (Looks like a whale shark to me.)
Has the Loch Ness Monster been spotted on Apple Maps?
Some say the Loch Ness monster has resurfaced in Scotland, based on an Apple Maps image -- but is it a real sighting of the elusive creature or clever marketing?
Members of the Official Loch Ness Monster Fan Club claim they have studied an image seen on Apple’s global satellite map application that shows the allegedly 100-foot-long creature, CNet .com reports, citing London’s Daily Mail. They say if you zoom in on Apple images from space you can even see the monster’s giant flippers.
… “‘Last year was the first time in almost 90 years that Nessie wasn’t seen at all. After Nessie “going missing” for 18 months, it’s great to see her back,” he told the Mail.
Monday, April 21, 2014
Some people can hold a grudge until it dies of old age, then have it stuffed and displayed on their mantle.
Probably has more to do with current disputes that pre-war injuries.
China Court Impounds Japanese Ship in Unprecedented Seizure
A Shanghai court ordered the seizure of a Japanese ship owned by Mitsui OSK Lines Ltd. (9104) as compensation for the loss of two ships leased from a Chinese company before the two countries went to war in 1937.
The 226,434-ton Baosteel Emotion was impounded on April 19 at Majishan port in Zhejiang province as part of a legal dispute that began in 1964, the Shanghai Maritime Court and Mitsui OSK said in notices on their websites.
What indeed. Interesting article.
What happens to the internet after the U.S. hands off ICANN to others?
This weekend, hundreds of people from dozens of countries will gather in Singapore to discuss the future of the Internet Corporation for Assigned Names and Numbers (ICANN), a multinational organization that oversees the address book of the internet thanks to a contract issued by the U.S. government.
The contract expires in September 2015 and the U.S. Commerce Department announced last Friday that it would eventually transfer key internet “domain name functions to a global multi-stakeholder community.” Some Americans worry this will cede “control” of the internet to nations that will impose regulations that change the basic open character of the internet and make it less hospitable to American interests.
Without vast research we get half-vast legislation.
It's Final -- Corn Ethanol Is Of No Use
… The United Nations Intergovernmental Panel on Climate Change released two of its Working Group reports at the end of last month (WGI and WGIII), and their short discussion of biofuels has ignited a fierce debate as to whether they’re of any environmental benefit at all.
The IPCC was quite diplomatic in its discussion, saying “Biofuels have direct, fuel‐cycle GHG emissions that are typically 30–90% lower than those for gasoline or diesel fuels. However, since for some biofuels indirect emissions—including from land use change—can lead to greater total emissions than when using petroleum products, policy support needs to be considered on a case by case basis” (IPCC 2014 Chapter 8).
The summary in the new report also states, “Increasing bioenergy crop cultivation poses risks to ecosystems and biodiversity” (WGIII).
Perspective. Can there be such a thing as “Too good an idea?” (If you take a small loss on each transaction, you can not make up for it with greater volume.)
Square’s deal with Starbucks is costing the payments startup millions
Square lost at least $20 million as a result of its partnership with Starbucks in 2013, according to a report in the WSJ, which doesn’t paint a very rosy picture for the mobile payments company.
Two years ago, the coffee king invested $25 million in the white-hot start-up, and as part of the deal, Square was also able to handle all of its credit card transactions.
All-in-all, the deal seemed pretty good for Square, which was also getting free publicity for its application. But it doesn’t seem so simple now. In addition to the losses, the WSJ also reported that Square’s fee on each Starbucks transaction amounted to 2 percent last year, which falls below the 2.75 percent it charges many others.
In all, sources told the WSJ that Square recorded a loss of roughly $100 million in 2013, and that over the past three years, the startup has burned up more than half of the roughly $340 million it has raised in venture capital.
The report is the second in recent weeks that suggests the company is running out of time.
Square has reportedly put its IPO plans on hold and is considering a sale. The WSJ says Square has been in preliminary talks with Apple, Google and PayPal, according to multiple sources.
This is also why you can't easily buy wine/beer/liquor over the Internet. Perhaps we should look at all the laws that assume some institution is indispensable, and repeal them.
… I read James Surowiecki’s recent column about the regulatory barriers that geek chic car company Tesla is facing as it tries to set up its own showrooms in New Jersey and many other states, and I became a lot less confident that we in the U.S. are doing a great job of letting innovation flourish without counterproductive meddling and stonewalling.
Surowiecki quotes Yale economist Fiona Scott Morton as saying that “There isn’t a rational argument for why a new company should have to use [existing] dealers. It’s just dealers trying to protect their profits.” So why is it the case in 48 states today that “direct sales by car manufacturers are restricted or legally prohibited, and manufacturers are often prevented from opening a dealership that would compete with existing ones?” Because that’s how today’s auto dealers want it, and they’re organized and affluent enough to sway the lawmaking process. Opensecrets.org, for example, lists the National Auto Dealers Association as #19 in its list of ‘Top All-Time Donors’ to candidates, parties, and leadership PACs.
… They’ll work hard to, as my friend Tim O’Reilly puts it, protect the past from the future.
For my student App developers. People like to chat for free.
NTT launches browser-to-browser chatroom with avatars
… WebRTC Chat on SkyWay makes use of WebRTC (Web Real-Time Communications), a peer-to-peer communications platform using HTML5 that allows video and audio conferencing if you have an up-to-date version of Chrome, Firefox or Opera.
NTT's SkyWay chatroom works with the Chrome and Opera browsers. Users have to point their browser to the SkyWay site, create a chatroom and invite friends. No registration or downloads are needed.
… NTT Communications, which calls SkyWay the first service of its kind in Japan, said the browser-to-browser service offers an encrypted, private communications channel where only the start and end points of a conversation are stored on a server. The company is offering the website as a one-year free trial.
… Backed by major players such as Google and Mozilla as well as startups, WebRTC is being touted as a game-changer for Web-based communications and a threat to apps such as Skype.
This might also work for my poetry writing students!
Need Help Songwriting? Try These 4 Tools For Inspiration
… If you’re feeling stuck and need a bit of help, these tools and apps may help you get your muse back.
For the student tech folder.
– is a new, revolutionary keyboard, powered by patent pending technology that makes typing on any device fast, accurate and so easy you can type without even looking. Download and install Fleksy once and it will automatically be available on all other Fleksy enabled apps. Long tap or double tap on the screen from any Fleksy enabled app to switch between keyboards.