Saturday, May 24, 2014

A good summary of several breaches and the lack of investor response. Profits, not privacy.
Eric Chemi reports:
On May 21, Ebay revealed that it had suffered a cyber attack and data security breach, and users’ information—names, account passwords, e-mail addresses, physical addresses, phone numbers, and birth dates—was exposed to hackers. While security experts, the news media, and actual EBay users may have all been alarmed, the stock investors weren’t. EBay’s stock finished trading virtually unchanged that day, dropping all of 8 pennies to $51.88.
That’s been the trend among companies that have suffered cyber attacks—the stock market practically ignores them.
Read more on Bloomberg Businessweek.

Google fiber is already much, much faster than Comcast's cable, so this isn't a problem – except I can't get Google fiber.
Google Gives Netflix Free Access to Fiber Fast Lane, Calls It a "Win-Win" Situation
Google Fiber's approach is the exact opposite of Comcast's Net neutrality is one of the biggest topics on the web right now, and lest anyone thing it's being overstated, see the spat between Netflix and Comcast. In short, Netflix inked a multi-year agreement with Comcast to ensure that its traffic is pumped into homes at the fastest speed possible to avoid buffering, low quality video, dropouts, and other undesirable effects of slowed connections. Not long after, Netflix announced it was increasing its subscription by $1 for new subscribers. In other words, it's the customers that ultimately foot the bill when big companies fight, which is why it's refreshing to see Google take a different approach.
… Having Google as your ally is a pretty big deal, but will it be enough to sway other ISPs to follow suit? Don't hold your breath.

For my Forensic and Ethical Hacking students.
How To Find What Program Is Using Your Webcam
You’re sitting in front of your computer, minding your own business, when you suddenly notice the webcam light is on. Something is looking at you — maybe even recording or broadcasting online. But what? You don’t have Skype running, and you close the browser just to make sure. The light won’t go off! What’s using that webcam?
Here’s how to tell.
[You can get the Sysinternals Suite here:

Something to bore my Statistics students with... Just because it talks about Z-scores
The Top 10 (And Counting) Education Systems In The World
… If you want to toy around with the statistics and see what factors are influencing each country in each area, you can take a few minutes to play around with the interactive graphic of cognitive skills and educational attainment.

Just for me.
… Stuart Magruder, an LA architect who’s been an outspoken opponent of LAUSD’s plans to use school construction bonds to pay for its iPad initiative, found his reappointment to the LAUSD school board blocked by other board members.
Paris Gray, vice president of her about-to-graduate class, was suspended because of her quote in the school yearbook: “When the going gets tough, just remember to Barium, Carbon, Potassium, Thorium, Astatine, Arsenic, Sulfur, Uranium, Phosphorus.” It took the school a while to decode her message, but when they did, they were angry that she was smart and because she was female and black, they felt compelled to punish her, I guess.
… The fallout continues from last week’s firing of a University of Saskatchewan tenured professor. This week, the provost resigned. The VP of Academic Design resigned. And then the board of governors fired the university president.
… Edukwest suggests that Google’s recent acquisition of Divide will “boost BYOD in schools.”

Friday, May 23, 2014

Attention hackers! Pretend to be eBay and the phishing is great!
By E-Mailing Hacking Victims, EBay Opens Users Up to More Risk of Attack
After hackers stole e-mail addresses and other user data from EBay's network, the company announced today that it would e-mail users to suggest they change their passwords. That doesn't make a whole lot of sense.
The problem with this approach is that the hours immediately following a breach are prime time for hackers. Cyber-criminals are consummate opportunists. They scrutinize the news looking for ways to craft fraudulent and timely messages to trick people into clicking on them. The millions of EBay users who may have caught wind of the breach after seeing a headline today are more likely to fall for an e-mail scam prompting them to click a link and input their log-in information. A similar technique was used by Chinese military officers to hack into U.S. companies, showing that in cyber-security, people are their own worst enemies.
Instead of e-mailing the auction site's more than 145 million active buyers worldwide, EBay could have immediately done something that Adobe Systems, LinkedIn and Evernote all did after their recent high-profile hacks: change users' passwords. Automatically resetting accounts is becoming a "common courtesy" after many breaches, says Lysa Myers, a researcher with Slovakian security firm ESET.

Ignorance is not bliss. Should I buy an emergency generator because my electric utility was hacked? Or should I stock up on firewood because I could lose gas service? Will my sewer back up? And don't give me that, “There are some things man was not meant to know!”
An American Utility's Control System Was Hacked
The control system for a U.S. public utility was compromised. The Department of Homeland Security did not specify which utility was affected in the agency's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) report.
… Details of these cyber attacks are rarely revealed to the public, and even more rarely do they provide details into the matter. What we do know: this particular attack was on a utility that was previously hacked and the hackers used the employee access portal to get in.

Most 2013 Data Breaches Affected E-Commerce and POS Systems: Trustwave
The new study is based on data gathered from 691 breach investigations and focuses on security threats, cybercrime and data breaches. Payment card data continues to be the top type of data that's compromised in breaches. However, the percentage of data thefts involving confidential, non-payment card data has reached 45 percent in 2013. This represents a 33 percent increase compared to the previous year.
Around 54 percent of the attacks that took place in 2013 targeted e-commerce systems. Point-of-sale (POS) attacks are next with 33 percent. In fact, experts believe that these two types of breaches will dominate the landscape in the upcoming years.
You can download the full 2014 Trustwave Global Security Report from Trustwave’s website.

Please send your “Money-like things” to Bob, care of this Blog.
The Future of Money-Like Things
While we rarely think of it in this way, the payment system we use every day is among the most widespread and functional examples of an Internet of Things. It is an array of objects embedded with chips, magnetic stripes, scanners, and touchpads. These things are coordinated through networking protocols used to move information and, ultimately, monetary value.
In payment systems, as flights of imagination get grounded in real infrastructures, interoperability has gone hand in hand with technological inertia. Payment systems have to work, and they have to work everywhere. When you swipe your credit card, it works. No matter where you are in the U.S., if you have money or credit in physical or electronic form, you can pay for stuff.

Who wants your data? Just about everyone! ...and it's easy to see why.
Your Banker Wants To Know If You Are Pregnant
Your banker wants to know if your wife has thrown you out of the house. Or if one of your parents has died. Or if you are expecting a child.
Because banks typically make more money when they know clients better, they are stepping up efforts to learn more personal information. For example, in recent weeks HSBC has been writing its Premier clients and encouraging them to share details about themselves.
… According to Wells Fargo presentations earlier this week, “building relationships around individuals” leads to 65% higher revenue. Active customers there are 2.2 times more profitable than less active ones, the bank estimates.

McKinsey – The seven habits of highly effective digital enterprises
by Sabrina I. Pacifici on May 22, 2014
May 2014 | by’Tunde Olanrewaju, Kate Smaje, and Paul Willmott
“The age of experimentation with digital is over. In an often bleak landscape of slow economic recovery, digital continues to show healthy growth. E-commerce is growing at double-digit rates in the United States and most European countries, and it is booming across Asia. To take advantage of this momentum, companies need to move beyond experiments with digital and transform themselves into digital businesses. Yet many companies are stumbling as they try to turn their digital agendas into new business and operating models. The reason, we believe, is that digital transformation is uniquely challenging, touching every function and business unit while also demanding the rapid development of new skills and investments that are very different from business as usual. To succeed, management teams need to move beyond vague statements of intent and focus on “hard wiring” digital into their organization’s structures, processes, systems, and incentives. There is no blueprint for success, but there are plenty of examples that offer insights into the approaches and actions of a successful digital transformation. By studying dozens of these successes—looking beyond the usual suspects—we discovered that highly effective digital enterprises share these seven habits…”

“'Tis a puzzlement” The King of Siam Facebook Users
Is Facebook taking privacy more seriously?
Facebook is worried that you will start sharing less - or maybe even move to more anonymous services - unless it helps you better manage your private information. On Thursday, the company announced that it would give a privacy checkup to every one of its 1.28 billion users worldwide.
Facebook, which is based in Menlo Park, California, will also change how it treats new users by initially setting their posts to be seen only by friends. Previously, those posts were accessible to anyone.
And it will explain to both current and new users that setting their privacy to "public" means that anyone can see their photos and posts.
The change in default settings and the person-by-person review is a sharp reversal for Facebook, whose privacy settings are famously complicated. Some users may be shocked when they see just how widely their personal information has been shared.

Microsoft challenged, that's good. But only once and only because it made no difference?
Microsoft Challenged Secret FBI Request for Data About Business Customer
Microsoft Corp. last year challenged a secret request for data about a business customer from the Federal Bureau of Investigation. The government backed down—but only after it got the information it sought without the software giant’s help, according to documents unsealed Thursday.
… Little is known about the facts behind the request Microsoft challenged. On a still-secret date last year, the FBI asked Microsoft for user information on a single employee at a large business customer, according to court records. The customer, whose name was redacted, used Microsoft’s Office 365 service, which stores customer data in Microsoft data centers—not servers controlled by the customer.
… After Microsoft objected, the FBI obtained the data it wanted by approaching Microsoft’s customer directly, according to court documents.

See? It can be done. But why would a monopoly want to?
Cox to offer residential gigabit speeds
Cox Communications – the third-ranked US cable MSO – has revealed plans to roll out gigabit Internet speeds across its markets nationwide. The company will start with new residential construction projects and new and existing neighbourhoods in Phoenix, Las Vegas and Omaha. In all Cox locations, the company will begin market-wide deployment of gigabit speeds by the end of 2016.

Thursday, May 22, 2014

Some confusion too. There was a message on the PayPal Blog that they took down after a short time. Guess they should have left it up.
eBay tells all users to reset passwords after security breach
Time for another password change, folks – at least, if you’re an eBay user.
The e-commerce giant on Wednesday strongly recommended all users to reset their password for the site after it was discovered hackers had compromised a database containing encrypted passwords and other non-financial data.
The company reassured users that following “extensive” tests, there was no evidence so far of any unauthorized activity on the site, and no evidence of any unauthorized access to financial or credit card information, which it said it holds separately in encrypted formats.
The compromised database, which included eBay customers’ names, encrypted passwords, email addresses, mail addresses, phone numbers, and dates of birth, was hacked between late February and early March, eBay said, adding that it was only recently discovered.

Far cheaper than nukes.
Iran's Cyber Attack Capabilities Growing Quickly: Experts
When it comes to cyber-espionage and nation-state attacks, the accusing finger generally points at China. Last week's report from FireEye indicates that China is not alone, as Iranian cybersecurity capabilities continue to grow, posing a greater threat to U.S. interests.
Iranian cyber-attackers are increasingly moving away from politically motivated attacks such as Website defacement to cyber-espionage, targeting the U.S. defense industry sector, FireEye researchers outlined in the "Operation Saffron Rose" report. What was lost—or glossed over—in the rush to discuss the actual tactics used by these attack groups was the fact that this shift in sophistication has striking similarities with how Chinese attack groups evolved over the past few years.

So this is why their CEO was fired – not the breach, the lost profits.
Associated Press reports:
Target cut its annual profit outlook Wednesday and said its first-quarter earnings fell 16 percent as it took another hit from a massive customer data breach and a troubled expansion in Canada.
The third-largest U.S. retailer, based in Minneapolis, also issued a second-quarter projection that was below analysts’ expectations.

The logical extension of an Internet of Things, and Internet of Advertising.
Yikes! Google seems to think ads everywhere is the future...even on thermostats, fridges, glasses and watches
If the companies behind the massive Internet of Things initiative get their way, in the next 10 years everything you own will be connected to the Internet. With that being the case, Google thinks all that connected real estate represents a prime opportunity for advertising.
In a etter to the Securities and Exchange Commission, Google clearly sees that this ever-evolving connected world can be filled ... with ads.
… "In a short period of time, the meaning of 'mobile' at Google has shifted dramatically to 'handset' from 'tablet + handset'," the letter states. "We expect the definition of 'mobile' to continue to evolve as more and more 'smart' devices gain traction in the market. For example, a few years from now, we and other companies could be serving ads and other content on refrigerators, car dashboards, thermostats, glasses, and watches, to name just a few possibilities."

(Related) Our dogs already have an ID chip injected under their skin. No doubt when this product shrinks to injectable size, we'll do that too. After all, dogs can slip out of their collars.
Now, GPS device that will keep track of your pooch
… Whistle, the San Francisco startup that's become known in recent months for its somewhat handy "FitBit for dogs" gadget, announced that it's adding some key new features to the newest generation of its on-collar device to make it so that you never lose track of your pooch, Tech Crunch reported.
The new product, dubbed WhistleGPS, uses both GPS and sub-GHz cellular technology to add on-demand location monitoring to Whistle's flagship activity tracking gadget that syncs with iOS or Android devices.

Consumer Reports: 85% of Shoppers Oppose Internet Ad Tracking
by Sabrina I. Pacifici on May 21, 2014
EPIC: “According to a recent study by Consumer Reports, consumers overwhelmingly object to having their online activities tracked for advertising purposes. The report found that 85% of consumers would not trade even anonymized personal data for targeted ads. Additionally, 76% of consumers said that targeted advertising adds “little or no value” to their shopping activities. For more information, see EPIC: Public Opinion on Privacy, EPIC: Privacy and Consumer Profiling, EPIC: Online Tracking and Behavioral Profiling, EPIC: Practical Privacy Tools.”

Another piece of your profile?
Facebook wants to 'listen' to your music and TV
If the song or show is recognised by the app, users can publish the information on their profile or to selected friends.
The service hopes to take advantage of the "second screen" trend, which sees fans of TV shows in particular sharing their experiences on social networks.
… The feature, which will be available in a few weeks' time, uses the microphones inside users' smartphones to detect nearby music or TV shows.
… Facebook says the feature can be turned off at any time, the audio recording is not stored anywhere and the device cannot identify background noise or conversations.

Perspective. “Just because FedEx and UPS and all those other services can do it doesn't mean an organization that's run like a government agency can do it.”
US House committee approves bill to curb doorstep mail delivery
The move, which would echo the strategy already being implemented across the border in Canada, could save the US Postal Service about $2bn in operating costs each year according to the Republicans who control the House.
It would require those homes receiving mail at the doorstep to have items delivered either to a roadside mailbox or a community mailbox.

Perspective. Even spaghetti sauce is a billion dollar business.
Unilever to Sell RagĂș Brand to Japan’s Mizkan
Unilever will sell its North American pasta-sauces business under the RagĂș and Bertolli brands to Japan's Mizkan Group for $2.15 billion.

For my “starving students”
– Get cash back when you buy your favourite brands. Install the app for either iOS or Android to see how much you can save on groceries this week. First, browse the offers that are updated every Thursday, buy the products from any store, then take a photo of your receipt to redeem your deal. Once your account reaches $20 in savings, they will mail you a cheque.

For my student vets
The 2014 Season of Blue Star Museums kicks off!
NEA Acting Chairman Joan Shigekawa and Blue Star Families CEO Kathy Roth-Douquet announced the fifth annual launch of Blue Star Museums, a collaboration among the National Endowment for the Arts, Blue Star Families, the Department of Defense, and more than 2,000 museums across America to offer free admission to the nation’s service members, including National Guard and Reserve, and their families from Memorial Day through Labor Day 2014. Leadership support has been provided by MetLife Foundation through Blue Star Families. The program provides families an opportunity to enjoy the nation's cultural heritage or learn more about their new communities after completing a military move. The complete list of participating museums is available at

Wednesday, May 21, 2014

The kind of article I'm hoping our student “Computer Security Club” will start producing.
How Easy Is It For Someone To Hack Your Webcam?
Without wishing to scare you, the short answer is: it’s very easy for anyone to view your webcam. The long answer is: some networked webcams require nothing more than a secret URL, while most USB or built-in laptop webcams would need the computer to be compromised first.
Here are three ways of viewing a webcam without your knowledge.

Nothing new here – unfortunately.
Trend Micro Analyzes Targeted Attack Trends
In a new report, researchers at Trend Micro found the majority of exploits involved in these incidents during the second half of 2013 focused on vulnerabilities that had patches available, including some that were patched as early as 2009.
Nearly 60 percent of the time the malware used in targeted attacks are Trojans or spyware. Next in line were backdoors (22 percent) used to establish command and control communications.
"Spear phishing is still the most seen entry point for targeted attacks," Irinco continued. "These email messages use relevant-sounding subjects that trick users into opening it and the file attachments therein that serve as malware carriers. In our 2014 prediction, we noted that mobile devices will also be leveraged by threat actors to gain entry to networks."
The full report can be read here.

The ethics of intelligence services. Long debated, long resolved. The answer is “it depends.”
Should U.S. Hackers Fix Cybersecurity Holes or Exploit Them?
There’s a debate going on about whether the U.S. government—specifically, the NSA and United States Cyber Command—should stockpile Internet vulnerabilities or disclose and fix them. It's a complicated problem, and one that starkly illustrates the difficulty of separating attack and defense in cyberspace.
… If vulnerabilities are plentiful—and this seems to be true—the ones the U.S. finds and the ones the Chinese find will largely be different. This means that patching the vulnerabilities we find won’t make it appreciably harder for criminals to find the next one. We don’t really improve general software security by disclosing and patching unknown vulnerabilities, because the percentage we find and fix is small compared to the total number that are out there.

Sic 'em, Steve! (An open letter!)
Steve Wozniak to the FCC: Keep the Internet Free

Perhaps the Privacy Foundation could work with local entrepreneurs to suggest a few areas for development? (They also moved their HQ to Switzerland)
Proving there’s money in privacy these days, secure communications firm Silent Circle has announced a $30 million funding round from investors including Ross Perot Jr. and Cain Capital. What’s more, Perot and Sir Peter Bonfield, once upon a time the head of British Telecom, have joined Silent Circle’s advisory board.
Silent Circle is most notable for the Blackphone, a privacy-centric handset, produced alongside manufacturer Geeksphone, that uses an Android fork called PrivatOS and comes loaded with all sorts of security tools including Silent Circle’s encrypted voice and text communications tools. The much-anticipated device will start shipping in June, probably mostly to enterprise and government customers.
The firm is also working with shuttered secure email service Lavabit on “Email 3.0″, which will supposedly be both secure and easy to use, and leak less metadata than today’s encrypted email protocols.

(Related) Because it occurs to me that we had discussed each of these points at one Privacy Foundation seminar or another...
Harrison Weber reports:
The National Security Agency and the FBI teamed up in October 2010 to develop techniques for turning Facebook into a surveillance tool.
Documents released alongside security journalist Glenn Greenwald’s new book, “No Place To Hide,” reveal the NSA and FBI partnership, in which the two agencies developed techniques for exploiting Facebook chats, capturing private photos, collecting IP addresses, and gathering private profile data.
According to the slides below, the agencies’ goal for such collection was to capture “a very rich source of information on targets,” including “personal details, ‘pattern of life,’ connections to associates, [and] media.”
Read more on VentureBeat.

Trust me, this is worth looking at even if just for the Internet of Things section.
Gartner's Hype Cycle report for smart-city technologies
City planners will have access to an amazing collection of technologies to build their smart cities of the future. But what technologies are coming, and when, and how will they be used? Gartner separates hype from reality with its largest Hype Cycle report.
Read Gartner's report The report is free and ungated. No sign-up required

Brief article suggesting that there are companies who can move with the times/technology. (Looks like that's good for the CEO too)
Burberry Struts Ahead With Tech Transformation Begun By Apple's Angela Ahrendts
Burberry – the high-end fashion brand and retail chain – has posted record results, aided by an advanced digital transformation. That effort was begun eight years ago by former CEO Angela Ahrendts, now the retail boss at Apple.

No doubt this will result in a bunch of “Google doesn't pay taxes!” stories. I see it as yet another indication that the tax system isn't allowing US firms to be as flexible as firms in other countries.
Google plans international acquisitions worth up to $30B, it tells SEC
Google plans to spend US$20 billion to $30 billion of its of its accumulated international profits to fund potential acquisitions of non-U.S. companies and technology rights.
The company disclosed its plans to the U.S. Securities and Exchange Commission (SEC) last year, in a document that was published Tuesday. The SEC had asked Google to describe its plans for reinvesting its undistributed earnings in greater detail.
In 2012, Google generated about half its revenue in non-U.S. markets.

Can't wait to hear what my wife says about this App. Looks like it is targeted to mixed breed owners – after all, one collie looks pretty much like another.
PetMatch uses machine vision technology to help you replace your beloved pet
Unlike Superfish’s Windowshopper app, PetMatch offers a more benign and benevolent alternative for your wallet. Just upload an image of your pet, or even someone else’s pet and let the app match you up with a nearby puppy or kitten. The app acts as an intelligent learning machine, so theoretically, it might improve your chances over time.

I get a bit cranky when I run into companies that insist on a fax rather than an email attached document. Tools/services like this keep me from running around looking for someone with antique machines. (Remember, the fax predates the phone by at least 25 years.)
No Fax Machine? No Problem — Easily Sign And Send Faxes From Your Computer
Faxing is an out-dated mode of communication, but it still lingers around at some places for one reason or another. Until we can finally kill off this antiquated machine of the past, you might need to send a fax every once in a while but find yourself without a fax machine — try HelloFax.
We have covered HelloFax briefly in the past, and even took a look at 5 other online fax services, but things have changed in the years since then, and it’s time to take an in-depth look at the best free online faxing service there is.

Tuesday, May 20, 2014

Now I get it. Many top Chinese officers own large firms that supply the military and the government. Perhaps the government strategy does not include “trade secrets” but I bet the general's strategy does.
US metal firms said targets of Chinese spying
Chinese hackers allegedly have stolen sensitive economic data from U.S. metal companies, including U.S. Steel Corp. and Alcoa Inc.
Victims of the alleged hacking include U.S. Steel, Alcoa, Allegheny Technologies Inc. (ATI), Westinghouse Electric Corp. and the United Steelworkers union, all based in Pittsburgh, the Justice Department said in a release May 19. Also among the alleged victims was Bonn, Germany-based solar energy company SolarWorld AG.

Retaliation or just anti-Microsoft bias?
China bans government use of Windows 8
… The central government procurement centre issued the ban on installing Windows 8 as part of a notice on the use of energy-saving products, posted on its website last week.
The official Xinhua news agency said the ban was to ensure computer security after Microsoft ended support for its Windows XP operating system, which was widely used in China.
Neither the government nor Xinhua elaborated on how the ban supported the use of energy-saving products, or how it ensured security.
… “China’s decision to ban Windows 8 from public procurement hampers Microsoft’s push of the OS to replace XP, which makes up 50% of China’s desktop market,” said data firm Canalys.

Good luck with that, Sheriff. (You can bet the NSA is watching)
The Erie County, New York Sheriff Timothy B. Howard doesn’t think residents need legislative oversight of his use of surveillance technology.
Erie County Sheriff Timothy B. Howard told legislators Thursday that it is solely up to the courts – not them – to determine how he may use cellphone surveillance equipment to track persons of interest.
Howard told the Legislature’s Public Safety Committee that the Stingray surveillance device the office has owned since 2008 is used only for tracking a person’s movements, not for snooping into the content of phone communications.
But beyond that, he was polite but defiant in refusing to answer questions about the equipment, telling legislators, in essence, that it’s not their business.
“With no disrespect to this honorable body … the specific use of the device should be left to the monitoring of the courts and not to the Legislature or to the media,” he said.
Dressed in an olive green suit instead of his usual sheriff’s uniform, Howard said, “Anything we do with the device is subject to review by the federal or state courts, including by our own County Court, and that’s where it should be reviewed.”
Read more on The Buffalo News.

One more “Thing” that lives on the Internet of Things.
Andrea Peterson reports:
Fitness tracking apps and devices have gone from an early adopter novelty to a staple of many users’ exercise routines during the past few years — helping users set goals and measure progress over time. Some employers even offer incentives, including insurance discounts, when workers sign up.
“There’s been a tremendous amount of evolution in the app space, both generally and in the fitness app,” since she joined the Federal Trade Commission six years ago, Senior Staff Attorney Cora Han acknowledges. “It’s a completely different landscape.”
But as several major tech companies appear poised to disrupt that landscape, privacy advocates warn that consumers aren’t always aware of how sensitive the data the apps collect can be or what privacy protections exist. And changes in the privacy policy of Moves, a fitness tracking app recently acquired by Facebook, have only amplified those fears.
Read more on Washington Post.

(Related) Lots of concern(?) with the Internet of Things.
32 years ago, experts foresaw much of today’s digital world
by Sabrina I. Pacifici on May 19, 2014
In a new Pew Research Center report by Drew DeSilver, nearly 1,600 technology experts give their thoughts about how the “Internet of Things” — wearable computers, processor-embedded products and other digital advances — will alter society over the next decade. Many (though not all) of the experts foresee, in the words of the report, “a global, immersive, ambient networked computing environment” that will change the way we do everything from stocking our fridges to finding our soulmates. Even though videotex and teletext never took off the way the report’s authors thought they would (slow speeds and lack of common standards being the biggest obstacles), many of their projections will sound familiar: Blurring of lines separating work and home; Fragmenting of traditional media; Privacy concerns; Data-based professions; Electronic banking; On-demand media; New kinds of relationships…”

Sure to bring another kerfuffle. Interesting that they have “legal” access but the government doesn't know about it.
Report – NSA Is Recording Every Cell Phone Call in the Bahamas
by Sabrina I. Pacifici on May 19, 2014
By Ryan Devereaux, Glenn Greenwald and Laura Poitras: The National Security Agency is secretly intercepting, recording, and archiving the audio of virtually every cell phone conversation on the island nation of the Bahamas. According to documents provided by NSA whistleblower Edward Snowden, the surveillance is part of a top-secret system – code-named SOMALGET – that was implemented without the knowledge or consent of the Bahamian government. Instead, the agency appears to have used access legally obtained in cooperation with the U.S. Drug Enforcement Administration to open a backdoor to the country’s cellular telephone network, enabling it to covertly record and store the “full-take audio” of every mobile call made to, from and within the Bahamas – and to replay those calls for up to a month. SOMALGET is part of a broader NSA program called MYSTIC, which The Intercept has learned is being used to secretly monitor the telecommunications systems of the Bahamas and several other countries, including Mexico, the Philippines, and Kenya. But while MYSTIC scrapes mobile networks for so-called “metadata” – information that reveals the time, source, and destination of calls – SOMALGET is a cutting-edge tool that enables the NSA to vacuum up and store the actual content of every conversation in an entire country.”

Hah! A mere $15.9 million? That'll teach him!
Ousted Target CEO: $15.9 million severance
Target cut about $8 million from former CEO Gregg Steinhafel's 2013 pay package after ousting him from the job. But he is still making $13 million for his work last year and walking away with a severance package totaling $15.9 million.

You should listen to these guys.
McKinsey – Strategic principles for competing in the digital age
by Sabrina I. Pacifici on May 19, 2014
Digitization is rewriting the rules of competition, with incumbent companies most at risk of being left behind. Here are six critical decisions CEOs must make to address the strategic challenge posed by the digital revolution. May 2014| byMartin Hirt and Paul Willmott,
“Staggering amounts of information are accessible as never before—from proprietary big data to new public sources of open data. Analytical and processing capabilities have made similar leaps with algorithms scattering intelligence across digital networks, themselves often lodged in the cloud. Smart mobile devices make that information and computing power accessible to users around the world. As these technologies gain momentum, they are profoundly changing the strategic context: altering the structure of competition, the conduct of business, and, ultimately, performance across industries. One banking CEO, for instance, says the industry is in the midst of a transition that occurs once every 100 years. To stay ahead of the unfolding trends and disruptions, leaders across industries will need to challenge their assumptions and pressure-test their strategies.”

For my Computer Security students.
Invincea Releases Free Malware Discovery and Analysis Tool
Invincea, a provider of endpoint security solutions that leverage secure virtual containers to protect against advanced malware and other threats, has released a free malware discovery and analysis tool for the forensics analysts and incident responders.
Dubbed Invincea Research Edition, the solution includes licenses of Invincea FreeSpace -which creates a secure virtual container around web browsers and their plug-ins -- PDFs and documents such as Microsoft Excel, Word and PowerPoint and features advanced behavioral-based detection proven to spot known, unknown and zero-day malware.

For the Digital Design students.
Metropolitan Museum Initiative Provides Free Access to 400,000 Digital Images
by Sabrina I. Pacifici on May 19, 2014
“Thomas P. Campbell, Director and CEO of The Metropolitan Museum of Art, announced today that more than 400,000 high-resolution digital images of public domain works in the Museum’s world-renowned collection may be downloaded directly from the Museum’s website for non-commercial use—including in scholarly publications in any media—without permission from the Museum and without a fee. The number of available images will increase as new digital files are added on a regular basis. In making the announcement, Mr. Campbell said: “Through this new, open-access policy, we join a growing number of museums that provide free access to images of art in the public domain. I am delighted that digital technology can open the doors to this trove of images from our encyclopedic collection.” The Metropolitan Museum’s initiative—called Open Access for Scholarly Content (OASC)—provides access to images of art in its collection that the Museum believes to be in the public domain and free of other known restrictions; these images are now available for scholarly use in any media. Works that are covered by the new policy are identified on the Museum’s website with the acronym OASC. (Certain works are not available through the initiative for one or more of the following reasons: the work is still under copyright, or the copyright status is unclear; privacy or publicity issues; the work is owned by a person or an institution other than the Metropolitan Museum; restrictions by the artist, donor, or lender; or lack of a digital image of suitable quality.)”

Smarthistory: Learn About World Famous Art & Paintings Through Khan Academy Videos [Stuff to Watch]
Most of us are able to recognise a world famous painting or sculpture when we see it, but we’re not so good at recalling the story, history or much about the artist behind the piece. Smarthistory from the Khan Academy fills in the blanks for you, with more than 100 educational short videos prepared for the Google Art Project.
With more than 100 videos produced, there’s plenty of free education on here to vastly expand your knowledge of the art world. And thanks to the Google Art Project, you can study all of the featured works in detail at your own leisure too – just click the headings below.

Could be amusing to have my students create these.
was created to provide educators with a quick way to create gameshow-style boards for test reviews in the classroom. Traditionally, these are created (tediously) using posterboard, chalkboards, or dry-erase markers on an overhead slide. The review questions are usually even written on a separate sheet of paper. With FlipQuiz, questions are displayed on-screen and boards are saved for later use.

Monday, May 19, 2014

You don't suppose they'd trade the Crimea for California, do you? Nah, no one is that dumb.
Russia increases military flights in Pacific, U.S. general says
Russia has stepped up military activity in the Pacific, including sending long-range bombers on flights off the coast of California and around the island of Guam, as tensions have risen in Ukraine, a top U.S. Air Force general said Monday.
"What Russia is doing in Ukraine and Crimea has a direct effect on what's happening in the Asia Pacific," Gen. Herbert "Hawk" Carlisle said in a presentation to the Center for Strategic and International Studies in Washington.
… Flights around Japan and the Korean peninsula have also "increased drastically," as well as naval activity in that area, Carlisle said.
The Russian planes have stayed in international airspace, and such flights are not unusual, but the increase has U.S. commanders keeping a wary eye.
… The Russian bomber flights are not unique to the Asia Pacific region. In late April, fighter jets from the Netherlands intercepted two Tu-95s that had flown a half-mile into Dutch airspace. The Dutch F-16s escorted the Russian aircraft out of Dutch airspace without incident.

The modern equivalent of Willie Sutton? Hire “offshore” hackers to steal credit card data in wholesale quantities, hold until you see which banks replace the cards, sell the rest at retail. Enormous profit. Much lower chance of being caught. (...and you can handle it all from the Jersey shore.)
Experian Breach Tied to NY-NJ ID Theft Ring
Last year, a top official from big-three credit bureau Experian told Congress that the firm was not aware of any consumers that had been harmed by an incident in which a business unit of Experian sold consumer records directly to an online identity theft service for nearly 10 months. Today’s post presents evidence that among the ID theft service’s clients was an identity theft and credit card fraud ring of at least 32 people who were arrested last year for allegedly using the information to steal millions from more than 1,000 victims across the country.

The modern equivalent of what, exactly? What is this about? Politics. Does anyone believe that China will send us their best hackers so we can put them on trial? Would we do the same if NSA employees were indicted?
U.S. to announce first criminal charges against China for cyberspying
The Justice Department is charging members of the Chinese military with conducting economic cyber-espionage against American companies, U.S. officials familiar with the case said Monday, marking the first time that the United States is leveling such criminal charges against a foreign country.
… The charges are to be brought in western Pennsylvania, where several companies that were allegedly victimized are located. Authorities are expected to name the companies and the hackers, officials said.

Is it even possible today to create a “trusted intermediary” to take emergency (or other?) notices and pass them to people who need to know? If the government has its way, they will have all our health data, our financial data (IRS), our driving data (DMV's and traffic cameras), and our contacts if not our conversations. Then we can expect new crimes, defined as not staying healthy, failure to save for retirement, erratic or excessive driving, keeping bad company, etc.
As soon as I saw the headline in the New York Times, I figured someone was going to raise privacy concerns. I wasn’t wrong. Sheri Fink reports:
The phone calls were part Big Brother, part benevolent parent. When a rare ice storm threatened New Orleans in January, some residents heard from a city official who had gained access to their private medical information. Kidney dialysis patients were advised to seek early treatment because clinics would be closing. Others who rely on breathing machines at home were told how to find help if the power went out.
Those warnings resulted from vast volumes of government data. For the first time, federal officials scoured Medicare health insurance claims to identify potentially vulnerable people and share their names with local public health authorities for outreach during emergencies and disaster drills.
The program is just one of a growing number of public and corporate efforts to take health information far beyond the doctor’s office, offering the promise of better care but also raising concerns about patient privacy.
Read more on the NY Times. There’s a lot of food for thought there.

(Related) I forgot recognizing our faces from any security or smartphone camera. (Interesting article)
Natasha Singer reports that Joseph Atick, a pioneer in facial recognition technology, has concerns:
Once he was safely out of earshot, however, he worried aloud about what he was seeing. What were those companies’ policies for retaining and reusing consumers’ facial data? Could they identify individuals without their explicit consent? Were they running face-matching queries for government agencies on the side?
Now an industry consultant, Dr. Atick finds himself in a delicate position.
Read more on the NY Times.

Scenario 1: Their security has improved so much, MasterCard must acquire it.
Scenario 2: With the negative impact on stock price and threat of future penalties from MasterCard, they were too cheap to pass up.
MasterCard acquires Pune-based ElectraCard Services
MasterCard today said it will acquire Pune-based electronic payment software firm ElectraCard Services (ECS), which had its systems attacked in a USD 45 million global ATM heist, for an undisclosed amount.

I wasn't sure that lawyers would be able to handle email safely. (They can't) Everything else just adds to the train wreck.
New on LLRX – Legal Loop: 8 handy gadgets for the mobile lawyer office
by Sabrina I. Pacifici on May 18, 2014
For the 21st century lawyer, mobility is key, since a mobile law practice makes it easier than ever for lawyers to practice law no matter where they happen to be. That’s why, according to the American Bar Association’s 2013 Legal Technology Survey, more lawyers are going mobile than ever before, with nearly 91 percent of lawyers surveyed reporting that they have used smartphones in their practices and 48 percent of lawyers surveyed reported using a tablet at work. Nicole Black explains why you need to have the right accessories to be effectively mobile.

A nice resource!
Council on Foreign Relations Cybersecurity Policy Research Links
by Sabrina I. Pacifici on May 18, 2014
“How can the United States protect cyberspace “control system of our country,” without restricting the open “flow of information on the Internet“? What should countries consider when developing international cybersecurity standards and protocol? What should their citizens know to protect their information and their rights? Cybersecurity Policy Research Links provide news, background information, legislation, analysis, and international efforts to protect government and the public’s information.”

Welcome. No matter how late, no matter how little.
DOE Releases New Guidance for Strengthening Cybersecurity of Grid’s Supply Chain
by Sabrina I. Pacifici on May 18, 2014
News release: “”As part of the Obama Administration’s commitment to a strong and secure power grid, the Energy Department today released new guidance to help U.S. industry strengthen energy delivery system cybersecurity. Developed through a public-private working group including federal agencies and private industry leaders, the Department’s Cybersecurity Procurement Language for Energy Delivery Systems guidance provides strategies and suggested language to help the U.S. energy sector and technology suppliers build in cybersecurity protections during product design and manufacturing… The new guidance released today focuses on helping utilities and other energy sector organizations purchase technologies that include cybersecurity protections and features – improving the overall reliability and security of energy delivery systems and ensuring that the testing, manufacturing, delivery, and installation of new technologies emphasize cybersecurity requirements.

Just because I had to read it... (I used the same trick in a Disaster Recovery class)
Counter-Zombie Dominance Plan

Tools & Techniques. My students might like it.
Instantly find the best photos hidden inside your new or existing videos. Why choose between photos and video? With Vhoto, you get both! Vhoto makes it easy and fun to get pics of parties, pets, kids, selfies and sports. Record video or import from your camera, choose your favorite pictures, then save or share your photos.

Dilbert perfectly illustrates the Abraham Lincoln quote: “You can fool all the people some of the time, and some of the people all the time...”