Saturday, July 26, 2014

That's what government agencies do, right?
Marianne Kolbasuk McGee reports:
Is the Federal Trade Commission overstepping its regulatory authority – and using questionable sources of information – in pursuing data security enforcement actions against companies, including healthcare entities, for alleged unfair and deceptive trade practices?
Members of the House Committee on Oversight and Government Reform considered that and other questions during a July 24 hearing, which included testimony by two executives whose healthcare firms have had run-ins with the FTC over their data security practices.
Read more about the hearing on
For my comments on yesterday’s hearing, see my post on my companion blog,

Weekly weirdness.
Rand Paul is planning “a major push on education reform, including ‘education choice, school choice, vouchers, charter schools, you name it — I think we need innovation,’” reports Politico. Among the innovations Paul likes: Khan Academy. “If you have one person in the country who is, like, the best at explaining calculus, that person maybe should teach every calculus class in the country.” [We have the technology to do that! Bob] Pando has a story on the libertarian conference held in Silicon Valley last weekend where Paul also spoke, praising Khan Academy again.
… The Department of Education issued new guidelines on how schools should handle telling parents about the data they collect on students.
… Oops. If you entered a dollar figure that included cents into the Income Earned From Work field of your FAFSA, the “system ignored the decimal point, converting an earned income of $5,000.19, for example, into $500,019.” The Department of Education will reprocess the 200,000-ish applications affected. [Does anyone test their programming anymore? Bob]
Via Inside Higher Ed: “In recent years, a handful of community colleges in [Michigan] have outsourced the recruitment and hiring of adjunct instructors – who make up the overwhelming majority of the community college teaching force – to an educational staffing company. Just last week, the faculty union at a sixth institution, Jackson College, signed a collective bargaining agreement allowing EDUStaff to take over adjunct hiring and payroll duties.” [Business opportunity? Bob]

Do my students need this?
Lifetime Access To Over 5,000 Adobe Authorised Training Videos For $79, Ends Aug 7
… Train Simple is an Adobe-authorized tutor, and for a limited time, you can grab lifetime access to all 5000 of their training videos for just $79.
Access includes all training courses and videos, exercise files, quizzes, and when you’re done, certificates of completion for each module.

Dilbert: outsourced management – coming to a desktop near you!

Friday, July 25, 2014

Ethical Hackers please note: “Ignorance is bliss!” But, not for he ignorant.
Aaron Mamiite reports:
A website that tracks and shows the locations of cats through pictures posted on the Internet is revealing online privacy issues.
Owen Mundy, an assistant professor of art at Florida State University, used cat pictures and a supercomputer to build the “I Know Where Your Cat Lives” website, which pinpoints the locations of the cats found in the pictures.
The issue, however, lies in the fact that as the website traces the location of the cat, then the location of the cat’s owner is revealed as well.
Read more on TechTimes.

The most difficult (and risky) part of online theft is “conversion” – turning that electronic swag into cash.
Cybercrime Goes Offline: The Role of Bitcoins In Ransom and Extortion

Amusing. “We don't know what we're doing, but we're gonna regulate it anyway!” “Report” or “publicly disclose?” Who needs to know and what do they need to know?
David Fagan, Susan Cassidy, and Catlin Meade write:
As an indicator of the continuing focus of government authorities on cybersecurity breaches and potential notification requirements, certain contractors for the federal government may soon face new rapid reporting requirements for successful network penetrations. Specifically, President Obama signed the 2014 Intelligence Authorization Act (“2014 IAA”) into law on July 7, 2014, starting a 90-day clock under Section 325 of the Act for the Director of National Intelligence (“DNI”) to promulgate regulations for “cleared intelligence contractors” to report the successful penetration of their networks and information systems.
Read more on Covington & Burling InsidePrivacy.

If not, how can you protect it?
Marlisse Silver Sweeney reports:
It’s like Hansel and Gretel, reversed. Bryant Storm, on Wolters Kluwer Law & Health Blog writes, “each day, most of us leave behind a trail of data that can be used to construct a detailed health profile.” This is perhaps scarier than any wicked witch wanting to bake you alive and eat you.
Storm bases this conclusion on a recent report from the California Healthcare Foundation, which found that data is “exploding.”
Read more on Law Technology News.

Google wants me to be just another Thing on the Internet. (and if they don't like something they can Cntl-X it and Cntl-V in whatever they do like.)
Google Defines Typical Healthy Human
Google has begun a new project aiming to define what constitutes a healthy human being. The project, called Baseline Study, is being run by the Google X research arm, previously responsible for Google Glass, Google’s self-driving cars, and contact lenses which measure glucose levels.
Baseline Study will see Google collect “anonymous genetic and molecular information,” initially from 175 people but eventually thousands of others. This data will be used to identify what makes a healthy person, with biomarkers which lead to ill health used to both detect diseases earlier and create better treatments for them.
This is a hugely ambitious project which could lead to better preventative measures enabling us all to live longer. Unfortunately, making that happen means giving ever more data to the behemoth that is Google. And we’re not talking names and addresses here, but the genetic information of specific individuals. Nope, that isn’t scary in the slightest.

Like Siri, only creepier?
How Cortana Became The “Other Woman” In My Life
What’s most surprising about all of this is that this stunning digital personal assistant is just as interested in me as I am in her. After all, she has a little notebook full of details about me.
She started filling it in when we first met, back when I first activated her after upgrading to the Windows Phone 8.1 Developer Preview.

I doubt it will pay their tuition, but my students may like it anyway.
Sick of Facebook and Twitter? Get paid for social networking on Bonzo Me and Bubblews
Two new social networks are aiming to give the likes of Facebook and Twitter a run for their money, by paying their users.
Bonzo Me, which went live earlier this month, and Bubblews, a site that officially launched last week, following an extensive period of beta testing, want to transform the social networking landscape.

There's an App for that! (When they make one that repels students, I'll buy a smartphone!)
Now You Can Repel Mosquitoes With An App
Weary of spraying sticky mosquito repellent on your arms? Sick of the bug spray stench? Then this app is for you: introducing Anti Mosquito, the app that releases a high-pitched sound unheard by humans but extremely irritating to mosquitoes.
According to the description of the app on Google Play, mosquitoes really don’t like certain sonic frequencies, and “most humans” won’t hear the sonic frequencies emitted by the app.

There's an App for this too! (Lots of NFL teams are using this App)
The Broncos App

For my students, especially those who could only get through the first three suggestions.
Reclaim Your Focus: 5 Ideas To Deal With Short Attention Spans

Thursday, July 24, 2014

“We're waiting for something really horrible to happen. Meanwhile we just sit and drink coffee.”
US Unprepared for Cyber-Attack: 9/11 Report Authors
In July 2004, the independent 9/11 commission issued a comprehensive, nearly 600-page report with numerous recommendations for upgrading the US security apparatus to avoid a new catastrophe.
A decade later the commission's former members have released a blunt follow-up, pointing out gaps in US security that increase the risk of cyber-attacks on infrastructure, including energy, transport and finance systems, and the theft of intellectual property from the private sector.
After exhaustive meetings with national security officials, "every single one of them said we're not doing what we should be doing to protect ourselves against cyber-security" threats, former 9/11 commission co-chair Tom Kean told a House homeland security panel.

Anything you do, anywhere you do it! Today the Internet, tomorrow your bedroom!
What Does Facebook Selling Your Data Mean For Privacy?
… “But wait . . . doesn’t it already sell tons of data to advertisers?” you might be asking. Yes, it does. But there’s an important distinction that many people don’t realize: right now, the information that Facebook sells to advertisers has to do with your activity on Facebook: pages you like, people you follow, apps you connect, and so on. Until now, Facebook hasn’t sold any of the data it collects about your browsing outside of Facebook.
But that’s about to change: in an announcement on June 12, Facebook announced that it would begin selling users’ browsing data directly to advertisers, and that it would roll out new ads over the following weeks, meaning that soon you’ll see more targeted ads on Facebook, and advertisers will know even more about your and your habits, supposedly because when asking users about how ads can be improved, they said “they want to see ads that are more relevant to their interests.”

Interesting. Anything requiring communication with large numbers of bad actors can be “noticed” and possible victims can be notified.
Georgia Tech Unveils 'BlackForest' Open Source Intelligence Gathering System
Coordinating distributed denial-of-service attacks, displaying new malware code, offering advice about network break-ins and posting stolen information – these are just a few of the online activities of cyber-criminals. Fortunately, activities like these can provide cyber-security specialists with advance warning of pending attacks and information about what hackers and other bad actors are planning.
Gathering and understanding this cyber-intelligence is the work of BlackForest, a new open source intelligence gathering system developed by information security specialists at the Georgia Tech Research Institute (GTRI). By using such information to create a threat picture, BlackForest complements other GTRI systems designed to help corporations, government agencies and nonprofit organizations battle increasingly-sophisticated threats to their networks.

“We can make spending money so easy you won't know you've done it until the bill arrives!”
Target In A Snap Image Recognition App Aimed At Boosting Sales
In its latest effort to boost sales, Target Corp. (NYSE:TGT) is launching an app called In a Snap, which enables users to purchase items after scanning ads through their smartphone.

A Plan To Untangle Our Digital Lives After We're Gone
… Last week, the Uniform Law Commission drafted the UNIFORM FIDUCIARY ACCESS TO DIGITAL ASSETS ACT, a model law that would let the relatives of a late loved one access the social media accounts of the deceased. A national lawyers' group, the ULC aims to standardize law across the country by recommending legislation for states to adopt, particularly when it comes to timely, fast-evolving issues.

Eventually, everything will be connected to the Internet of Things, but if you can't wait this is for you.
Internet of Things Comes to DIYers, Thanks to LittleBit
Not to be left out of the nascent Internet of Things, do-it-yourself enthusiasts now have a platform to connect their homemade devices to the Internet. A New York City start-up just launched a module known as cloudBit, which consists of a small Wi-Fi chip and USB power Relevant Products/Services source. Although not a device itself, cloudBit connects to other devices in order to make them Internet-enabled.
… LittleBits also announced that it has partnered with the popular IFTT Web app, which allows users to create automation scripts and protocols for a variety of Web services.

The path to bankruptcy. Please don't tell my power-shopping wife!
Online Stores that offer International Shipping
[Examples: – The iconic department store of London now ships stuff worldwide and you can pay via PayPal or credit cards. - Marks and Specer would deliver clothese and home decor to international addresses with a flat shipping fee.

Wednesday, July 23, 2014

We should be so lucky – only 22.6 million!
Updated breach estimate and scope:
Education services provider Benesse Corp. said personal data on 22.6 million customers were stored on a smartphone owned by the Tokyo systems engineer under arrest on suspicion of theft and illegal copying of customer data.
While announcing the figure Monday, Benesse, a subsidiary of Benesse Holdings Inc., said the stolen information — the worst data leak in Japan’s history — also included customer data on its group firms’ online-shopping website Benesse Life Smile Shop and message board website Benesse Women’s Park.
Read more on Japan Times.

Would this play out the same way in the US?
Martin Evans reports:
A schoolgirl has received a police caution after texting an explicit photograph of herself to her boyfriend, it has emerged.
The teenager sent the image via her phone, but after the couple had a row, he forwarded it to his friends.
Police were called in because she was under the age of 18 and therefore both were committing an offence of distributing an indecent image of a child.
Both received a caution but police are now warning other teenagers they could end up on the sex offenders register if they send explicit pictures of themselves via text messages or social media.
Read more on The Telegraph.
[From the article:
The letter tells schools and parents that any child aged ten or over can be found guilty of the offence and that images will remain on the Internet once they are uploaded.
… Nottinghamshire County Council anti-bullying coordinator Lorna Naylor said: “Most young people do not see sexting as a problem and are reluctant to talk to adults about it because they're afraid of being judged or having their phones taken away.

At last! An App that lets my lawn mower talk to my refrigerator! All my dreams have been realized!
New software platform gets real-time with the Internet of Things
… According to Gartner estimates, the IoT will include 26 billion units by 2020, and by that time, IoT product and service suppliers will generate incremental revenue exceeding $300 billion (£223bn), mostly in services.
A new company Octoblu is looking to exploit this potential by announcing a new IoT platform for real-time connections and communication management across a range of applications, people and physical devices.
It uses Meshblu, an open source machine-to-machine messaging software that connects existing devices to each other by providing a common platform, through a variety of protocols, regardless of vendor. This can be used for the discovery, control and management of any API-based software application, any hardware, or appliance, or social media network - connecting devices through a range of protocols across a common platform.

You may have a right to be forgotten, but I have a right to write stuff you want everyone to forget. Said another way: “I have more rights than you!” Exceptions: pointing out who the second class cizens really are.
Media companies expressed concern about the impact that proposed changes to EU data protection laws will have on the way they handle personal information at a recent industry debate hosted by ITN and the Media Society.
However, Information Commissioner Christopher Graham said that a current exemption to the application of some data protection rules that apply in the UK was “safe”, despite it not being explicitly provided for under the proposed EU General Data Protection Regulation, according to a report by Hold the Front Page.

For my Ethical Hackers. How do we inject “It's the other guy's fault” data into this system?
Black Boxes” in Passenger Vehicles: Policy Issues
by Sabrina I. Pacifici on Jul 22, 2014
CRS – “Black Boxes” in Passenger Vehicles: Policy Issues - Bill Canis, Specialist in Industrial Organization and Business; David Randall Peterman, Analyst in Transportation Policy July 21, 2014.
“An event data recorder (EDR) is an electronic sensor installed in a motor vehicle that records certain technical information about a vehicle’s operational performance for a few seconds immediately prior to and during a crash. Although over 90% of all new cars and light trucks sold in the United States are equipped with them, the National Highway Traffic Safety Administration (NHTSA) is proposing that all new light vehicles have EDRs installed in the future. Under previously adopted NHTSA rules, these devices have to capture at least 15 types of information related to the vehicle’s performance in the few seconds just before and immediately after a crash serious enough to result in deployment of airbags. EDRs have the potential to make a significant contribution to highway safety. For example, EDR data showed that in several cases a Chevrolet Cobalt’s ignition switch turned the engine off while the car was still moving, causing the car to lose power steering and crash; the data directly contributed to the manufacturer’s decision to recall 2.6 million vehicles. EDR data could also be used, sometimes in conjunction with other vehicle technologies, to record in the few seconds before an accident such data as driver steering input, seat occupant size and position, and sound within a car. [I wonder what they do with this information if there has not been a crash? Bob] The privacy of information collected by EDRs is a matter of state law, except that federal law bars NHTSA from disclosing personally identifiable information. The privacy aspects of EDRs and the ownership of the data they generate has been the subject of legislation in Congress since at least 2004.”

Links to some well done slides summarizing Big Data.
10 Views of Big Data
The definition of Big Data is simple -- it’s the collection of large amounts of information. Going deeper, we include the ability to manipulate this data through analysis. It’s not a storage issue; it’s a transaction and analytics issue. If storing massive data were the point, we wouldn’t be obsessing about big data. The point is using data from a wide range of sources -- sensor data, demographic info, physical qualities -- to detect patterns and make decisions based on the knowledge derived from those patterns.

This is the same technology that allowed police to find the heat from marijuana “grow lights.” What new intrusions can we expect from iPhone users?
Flir Systems Piggybacking New Thermal-Imaging Camera on the Smartphone
For Andy Teich, the chief executive of Flir Systems Inc., Apple Inc.'s iPhone is more than a mobile device. It's a gateway to the mass market.

For my student geeks. If you like the globe, grab the free software that generated it.
Earth – an animated map of global wind and weather
by Sabrina I. Pacifici on Jul 22, 2014

The Linux Advantage: 5 Websites You Should Head To For Learning Linux
… Whether you’ve been putting off Linux for years or you’re just hearing about it for the first time, there are ample reasons to start today. Want to try now? These resources will get you started.

Tuesday, July 22, 2014

For my Ethical Hackers. Reads like an April Fools joke, but remember that few users know how their browsers work. Also, we should look for some place that lists the world's “Opt Outs,” because no one seems to be doing it. Business opportunity?
by Julia Angwin ProPublica, July 21, 2014, 9 a.m. This story was co-published with Mashable.
A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from to
First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor’s Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it.
Like other tracking tools, canvas fingerprints are used to build profiles of users based on the websites they visit profiles that shape which ads, news articles, or other types of content are displayed to them.
But fingerprints are unusually hard to block: They can’t be prevented by using standard Web browser privacy settings or using anti-tracking tools such as AdBlock Plus.
The researchers found canvas fingerprinting computer code, primarily written by a company called AddThis, on 5 percent of the top 100,000 websites. Most of the code was on websites that use AddThis’ social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. (A list of all the websites on which researchers found the code is here).
Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace “cookies,” the traditional way that users are tracked, via text files installed on their computers.
“We’re looking for a cookie alternative,” Harris said in an interview.
Harris said the company considered the privacy implications of canvas fingerprinting before launching the test, but decided “this is well within the rules and regulations and laws and policies that we have.”
He added that the company has only used the data collected from canvas fingerprints for internal research and development. The company won’t use the data for ad targeting or personalization if users install the AddThis opt-out cookie on their computers, he said.
Arvind Narayanan, the computer science professor who led the Princeton research team, countered that forcing users to take AddThis at its word about how their data will be used, is “not the best privacy assurance.”
Device fingerprints rely on the fact that every computer is slightly different: Each contains different fonts, different software, different clock settings and other distinctive features. Computers automatically broadcast some of their attributes when they connect to another computer over the Internet.
Tracking companies have long sought to use those differences to uniquely identify devices for online advertising purposes, particularly as Web users are increasingly using ad-blocking software and deleting cookies.
In May 2012, researchers at the University of California, San Diego, noticed that a Web programming feature called “canvas” could allow for a new type of fingerprint by pulling in different attributes than a typical device fingerprint.
In June, the Tor Project added a feature to its privacy-protecting Web browser to notify users when a website attempts to use the canvas feature and sends a blank canvas image. But other Web browsers did not add notifications for canvas fingerprinting.
A year later, Russian programmer Valentin Vasilyev noticed the study and added a canvas feature to freely available fingerprint code that he had posted on the Internet. The code was immediately popular.
But Vasilyev said that the company he was working for at the time decided against using the fingerprint technology. “We collected several million fingerprints but we decided against using them because accuracy was 90 percent,” he said, “and many of our customers were on mobile and the fingerprinting doesn’t work well on mobile.”
Vasilyev added that he wasn’t worried about the privacy concerns of fingerprinting. “The fingerprint itself is a number which in no way is related to a personality,” he said.
AddThis improved upon Vasilyev’s code by adding new tests and using the canvas to draw a pangram “Cwm fjordbank glyphs vext quiz” a sentence that uses every letter of the alphabet at least once. This allows the company to capture slight variations in how each letter is displayed.
AddThis said it rolled out the feature to a small portion of the 13 million websites on which its technology appears, but is considering ending its test soon. “It’s not uniquely identifying enough,” Harris said.
AddThis did not notify the websites on which the code was placed because “we conduct R&D projects in live environments to get the best results from testing,” according to a spokeswoman.
She added that the company does not use any of the data it collects whether from canvas fingerprints or traditional cookie-based tracking from government websites including for ad targeting or personalization.
The company offered no such assurances about data it routinely collects from visitors to other sites, such as did not respond to inquiries from ProPublica about whether it was aware of AddThis’ test of canvas fingerprinting on its website.

(Related) Is this the solution to all our security concerns? (Students who answered “Yes” will be shot!)
Stop Sneaky Online Tracking with EFF’s Privacy Badger
by Sabrina I. Pacifici on Jul 21, 2014
“The Electronic Frontier Foundation (EFF) has released a beta version of Privacy Badger, a browser extension for Firefox and Chrome that detects and blocks online advertising and other embedded content that tracks you without your permission. Privacy Badger was launched in an alpha version less than three months ago, and already more than 150,000 users have installed the extension. Today’s beta release includes a feature that automatically limits the tracking function of social media widgets, like the Facebook “Like” button, replacing them with a stand-in version that allows you to “like” something but prevents the social media tool from tracking your reading habits. “Widgets that say ‘Like this page on Facebook’ or ‘Tweet this’ often allow those companies to see what webpages you are visiting, even if you never click the widget’s button,” said EFF Technology Projects Director Peter Eckersley. “The Privacy Badger alpha would detect that, and block those widgets outright. But now Privacy Badger’s beta version has gotten smarter: it can block the tracking while still giving you the option to see and click on those buttons if you so choose.” EFF created Privacy Badger to fight intrusive and objectionable practices in the online advertising industry. Merely visiting a website with certain kinds of embedded images, scripts, or advertising can open the door to a third-party tracker, which can then collect a record of the page you are visiting and merge that with a database of what you did beforehand and afterward. If Privacy Badger spots a tracker following you without your permission, it will either block all content from that tracker or screen out the tracking cookies.”

Since when has, “I prefer to be ignorant” been a hallmark of senior management?
Survey Highlights Communications Levels Between Security Pros and Executives
According to a survey of nearly 5,000 IT security professionals around the globe, 31 percent of cyber-security teams never speak with their executive team about cyber-security. Of those that did, 23 percent did so annually. Only one percent spoke to executives weekly, while 11 percent did so quarterly.
… Fifty-two percent said their companies do not provide cyber-security education to their employees, and only four percent plan to do so in the next 12 months. Only 38 percent believe their company is investing enough in personnel and technologies to be effective in executing its cyber-security objectives.
A complete copy of the report, including survey methodology, consolidated results and individual response rates by country can be read here.

This could be amusing... My Computer Security students know that you should never allow “backdoors” into your secure ecosystem. You never know who might be hitching a ride,
Security Researcher Finds iPhone Backdoor
A security researcher by the name of Jonathan Zdziarski claims to have found backdoors built into every iOS device. The accusation is that Apple put these access points in on purpose along with undocumented services designed to allow encrypted data to be retrieved at will.
Zdziarski also claims these services are always running in the background potentially leaking data, and that switching off your iPhone or iPad is the only way of securing that data. He suggests, rather ironically, that Apple has made progress in securing iOS against typical attacks while ensuring the company itself can easily access the 600 million iOS devices currently in the wild.
Apple has responded to the claims, actually admitting the existence of the backdoor. However, it denies it has anything to do with “any government agency” maintaining it is solely used by “IT departments, developers and Apple for troubleshooting technical issues.” We’re not sure if that makes it OK, but you can make your own minds up.

EU rules, French rules, German rules, Italian rules – Google has to Google the rules it operates under.
Google gets 18-month deadline to overhaul data handling in Italy
The relationship between Google and Italy hasn't always been an easy one.
… Now it's the turn of Italy's data protection authority, the Garante della protezione dei dati personali, to tackle the company. Yesterday, the data watchdog brought in new regulations that will force the Mountain View-based company to change its data handling practices.
Google will have to alter the way it informs users how their data is being collected, ask for prior consent before using it to build up a profile for targeted advertising and other purposes, and modify its data retention practices. Google will have 18 months to bring itself into line with the provisions.

Will this change research for my students? Probably not.
Facebook Improves News Feed With A 'Save' Feature
Today Facebook announced a new feature that lets you “save” items that are posted on the News Feed. You will be able to save links, news stories, video clips, music and places from the News Feed to be viewed later. Your saved items will be kept private, unless you decide to share them. Facebook will sometimes show you reminders for the saved items if you do not look at them for a while.
To save something that you see on Facebook, click on the “Save” button in the bottom-right of a post or click the down-arrow icon at the top right of the item and select “Save”:

For my students who can read!
Free books: 100 legal sites to download literature

So my students can addict their children.
Ten Resources for Helping Students Learn to Code and Program
In many of my presentations I tell the story of the first time that I wanted to stay after school. That was in the sixth grade when we could sign-up to use one of my elementary school's two computers to program things in Logo Writer. Today we have many more ways to introduce students to programming and coding. Here are some good resources that you can use to introduce students to programming and coding.

I see no practical use, buy it purely for the “cool factor.” But thinking outside the box, could this project animated tattoos?
Ritot Projects Notifications onto your Hand
Ritot, a new wristband concept device projects your notifications, such as emails and incoming calls straight onto your hand.

Ritot is expected to retail for around $120 and will ship starting in early 2015.