Saturday, July 12, 2014

A government that grasps the obvious? What a concept! Makes me wish it was our government. (Sounds like they still haven't found the really intrusive stuff, so don't tell them, okay?)
Apple's iPhone branded a 'national security concern'
Apple's iPhone has been labeled a "national security concern" by Chinese state broadcasters as relations between the country and US over cybersecurity worsen.
The influential state-sponsored China Central Television broadcast declared the iPhone a "national security concern" as part of its national noon broadcast on Friday, according to the Wall Street Journal. CCT criticized the "frequent locations" function present on Apple's iOS 7 operating system, declaring that researchers believe data points recorded by the service could give those with access to this data knowledge of Chinese concerns and even "state secrets."

A challenge for my Computer Security students.
Banks Try to Tame Gadget-Flooded Workplace with Management Software
by Sabrina I. Pacifici on Jul 11, 2014
American Banker: “MDM [mobile device management] software has been available for awhile, but it is being slowly adopted by banks. Many of these banks once used only BlackBerry products, but the Ponemon study found that 23% of banks are migrating from BlackBerry to a multi-OS mobile environment and 18% plan to do so. And a recent Forrester survey found that 20% of “mobile decision-makers” at U.S. companies with more than 1,000 employees are so eager to use their own devices that they would be willing to help pay for the opportunity; 11% said they would be willing to pay the entire cost if they could get the smartphone of their choice. Another driver for MDM software in banking is the Federal Financial Institutions Examination Council’s guidelines on cloud computing, which were issued in mid-2012 but are still being digested by many in the industry. The regulators say, among other things, that banks must know where their data is at all times. At the $1.4 billion-asset Needham Bank, MDM software from MobileIron has helped with regulatory compliance and automatic provisioning. “It gives auditors an increased level of comfort that we know exactly what’s going on with that fleet [of devices],” Gordon says. “We can also help users set up devices more rapidly than we would have otherwise.” A recent IT project proved the software’s worth, Gordon says. The bank redeployed a wireless network, setting up sub-networks to handle data security and software distribution separately for executives, IT and general users.”

(Ditto) Worth a read, Computer Security students. These are your future employers!
The Soft Underbelly of Enterprise Cybersecurity: Small Business Readiness
For the better part of the last two years, I’ve been on a bit of a personal campaign.
I’ve talked to more than 50 individual business owners - a set of folks that represents pretty much the entire spectrum of what I’d call the “everyday life” industries - about cybersecurity and the risks their businesses face. Sadly, not once have I encountered a small business owner who knew much more than my dad about network or computer security.

Perhaps an “Academic Search Engine” or one controlled by an organization like the Privacy Foundation ( ) might reduce the bias? OR we could leave it to my Ethical Hackers...
Why we need an underground Google
There has never been a search engine that accurately reflects the Internet.
In the 1990s and 2000s, the limitation was technical. The so-called "deep web" and "dark Internet" -- which sound shady and mysterious, but simply refer to web sites inaccessible by conventional means -- have always existed.
Many parts of the Internet are hard to index, or are blocked from being indexed by their owners.
Companies like Google have worked hard to surface and bring light to the "deep, dark" recesses of the global web on a technical level.
But in the past few years, a disturbing trend has emerged where governments -- either through law or technical means or by the control of the companies that provide access -- have forced inaccuracy, omissions and misleading results on the world's major search engines.

If Harvard says it, it must be true!
Millennials Are Entering a Changed Workplace. Not.
Sometimes the U.S. government’s exhaustively and exhaustingly dry reports yield startling results, as Fortune discovered. A Department of Education study of college graduates shows, for example, that the wage gap starts early: Four years out of college, male graduates were already making much more than their female counterparts, even if you control for field of study and other factors. A male engineer, for instance, earned $68,000, on average, while his female peer earned $65,817.
Another finding: The 65.2% of for-profit college graduates who were employed and not in school earned a full-time median salary of $54,000, compared with $47,500 and $45,000, respectively, for graduates of private nonprofit and public universities.

(On the other hand)
Majority of STEM College Graduates Do Not Work in STEM Occupations
Census news release: “The U.S. Census Bureau reported today that 74 percent of those who have a bachelor’s degree in science, technology, engineering and math — commonly referred to as STEM — are not employed in STEM occupations. In addition, men continue to be overrepresented in STEM, especially in computer and engineering occupations. About 86 percent of engineers and 74 percent of computer professionals are men. “STEM graduates have relatively low unemployment, however these graduates are not necessarily employed in STEM occupations,” said Liana Christin Landivar, a sociologist in the Census Bureau’s Industry and Occupation Statistics Branch. According to new statistics from the 2012 American Community Survey, engineering and computer, math and statistics majors had the largest share of graduates going into a STEM field with about half employed in a STEM occupation. Science majors had fewer of their graduates employed in STEM.

“You can fool some of the people all of the time” but you can't call them ignorant without being called names yourself.
Old 'Jurassic Park' Photo of Steven Spielberg With 'Dead' Triceratops Caused Controversy
Steven Spielberg meant no harm 20 years ago when he posed with a "dead" dinosaur on the set of "Jurassic Park". The old pic caused controversy this week when humorist Jay Branscomb posted it on Facebook in the wake of criticism against teen hunter Kendall Jones.
In a bizarre situation, Spielberg was accused of slaughtering an animal that has been dead million of years ago. Branscomb posted the 1993 snapshot and jokingly captioned it, "Disgraceful photo of recreational hunter happily posing next to a Triceratops he just slaughtered. Please share so the world can name and shame this despicable man."

I've been thinking about having my students make videos explaining Math concepts. Then I can show them to the next class. (Eventually, I'll have students do all the work.)
How To Make Whiteboard Videos For Your Website
One of the coolest tools for creating visual online content in recent years is the “whiteboard” video. You know the type—a hand, a pen, a whiteboard, and some fun drawings that help bolster your online brand and generate a lot of social shares. Have you ever wanted to make a whiteboard video for your company? I set out to see how it could be done, and found out that it’s actually really easy!

For my students.
7 Blogs You Should Really Read If You Are A Student Programmer

Another week, another series of belly laughs!
A class action lawsuit has been filed charging that the Los Angeles Unified School District does not provide students with enough PE.
… Sarah Houghton, “Librarian in Black,” discovered that Rosetta Stone “was setting ad tracking cookies (without disclosure or consent) on the personal computers of any library users who used the Library Edition that is offered through their libraries. This applied not only to the full product, but also to any library offering a temporary trial of the product.” Rosetta Stone say they’ve addressed the issue.
… “LG has announced a wrist-worn device designed to let parents keep track of where their child is and listen to what they are up to,” reports the BBC.
… The Gates Foundation is backing the development of a birth control chip that lasts up to 16 years and can be turned on and off via remote and omg what could possibly go wrong. [An Internet of Things thing... Bob]
… The US Department of Education is spending $3 million on research to gauge the effectiveness of Khan Academy.

Friday, July 11, 2014

An example of the “Internet of Things with Malware”
Malware hidden in Chinese inventory scanners targeted logistics, shipping firms
Financial and business information was stolen from several shipping and logistics firms by sophisticated malware hiding in inventory scanners manufactured by a Chinese company.
The supply chain attack, dubbed “Zombie Zero,” was identified by security researchers from TrapX, a cybersecurity firm in San Mateo, California, who wrote about it in a report released Thursday.
TrapX hasn’t named the Chinese manufacturer, but said that the malware was implanted in physical scanners shipped to customers, as well as in the Windows XP Embedded firmware available for download on the manufacturer’s website.

“It can't happen here.”
Critical Infrastructure Firms Lag Behind in Cyber-Attack Defenses
Security teams at critical infrastructure firms have little trouble understanding that their networks are vulnerable. But the companies themselves have failed to make security a priority, according to a survey of nearly 600 security executives by the Ponemon Institute published on July 10.
External attackers and malicious or negligent employees managed to compromise two-thirds of the companies' networks in the past 12 months, leading to the loss of data or a disruption in operations, according to the report, Critical Infrastructure: Security Preparedness and Maturity, which was funded by technology firm Unisys. About 57 percent of respondents believe that their industrial control systems are at risk from cyber-attacks.
Despite the recognition of cyber-attacks as a threat, most critical-infrastructure firms are not focused on security, according to the survey. Only 28 percent of security practitioners stated that their firms considered security a top-five priority, the study found.

Something for my Computer Security and Computer Forensics students. Perhaps we could extend this to include Tools & Technques?
NGOs Launch Digital First Aid Kit
by Sabrina I. Pacifici on Jul 10, 2014
Via EFF – “When faced with a digital emergency—whether someone has hijacked your social media account or your website is being DDoSed—can be difficult for non-technical people to discern what the problem is and what the appropriate next steps may be for seeking help. To help fill this niche in the universe of privacy and security guides, a group of NGOs ( including EFF, Hivos, Internews, VirtualRoad, and CIRCL) have teamed up to write a guide that combines advice for self-assessment with advice for “first responders” to help non-technical users all over the world identify and respond to their digital emergencies. The Digital First Aid Kit aims to provide preliminary support for people facing the most common types of digital threats. The Kit offers a set of self-diagnostic tools for human rights defenders, bloggers, activists and journalists facing attacks themselves, as well as providing guidelines for digital first responders to assist a person under threat.”

“If the FAA gives us a hard time, we'll just buy a small country where we can fly all the drones we want.”
Six Things You Need To Know About Amazon's Drones

(Related) You need a drone to map an estate the size of this one.
Martha Stewart Uses Drones To Take Pictures Of Her Farm
Stewart posted the photos on her blog Wednesday — 31 “amazing aerial photos of my farm” taken with a “new toy,” a DJI Phantom flying camera. She said the drone is “lots of fun to play with and take[s] extraordinary photos.”

Sounds impressive, but I doubt that well run small businesses have significant amounts of capital tied up in receivables.
Obama Gets 26 Companies Committed to Help Suppliers
President Barack Obama will announce today that 26 companies including Apple Inc., Johnson & Johnson and Coca-Cola Co. are committed to speed payments to their suppliers that are small businesses.
The White House said in a statement released this morning that the faster payments will provide more working capital for suppliers to invest in new equipment and new hiring. The participants also have the option to offer financing to help suppliers cut their costs.

Interesting discussion with my students last night. No agreement on how much to tip and some interesting variations as a result.
Calculate Tips And Split Bills With These Beautiful Smartphone Apps
Don’t let your lack of mental math skills embarrass you when the bill hits the table. Whip out your smartphone and fire up Gratuity for iOS or Perfect Tip for Android; they’re simple enough to work quickly and gorgeous enough to be the talking point.

My students would like these, if they could remember where they made a note about them...
Try These 3 Beautiful Note-Taking Apps That Work Offline

Thursday, July 10, 2014

I would think this was obvious. You want a list of people you might want to compromise AND you can determine the minimum profile for an agent you want to plant.
Chinese hackers reportedly sought data on US workers with security clearance
Chinese computer hackers were able to access the computer network of the federal agency that houses the personal information of all government employees in an apparent attempt to target workers who have applied for security clearances, according to a published report.
The New York Times reports that the hackers gained access to some databases from the Office of Personnel Management this past March before federal authorities were able to block them from the network.
… The attack in March was not announced even though the Obama administration has urged U.S. companies to share information about breaches in security with the government and with consumers, the newspaper reported.
"The administration has never advocated that all intrusions be made public," [“Except for you second class citizens...” Bob] Caitlin Hayden, a spokeswoman for the Obama administration, said in a statement to the Times.
… Hayden said the administration had no reason to believe [Interesting phrasing Bob] that personally identifiable information for employees had been compromised.

(Related) For us second class citizens.
Shelburne Country Store in Shelburne, Vermont will pay a $3,000 civil penalty for failing to inform 721 internet buyers of a security breach of their credit card information. In late 2013, the company’s website was hacked and credit card information stolen. Upon being informed of the breach in January 2014, the company quickly fixed the problem, but did not notify consumers until it was contacted by the Attorney General’s Office.
“At this stage of the game, having seen widely reported data breaches at big retailers like Target and dozens of others, we will not accept the excuse that a business did not know of its obligations to report a breach. ” said Attorney General Sorrell.
Under Vermont’s Security Breach Notice Act, businesses are required to send the Attorney General a confidential notice within 14 business days of discovery of a data breach. The business must also send notice to consumers in the most expedient time possible, but no later than 45 days. The Office of the Attorney General works with businesses and their counsel, particularly with small Vermont businesses, to help them address security breaches. The office has an open-line policy for anyone with questions about Vermont’s data security law or how to address a breach. The office brings enforcement actions under the Security Breach Notice Act only for serious violations.
Any business with questions about the Act can find guidance on the Attorney General’s website, call the office at 802-828-5479, or email
SOURCE: Office of the Vermont Attorney General

Inevitable, but not necessarily serious.
US lawmaker asks FTC to probe implications of Facebook 'big data' experiment
A U.S. senator has asked the Federal Trade Commission to scrutinize the use of big data by Facebook and other Internet companies, following a controversy over a Facebook experiment on some of its users.
… In a letter to the FTC, Warner has asked whether the Facebook experiment violates the agency's consent agreement of 2011 with the company and also section 5 of the FTC Act which prohibits ''unfair or deceptive acts or practices."
Privacy group Electronic Privacy Information Center filed a complaint earlier this month to the FTC stating that the study, published in the Proceedings of the National Academy of Sciences, violated the privacy consent order that requires the social-networking company to protect its users' privacy, and is also a deceptive trade practice.

Nothing angers courts more than being taken literally. (Be careful what you sue for?)
Aereo Now Claims To Be A Cable Company
In its ongoing effort to stay alive, Aereo is using the ruling about its illegality against the U.S. Supreme Court. While backing the broadcasters in their case against Aereo, judges ruled that Aereo “is for all practical purposes a traditional cable system.
Aereo is now taking those words literally and arguing that as a “traditional cable system” it’s entitled to a statutory license. The broadcasters are, unsurprisingly, rallying against this move, calling Aereo’s new stance “astonishing.” We think “genius” is a more apt description.

If Microsoft owns it, it must be vulnerable?
Silent Circle seeks to destroy Skype with its secret weapon: Encrypted VoIP
Silent Circle – the esoterically brooding group behind this year's "unhackable" Blackphone – has set its sights on disrupting big market players like Skype and Viber with an encrypted voIP client.
The company has announced a global expansion of its encrypted calling service, allowing around the world to make secure phone calls without incurring roaming charges.
Silent Circle's apps have always allowed customers to make encrypted calls, send secure messages and to transfer files, but until now the app had to be in use by both parties. The latest announcement means that users will now be able to make private calls to non-Silent Circle subscribers across 79 countries.
… Starting now, anyone wishing to utilise this "Out-Circle" service will be given a unique ten-digit Silent Phone number to make and receive calls without incurring roaming charges.
It does still come at a price though. Silent Circle will charge $12.95 for 100 minutes, $19.95 for 250 minutes, $24.95 for 500 minutes and $39.95 for 1,000 minutes.

For my Website and my Excel students.
– turns spreadsheets into well-documented APIs, quickly and easily. Many businesses still share product lists, service coverage areas, or other tabular information with one another using spreadsheets attached to email. There are so many things that can go wrong with this. Sheetlabs was built with the goal of making it really easy for businesses to build APIs on top of their existing spreadsheets.
[From the website: Emailing weekly updates of your product list, service coverage, or your other spreadsheet is sooo last century. Creating an API helps ensure your customers are always using your latest data, and it saves everyone the hassle of dealing with spreadsheets manually.

For my “Let's build a killer robot” students.
In May of this year, the United Nations Convention on Certain Conventional Weapons (CCW) held the first multilateral discussions on autonomous weapons or, as activists like to colorfully refer to them, “killer robots.” Discussion was robust, serious, and thoughtful, but through it all ran a strong sense of confusion about what exactly participants were, in fact, talking about.

Part II

Perspective. Roughly ¾ ounce for every man, woman and child.
Colorado puts annual marijuana demand at 130 tons
Total marijuana demand in Colorado, where the nation's first recreational pot shops opened in January, is estimated at 130 tonnes this year, a study for the state's revenue authority said on Wednesday.
A day after Washington became only the second state to allow recreational sales of the drug to adults, the report said the projected demand in Colorado was much higher than anticipated.
More than 90 percent of it came from residents, while out-of-state visitors accounted for only about 9 tonnes.

For my students. (I'm probably as guilty as they)
From Idea to Final Draft: How to Increase Your Writing Productivity

Unfortunately, that does not mean they will work for free.
American teens can’t read a pay slip
Fewer than 30% of U.S. teens understand their paycheck, according to the financial literacy portion of a test administered by the Organization for Economic Co-operation and Development.
More than one in six 15-year-olds is unable to make even simple decisions about everyday spending, and only one in 10 can solve complex financial tasks, according to the test.
Among the seemingly simple questions that American teens struggled with was determining how much money was going into a bank account from a theoretical month’s pay.
The pay slip for the month of July listed four numbers: Gross pay, deductions, net salary and gross salary year to date.
Only 28.8% could correctly say how much money was automatically deposited into the worker’s bank account. By comparison, 74.8% of students in Shanghai got the right answer. Americans also performed below the OECD average.
… How well would you score? Take the 5-question test here

Wally describes my ideal job.

Wednesday, July 09, 2014

Your government in action! “After a typically through review by our skilled analysts, their managers and our legal department...”
DHS Mistakenly Releases 840-pages of Critical Infrastructure Documents Via Mishandled FOIA Request
The U.S. Department of Homeland Security (DHS) has released hundreds of documents, some of which contain sensitive information and potentially vulnerable critical infrastructure points across the United States, in response to a recent Freedom of Information Act (FOIA) request about a cyber-security attack.
The Operation Aurora attack was publicized in 2010 and impacted Google and a number of other high-profile companies. However, DHS responded to the request by releasing more than 800 pages of documents related to the 'Aurora' experiment conducted several years ago at the Idaho National Laboratory, where researchers demonstrated a way to damage a generator via a cyber-attack.
The documents are posted on The information request was made May 17. On July 3, the agency replied with the mistaken documents.
Of the documents released by the DHS, none were related to the Operation Aurora cyber attack as requested.
According to information on the MuckRock site, the person who filed the FOIA request received a "no-responsive documents" response from the FBI in reaction to the FOIA request, while the National Security Agency notified him that his request for information is being processed.
The incident the FOIA request was actually about, the Operation Aurora cyber attack, impacted dozens of organizations, including Juniper Networks and aerospace and defense company Northrop Grumman, and is believed by many to have been perpetrated by hackers from China.

What could possibly go wrong.
Verizon’s Transparency Report for the First Half of 2014
by Sabrina I. Pacifici on Jul 8, 2014
“In the first half of 2014, Verizon received approximately 150,000 requests for customer information from federal, state or local law enforcement in the United States. We do not release customer information unless authorized by law, such as a valid law enforcement demand or an appropriate request in an emergency involving the danger of death or serious physical injury… Verizon has teams that carefully review each demand we receive. We do not produce information in response to all demands we receive. In the first half of this year, we rejected as invalid approximately three percent of the subpoenas we received and approximately four and one-half percent of the orders and warrants we received. We might reject a demand as legally invalid for a number of reasons, including that a different type of legal process is needed for the type of information requested. When we reject a demand as invalid, we do not produce any information… In the first half of 2014, the 72,342 subpoenas we received sought information regarding 132,499 information points, such as a telephone number, used to identify a customer. These customer identifiers are also referred to as “selectors.” On average, each subpoena sought information about 1.8 selectors. The number of selectors is usually greater than the number of customer accounts: if a customer had multiple telephone numbers, for instance, it’s possible that a subpoena seeking information about multiple selectors was actually seeking information about just one customer. We have also determined that during the first half of the year, approximately 75 percent of the subpoenas we received sought information on only one selector (and thus only one customer), and approximately 90 percent sought information regarding three or fewer selectors (and thus three or fewer customers).”

Not a bad summary.
The Intersection of Cloud And Internet of Things And What It Means For Security
Last month, and Philips announced their plan to build an open cloud-based healthcare platform. In the initial application, this “platform” will allow healthcare software developers, producers of medical services, insurance companies, and healthcare providers to monitor patients with chronic conditions. Healthcare information utilizing digital patient-sensing devices (internet of things) send information to the cloud to be remotely processed and monitored, allowing healthcare providers to prioritize care.

Another Thing for the Internet of Things.
All Hail the Humble Solar-Powered Trash Bin
The solar-powered trash compactors that have appeared on the streets of Philadelphia and other cities can go 4 times as long as old-fashioned wire baskets before needing to be emptied, saving municipalities millions of dollars, according to CNN. Not only that, they send alerts when they’re full, making pickup much more efficient. Philadelphia was able to reduce the size of its trash-collection crews by 73% as a result.

How negotiations work in the Internet Age?
Amazon offers Hachette authors 100% of ebook sales
… The online retailer and book publisher have been locked in a negotiating battle over how much of a slice of ebook sales each should receive. To put pressure on Hachette, Amazon has started stocking fewer of its books, meaning customers must wait longer for delivery, and refusing to take pre-orders on new titles, hurting their chances in sales charts.
Now, Amazon has sent a letter to Hachette authors, proposing a deal whereby they would receive 100% of the sales price of their ebooks - with not a penny going to Amazon or the publisher - until an agreement is reached.
… However, the publisher said it would be "suicide" to accept the deal, and called on Amazon to "withdraw the sanctions they have unilaterally imposed".
Amazon replied that was "baloney" pointing out that Hachette is part of a $10 billion conglomerate.

Clearly creates the possibility of an “undue reliance” error. (You say “omnipresent,” I say “ubiquitous” – either way we confuse my students.
Complex Operational Decision Making in Networked Systems of Humans and Machines
by Sabrina I. Pacifici on Jul 8, 2014
“Over the last two decades, computers have become omnipresent in daily life. Their increased power and accessibility have enabled the accumulation, organization, and analysis of massive amounts of data. These data, in turn, have been transformed into practical knowledge that can be applied to simple and complex decision making alike. In many of today’s activities, decision making is no longer an exclusively human endeavor. In both virtual and real ways, technology has vastly extended people’s range of movement, speed and access to massive amounts of data. Consequently, the scope of complex decisions that human beings are capable of making has greatly expanded. At the same time, some of these technologies have also complicated the decision making process. The potential for changes to complex decision making is particularly significant now, as advances in software, memory storage and access to large amounts of multimodal data have dramatically increased. Increasingly, our decision making process integrates input from human judgment, computing results and assistance, and networks. Human beings do not have the ability to analyze the vast quantities of computer-generated or -mediated data that are now available. How might humans and computers team up to turn data into reliable (and when necessary, speedy) decisions? Complex Operational Decision Making in Networked Systems of Humans and Machines explores the possibilities for better decision making through collaboration between humans and computers. This study is situated around the essence of decision making; the vast amounts of data that have become available as the basis for complex decision making; and the nature of collaboration that is possible between humans and machines in the process of making complex decisions.”

A project for Law School students? Colorado isn't there yet. (and some of my programmers)
America’s Laws Are the People’s Public Property
by Sabrina I. Pacifici on Jul 8, 2014
The State Decoded software provides you with a people-friendly way to access your local, state, and federal legal code.
  • “Careful organization by article and section makes browsing a breeze.
  • A site-wide search allows you to find the laws you’re looking for by topic.
  • Scroll-over definitions translate legal jargon into common English.
  • Downloadable legal code lets you take the law into your own hands.
  • Best of all, everything on the site remains cost-and restriction-free.”
[From the website:
The America Decoded network is based on The State Decoded platform. This software is freely available for developers to use and modify.
You may want to start with the documentation.

For my Computer Security students. Also grab the Verification Handbook at:
Microsoft Issues New Advice on Defending Against Pass-the-Hash Attacks
Microsoft on Tuesday released new guidance to help customers defend against credential theft stemming from Pass-the-Hash (PtH) attacks.
In a new white paper called Mitigating Pass-the-Hash and Other Credential Theft, version 2, Microsoft encourages IT professionals to “assume breach” to highlight the need for the use of holistic planning strategies and features in Microsoft Windows to become more resilient against credential theft attacks.
Microsoft describes Pass-the-Hash attacks as a technique in which an attacker captures account logon credentials on one computer and then uses those captured credentials to authenticate other computers over the network.
This latest 60-page report is a follow-up to a previously released report from Microsoft on guidance and mitigations for Pass-the-Hash attacks.

For my Computer Security video library.
A Real Story About Successful DDoS Mitigation
This short video will help you gain insight into how a cybersecurity professional like yourself successfully put an end to the damaging effects of a DDoS attack.

For my Computer Forensics students.
Amnesty International launches video tool and website to learn its use
by Sabrina I. Pacifici on Jul 8, 2014
Via Poynter – The YouTube Data Viewer enables you to enter in the URL of a YouTube video and automatically extract the correct upload time and all thumbnails associated with the video. These two elements are essential when verifying a YouTube video, and it’s information that’s difficult to gather from YouTube. The upload time is critical in helping determine the origin of a video. Finding the upload time of a YouTube video can be difficult — it’s not clearly displayed on the video page. The thumbnails are useful because you can plug them into a reverse image search tool such as Google Image or TinEye and see where else online these images appear. “Many videos are scraped, and popular videos are re-uploaded to YouTube several times on the same day,” said Koettl. “So having the exact upload time helps to distinguish these videos from the same day, and a reverse image search is a powerful way to find other/older versions of the same video. The goal is to offer non-technical users a tool and guidance to help them verify video, without requiring an expert such as Koettl. He said now his colleagues “will be able to do this basic research themselves by using the new tool, so not everything has to go through me for a basic assessment.” The same goes for journalists. The YouTube Data Viewer should join tools such as an EXIF reader, reverse image search, Spokeo, and Google Maps/Earth as one of the core, free verification tools in the verification toolkit. (For a list of other tools out there, see this section of the Handbook.)”

Because eventually even my students will be interviewing for jobs.
Brooks Brothers Teaches You How to Tie a Tie - Bow Ties Included
A couple of days ago I clicked on a Brooks Brothers sales advertisement while reading an article on Inc. That advertisement took me to a page featuring neck ties and a set of videos on how to tie five kinds of neck tie knots. The videos are hosted on Vimeo.
Why am I sharing these videos? Whether it's for an interview or a semi-formal affair at some point almost every male student will need to know how to tie a tie. These videos will be helpful when that time arrives in the life of a student.

For my students.
Microsoft Releases Countless Free eBooks
Microsoft has released a huge trove of free eBooks related to its products and services. Almost 300 free Microsoft eBooks and resources can now be found on MSDN, with Windows 7, Windows 8, Microsoft Office, SharePoint, and Azure amongst the products featured.

(Related) Have I mentioned this one recently?
Publishers Are Giving Away Bestsellers For Free
… Publishers and authors discount eBooks for several reasons. For example, in the case of The Da Vinci Code, Random House wanted to prime the pump for the new release of Inferno. Publishers and authors also run free or discounted eBooks to hook readers on a series, or build a following for a new author.
… In order to get the word out on these promotions, publishers and authors feature their deals on sites like BookBub. BookBub is unique in that it does not list every single free eBook on the market. Instead, BookBub’s expert editorial team selectively curates only the best eBooks to be featured in their email and on their website.

Tuesday, July 08, 2014

Strange that China is only now looking at “what's next” in security. Or maybe they have been looking as long as I have, but haven't been caught until now.
Chinese hackers target US national security think tanks
The Chinese cyberattack group Deep Panda has compromised national security think tanks using sophisticated techniques designed to steal confidential data concerning US foreign policy, according to security researchers at CrowdStrike.
The CrowdStrike team say that "several" national security-based think tanks have been compromised in the defense, finance, legal and government arenas by the group, which the security researchers call "one of the most advanced Chinese nation-state cyber intrusion groups." Cyberattacks have been launched by the hackers for almost three years now, but it is only in recent times that Deep Panda's focus has changed.
… "This is undoubtedly related to the recent Islamic State of Iraq and the Levant (ISIS) takeover of major parts of Iraq and the potential disruption for major Chinese oil interests in that country. In fact, Iraq happens to be the fifth-largest source of crude oil imports for China and the country is the largest foreign investor in Iraq’s oil sector. Thus, it wouldn’t be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper U.S. military involvement that could help protect the Chinese oil infrastructure in Iraq.
In fact, the shift in targeting of Iraq policy individuals occurred on June 18, the day that ISIS began its attack on the Baiji oil refinery."
Deep Panda's cyberattacks (.PDF) consist of exploiting vulnerabilities in Windows operating systems which allows the group to deploy powershell scripts as scheduled tasks.

Okay, maybe large corporations are not the best answer to hacking botnets. Next time, a judge won't be so easily convinced that “nothing can go wrong.”
Microsoft Returns Domain Names Seized From No-IP
All of the 23 domain names recently seized by Microsoft from No-IP as part of an operation against the Bladabindi (njRAT) and Jenxcus (NJw0rm) botnets have been returned.
When it announced the operation, Microsoft said No-IP domains were used 93% of time for Bladabindi and Jenxcus infections, and accused the Dynamic Domain Name Service (DNS) provider of failing to take steps to prevent abuse.
Microsoft routed bad traffic to a sinkhole in an effort to classify the threats, and worked with A10 Networks to configure a system to manage the high volume of connections generated by the Bladabindi-Jenxcus botnets. Legitimate traffic should not have been impacted, but something went wrong and millions of legitimate users experienced service outage.
No-IP representatives said Microsoft's actions were "heavy-handed" and lashed out at the company for not contacting them before seizing their domains.
Microsoft representatives apologized for the incident and claimed that legitimate No-IP users experienced a temporary loss of service "due to a technical error." The company said all services should have been restored on July 1 at 6AM Pacific time, but on Twitter, many No-IP customers reported downtimes long after that. During the debacle, a distributed denial-of-service (DDoS) attack was launched against No-IP, but the company insisted that the attack didn't have anything to do with the prolonged outage since it was aimed at its website, not its DNS infrastructure.

We know it is coming. All we need to do is get the budget, plan the changes and implement them. My guess is that 80% of businesses will fall behind – driving customers into the hands of those who don't.
Internet of Things to Stress Enterprise Networks
While many enterprises feel prepared for the impending era of the Internet of Things (IoT), there may not be enough network capacity to handle the demand that will accompany an anticipated explosion in the number of connected devices, according to a survey by Infoblox.
For instance, more than half (57 percent) of survey respondents reported their current network is already at full capacity and a similar number (54 percent) see network infrastructure management as a high priority for their organizations.
… The market for IoT, excluding PCs, tablets and smartphones, is expected to grow to 26 billion units in 2020—an almost a 30-fold increase from 0.9 billion units in 2009, according to a recent report from IT research firm Gartner.

(Related) Or perhaps it's already here?
Home Depot expands stock of smart home gadgets
Boosting your home's IQ got easier Monday as Home Depot began selling a collection of nearly 60 gadgets that can be controlled by mobile devices, including light bulbs, lawn sprinklers and water heaters.
… Two years ago, Home Depot sold 100 of them but now offers 600, said Jeff Epstein, the retailer's vice president for home automation merchandising.
… The products can be operated via a Wink app — available for free on Android or iOS
… With the app alone, consumers can control Wi-Fi-enabled items such as a Chamberlain garage-door opener, a Honeywell smart thermostat or certain LED light bulbs by Philips and General Electric. The software will also be offered on products by Bali, Dropcam, Kidde, Kwikset, Leviton, Lutron, Rachio, Rheem Leviton, Rheem and Schlage.

Microsoft's Windows to aid PC market revival in 2015
… The “revival” of the PC market will be driven by upgrades of old business PCs with Windows XP, which are no longer supported by Microsoft, said Ranjit Atwal, research director at Gartner. He estimates that roughly 60 million PCs will be upgraded this year.
Businesses are largely upgrading to Windows 7 and avoiding Windows 8, which is viewed more as a tablet OS.
… After the first iPad shipped in 2010, tablets were increasingly adopted as alternative computing devices to PCs. Gartner is projecting tablet shipments to increase to 256 million this year, up from 207 million last year. Tablet shipments will reach 321 million in 2015, overtaking PCs, Gartner said.
Tablets will get cheaper and more functional, Atwal said, adding that these trends will continue to drive adoption in the coming years.
… Android will continue to be the dominant OS across devices, according to Gartner.

Being the founder of Facebook gets you a spot on the editorial page, but can't guarantee that you can paint a coherent picture of the future.
Mark Zuckerberg on a Future Where the Internet Is Available to All

The “mouse” continues to tweek the “cat.”
Kim Dotcom extradition hearing delayed again
… The next hearing would be in February 2015, Mr Dotcom said on Monday. He is currently on bail and living in New Zealand. He has denied the charges.
The reason for the latest extradition hearing delay is not yet known.
… Earlier this year, a New Zealand court ruled that the raid was legal, but that the US's cloning of electronic evidence was not.
More recently, the court decided that Mr Dotcom did not have to hand over access codes to hard-drives seized in the raid.
Additionally, the entertainment industry has launched multiple lawsuits to run alongside the criminal case.
One, from a number of film studios, alleges that Mr Dotcom cost the industry $500m (£320m) in lost revenue.
Mr Dotcom told the BBC earlier this year that he believed the civil lawsuits were a sign the industry believed the criminal case was faltering.

For all my students.
by Sabrina I. Pacifici on Jul 7, 2014
“In the Digital Age, the ultimate check against the spread of rumor, pernicious falsehood, disinformation, and unverified reports masquerading as fact, will never be just more and better-trained journalists and professional gatekeepers, these scholars argue. Instead, it will require a generation of astutely educated news consumers, as well as native producers and distributors, who will learn to be their own editors and identify for themselves fact- and evidence-based news and information. James Klurfeld and Howard Schneider survey the ways in which Stony Brook attempted to meet this pedagogical goal and found that the program did have positive outcomes. Stony Brook compared students who took the News Literacy course vs those who didn’t. The News Literacy students routinely consumed more news from more sources, rated keeping up with the news as more important, registered to vote in higher numbers, could deconstruct some video news stories more effectively, had a higher regard for the “watchdog function” of the press and had a more nuanced view, in general, of the news media. For example, at the outset of the semester only 17 percent of those taking the course felt the media treated both sides of a story fairly; by semester’s end the number had jumped to 52 percent, report the scholars.”

For my Disaster Recovery students.
The Faulty ‘Mental Models’ That Lead to Poor Disaster Preparation
As Hurricanes Isaac and Sandy were bearing down on the South and East Coasts of the United States, respectively, in the summer and fall of 2012, Wharton marketing professor Robert Meyer and his research team took to the phone lines to survey people in the storms’ crosshairs about what they perceived the greatest threats to be, and how they were preparing to face them.
Through this and several other studies, Meyer — who is also co-director of the Wharton Risk Management and Decision Processes Center — and his colleagues find that most people fail to adequately understand the threats they face as a result of natural and other disasters, and often those poor “mental models” lead to insufficient preparation. The findings are outlined in “The Dynamics of Hurricane Risk Perception: Real Time Evidence from the 2012 Atlantic Hurricane Season,” by Meyer, Jay Baker of Florida State University, Kenneth Broad of the University of Miami and Ben Orlove of Columbia University, which will appear in the Bulletin of the American Meteorological Association; “Dynamic Simulation as an Approach to Understanding Hurricane Risk Response: Insights from the Stormview Lab,” by Meyer, Broad, Orlove and Nada Petrovic of Columbia, which appeared in Risk Analysis, and Meyer’s article, “Why We Fail to Learn from Disasters,” which appeared in the book, The Irrational Economist: Overcoming Irrational Decisions in a Dangerous World.

Why my Ethical Hackers want Google Glasses...
Google Glass wearers can steal your password
Cyber forensics experts at the University of Massachusetts in Lowell have developed a way to steal passwords entered on a smartphone or tablet using video from Google's face-mounted gadget and other video-capturing devices. The thief can be nearly ten feet away and doesn't even need to be able to read the screen -- meaning glare is not an antidote.
The security researchers created software that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the passcode.

I told you funding your project was easy! (It's now $44.000+)
Kickstarter Project to Make $10 Potato Salad Raises $20,000-Plus
… His elaborate project description: “Basically I'm just making potato salad. I haven't decided what kind yet.” That, evidently, was a recipe for success. As of Monday, with 25 days to go before the end of the pledge period, Brown had raised well over $21,000 from 1,600-plus backers.

For my students.
Email Alerts Services That You Should Use
  1. Follow your World – The is a Google service that allows you to track satellite images of various locations within Google Maps and Google Earth. You’ll get an email alert each time Google releases new and updated aerial imagery for the various locations that you are tracking.
  1. Newsle – The service tracks news websites and alerts you when any of your friends or people in your social network appear in news stories. It analyzes your LinkedIn and Facebook accounts to determine your friends and colleagues.
  2. Brook – Your Twitter timeline is a never-ending stream of tweets and sometimes good tweets get lost in the noise. Brooks sends you a daily email digest of the five best tweets from your favorite tweeters so you’ll never miss what they say.
  3. Visual Ping – You can visually mark an area on any web page and the service will send an email alert when the web page changes. You can also set the trigger to go only when there are major modification to the page.
  4. Earthquake Alerts – The USGS website offers a free earthquake notification service that sends you email alerts when earthquakes are reported in your area. You can mark your area on a Google Map and it will notify you of any seismic activity around that area.
  5. Domain Tools – This service allows you to monitor web domains and alerts you via email when any of the monitored domains are nearing expiration, when they are renewed or if there any crucial changes in the Whois records of the domain. Explore more tools to know everything about websites.
  6. Book Alerts – You can use the search feature of Amazon to track the release of upcoming books by your favorite authors. Just enter the book publication date somewhere in the future.
  7. Follow-up Gmail – The “starred” folder of your Gmail is a dumping ground of email messages that require follow-up. This Google Script sends a daily digest of 10 random messages, picked from your starred items, that may require follow-up.
  8. Talkwalker – Get email alerts when your name, your brand or your website gets mentioned in news stories, websites and forums. This may be a good alternative to Google Alerts.
  9. Wikipedia Watch – You can put one or more Wikpedia pages in your watchlist and the website will send you email notification when the content of these articles is edited. The changes are also available as RSS feeds.
  10. Mention – While Google Alerts track mentions on websites, the Mention service monitors the social media websites and commenting platforms, Disqus for example, for your search terms. Also, it only monitors freshly-baked content that has been published in the past 24 hours.
  11. Timehop – Every morning you’ll get an email with a photograph or a status update that you may have published on your Twitter, Instagram or Facebook account an year ago. Timehop is avilable as an app for Android and iOS devices.
  12. IFTTT – The popular IFTTT service offers several email alerting services rolled into one. You can receive email alerts for severe weather conditions, get notified about stock price fluctuations, monitor Craigslist and more.
  13. Amazon Price Tracker – Create a list of one or more items available on the Amazon website and you’ll get daily email alerts when the price of your monitored items goes up or down.
  14. MouseLock – This is a unique service that monitors your unattended computer and send your an email alert with the picture of the person who tried to use the computer in your absence.

Looks like a great tool for programming (in many languages) in groups.
– is a tool that enables you to simultaneously work on code alongside your team. Each user has a colored cursor in order to identify easily to other users. If you need to discuss something, just chat with your team or activate you microphone with a one click for talk. Once the code is ready, you can download it in a file.

Reproducing this in Excel/C++/Java should make an interesting challenge for my students.
Is It Better to Rent or Buy?
The choice between buying a home and renting one is among the biggest financial decisions that many adults make. But the costs of buying are more varied and complicated than for renting, making it hard to tell which is a better deal. To help you answer this question, our calculator takes the most important costs associated with buying a house and computes the equivalent monthly rent.

For my students. We need to support our state. Colorado didn't even make the top 10 this year! Perhaps we could create a student “Beer Tasting Club” with trips to the local breweries? (I'll volunteer as the Faculty Advisor)
States that drink the most beer
In recent years, Americans have increasingly moved away from beer consumption in favor of wines and spirits. U.S. beer consumption fell slightly from 28.3 gallons per drinking-aged adult in 2012 to 27.6 gallons last year.

(Related) We could become the healthiest state in the union! (Plus a great Math example!)
Science Fixes Unhealthy Grilling Problem With Beer
… Meat marinades made with beer significantly lower the amount of cancer-causing byproducts that result from cooking pork with charcoal, food chemists in Spain and Portugal report.
We repeat: pork + beer > pork – beer. Science, 1. Cancer, 0. Thank you, food scientists.

MakeUseOf nails it!