Saturday, June 07, 2014

Heads-up Ethical hackers, they're talking about another of our tools.
Oh great: Is this new OpenSSL flaw worse than Heartbleed?
The Heartbleed flaw discovered in OpenSSL was one of the worst web vulnerabilities in history, but believe it or not it may have already been dethroned.
Even more incredible is the fact that once again, OpenSSL may be to blame.
The "CCS Injection Vulnerability" was discovered by Tatsuya Hayashi, who said it "may be more dangerous than Heartbleed," according to The Guardian.
Attackers can reportedly use this weakness to intercept and even alter data passing between computer and websites in a classic man-in-the-middle maneuver as long as they're on the same network, like a public Wi-Fi hub.


Isn't that what I've been saying?
Snowden Damage Apparently Less Than Feared: Report
Edward Snowden does not appear to have taken as much as originally thought from NSA files, The Washington Post reported late Thursday.
"We're still investigating, [I doubt that. They should have finished an investigation like this in hours. Bob] but we think that a lot of what he looked at, he couldn't pull down," [Bologna! CNTL-A, CNTL-C, CNTL-V Any questions? Bob] Clapper said. "Some things we thought he got he apparently didn't," the director was quoted as saying.


Privacy in Canada.
Daniel Tencer reports:
Rogers Communications and internet service sartup TekSavvy have released the first-ever transparency reports from Canadian telecom companies, and what they have to say won’t lessen the concerns of privacy activists.
Rogers reported that it got 174,917 government requests for information about subscribers last year, or about 480 requests per day. That’s nearly one request for government data per 11 Rogers internet subscribers.
Read more on Huffington Post (Canada). In another post this morning, I note that Vodafone and Deutsche Telekom are also being more transparent now.
These are all great developments, and it’s appropriate that they are happening on or around the one-year anniversary of Edward Snowden’s revelations.


Privacy in the USA. This is strange.
Joe Wolverton, II writes:
Federal law enforcement officers recently seized the records of a local police force’s use of a controversial surveillance system known as “Stingray” just before the information was scheduled to be released to the public.
The U.S. Marshals Service “stunned” the American Civil Liberties Union (ACLU), which was waiting on the imminent release of the documents pursuant to a public records request the group filed earlier this year with the Sarasota, Florida, police department. The petition sought to shed light on the scope of the department’s use of the Stingray device.
According to the ACLU, its representatives were scheduled to be given access to the documents last Tuesday, but federal marshals showed up first and took possession of the entire cache, claiming they were the property of the U.S. Marshals Service. The feds forbade the local police from releasing the documents as planned.
Read more on New Amerian.


Some things are classified Top Secret when disclosure would cause "exceptionally grave damage." Other things are classified Top Secret when people think those things are very important. Yet others when the people choosing the classification think they are important.
EPIC v. NSA: EPIC Obtains Presidential Directive for Cybersecurity
by Sabrina I. Pacifici on June 6, 2014
EPIC - After almost five years, EPIC has obtained National Security Presidential Directive 54. The previously classified Presidential Directive contains the full text of the Comprehensive National Cybersecurity Initiative and “establishes United States policy, strategy, guidelines, and implementation actions to secure cyberspace.” This Directive, which is the foundational legal document for all cybersecurity policies in the United States, evidences government efforts to enlist private sector companies, more broadly monitor Internet activity, and develop offensive cybersecurity capability. EPIC first sought public release of NSPD-54 with a Freedom of Information Act request, submitted to NSA in June 2009. After the agency failed to disclose the document, EPIC filed suit. When a federal district court ruled in 2013 that the Presidential Directive was not subject to the Freedom of Information Act, EPIC then filed an appeal with the DC Circuit Court of Appeals. The document has now been disclosed to EPIC. The case is EPIC v. NSA, a Freedom of Information Act lawsuit in D.C. Circuit Court. EPIC has several related FOIA cases with the NSA pending in federal court. For more information see EPIC – EPIC v. NSA (Cybersecurity Authority).


This has potential, but I haven't found a link to check it out, yet.
Sam Evans-Brown reports:
There’s a database in New Hampshire, nestled in hard-drives in the Department of Education, with all sorts of information about student test scores, graduation rates, and achievement. It shows how poor kids do on tests compared to rich kids, and how minorities do compared to whites, and whether schools are improving on those tests.
Whenever the data in it is accessed, it’s totally anonymous; only a handful of employees at the DOE can match these test-scores with student names.
That makes New Hampshire already ahead of the curve, and that was the case before lawmakers passed a new student data privacy law.
National Privacy advocates are praising New Hampshire’s new measure, which Governor Maggie Hassan signed into law last week to basically no fanfare. They are saying it provides clarity in an area that in many states is largely unregulated.
Read more on NHPR


One part of the Net Neutrality debate?
Verizon tells Netflix to stop blaming it for streaming issues
… In a cease-and-desist letter sent to Netflix, Verizon said Netflix is making "false accusations" that have the "potential to harm the Verizon brand" and is engaging in "deceptive behavior."
At issue is a notice Netflix started running in Verizon homes earlier this week when buffering issues arose that said, "the Verizon Network is crowded right now."
"There is no basis for Netflix to assert that issues with respect to playback of any particular video session are attributable solely to the Verizon Network," Verizon General Counsel Randal Milch said in his Thursday letter to Netflix General Counsel David Hyman.
He went on to say that much of the problems consumers may be having are the fault of Netflix and the companies it uses to get its content to Verizon's pipes.
"Netflix has been aware for some time that a few Internet middlemen have congestion issues with some IP Networks and nonetheless, Netflix has chosen to continue sending its traffic over those congested routes," Milch said.


When does “tough business negotiations” tip over to monopolistic practices?
Amazon spat with publishers set to escalate
… The world's largest online retailer is already feuding with Hachette Book Group and Bonnier Media. Simon & Schuster and News Corp's HarperCollins will soon come up for renegotiation, say sources familiar with the matter, which means best-selling authors such as HarperCollins' Veronica Roth, writer of the Divergent trilogy, and Simon & Schuster's Michael Lewis could be entangled in the controversy.
Hachette's tussle will determine whether publishers can gain leverage against Amazon, the biggest seller of e-books, at a time when demand for digital tomes is surging and physical books are losing ground. Amazon is seeking a bigger cut of the retail price of a title so it can continue discounting e-books and boost margins, the sources said. To ratchet up the pressure on Hachette, Amazon started blocking some book pre-orders and delaying shipments - affecting titles such as The Silkworm, J.K. Rowling's new novel written under a pseudonym.
… Amazon commands 60 per cent of the e-books market, according to Forrester Research.
… ''Negotiating for acceptable terms is an essential business practice that is critical to keeping service and value high for customers in the medium and long term,'' Amazon said in an online post last week.
The tactics have hurt Hachette, the publisher of mass-market powerhouses like James Patterson and literary heavyweights like Donna Tartt. A few weeks into Amazon's campaign, Hachette relinquished its No.1 spot on the Digital Book World bestseller list, a sign of Amazon's dominance in the publishing industry.


Would “a personal representative of a deceased person’s estate” include a spouse or other heirs?
Access to Digital Accounts After Death Varies State to State
by Sabrina I. Pacifici on June 6, 2014
“The Uniform Law Commission, a body of lawyers who produce uniform legislation for states to adopt, recently drafted the “Fiduciary Access to Digital Assets Act (FADA).” It would grant fiduciaries (a catch-all term for the various types of people who can be legally appointed to hold assets) broad authority to access and control digital assets and accounts. FADA is considered by many attorneys to be an improvement over existing law because it would clarify and expand who can access a deceased person’s online accounts. The proposal would create four categories of fiduciaries who would be able to take over these accounts in the event of a death:
a personal representative of a deceased person’s estate;
someone carrying out a power-of-attorney;
a trustee of a trust; or
someone appointed by a court to act on behalf of a protected person.
Existing laws typically only apply to personal representatives. The Commission will vote on the proposed law in July. But two issues still remain. The first revolves around “media neutrality,” the idea that the treatment of assets should be the same regardless of whether they are digital or physical. The proposal would require certain fiduciaries to obtain access to digital assets, while it would be automatic for others.”


For my students.
More new jobs went to the college educated
US employers loaded up on college-educated workers in May.
A hefty 332,000 new jobs last month went to those who finished college, the Labor Department said Friday. That caused the jobless rate for college graduates to dip to 3.2 percent from 3.3 percent in April.
It was further evidence that businesses increasingly value educated workers, even when an advertised job doesn’t call for such a degree. The most recent estimate from the Federal Reserve Bank of New York found that, on average, one-third of college graduates work jobs for which their degrees aren’t necessary.


Does this signal an opportunity for Professional Employee Organizations? Security contractors.
Two-thirds of IT Employees Are Ready to Walk Out the Door: Survey
IT professionals are noticing a significant change in how they are regarded within their organizations, according to the latest research report from Wisegate, a private practitioner-based IT research services group. Instead of being treated as a nuisance or necessary evil, IT is increasingly being integrated into and respected by the business, according to the respondents—senior IT practitioners across a variety of industry sectors—who participated in the Wisegate survey.
But there is a gap somewhere, as many of the 362 IT professionals surveyed were looking for opportunities outside their organizations. Almost half of the respondents felt their organizations did not offer the opportunities they needed to advance in their careers. Two-thirds of the respondents said they expected to move on to another organization within the next two years. Respondents weren't just anticipating events beyond their control, as nearly half said they wanted to move within the year.
The full report is available online (PDF) from Wisegate.


I'll share this with my Statistics students, but I doubt they are old enough to appreciate it.
– Do you think time is catching up with you? Perhaps it’s already overtaken you and left you in the dust. Do the years seem to be going ridiculously quickly now? There’s a reason for it. You’re getting old. The site will provide you a report full of interesting stuff. Find out just how bad it’s got. Enter your date of birth.


For my students and fellow professors. Looks like we will get into Big Data (Data Mining and Data Analysis) in a much bigger way. Getting SAS for free is huge!
SAS® University Edition
By 2018, demand for workers skilled in analytics could outpace supply by 60 percent – or 1.5 million jobs – according to a McKinsey Global Institute study. Translation? Anyone with analytic prowess will be in high demand from employers around the world. What's more, a recent Monster.com article, "Job Skills That Lead to Bigger Paychecks," named SAS as the skill that nets the biggest paycheck. Bottom line, if you’re a student, learning SAS is a great way to prepare for – and secure – your future. If you’re a teacher or professor, teaching SAS is a great way to attract top students and to equip tomorrow's workers with the skills they'll need to succeed.

(Related) The “Why” of Big Data education.
What Big Data Needs to Do to Grow Up
We are in an Information Revolution — and have been for a while now. But it is entering a new stage. The arrival of the Internet of Things or the Industrial Internet is generating previously unimaginable quantities of data to measure, analyze and act on. These new data sources promise to transform our lives as much in the 21st century as the early stages of the Information Revolution reshaped the latter part of the 20th century. But for that to happen, we need to get much better at handling all that data we’re producing and collecting.
Consider the more than $44 billion projected by Gartner to be spent on big data in 2014. The vast majority of it — $37.4 billion — is going to IT services. Enterprise software only accounts for about a tenth.


Because it amuses me.
Connecticut governor Dannel Malloy (D) signed a bill “to create and maintain a state platform for the distribution of electronic books (e-books) to public library patrons.”
Onarbor is a new site, “intended as a publishing and funding platform for academics, kind of like a Kickstarter for scholarly work.” More via The Chronicle of Higher Education.
Politico reports that Facebook has applied for a patent for “letting children create accounts with parental supervision”

Friday, June 06, 2014

This has been going on too long and involves too many “rebels” in uniforms with too many weapons to be a spontaneous bunch of protesters. Or am I wrong?
Pro-Russian rebels take control of 3 government bases in eastern Ukraine
Pro-Russian insurgents dislodged government troops from three bases in eastern Ukraine, a new blow to beleaguered armed forces as its president-elect vowed new initiatives to help end the regional mutiny.
… The move follows nearly two months of fighting in the region


If I block your device, I'm a privacy advocate. If you block my device, you're denying my First Amendment rights! Is there any law covering this?
For the privacy-conscious: An app that can jam Google Glass' WiFi
Here's something for the privacy-conscious who are wary of Google Glass' secret recording capabilities - an app to jam the wearable computing device's WiFi access.
Berlin-based artist Julian Oliver created the program "Glasshole.sh" to detect any Glass device and block it from accessing a WiFi network, a report on Wired.com said."
When it detects Glass, it uses the program Aircrack-NG to impersonate the network and send a 'deauthorization' command, cutting the headset’s Wi-Fi connection. It can also emit a beep to signal the Glass-wearer’s presence to anyone nearby," Wired.com reported.


Robots, like any “Thing” connected to the “Internet of Things” will know everything the Internet knows. What will they be programmed to do with it?
Robots: Can we trust them with our privacy?
Joss Wright is training a robot to freak people out.
Wright, a computer scientist, is plotting an experiment with a humanoid robot called Nao. He and his colleagues plan to introduce this cute bot to people on the street and elsewhere – where it will deliberately invade their privacy. Upon meeting strangers, for example, Nao may use face-recognition software to dig up some detailed information online about them. Or, it may tap into their mobile phone's location tracking history, learn where they ate lunch yesterday, and ask what they thought of the soup.


Can I use one to conduct academic research? I want before and after pictures of certain politician's homes.
Hollywood to feds: Let us use drones
It's almost entirely illegal to use drones for money-making purposes in the United States. But a little Hollywood magic could change that.
… Currently, there's only one exemption to the Federal Aviation Administration's nationwide ban on commercial drones, called unmanned aircraft systems or UAS. That's a spot off Alaska's coast where drones are used by an oil company.


For my students (and my lawyer friends)
E-Mail Self Defense
by Sabrina I. Pacifici on June 5, 2014
“Bulk surveillance violates our fundamental rights and makes free speech risky. This guide will teach you a basic surveillance self-defense skill: email encryption. Once you’ve finished, you’ll be able to send and receive emails that are coded to make sure that a surveillance agent or thief can’t intercept your email and read it. Even if you have nothing to hide, using encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. If you do have something important to hide, you’re in good company; these are the same tools that Edward Snowden used to share his famous secrets about the NSA. This guide relies on software which is freely licensed; it’s completely transparent and anyone can copy it or make their own version. This makes it safer from surveillance than proprietary software (like Windows). Learn more about free software at fsf.org. Email Self-Defense is a project of the Free Software Foundation. We fight for computer user’s rights, and promote the development of free (as in freedom) software like GnuPG, which is used in this guide. We have big plans to get this guide in the hands of people under bulk surveillance all over the world, and to make more tools like it.”


“Hey, we got him down, let's stomp on him!”
“Hey, he stole all that money, why should we let him use it to defend himself?”
Record companies want Kim Dotcom's assets frozen
Dotcom's assets had been frozen since January 2012 when his home was raided and Megaupload service was shut down. In April this year, a New Zealand court refused to extend the freeze on Dotcom's assets, which include a garage full of luxury cars, millions in cash, and other items taken from the raid of his mansion.
The court's decision has since been appealed by the Crown with a hearing due on July 30, and six major Hollywood studios also want Dotcom's assets to remain frozen while the case against him proceeds.
They are now joined by four record companies - reportedly Warner Music, UMG Recordings, Sony Music and Capitol Records - with papers served on Tuesday seeking to have Dotcom's assets frozen.


Learning how the (Brave new) world works.
Cloud Services For Dummies


For my student Mac users.
The Swift Programming Language
This book is available for download with iBooks on your Mac or iOS device, and with iTunes on your computer. Books can be read with iBooks on your Mac or iOS device.


Tools & Techniques
– lets you easily monitor the file access activities on your system. Have you ever wondered what’s going on with your disk system behind your watch? Why the disk is busy? What’s scratching your HDD? You may find them out using this simple program. There is an installable version and also a portable version.

Thursday, June 05, 2014

Soon, everything (on the Internet of Things) will know where you are. (Why would a flashlight need to know where you are?)
FTC Testifies on Geolocation Privacy
by Sabrina I. Pacifici on June 4, 2014
“The Federal Trade Commission testified before Congress on the Commission’s efforts to address the privacy concerns raised by the tracking of information about consumers’ location, as well as proposed legislation to protect the privacy of geolocation data. Delivering testimony before the Senate Judiciary Committee’s Subcommittee for Privacy, Technology and the Law, Jessica Rich, Director of the FTC Bureau of Consumer Protection, outlined the FTC’s ongoing efforts to protect the privacy of consumers’ geolocation information through enforcement, policymaking, and consumer and business education. Precise geolocation data is sensitive personal information increasingly used in consumer products and services, the testimony states. These products and services make consumers’ lives easier and more efficient, but the use of geolocation information can raise concerns because it can reveal a consumer’s movements in real time and provide a detailed record of a consumer’s movements over time. “Geolocation information can divulge intimately personal details about an individual. Did you visit an AIDS clinic last Tuesday? What place of worship do you attend? Were you at a psychiatrist’s office last week? Did you meet with a prospective business customer?” the testimony states. Geolocation information may be sold to companies to help build profiles about consumers without their knowledge or consent, or it could be accessed by cybercriminals, hackers or through surreptious means such as “stalking apps.” The FTC has used its enforcement authority under Section 5 of the FTC Act to take action against companies engaged in unfair or deceptive practices involving geolocation information. Last month, for example, the Commission entered into a settlement with the mobile messaging app Snapchat, resolving FTC allegations that Snapchat made multiple misrepresentations to consumers about the disappearing nature of messages sent through its service, as well its transmission of users’ geolocation information. The FTC has raised similar allegations involving undisclosed collection and transmission of location data as part of privacy complaints against a popular flashlight app, as well as a national rent-to-own retailer and one of its software vendors, the testimony states.”


So if the first thing out of my mouth was, “This involves National Security!” they have to turn off the recorders? OR if they think it involves National Security, I won't be able to prove what was said during the interrogation? Seems nuts to me, but then I'm not a lawyer.
In an important decision not widely reported, the Department of Justice last month adopted a policy requiring that interrogations of suspects arrested by the principal federal law enforcement agencies (including the FBI and the Drug Enforcement Administration) ordinarily must be recorded electronically. The new requirement is an unquestionably positive development, long overdue, but it expressly exempts interrogations in national security cases – an exception that is at best puzzling and, at worst, downright alarming. The new policy, set forth in a May 12 DoJ memo entitled “New Department Policy Concerning Electronic Recording of Statements” (full text), will go into effect on July 11, 2014.


For my Ethical Hackers. This is what happens to all those stolen cards...
Peek Inside a Professional Carding Shop
Over the past year, I’ve spent a great deal of time trolling a variety of underground stores that sell “dumps” — street slang for stolen credit card data that buyers can use to counterfeit new cards and go shopping in big-box stores for high-dollar merchandise that can be resold quickly for cash. By way of explaining this bizarro world, this post takes the reader on a tour of a rather exclusive and professional dumps shop that caters to professional thieves, high-volume buyers and organized crime gangs.


For my students with an Android phone.
New Ransomware Encrypts Android Files: ESET
Dubbed Simplocker, the malware scans the SD card for certain file types, encrypts them and then demands a ransom in exchange for decrypting the files. After launching the malware will display a message in Russian warning that the victim's phone has been locked while files are being encrypted in a separate thread in the background. The message demands payment in Ukrainian money, indicating that region of the world is likely the primary target.


For my Computer Security students. Scary, isn't it?
Keep Up With The Latest Data Leaks – Follow These 5 Services & Feeds
SC Magazine - The Data Breach Blog
Unfortunately, they are split between the US site and the UK site,


For my artsy-fartsy students.
30,000+ Images of Art and Artifacts to Download and Re-use for Free
The Museum of New Zealand recently released more than 30,000 images of art and artifacts to download and re-use for free. The images are a mix of public domain images and images labeled with a Creative Commons license. The museum makes it easy to determine how an image is licensed. To determine the licensing of an image simply click on the download button and the next page clearly shows the license for the image.
Finding images in the Museum of New Zealand's gallery isn't the most intuitive process. You can enter a keyword to search, but if you're too specific you might not find what you're looking for. For example, enter "fish" and scroll through the results rather than entering "salmon" or "trout" to find images of fish. The other way to search is to open the advanced search settings in which you can choose a collection to browse through.


For all my students. (Includes a “Free Doughnut Search Engine!
National Doughnut Day Friday, June 6

Wednesday, June 04, 2014

How do I surveil thee?
Let me count the ways...
Nathan Freed Wessler writes:
A Florida judge has sided with the ACLU to order release of information about police use of “stingrays,” which are invasive surveillance devices that send out powerful signals to trick cell phones into transmitting their locations and identifying information. The Tallahassee judge’s pro-transparency decision stands in contrast to extreme secrecy surrounding stingray records in another Florida court, which is at the center of an emergency motion filed by the ACLU today.
Read more on ACLU.
[From the article:
Late yesterday, the judge ordered unsealing of the entire transcript. The portion that the government had sought to keep secret is here.
… Stingrays can track cell phones whenever the phones are turned on, not just when they are making or receiving calls.
… In this case, police used two versions of the stingray — one mounted on a police vehicle, and the other carried by hand. Police drove through the area using the vehicle-based device until they found the apartment complex in which the target phone was located, and then they walked around with the handheld device and stood “at every door and every window in that complex” until they figured out which apartment the phone was located in.


“Users who take appropriate security measures protect their own privacy.” (Otherwise we read their email to send them appropriate ads.) Or does Google know how to read Google encrypted emails?
Google goads users to use encryption
As much as 50% of e-mail traffic sent from or to Gmail users isn't really private, and Google thinks it should be.
To nudge e-mail providers to make use of already existing encryption, Google on Tuesday published a page telling users which e-mail services support encryption and which do not, based on what it can see of e-mails sent by Gmail's 425 million active users worldwide.
The statistics were posted on Google's Transparency Report. There, users can search by region to see whether their e-mail provider has encryption turned on.


“Information” increases faster than “data?” Is there a point beyond which anyone can learn anything (everything?) about anyone because of the volume of data available on the Internet?
Can computer science and “mosaic theory”– the idea that a large enough collection of data is vastly more revealing than the individual points– help reinterpret Fourth Amendment search and seizure and surveillance protocols?
The answer is yes, according to University of Maryland Francis King Carey School of Law Professor Renee Hutchins, co-author of a new paper that examines how advances in machine learning technology may change the way courts treat searches, warrants, and privacy issues.
Read more on Newswise.
Related Article:
When Enough is Enough: Location Tracking, Mosaic Theory, and Machine Learning (pdf) by Steve Bellovin, Renee M. Hutchins, Tony Jebara, and Sebastian Zimmeck.


Perspective.
Microsoft Examines Relationship Between Cybersecurity and Socio-Economic Conditions
In the report, “Cyberspace 2025: Today’s Decisions, Tomorrow’s Terrain”, Microsoft predicts that by the year 2025, over 91% of people in developed countries and 69% in emerging countries will be using the Internet, and dependence on the Web will become a reality.
Earlier this year, a report released by the World Economic Forum during its famous annual meeting, outlined different scenarios for how things could look in 2020 based on the “conceivable value created from innovations in technology” that could be affected by global organizations’ ability to defend against cyber attacks.
According to statistics cited by the World Economic Forum (WEF) in its report, technology trends such as cloud computing and big data have the potential to create between $9.6 trillion and $21.6 trillion in value for the global economy. However, the reports notes, if attacker tactics outpace the capabilities of defenders, more destructive attacks will result and spark a wave of new regulations and corporate policies that could slow innovation with a massive economic impact.


A heads-up for my Ethical Hackers.
Your car is a giant computer - and it can be hacked
Most people aren't aware their cars are already high-tech computers. And now we're networking them by giving them wireless connectivity. Yet there's a danger to turning your car into a smartphone on wheels: It makes them a powerful target for hackers.
Interviews with automakers, suppliers and security advisers reveal a major problem with the new wave of "connected" cars: The inside of your car has ancient technology that presents a security risk.
… Cars' computers were built safely enough back in the 1990s, when the car was a closed box. But their architecture won't hold up as we hook them up to the Internet.


Tools & Techniques. Isn't this too broad an interpretation of copyright law? If so, you might want to grab a copy now, before the injunctions start flying. NOTE: Not free and not cheap!
Save Videos From Any Site – Even Netflix – With Applian’s Replay Capture Suite
If you can watch or listen to something, you can record it. All you need is the right tool.
… One Applian program, called Replay Media Catcher, is a video downloader that grabs videos from unencrypted sites like YouTube and Vimeo – but not sites like Hulu and Netflix, which encrypt their files.
Another program, Replay Video Capture, isn’t a downloader at all: it actually records what’s happening on your screen, meaning you can save a copy of any online media – even Netflix or Hulu – without the need to break any encryption.
… “Copyright laws are pretty clear that you’re allowed to record for your own personal use,” says Bill Dettering, CEO of Applian Technologies. This means that if you record something, but don’t share it with others or attempt to sell it, you’re within your rights.


Maybe this is what my students are doing when they should be studying?
Make Money Gaming: 5 Games You Can Get Paid To Play


Because I have students who want to learn stuff we don't teach, yet.
– Education is changing, with great educators from around the world increasingly putting their amazing courses online. SlideRule believes that we all are in the early days of a revolution that will not only increase access to great education, but also transform the way people learn. SlideRule will help you discover the world’s best online courses in every subject.

Tuesday, June 03, 2014

What does your phone know? (How does your phone know all this?)
Don’t Miss The Next Big Thing — iBeacons
In Apple’s WWDC this year, one of the seemingly minor announcements has many industries abuzz with anticipation — iBeacons. While Apple did not highlight this new technology as prominently as others, mobile app developers and physical retail executives see huge potential in this nascent technology.
… Think of it this way: You’re walking through an airport, and your phone knows you normally buy a cup of coffee around 8am. So, it sends you a prompt letting you know that a Starbucks is 50 feet away on your left. Or, you’re in a clothing store. Based on your buying history, your phone knows your size and what styles you prefer, so it sends you a prompt telling you where to go in the store to look for those types of items. Maybe you’re in a grocery store buying a bottle of wine? Your phone knows you like Merlot and there’s a sale on one of your favorite bottles one row over… Your phone could send you a push notification alerting you to that sale.


Am I reading this correctly? This is not a development project? Who had this software ready to sell?
Secret Service seeks software to monitor current and historical social media data
by Sabrina I. Pacifici on June 2, 2014
Via NextGov: “The Secret Service is purchasing software to watch users of social networks in real time, according to contract documents. In a work order posted on Monday, the agency details information the tool will collect — ranging from emotions of Internet users to old Twitter messages. Its capabilities will include “sentiment analysis,” “influencer identification,” “access to historical Twitter data,” “ability to detect sarcasm,” and “heat maps” or graphics showing user trends by color intensity, agency officials said. The automated technology will “synthesize large sets of social media data” and “identify statistical pattern analysis” among other objectives, officials said.”


Is this how we move toward global government? (at least, global laws?) Or will some banks lie to the IRS and keep my accounts hidden?
IRS Nets Offshore Data From 77,000 Banks, 70 Countries In FATCA Push
An astounding 77,000 banks and financial institutions—even some in Russia—have registered under FATCA—the Foreign Account Tax Compliance Act. America’s global tax law requires foreign banks to reveal American accounts holding over $50,000. Non-compliant institutions could be frozen out of U.S. markets, so everyone is complying. The fact that 77,000 banks have registered and some 70 countries are providing government help to the IRS means almost no foreign account is secret.


My students will appreciate this.
How To Make Money Online
… You can earn a decent living just by blogging. If you’re a skilled writer or transcriber, there’s a job opportunity waiting for you.
If you’re still curious about making money on the Internet after reading through this flowchart, you might want to check out the extensive infograph on 200 ways to make money online.

Monday, June 02, 2014

Hit them were they ain't looking.
Windows PowerShell Increasingly Abused by Attackers
Windows PowerShell is a task-based command line shell and scripting language that enables IT teams to control and automate the administration of the operating system and applications. Built on the .NET Framework, the tool is available for all current versions of Windows, and it has been included by default starting with Windows 7.
Experts believe cybercriminals are increasingly relying on PowerShell because this is not a common technique and IT administrators who are usually on the lookout for malicious binaries might overlook threats that abuse the scripting tool.


Perspective, and a warning.
Business Adapts to a New Style of Computer
by Sabrina I. Pacifici on June 1, 2014
The Internet of Things is especially important for companies that sell network equipment, like Cisco Systems. Cisco has been enthusiastically predicting that 50 billion “things” could be connected to communications networks within six years, up from around 10 billion mobile phones and PCs today (see “Silicon Valley to Get a Cellular Network, Just for Things”). Another beneficiary is the $300 billion semiconductor industry. As Blaauw notes, “Every time there has been a new class of computing, the total revenue for that class was larger than the previous ones. If that trend holds, it means the Internet of things will be bigger yet again.” But every shift promises pain, too. Large companies like Intel are already reeling from the rapid emergence of smartphones. Intel, with its powerful, power-hungry chips, was shut out of phones. So was Microsoft. Now both these companies, and many others, are groping to find the winning combination of software, interfaces, and processors for whatever comes next.”
The Economics of the Internet of Things


Government by magic? Regulating without regulations?
A number of people were hopeful that the FTC would disclose more information about its data security standards in testimony to be provided by Daniel Kaufman, Deputy Director of the FTC’s Bureau of Consumer Protection, in FTC v. LabMD.
If you were expecting new insights, however, you will likely be disappointed. Rather than having Kaufman testify last week during the heading before Administrative Law Judge Chappell, both LabMD and the FTC agreed to simply enter Kaufman’s deposition into the record.
So what was in his deposition? Here’s a sample exchange.
… The short version: for pretty much every aspect of the complaint in paragraph 10, Kaufman testified that the FTC had communicated that standard via its speeches, business guidance documents, testimony to Congress, and previous settlements, but he would not go so far as to say whether LabMD could have violated any of those standards and still be found to have complied with “reasonableness” under Section 5.
So where does that leave entities? It seems that we all must follow all of the FTC’s speeches, blog entries, and testimony to Congress, in addition to reading all of their settlements and closing letters if we want to deduce what all the standards are that we must comply with to stay on the safe side of the FTC.
… I’ve uploaded the second day of Kaufman’s deposition here (pdf), if you’d like to read it in its entirety.


Perhaps we could build one like this for the FTC?
New on LLRX – World leading online privacy law library gets big increase in capacity
by Sabrina I. Pacifici on June 1, 2014
The International Privacy Law Library on WorldLII has been expanded. The Library’s 32 databases include about 3,600 decisions of 13 privacy and data protection authorities, from New Zealand, Ireland, the United Kingdom, Hong Kong, Australia, Korea, Macau, Mauritius, the United States and the European Union.


This could get really messy.
Google's 'Right To Forget' Approach Should Not Be Leveraged By The Music Industry
Following the EU ruling on the principle of a ‘right to be forgotten’ by a search engine, Google has put in place their “initial effort” to comply with the ruling. Critics of Google in the music industry are looking at the reaction to the ruling, and are hoping to use it to bolster their arguments that the Mountain View based company should do more to police their search engine results.
… In a sense a link to something that could damage an individual is now beginning to be treated in the same way as a link to something that could damage the value of a copyrighted piece of media.
This has not stopped the music industry pointing out the ‘right to forget’ process to strengthen their argument that Google should be determining the legality of content not held on Google’s servers. Geoff Taylor is the Chief Executive of the BPI, the UK’s trade body for the music industry. Quoted in The Guardian, he makes the case that Google should be more proactive in dealing with outbound links from the search engine.
“It’s ‘Don’t be Evil’ 101,” says Geoff Taylor, chief executive of the music industry’s trade body, the BPI. “The principle at stake here is when you know someone is acting illegally, you shouldn’t continue helping them by sending them business.”
For me, the key part of the quote here is “when you know someone is acting illegally”. Computers must follow hard and fast rules they are not very good at judgement calls. Google cannot yet automatically decide with certainty if something it is linking to is ‘fair use’, ‘parody’, or ‘breaking copyright’.
The music industry and Google have a long antagonistic relationship with each other around linking to potentially copyrighted material. The EU ruling around the ’right to be forgotten’ is an important social issue that generates differing viewpoints on either side of the Atlantic that needs to be addressed. It should not be used in the continued debate around linking to material that may or may not be breaking copyright.


Question: How does political fund raising impact regulation? Also note that “creating” a channel to politicians does not ensure that it will be used, by either end of the “conversation.”
Social Media #FTW!: The Influence of Social Media on American Politics
by Sabrina I. Pacifici on June 1, 2014
Via LLRX - Thesis submitted to Johns Hopkins University in conformity with the requirements for the degree of Master of Arts in Government by Kenneth Scott Ames
Social Media #FTW!: The Influence of Social Media on American Politics – Abstract: “Social media has transformed politics in America. Its effect has impacted the way candidates campaign for the presidency, Members of Congress operate their offices, and advocacy organizations communicate with policymakers and supporters. Social media allows politicians and organizations a method to connect directly and without filters with people across the country, assemble a constituency, and solicit their support at a reduced cost and greater reach than traditional media. Social media is not simply the next in a line of communications technologies: it has changed everyday activities and connected people in a manner never before possible. The rise of smartphone technology has enabled this trend since people can access the Internet almost anywhere making a mobile device a potential organizing and fundraising tool. Social media has transformed politics in America because it creates an instantaneous multi-directional public dialogue that offers the ability to rapidly analyze the data and learn from the findings on an unprecedented scope.”


For my Ethical Hackers. Hack one, hack them all.
Google to launch 180 satellites in $1bn plan to cover the unwired
Google will spend north of $1bn to launch a fleet of 180 satellites to blanket unwired parts of earth with internet access, according to the Wall Street Journal.
While details of the project are subject to change, people familiar with Google's satellite plans told the paper the project will start with 180 small, high-capacity satellites that orbit lower than typical satellites.


Perspective. I never would have guessed... (Very strange headline)
This Is The Most Commonly Spoken Language Spoken In Your State
The handy map below takes a look at the most common languages spoken at home, other than Spanish or English.


Amusing and potentially very scary.
– is a site that offers human-sized photos. They are called Engineer Prints because the prints are made on industrial printers typically used for architectural and engineering work. Your photo will be printed in halftone black and white ink on extra-light 20lb bond at a whopping 4 feet wide. Once it’s done it ships free, rolled nice and neat for just $40.


My students think “Free is Good!” I hardly had to train them at all. I list the ones I like.
6 Ways You Can Use Microsoft Office Without Paying For It
Microsoft Office remains the gold standard in office applications. Sure, Office alternatives exist, but Microsoft’s file formats dominate. People with access to Office tend to have an easier time than those who lack it, because while alternatives like LibreOffice can export to .doc or .xls, the formatting isn’t 100% compatible.
Microsoft itself offers a collection of free Office utilities formerly known as Office Web Apps and now called Office Online. They are essentially browser-based versions of the latest Office suite. You can use Word, Excel, and PowerPoint without paying a dime.
Ask Your School Or Employer
Many companies offer a low-cost or no-cost version of Office for a fairly obvious reason; the people working or studying there need it. Academic institutions often participate in Microsoft’s DreamSpark program (formerly MSDNAA), allowing them to offer professional software to their students and employees for free.