Saturday, May 31, 2014

Looks like the ATMs don't edit the data from the card. Really bad programming?
Thieves Planted Malware to Hack ATMs
A recent ATM skimming attack in which thieves used a specialized device to physically insert malicious software into a cash machine may be a harbinger of more sophisticated scams to come.
Authorities in Macau — a Chinese territory approximately 40 miles west of Hong Kong — this week announced the arrest of two Ukrainian men accused of participating in a skimming ring that stole approximately $100,000 from at least seven ATMs.
Local police said the men used a device that was connected to a small laptop, and inserted the device into the card acceptance slot on the ATMs. Armed with this toolset, the authorities said, the men were able to install malware capable of siphoning the customer’s card data and PINs.
… The Macau government alleges that the accused would return a few days after infecting the ATMs to collect the stolen card numbers and PINs. To do this, the thieves would reinsert the specialized chip card to retrieve the purloined data, and then a separate chip card to destroy evidence of the malware.


Perspective. Give it a few years and everyone will be hacked multiple times each year. So often, you won't know who to sue.
Report – Half of American Adults Data Hacked So far This Year
by Sabrina I. Pacifici on May 30, 2014
EPIC: “A new report finds that 432 million online accounts in the US have been hacked this year, concerning about 110 million Americans. In the last year, 70 million Target customers, 33 million Adobe users, 4.6 million Snapchat users, and potentially all 148 million eBay users had their personal information exposed by database breaches. Earlier this month, the President’s science advisors found little risk in the continued collection of personal data. However, the FTC’s recent report on data brokers warned that, “collecting and storing large amounts of data not only increases the risk of a data breach or other unauthorized access but also increases the potential harm that could be caused.” Earlier, EPIC urged the White House to promote Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information. For more information, see EPIC: Big Data and the Future of Privacy,EPIC: Identity Theft and EPIC: Choicepoint.”


Got any embarrassing photos you'd like removed? Send your request from a European address.
Google sets up 'right to be forgotten' form after EU ruling
Google has launched a service to allow Europeans to ask for personal data to be removed from online search results.
The move comes after a landmark European Union court ruling earlier this month, which gave people the "right to be forgotten".
Links to "irrelevant" and outdated data should be erased on request, it said.
Google said it would assess each request and balance "privacy rights of the individual with the public's right to know and distribute information".
"When evaluating your request, we will look at whether the results include outdated information about you, as well as whether there's a public interest in the information," Google says on the form which applicants must fill in.

(Related)
Right To Be Forgotten’ is a hit in Europe; 12,000 requests to Google on Day 1


Because the government needs to know if you can afford campaign contributions or are rich enough to have good lawyers (and therefore laws don't apply to you) or are failing to report cash (and therefore are a drug dealer)
New federal database will track Americans’ credit ratings, other financial information
by Sabrina I. Pacifici on May 30, 2014
Washington Examiner, Richard Pollock: “As many as 227 million Americans may be compelled to disclose intimate details of their families and financial lives — including their Social Security numbers — in a new national database being assembled by two federal agencies. The Federal Housing Finance Agency and the Consumer Financial Protection Bureau posted an April 16 Federal Register notice of an expansion of their joint National Mortgage Database Program to include personally identifiable information that reveals actual users, a reversal of previously stated policy… But under the April register notice, the database expansion means it will include a host of data points, including a mortgage owner’s name, address, Social Security number, all credit card and other loan information and account balances. The database will also encompass a mortgage holder’s entire credit history, including delinquent payments, late payments, minimum payments, high account balances and credit scores, according to the notice. The two agencies will also assemble “household demographic data,” including racial and ethnic data, gender, marital status, religion, education, employment history, military status, household composition, the number of wage earners and a family’s total wealth and assets.”


Does anyone believe this? Could the FTC articulate “Best Practices?” How about “Not too bad Practices?”
Companies should already know how to protect data, FTC argues
The Federal Trade Commission (FTC) has published enough information publicly for companies to know exactly what the agency considers reasonable security practices for protecting sensitive data, an FTC representative said in deposition entered this week in a closely watched case challenging its authority to enforce data security standards.
"The [FTC] has published a great deal of consumer and business education on the issue of what is reasonable data security," Daniel Kaufman, the deputy director for the FTC's Bureau of Consumer Protection, said in deposition before an FTC administrative court. "The Commission has testified on it on a number of occasions, and there's a lot of other publicly available information on what constitutes reasonable data security."
The deposition involves a dispute between the FTC and LabMD, an Atlanta-based medical laboratory that claims it was driven out of business by an FTC data breach investigation.
… The FTC last August filed a formal compliant against LabMD over data leaks dating back to 2008 that exposed personal information on close to 10,000 people. In its complaint, the FTC charged LabMD with unfair trade practices for not doing enough to protect data. [Enough? Or what we have published as “reasonable?” Bob]
Over the past few years, the agency has filed similar complaints against dozens of companies that suffered data breaches and has won settlements from almost all of them.
LabMD, however, challenged the FTC complaint and accused the agency of holding it to data security standards that do not exist officially at the federal level. The only other company to challenge the FTC so far is Wyndham Hotels, which has argued that the agency has no legal authority to enforce data security controls on companies.
Both cases are widely seen as a test of the FTC's authority to punish companies that suffer data breaches. Many have expressed concern that the FTC may be overstepping its authority in going after breached firms.
… In response to the LabMD motion, the FTC argued that it was not obligated to disclose the standards it uses to judge whether a company has adequate controls or not. However, in a setback for the agency, the FTC's chief administrative judge earlier this month held that the agency could indeed be compelled to disclose the standards.


Assuming this proves the concept at the state level, will other/all states do this?
The Texas Tribune and Oyez® to launch multimedia site for Texas high courts
by Sabrina I. Pacifici on May 30, 2014
IIT Chicago Kent College of Law - “Texas will soon benefit from an online archive for its two highest courts, launched through a partnership between The Texas Tribune and Oyez®, a free law project at IIT Chicago-Kent College of Law, with support from the John S. and James L. Knight Foundation. Amidst a scarcity of news coverage about law, the partnership between The Texas Tribune and Oyez will increase public access to the cases before the Supreme Court of Texas and Texas Court of Criminal Appeals. This offers more opportunities for in-depth reporting and research on the state’s judicial system… The site will go live in late summer 2014 and offer case summaries written for a non-legal audience. The multimedia resource will include opinions, transcript-synchronized videos of oral arguments, justice biographies and decision information. Fundraising is also underway to provide Spanish translations of case information… The partnership is part of a larger initiative to expand Oyez’s successful U.S. Supreme Court site to all federal appellate and state supreme courts. The Knight Foundation has funded Oyez’s efforts in Texas, as well as in California, New York, Florida and Illinois, covering one-third of the U.S. population.”


Perhaps my Criminal Justice students would find this useful.
– Search more than five million legal cases with precision, using natural language or Boolean. Ravel lets you focus on judges’ words and analysis, removing clutter so that you can read and scan quickly. Mining the connections that link millions of court documents, Ravel’s technology identifies cases’ key passages and shows how later cases have rephrased or interpreted them.


Tools for my Computer Security and Ethical Hacking students.
– is a collection of useful online tools for your computer. As the name of the site suggests, you can view DNS settings and DNS changes. But that is not all the site offers. It also offers various tools that you would normally have to surf to other sites to use. Here they all are on the same page for your convenience. This includes Is My Site Down, and an IP location finder.

(Related) The start of a series about analyzing the “Big Data” from security logs. Simple in concept, tedious to implement.
Finding Needles in the Haystack of Security Events
… Security devices generate volumes of raw data, usually in a proprietary manner. Parsing such unstructured data and making sense out of it is a tedious, if not an impossible task. If that’s not enough to make you cringe, when your organization is under a DDoS attack, your CIO is going to want not only a resolution but the answers to Who, What, Where, When, Why and How – fast. Security is time-sensitive; every minute counts and every second that ticks by negatively impacts your bottom line – brand degradation, unhappy customers and ultimately lost revenues.
… The goal of inspecting Internet traffic and establishing a baseline is to determine the normal activity level for your environment and establish any thresholds that would indicate a threat or security event in order to generate the proper alerts. Normal activity levels can vary by time of day or by the month of the year or by some other factors specific to your business.
… Once the baselines are established, SOCs monitor all activity (network activity, security events) and analyze those that exceed the pre-determined thresholds or indicate suspicious behavior. Monitoring involves tracking abnormal behavior, outside the range of normal activity levels established during the baseline, and is almost always done via the alerting procedures that notify SOC personnel via an e-mail, SMS, dashboard indicators, or a combination of these.


Continuing to automate the legal functions. Soon there will be nothing left for lawyers to do!
5 Apps & Online Tools To Help You Write a Will


Is it because too many people have too much money, or is it that I don't?
Did Steve Ballmer pay too much for the Los Angeles Clippers? The market says no.
At least on a surface level, the Los Angeles Clippers appeared to be a lousy investment for any potential buyer — a franchise with none of the championship history and Hollywood buzz of the rival Lakers and one still reeling from the racist comments made five weeks ago by now-deposed owner Donald Sterling.
But as the sports industry begins to process the staggering amount — $2 billion — for which Sterling’s wife agreed to sell the Clippers, it is clear, in this new Golden Age of sports television, there is no franchise too weak or too sullied to command a windfall at auction, especially in Hollywood.


I must be out of touch. I can't imagine what a good old fashioned spanking would result in. (Is Hawaii infested with pedophiles?)
Father Gets Probation For Making Son Walk Home From School
A Hawaii man has been sentenced to a year of probation after making his son walk a mile [Oh the horror! Bob] home from school.
Robert Demond was convicted of a misdemeanor charge of second-degree endangering the welfare of a minor.
Demond explained that his son had been involved in some sort of rule-breaking at school. When Demond picked him up, he asked about it, but his son refused to respond. Demond then stopped the car and told his son to walk to rest of the way home to think about what he had done, reports the Garden Island.
The judge, Kathleen Watanabe, ruled that the punishment was “old-fashioned” and inappropriate. She said that it is dangerous for children to walk alongside the road due to potential pedophiles. It was a form of punishment no longer supported by the community.

(Related) What are we teaching/failing to teach our teachers?
The Sydney Morning Herald reports:
A Victorian mother is demanding answers after her teenage daughter’s armpits were shaved by her teacher as part of the school’s curriculum.
Melissa Woods, mother of 14-year-old Taylah, says her daughter was “extremely upset” when her armpits were shaved in front of two other girls in a classroom.
Read more on Sydney Morning Herald.


Something for my Statistics students to debate. No doubt Google and whichever auto makers lease their software will get sued a lot. Probably worth having insurance for anything that gets past their lawyers. (Will cars be subject to “grounding” like airplanes? One measly little wing falls off and the FAA gets all safety conscious.)
Car insurance would be a lot cheaper without drivers
… Driverless cars may shrink your insurance costs.
Human error accounts for more than 90% of car crashes, multiple studies have found. Cars that drive themselves are expected to dramatically reduce that statistic, particularly since Google’s version nixes the steering wheel and brakes. “They have sensors that remove blind spots, and they can detect objects out to a distance of more than two football fields in all directions, which is especially helpful on busy streets with lots of intersections,” Chris Urmson, director of Google’s self-driving car project, wrote in a blog post. Those factors could also largely absolve drivers from liability for accidents, experts say.

Friday, May 30, 2014

No doubt this will result in a push to legalize other drugs.
Denver Murder Rate Cut in Half After Marijuana Legalization. Coincidence?
According to statistics recently released by the government in Denver, the amount of robberies and violent crimes significantly decreased since marijuana legalization went into effect. It is important to mention that this strong correlation is not definitive proof that legalization is the cause of this drop in crime, but it does strongly suggest that this is the case.
These statistics are especially convincing considering the short amount of time that this drastic reduction in crime has taken place. In just one short year the number of homicides dropped by 52.9%. Sexual assaults were reduced by 13.6%. Robberies were down by 4.8% and assaults were down by 3.7%.
The statistics measured the first few months of the year for both 2013 and 2014, and then compared those numbers with one another to determine whether they were higher or lower after legalization went into effect.


Oops! Heads up!
TrueCrypt Encryption Software Shut Down, May Be Compromised
Independent encryption software TrueCrypt is apparently not as secure as many thought. Yesterday (May 28), the TrueCrypt homepage was suddenly replaced with a notification that read "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues."
TrueCrypt is used by many security-minded people, including NSA whistleblower Edward Snowden, to turn a storage device, such as a flash drive or hard drive or a partition of such a device, into an encrypted volume, protecting the documents stored in that volume from prying eyes.
But TrueCrypt's creators never revealed their true identity, which caused others to be skeptical of its integrity.


Lawyers. No matter how often I tease them about this, they still insist that encryption is too complicated for their clients – even when their clients are the firms that create encryption Apps.
LexisNexis – Study tells a Story about Law Firm File Sharing
by Sabrina I. Pacifici on May 29, 2014
LexisNexis Survey of Law Firm File Sharing in 2014 – “This study found that file sharing is increasingly important in law firm collaboration and while those firms are keenly aware of the consequences of IT security risks, unencrypted email – reinforced with a statement of confidentiality – remains the primary mechanism for sharing files.
  • See also this related infographic - http://www.slideshare.net/BusinessofLaw/lexisnexis-2014-survey-of-lfile-sharing-survey-report-final


If it's not something you immediately recognize as part of the Internet of Things, we can “thingify” it for you! (We will know everything you do, everything you are, everything you think. Then we'll sell that information to people who want to sell you things to help you do more, be healthier and think Republican!)
Samsung wants to 'thingify' your BODY with Simband
… As Samsung says, it's a reference design for a platform, rather than yet-another-Fitbits-knockoff: “Devices based on the Simband platform will be able to gather vital diagnostic information - from your heart rate to your skin’s electrical conductivity, 24 hours a day, seven days a week.”


Would you call this “Self-Surveillance?” Perhaps “Auto-Surveillance?”
– is an easy way to keep a record of your things. Keep an always up-to-date record of what you own, with easy access to receipts, manuals and warranty information. After connecting with Gmail, Unioncy pulls information from Amazon receipts in your inbox to create a collection of your things. They then match manuals & warranty information with important information from manufacturers and other reliable sources.


Perspective
Tablet Slump Predicted as More People Buy Phablets
… "First, consumers are keeping their tablets, especially higher-cost models from major vendors, far longer than originally anticipated. And when they do buy a new one they are often passing their existing tablet off to another member of the family," Mainelli said in a statement. "Second, the rise of phablets — smartphones with 5.5-inch and larger screens — are causing many people to second-guess tablet purchases as the larger screens on these phones are often adequate for tasks once reserved for tablets."


Perspective. Is it just me or are “valuations” like this one a bit excessive?
Uber's new potential valuation? $17B
Uber’s plans to raise more venture capital could push its value up to $17 billion.
“This one could be record-breaking,” CEO Travis Kalanick said at Re/code's Code Conference Wednesday.
The San Francisco car-sharing company has raised more than $300 million thus far. Its service connects people needing a ride with drivers in 115 cities around the world and employs 900 people.


For my Computer Security students.
Google Launches Game to Teach XSS Bug Discovery Skills
Google has launched a new game to teach Web application developers how to spot cross-site scripting (XSS) bugs in their code.
XSS vulnerabilities are highly common in websites, but can be quite dangerous. In fact, Google pays up to $7,500 for XSS bugs discovered in important products.
The XSS Game, which requires a modern web browser with JavaScript and cookies enabled, is mainly addressed to Web application developers who don’t specialize in security. However, Google believes that while security experts might find the first levels easy, they could also learn a few things.
Cross-site attacks are dangerous because of what they do, but also because the three distinct types of each strike from different angles,” Chris Hinkley, a Senior Security Engineer at FireHost, explained in a late 2012 SecurityWeek column.
Cross-site scripting (CSS) can either be persistent or reflected, and cross-site request forgery (CSRF), where attackers use an authenticated session on one Website to perform unauthorized actions on another site, are also especially dangerous.

(Ditto)
Most Mobile Breaches Will be Tied to App Misconfiguration by 2017: Gartner
Analyst firm Gartner is predicting that by 2017, the focus of endpoint security breaches will shift to mobile devices such as tablets and smartphones.
With nearly 2.2 billion smartphones and tablets expected to be sold in 2014, Gartner believes attackers will continue to pay more attention to mobile devices. By 2017, 75 percent of mobile security breaches will be the result of mobile application misconfigurations, analysts said.


For my students.
The Condition of Education 2014
by Sabrina I. Pacifici on May 29, 2014
“The Congress has mandated that the National Center for Education Statistics (NCES) produce an annual Condition of Education report to help inform policymakers about the progress of education in the United States. This year’s report presents 42 indicators on important topics and trends in U.S. education. These indicators focus on population characteristics, participation in education, elementary and secondary education, and postsecondary education. This year’s Condition shows that about 90 percent of young adults ages 25 to 29 had a high school diploma or its equivalent in 2013, and that 34 percent had a bachelor’s or higher degree. As in previous years, in 2012, median earnings were higher for those with higher levels of education—for example, 25- to 34-year-olds with a bachelor’s degree earned more than twice as much as high school dropouts. Also, the unemployment rate was lower for bachelor’s degree holders in this age range than for their peers with lower levels of education.
… Postsecondary enrollment was at 21 million students in 2012, including 18 million undergraduate and 3 million graduate, or postbaccalaureate, students.


For my “You had better be researching” students. Watch the video.
Listango - A Quick and Easy Bookmarking Tool
The Internet is not lacking for bookmarking tools. Some are complex and robust while others are clean and simple. Listango falls into the clean and simple category. Bookmarking websites with Listango is a simple matter of clicking the Listango bookmarklet in your browser then choosing the list to which you want to add your bookmark.
To get started with Listango you register for an account then drag the Listango browser bookmarklet into your browser's bookmarks bar. With the Listango bookmarklet installed whenever you're viewing a site that you want to bookmark you can just click the Listango button to save the site to one of your bookmark lists. In your Listango account you can create as many categorized bookmarks lists as you like.


It's that time again. (Time for me to laugh)
… “Nevada education officials this month told a local man it would cost more than $10,000 to access the data the department has collected on his four children.” More via Education Week.
COSN and the EducationSuperHighway organization estimate that it’ll cost $3.2 billion in E-rate subsidies to connect all the schools and libraries in the US at a level sufficient to support “1:1 digital learning.” Their full report is here. [I'll wager they spend 10 times that amount and never get close to 100% connections. Bob]

Thursday, May 29, 2014

We're not done with Target.
Most Target board members should go, adviser says
Most of Target Corp.’s board members are being targeted for ouster by a prominent firm that advises shareholders, alleging they failed to protect the company against a massive data breach that began just as last year’s holiday shopping season was getting underway.
The firm, Institutional Shareholder Services, recommends that at their upcoming annual meeting, Target shareholders vote out seven of the 10 board members — those who serve on the company’s audit and corporate responsibility committees, the Star Tribune reports. That list includes Roxanne Austin, the interim board chair.
… In its report released Wednesday, ISS said the breach shows the company is not prepared for the “significant risks of doing business in today’s electronic commerce environment.” It added that the two committees “should have been aware of, and more closely monitoring, the possibilities of theft of sensitive information” given Target’s significant exposure to customer credit card information and e-commerce, according to the Star Tribune.
… It’s unusual for ISS to recommend voting against the majority of members on a company’s board, according to the Wall Street Journal. It says it’s an indication that corporate boards everywhere should take the risks of cyberattacks more seriously, particularly retailers which store vast amounts of credit card numbers and other customer data.


A day for interesting reports.
Mary Meeker's 2014 Internet Trends report is a must read
Renowned tech analyst Mary Meeker has delivered her influential annual Internet Trends report, emphasising the rise of mobile interfaces in transforming the way we communicate and interact.
Among the more startling statistics she revealed was that more than 1.8 billion photos are shared every day and the dating app Tinder, which allows conversation only after both people have "liked" each other, now registers 800 million swipes per day and 11 million matches.
Ms Meeker, who is now a partner at venture capital firm Kleiner Perkins Caufield & Byers, delivered her observations and predictions at the Code conference in California. Her seminar is hugely influential in the technology industry, as well as for media buyers, strategists and the markets.
… Among Ms Meeker's other key observations:
  • Data mining: We're only meaningfully analysing a tiny fraction (1 per cent) of available data. Tech start-ups are leading the way in both expanding and understanding data.
  • Single-purpose apps: Applications are moving away from being catch-all toward stand-alone, such as Facebook's Messenger and Twitter's Vine.
  • Selectivity: We are sharing more content with a narrower group of people, rather than broadcasting a little bit of information to all. Think Snapchat, which now accounts for 700 million daily photo shares.
  • China: Ms Meeker lauds China as a leader in mobile commerce development. Through its messenger application WeChat, which has 400 million active mobile users, you can bank and invest, book restaurants and buy groceries. Didi Taxis generates 5 million daily rides by integration with WeChat.
  • Cryptocurrencies: Ms Seeker keeps faith in Bitcoin despite its crash in value, arguing the 5 million Bitcoin wallets worldwide (an eight-fold increase year-on-year) shows "extraordinary interest".
  • Declining costs: Computing, storage, bandwidth and handsets are all decreasing, though data costs can remain high. The average global smartphone price is now $US335 ($363), though we typically pay more in Australia.
  • Mobile growth: Mobile usage now accounts for 25 per cent of all web traffic in 2014, up from 14 per cent a year ago. Asia and Africa represent a significant portion of that – developing nations "leap-frogged" the PC and laptop era, moving straight to smartphones.
  • Videos: Mobile's share of online video plays is rising, and now accounts for 22 per cent. Consumers expect to watch TV on demand and on their own terms.
  • Tablets: Unit shipments are growing faster than desktops or laptops ever did, but still have more room to grow at 6 per cent market penetration.
  • Dual-screening: 84 per cent of American mobile users use their device while watching TV. We are seeing more content than ever, but it allows us to avoid commercials.
  • Advertising: Global internet advertising grew 16 per cent this year, and mobile advertising grew by 47 per cent. The average revenue per user for Google, Facebook and Twitter remained stable.


Apparently a good Internet attracts crooks. Amazing.
State of cybercrime in the U.S.: Good guys, losing. Criminals, winning.
The 2014 U.S. State of Cybercrime Survey revealed that hackers trying to break into computers are more technologically advanced than the teams that are trying to prevent them from doing so.
The survey, which was co-sponsored by PricewaterhouseCoopers, the CERT division of Carnegie Mellon University's Software Engineering Institute, CSO magazine and the United States Secret Service, involved 500 executives from U.S. companies, law enforcement services and government agencies.

(Related)
Cybersecurity of Healthcare, Retail Sectors Lags Behind Utility and Financial Industries: Report
… "Based on our analysis, it is clear that organizations that treat cyber security as a strategic issue perform better than those that view it as a tactical one," said Stephen Boyer, BitSight co-founder and CTO. "This partially explains the superior Security Ratings of financial institutions and electric utilities in the S&P 500 compared to retailers and healthcare companies."

(Related)
Rise Is Seen in Cyberattacks Targeting U.S. Infrastructure
ASPEN, Colo. — The top American military official responsible for defending the United States against cyberattacks said Thursday that there had been a 17-fold increase in computer attacks on American infrastructure between 2009 and 2011, initiated by criminal gangs, hackers and other nations.
The assessment by Gen. Keith B. Alexander, who heads the National Security Agency and also the newly created United States Cyber Command, appears to be the government’s first official acknowledgment of the pace at which America’s electricity grids, water supplies, computer and cellphone networks and other infrastructure are coming under attack. Those attacks are considered potentially far more serious than computer espionage or financial crimes.


I think the question was rhetorical.
Orin Kerr writes:
During the recent oral argument in United States v. Wurie, the pending cell phone search case, Justice Alito asked an important question about the nature of the “reasonable expectation of privacy” test:
In determining whether the examination of information on a cell phone . . . constitutes a search, what do you think we . . . we are doing? . .. Are we answering an empirical question, what is the reasonable expectation of privacy of a of a person in 2014 who has a cell phone on his or her person? Or are we legislating what we think is a good privacy rule?
I once wrote an article on this question, so I thought I would try to answer Justice Alito.
Read more on WaPo The Volokh Conspiracy.


If you want to sell globally, you have to speak every language. (Video)
Microsoft's real-time Skype language translator could be its first real breakthrough in a decade
On Tuesday night, at a tech conference in Rancho Palos Verdes, California, Microsoft showed off a new tool that will turn Skype into your own personal translator. In Microsoft's demonstration, executive Gurdeep Singh Pall speaks English with a German-speaking colleague, and Skype acts as real-time voice and text translator. Even in today's wonderland of technological innovations, this looks like science fiction come to life:
Microsoft will release Skype Translator later this year, as a Windows 8 beta app, before eventually rolling it out for all Skype users.


An alternative to monopoly?
Community Fiber in Washington, D.C., Seattle, and San Francisco
by Sabrina I. Pacifici on May 28, 2014
Developments and Lessons Learned - “This report provides detailed accounts of planning carried out in connection with community fiber networks in Washington, D.C., San Francisco, CA, and Seattle, WA. It includes information about existing fiber assets that the cities identified, funding mechanisms that were considered, and roadblocks that were encountered. Our hope is that this report will be helpful to other cities that are considering launching fiber optic networks. Key Findings
  • The cities profiled in this report have each approached the question of community fiber differently.
  • Washington, D.C. made concessions and arrangements that allowed it to build a robust public-safety-quality fiber network, but limitations on the use of that network have made it unavailable to residents and businesses. Additionally, prices charged non-profits for use of the network are currently too high to be competitive with incumbent products.
  • San Francisco has been highly innovative in expanding fiber to public housing, aggressively leasing dark fiber to community anchor institutions such as libraries and schools, and ensuring free public Wi-Fi, but has not yet cracked the nut of alternative community residential or business fiber access.
  • Seattle has had an extensive city fiber loop in place since 1986, but regulations limiting use of poles and approvals for cabinets have slowed the rollout of competitive last-mile service. Seattle’s recent negative experience with Gigabit Squared (which was unable to execute on its last-mile promises and subsequently vanished from the scene) casts a shadow. Seattle’s current mayor appears to be determined to ameliorate both the regulatory burdens and the information asymmetries that have dogged the city.”


Now all I need is the template for a Ferrari.
World's Cheapest 3D Printer On IndieGogo for $149
The prices of consumer 3D printers continue to drop, and the New Matter MOD-t is the cheapest one yet — though you'll have to wait a year to get it. The "Early Bird Special" version of this 3D printer from Pasadena, California-based startup New Matter was selling for $149 USD on crowdfunding website Indiegogo, but within hours of the campaign going live today (May 28) all 500 available units had been sold.
The MOD-t is still available for $199 on the Indiegogo campaign, and will retail for $249 when it hits the market in April 2015.


Cute idea, new word. (The video is optional.)
Personal Technology columnist Geoffrey A. Fowler asked a colleague to steal his phone, and used new software from Lookout to track down the thief, including taking a photo of the suspect.


Cuter idea?
– If you’ve ever lost or misplaced your iPhone, iPad, or iPod touch somewhere nearby but can’t quite remember where, stop flipping pillows and frantically patting your pockets. The Marco Polo app will help you quickly find your device in just one shout. Just shout out loud “MARCO!” and your hidden device will ring back POLO! so that you can find it.

Wednesday, May 28, 2014

Local and probably impacting my student Vets.
Two laptops stolen from Denver's VA hospital
Two laptop computers containing information on 239 veterans have been reported stolen from the Denver VA Medical Center.
The laptops, used for mobile pulmonary tests, were discovered missing from a laboratory May 20, said Daniel Warvi , spokesman for the VA Eastern Colorado Health System.
"This was a crime," Warvi said. "Somebody broke into a locked lab and stole laptops. They weren't left in a coffee shop."


There's nothing wrong with our security, except of course it didn't work. And we're going to make some changes to improve our perfect security.
Clara O’Brien reports:
Streaming music service Spotify has become the latest company to be hit by a security breach as it admitted that it had uncovered “unauthorised access” to its systems.
However, the firm said its investigation had shown only one user’s data had been accessed, and said it was not aware of any increased risk to users as a result of the breach, and said no password, financial or payment information had been accessed.
Read more on Irish Times.


An “Internet of Things” creates a “target rich environment.” Why would we not hack the low lying fruit – they create more every day!
Botnet of PoS Systems Uncovered: IntelCrawler
Researchers at IntelCrawler have pulled the covers away from a cybercrime operation that has compromised nearly 1,500 point-of-sale (PoS) terminals and other systems around the world.
The firm calls the botnet 'Nemanja'. Composed of PoS terminals, accounting systems and grocery management platforms, the researchers said they discovered it earlier this year.
"The assigned name is related to potential roots of bad actors with similar nicknames from Serbia," according to a blog post by the firm.


Since the cost is really nominal, why wouldn't everyone do this?
Abby Sewell reports:
Following a break-in at a county health contractor’s office that led to the theft of computers containing personal information about more than 342,000 patients, Los Angeles County supervisors moved to tighten protocols for protecting data.
The county already requires that workers’ laptops be encrypted. The supervisors voted Tuesday to extend that policy to also encrypt all county departments’ computer workstation hard drives.
Read more on Los Angeles Times.


Is this “Pile on eBay” week, or are they really this screwed up?
eBay riddled with XSS flaws
eBay seems to be going through a rough road since it admitted the breach last week, as yet some more flaws are discovered that haven’t been fixed and can be exploited to hijack user accounts.
Jordan Jones, the security researcher who reported the major vulnerability in eBay’s website last week, has published details of a second vulnerability that hadn’t been fixed as of Monday.
… German security researcher Michael E has spotted another persistent cross-site scripting (XSS) vulnerability that allows the hacker to inject arbitrary HTML and JavaScript code into the eBay website to create auction pages with unauthorized JavaScript code. The malicious code in turn can steal the visitors’ account cookies, allowing attackers to hijack the users’ accounts.
The Hacker News reported that eBay “accepts the same login cookies again and again, even if the victims have logged out or reset their passwords.”


Ah, you finally noticed that, did you. Report should be worth reading!
Brokers use ‘billions’ of data points to profile Americans
Are you a financially strapped working mother who smokes? A Jewish retiree with a fondness for Caribbean cruises? Or a Spanish-speaking professional with allergies, a dog and a collection of Elvis memorabilia? All this information and much, much more is being quietly collected, analyzed and distributed by the nation’s burgeoning data-broker industry, which uses billions of individual data points to produce detailed portraits of virtually every American consumer, the Federal Trade Commission reported Tuesday.
The FTC report provided an unusually detailed account of the system of commercial surveillance that draws on government records, shopping habits and social-media postings to help marketers hone their advertising pitches. Officials said the intimacy of these profiles would unnerve some consumers who have little ability to track what’s being collected or how it’s used — or even to correct false information. The FTC called for legislation to bring transparency to the multibillion-dollar industry and give consumers some control over how their data is used.
Data brokers’ portraits feature traditional demographics such as age, race and income, as well as political leanings, religious affiliations, Social Security numbers, gun-ownership records, favored movie genres and gambling preferences (casino or state lottery?). Interest in health issues — such as diabetes, HIV infection and depression — can be tracked as well.


This is interesting.
Andrea Vance reports some changes in New Zealand:
Identity theft is to be outlawed with a fine of up to $10,000 under an overhaul of privacy laws.
The Government is to beef up the watchdog powers of the privacy commissioner. Organisations will also be required to report data breaches to the commissioner, and notify those affected in serious cases.
Penalty fines are to be increased and two new offences created.
Failing to notify the commissioner of a privacy breach or impersonating someone to obtain their personal information will be illegal and carry a fine of up to $10,000.
It will also be against the law to destroy documents containing personal information that a person has sought access to. [I don't recall seeing that one before. Bob]
Read more on Stuff.


You know Facebook's Privacy Policy is questionable when Iran wants the US to extradite Mark Zuckerberg.
Iranian judge summons Facebook CEO for breach of privacy
A conservative Iranian court opened a case against instant messaging services WhatsApp and Instagram while also summoning Facebook CEO Mark Zuckerberg over complaints of privacy violation, state news agency ISNA reported on Tuesday.


Perhaps one day I'll get an email from Google that says, “Bob, we've noticed you are going bald. Kick here for a list of products to keep you looking 'Mavalous.'”
After drones, Google and Facebook eye satellites to expand internet access
Google and Facebook already compete on PCs, mobile devices and recently their rivalry has moved to the skies, but a new report from The Information suggests it could move even further from land. Over the last year or so, both looked at drone maker Titan Aerospace before Google acquired it, adding to a portfolio that includes its Project Loon experiments. Not to be outdone, Facebook is said to have acquired a drone maker from the UK called Ascenta. The only thing left? Space. The Information follows up on claims that Google is looking at a satellite company called Skybox Imaging by noting recent hires and investments in companies that deal with satellite-delivered internet. Craig Barratt is named as leading several teams at Google developing wireless internet technology to connect the rest of the world (white spaces, municipal WiFi, community routers for businesses etc.) while Google X teams work on the drones and balloons. Facebook's interests in (the) space are not as well-documented, but we can only guess that the race will reach low-orbit soon, and collect a few more startups and giants as competitors. Maybe DirecTV made its deal with AT&T too soon?


Interesting contrast.
Army of robots to invade Amazon warehouses
CEO Jeff Bezos told investors at a shareholder meeting Wednesday that he expects to significantly increase the number of robots used to fulfill customer orders.
There are currently about 1,000 robot workers on Amazon floors. The increase won't change the number of actual people employed, an Amazon spokeswoman said.
The robots are made by Kiva Systems, a company Amazon bought for $775 million two years ago.

(Related) This might be because fast-food workers want $15 per hour.
Robots will replace fast-food workers


Questions. Not just self-driving but “completely human free!” What happens when the systems crash? You can't take control and putter on home, you are dead in the water (dead in the fast lane?)
Google's Self-Driving Car Prototype Ditches the Steering Wheel
… The small, Volkswagen Bug-esque vehicle does not have a steering wheel, accelerator pedal, or brake pedal, "because they don't need them," Google said in a blog post. Just get in, and Google's car will take you to your destination with the push of a button.


Interesting. If it was oil or even coal they would already be exploiting it. Probably not worth shipping to Europe to replace Russian gas.
Colossal peat bog discovered in Congo
The bog covers an area the size of England and is thought to contain billions of tonnes of peat.
Scientists say investigating the carbon-rich material could shed light on 10,000 years of environmental change in this little-studied region.
Dr Simon Lewis, from the University of Leeds, said: "It's remarkable that there are parts of the planet that are still uncharted territory."


For my “early adopter” students. Worth $170?
Mozilla’s new Firefox OS Flame smartphone is now available for preorder
After years of talking about a Firefox OS and a few different phone models, Mozilla is finally making its heralded Flame available.
The company announced today that it has opened preoders for the new Firefox OS Flame phone. Mozilla partnered with independent design house and manufacturer T2Mobile to manufacture the phone, and you can now preorder it through everbuying.com, according to a company blog post.


For my students who think the textbooks are written in a foreign language.
Google Buys Visual Translation App Word Lens – Then Gives It Away For Free
Google has always put a lot of work into their translation app, so much so that it has become a very effective and powerful app for getting yourself out of linguistic tangles. But now Google has gone one better by buying Word Lens, the visual translation app, and then giving it away for free for a limited time.
What makes Word Lens special? Simply this. If you see something written in a foreign language (such as a sign), you just point the iOS or Android app at it. It then translates the language into your chosen language, all in real time, using your phone’s built-in camera – no Internet connection required.
… As I said, everything is free for the moment – the app, and all of the language packs which must be downloaded and installed separately. But when the limited offer ends, whenever that may be, the app itself will be free but the language packs will have to be bought.
… Since Google hasn’t indicated when the limited offer will end, it’s best to grab this right now. The app is fantastic and should be on every phone, along with Google Translate and other great translation apps for travelling.