- Understanding Airport Security, Billy Rios, Director of Threat Intelligence, Qualys. August 2014.
Saturday, August 16, 2014
Eventually, Russia will be attacked – even if that attack takes place well inside the Ukraine.
The White House Has No Idea What's Going On With The Russian Convoy In Ukraine
Despite eyewitnesses seeing a column of Russian military vehicles crossing into Ukraine on Thursday that was reportedly attacked on Friday by the Ukrainian military, The White House released a statement saying it was "not currently in a position to confirm" this series of events.
… "Even as we work to gather information, we reiterate our concern about repeated Russian and Russian-supported incursions into Ukraine. Russia has no right to send vehicles, persons, or cargo of any kind into Ukraine, under any pretext, without the Government of Ukraine’s permission."
An Economic Explanation for Putin’s Recklessness
… What is Vladimir Putin to do? Boosting the economy would likely require reforms (opening up the energy industry to foreign investors, improving the business climate with a more reliable regulatory and legal climate) that would loosen his grip on power and at best result in a modest growth uptick — especially compared to those crazy leaps of a decade ago. So Putin has gotten his country into a scrap with Ukraine and the West that is probably depressing growth, but has also rallied the country’s people around him. And it’s unlikely to hurt the economy that much, write economists Clifford G. Gaddy and Barry W. Ickes in one of a pair of enlightening recent essays:
Security Theater “You can fool some of the people all of the time...”
Paper – TSA device flaws compromise airport security
Via FCW.com: “The cybersecurity vulnerabilities uncovered in a number of the Transportation Security Administration’s electronic security and personnel management devices are part of a growing problem for federal IT managers, according to the expert that discovered and reported the flaws. Billy Rios, director of threat intelligence at Qualys, a large security tech firm, presented a paper in early August at the Black Hat cybersecurity convention that showed electronic backdoors, hard-coded credentials and other fundamental security flaws in a number of the TSA’s detection, management and security devices.”
(Related) We must identify any security vulnerability that a moderately knowledgeable teenager could find – let alone well funded terrorist organizations. What is the alternative? Ignore open doors into secret data files? “Gentlemen do not read other gentleman's mail?” “Can't we all just get along?”
Report: British spy agency scanned for vulnerable systems in 32 countries
PCWorld via Mikael Ricknäs: “British intelligence agency GCHQ used port scanning as part of the “Hacienda” program to find vulnerable systems it and other agencies could compromise across at least 27 countries, German news site Heise Online has revealed. The use of so-called port scanning has long been a trusty tool used by hackers to find systems they can potentially access. In top-secret documents published by Heise on Friday, it is revealed that in 2009, GCHQ started using the technology against entire nations. One of the documents states that full scans of network ports of 27 countries and partial scans of another five countries had been carried out. Targets included ports using protocols such as SSH (Secure Shell) and SNMP (Simple Network Management Protocol), which are used for remote access and network administration. The results were then shared with other spy agencies in the U.S., Canada, the U.K., Australia and New Zealand. “Mailorder” is described in the documents as a secure way for them to exchange collected data. Gathering the information is only the first step, according to Heise Online. The documents also reveal “Landmark,” a program started by the Canadian spy agency CSEC to find what it calls ORBs (Operational Relay Boxes), which are used to hide the location of the attacker when it launches exploits against targets or steals data, Heise said. For example, during an exercise in February 2010, eight groups of three “network exploitation analysts” were able to find 3,000 potential ORBs, which could then potentially be used by CSEC.”
Perspective. Is Cable TV obsolete?
In a first, cable companies’ broadband subscriptions surpass TV subscriptions
A Record 300 Million Smartphones Shipped in Q2: IDC
… Shipments shot up 25.3 percent, from 240.5 million units a year ago. A major driver: the growing popularity of inexpensive smartphones that run Google's Android mobile operating system (OS).
If we no longer teach cursive, will these documents become another “lost language?”
Smithsonian Project Brings Rare Historical Documents Online for Public Access
FCW.com: “Volunteers are powering an effort by the Smithsonian Institution to create online, searchable versions of its vast collections of diaries, journals, biological specimens and other historical gems. After more than a year of testing, the project came out of beta Aug. 12, with officials inviting the public to join in the massive transcription and labeling effort. The Transcription Center attracted about 1,000 active volunteers during its testing phase, and that group has grown by more than 800 since the public launch, according to project coordinator Meghan Ferriter. Volunteers dive into a variety of projects, including transcribing texts that are often handwritten and occasionally in languages other than English. Volunteers also review submitted work before it is published.”
For my Ethical Hackers. The story of a hack – the potentials are limitless on the Internet of Things.
by Ramez Naam
[Download the PDF at: http://www.iftf.org/fileadmin/user_upload/downloads/th/4._Water_RamezNaam.pdf
For my student gamers... (Also some cheap, but not free stuff)
App Store Animated Savings: Disney, Adventure Time & Powerpuff Girls [iOS Sales]
Rollercoaster Tycoon 4 Mobile ($0.99, now free)
Love Exploring? These RPGs Are Made For You
I often think of lists like this as checklists for my students.
10 Excuses That Unproductive People Come Up With
Laughter is the best medicine.
… “Education Department Awards 40 States, D.C., and the Virgin Islands $28.4 Million in Grants to Help Low-Income Students Take Advanced Placement Tests” – so congrats to the College Board that will profit handily (wink wink) from this boost.
… Meanwhile, the Republican National Committee has denounced the the College Board for new frameworks it has issued for the AP US History exam, claiming it promotes a "radically revisionist view of American history that emphasizes negative aspects of our nation’s history while omitting or minimizing positive aspects."
… The Cape Henlopen School Board in Delaware has scrapped its summer reading list for incoming high school students. Originally the board chose to remove from the list The Miseducation of Cameron Post, a coming-of-age story about a gay teen in Montana. But when anti-censorship groups questioned that decision, the school board ditched the recommended reading list altogether. [Confirms my belief that School Boards don't understand how education works. Bob]
Friday, August 15, 2014
Still feeling lucky, Vladimer? Take my “aide” or take my tanks?
Russian aid convoy checked; military vehicles mass near Ukraine
Dozens of heavy Russian military vehicles massed on Friday near the border with Ukraine, while Ukrainian border guards crossed the frontier to inspect a huge Russian aid convoy.
Kiev has said the humanitarian aid might be used as cover for a Russian military intervention, and has insisted that its forces check the convoy before it moves across the border.
Moscow has denied any ulterior motives, but has allowed Ukrainian border guards to enter Russia and look at the caravan of trucks in an area opposite the frontier town of Izvaryne.
… The Guardian reported on Friday that its reporter had seen several APCs crossing the border with Ukraine. (bit.ly/1pbRpYg)
Asked about the report, a Ukrainian military spokesman, Oleksiy Dmytrashkivsky, said: "These movements into Ukrainian territory take place practically every day with the aim of provoking (the Ukrainian side). Last night was no exception. Some armoured vehicles came across. We are checking on the quantity and the number of people who came over."
Kiev and NATO have said they fear Russia, which they say has massed more than 40,000 troops near the border, will invade east Ukraine. Russia says it is conducting military exercises and has no plans to invade. It also denies supporting rebels in eastern Ukraine with arms and funds.
Even the government isn't that dumb, are they?
LabMD Inc. asked an administrative law judge on Thursday to sanction the Federal Trade Commission for allegedly having a “secretive relationship” with the source of a key piece of evidence in its ongoing data breach case against the company.
LabMD claims the FTC failed to authenticate a key piece of evidence received from a data security company called Tiversa Inc. and its affiliate the Privacy Institute.
Read more on Law360 (subscription required). Cause of Action has uploaded the motion for sanctions here (pdf).
Although most of my FTC v. LabMD coverage can be found on PHIprivacy.net, I’m posting this update here because it raises the issue of how the FTC goes about verifying claims of breaches. Can they or should they rely on the findings of third parties who claim to have found evidence of breaches, and if so, under what circumstances might such reliance be questionable?
I find this very hard to believe. The process to remove ex-employees should be very simple to implement. Are they actually saying they have access to corporate information or just the Google Cloud?
Bulk of Ex-Employees Retain Access to Corporate Apps: Survey
The assets of numerous organizations are at risk because their former employees continue to have access to sensitive corporate applications even after they leave the company, according to a report published Wednesday by cloud business applications provider Intermedia.
Rogue access is an issue that affects not only large enterprises, but also small and medium businesses, the 2014 SMB Rogue Access Study from Intermedia shows.
… The study shows that 45% of ex-employees continued having access to confidential or highly confidential data and, worryingly, close to half of the respondents admitted logging in to accounts after leaving the company.
… Nine of ten people retain access to the file sharing services they used at their old jobs, and 68% of users are in the habit of storing work files in personal cloud storage.
Reads more like a list of reasons you should put everything in the Cloud. (Like all the terrorists do)
Smartphone & Laptop Searches: Know Your Rights
For a few of my students...
How To Choose The Right Crowdfunding Site
… If you think you have the next great thing in your head, and you’re dying to make it a reality, check out this flowchart and get the funds you need!
For all of my students.
Great Google Search Strategies Every Student Can Use - Infographic
A couple of years ago I published 10 Google Search Tips All Students Can Use. In that post I included a small PDF to distribute to students. The folks at Canva.com took a look at the post and turned it into a slick infographic for me. You can view the infographic below. Click here to download it from Box.com where I have it hosted.
Canva is a nice tool for creating infographics, slides, and posters. I featured it in a workshop in June. In this post teachers in that workshop shared their ideas about it using Canva and similar tools in school.
Thursday, August 14, 2014
If I was running one of these companies, I would have my own team rummaging through my network before something evil happens.
Chris Strom reports:
Companies that do business with the Defense Department are bracing for new U.S. rules requiring them to report computer breaches to the Pentagon and give the government access to their networks to analyze the attacks.
Groups representing the contractors are raising concern about the Pentagon rooting around their data, and say smaller companies may not even have the cybersecurity protections needed to comply. [How would they qualify for a contract in the first place? Bob] A report that was to be released today on the rules has been pushed back until Sept. 24, according to a person familiar with the matter who isn’t authorized to speak publicly.
Read more on Bloomberg.
Sounds like a fire alarm to me. Does not care about individual messages, looks at traffic flows. Like looking at cars, not drivers.
Snowden Blows NSA's MonsterMind
The United States National Security Agency is working on a new program codenamed "MonsterMind" that will automate the monitoring of traffic patterns on the Internet to look for attacks, NSA whistleblower Edward Snowden told Wired.
When it detects an attack, MonsterMind will automatically block it from entering the U.S. cyberinfrastructure.
It also will automatically fire back at the server from which the attack was launched. [Like turning on a sprinkler? Bob]
… MonsterMind will require the NSA to access just about all electronic communications coming into the U.S. from abroad, which violates our Fourth Amendment rights, he pointed out.
Because not everyone has just one device? More likely, those NSA stories struck a chord.
Sarah Frier reports:
Facebook Inc. (FB) will let advertisers know where a promotion was first viewed [Meaning they will be tracking you even before you connect to Facebook, and probably even if you never do. Bob] and when it led to a purchase by tracking users between their electronic devices, a tool that may reignite privacy concerns.
Marketers will be able to see the number of users that clicked on an ad, whether they used a smartphone, tablet or desktop computer, and which device was used to buy a product, Menlo Park, California-based Facebook said in a blog post today.
Read more on Bloomberg News.
I doubt this is true, but it is food for thought. Worth a read.
Why It's Now Impossible to Control Information
Information is power. That maxim has always been true.
But in the past five years, social media has completely changed who can control information. For business and IT managers, it's vital to understand this new reality. Sadly, most companies don't grapple with how things have changed, and they continue to operate under outmoded assumptions.
The following three truths, illustrated by recent stories in the news, make this new reality concrete.
1. Every individual is a newspaper.
2. Anything can end up in the court of public opinion.
3. Twitter is the world's most important medium.
Further food for thought, but extend this to the music industry and we have a blueprint for a killer competitor.
E-Commerce Is Not Eating Retail
The recent headlines about retailing are nothing if not provocative. “Shoppers Are Fleeing Physical Stores.” “The Great Mall Exodus.” “Macy’s Confronts the Crisis of the American Mall.” They seem to bolster Marc Andreessen’s prediction that by the end of this decade “retail guys are going to go out of business and e-commerce will become the place everyone buys.”
Regrettably, the scary articles completely miss the real story. And panicked retailers who get confused about what’s really happening will head off in dangerous directions.
… The current hyperbole also misses the mark in other important ways:
About half of those e-commerce sales are actually going to retailers with physical stores. Brick and mortar retailers still control between 94% and 97% of total retail sales. Several large store-based retailers (including Apple and Macy’s are growing their e-commerce sales even faster than Amazon.
… In most industries, digital technologies are transforming physical businesses rather than annihilating them. Indeed, the fusion of digital and physical innovations—we call them “digical”—creates opportunities that most businesses have barely begun to tap. A digical experience is what consumers want and have come to expect. A digical strategy, when well executed, almost always outperforms competitors and turbocharges profitable growth. Retailers may be on the front line of these changes, but no company can afford to ignore them.
I've been asking my students this question. Causes some interesting debates.
If a Self-Driving Car Gets in an Accident, Who—or What—Is Liable?
On first contact with the idea that robots should be extended legal personhood, it sounds crazy.
Robots aren't people!
And that is true.
But the concept of legal personhood is less about what is or is not a flesh-and-blood person and who/what is or is not able to be hauled into court.
And if we want to have robots do more things for us, like drive us around or deliver us things, we might need to assign them a role in the law, says lawyer John Frank Weaver, author of the book Robots Are People, Too, in a post at Slate.
… Here's the problem: If we don't define robots as entities with certain legal rights and obligations, we will have a very difficult time using them effectively. And the tool that we have for assigning those things is legal personhood.
… Right now, companies like Google, which operate self-driving cars, are in a funny place. Let's say Google were to sell a self-driving car to you. And then it got into an accident. Who should be responsible for the damages—you or Google? The algorithm that drives the car, not to mention the sensors and all the control systems, are Google's products. Even the company's own people have argued that tickets should not be given to any occupant of the car, but to Google itself.
But in a real world situation, a self-driving car might require particular kinds of maintenance or to be operated only in certain zones. So, it could be that the software was not responsible, but the owner is.
… But as Wendy Kaminer warned on our site, limiting personhood to "natural people" would have a host of unintended consequences. That is to say, pulling personhood back may be impossible, so instead, the most sensible thing may be to keep extending it... to robots.
This will (probably not) interest my Math students.
Stanford professor is first woman to win the 'Nobel' for math
A Stanford mathematician has won the coveted 2014 Fields Medal for her original work understanding the mathematical symmetry of curved surfaces and saddle-shaped spaces.
Maryam Mirzakhani is the first woman ever to win what scientists around the world call the "Nobel Prize for mathematics." She is the second person from Stanford to win the award.
Mirzakhani, who was born in Iran, has been professor of mathematics at Stanford since 2008. She received her award Wednesday at the International Congress of Mathematicians in Seoul.
For my App writing students.
– is a crawler which extracts coding patterns from a vast number of Android apps. Search or browse to get the best example code from over 7 million sources, including GitHub, Google Code, and StackOverflow. To help obtain broader and deeper knowledge, Codota shows the corresponding tutorials and forum threads right next to the code snippet.
For the student Gaming Club
6 Of The Hardest, Most Unforgiving Strategy Games Ever
For my students who read...
Project Gutenberg offers 46,483 free ebooks to download
by Sabrina I. Pacifici on Aug 13, 2014
“Project Gutenberg offers over 45,000 free ebooks: choose among free epub books, free kindle books, download them or read them online. We carry high quality ebooks: All our ebooks were previously published by bona fide publishers. We digitized and diligently proofread them with the help of thousands of volunteers. No fee or registration is required, but if you find Project Gutenberg useful, we kindly ask you to donate a small amount so we can buy and digitize more books. Other ways to help include digitizing more books, recording audio books, or reporting errors. Over 100,000 free ebooks are available through our Partners, Affiliates and Resources.
- Outernet Goes Live - Outernet is launched on August 11 2014. Outernet broadcasts Project Gutenberg and other free content via satellite. This effort is intended to help boost worldwide literacy and access to information, while bypassing impediments such as censorship and fees for access. Project Gutenberg is proud to be a launch partner for Outernet.
- Bookshelves - In mid-2014, Project Gutenberg volunteers undertook a significant revitalization of our bookshelves. These are groupings of eBooks on particular topics, or in particular genres, or otherwise having something in common. This can be a great way to discover books you were unaware of, and it is also an efficient way of finding some of the collection of particular interest. Visit bookshelves to see for yourself!”
Something for “Ye Olde PowerPoint Presentation?”
Highlights from Folger Shakespeare Library’s Release of almost 80,000 Images
by Sabrina I. Pacifici on Aug 13, 2014
“Folger Shakespeare Library announced yesterday (12th August 2014), that they have released the contents of their Digital Image Collection under a Creative Commons Share-Alike (CC-BY-SA) license – basically meaning that the images are free to re-use for any purpose as long as you credit the Folger Shakespeare Library as the source and share under a similar license. This is a huge injection of some wonderful material into the open digital commons. Of course, there is plenty of brilliant Bard related content, but also many other gems from the history of theatre…here you will find our highlights.”
[The Library: http://luna.folger.edu/luna/servlet/FOLGERCM1~6~6
Not the Internet, they talking about the WWW. Big difference. Still, a cute timeline.
25 Years Of Glorious Internet
In celebration of the Internet’s 25th birthday, Onyx created an interactive website highlighting some Internet and technology favourites.
Moving beyond the car radio.
NPR One Brings The Best Of US Public Broadcasting To iOS & Android
NPR One, the latest free app available on iTunes and Android. Read on to find out what makes this app awesome.
Wednesday, August 13, 2014
If not CyberWar, at least CyberBlackOps?
China Launching 'Severe' Cyber Attacks on Taiwan: Minister
Taiwan's science and technology minister said Wednesday that China is launching frequent cyber attacks on the island despite warming ties between the two former rivals.
"The Chinese cyberwar units have been engaging with Taiwan units almost every day, with some severe attacks every few months," Simon Chang said during an interview with the UFO radio network.
"Many of the attacks were aimed at stealing relevant information for use in negotiations with Taiwan," he said.
… In June 2010 Taiwan and China signed the landmark Economic Cooperation Framework Agreement, a pact widely characterized as the boldest step yet towards reconciliation.
Yet Beijing has still refused to renounce its use of force against the island, which it regards as part of its territory even though Taiwan has ruled itself for more than six decades since their split in 1949 at the end of a civil war.
Never rely on any one device or procedure to provide adequate security.
Wang Wei writes:
The ultra secure NSA-Proof Blackphone titled as, “world’s first Smartphone which places privacy and control directly in the hands of its users,” has been rooted within 5 minutes at the BlackHat security conference in Las Vegas this weekend.
Read more on The Hacker News.
Probably not wise to rely on your bank's security.
Tenn. Firm Sues Bank Over $327K Cyberheist
In May, 2012, Kingsport, Tenn.-based Tennessee Electric Company Inc. (now TEC Industrial) was the target of a corporate account takeover that saw cyber thieves use a network of more than four dozen money mules to siphon $327,804 out of the company’s accounts at TriSummit Bank.
TriSummit was able to claw back roughly $135,000 of those unauthorized transfers, leaving Tennessee Electric with a loss of $192,656. Earlier this month, the company sued TriSummit in state court, alleging negligence, breach of contract, gross negligence and fraudulent concealment.
Both companies declined to comment for this story. But as TriSummit’s complaint (PDF) notes (albeit by misspelling my name), I called Tennessee Electric on May 10, 2012 to alert the company about a possible cyberheist targeting its accounts. I’d contacted the company after speaking with a money mule who’d acknowledged receiving thousands of dollars pulled from the firm’s accounts at TriSummit.
… Consumers who bank online are protected by Regulation E, which dramatically limits the liability for consumers who lose money from unauthorized account activity online (provided the victim notifies their financial institution of the fraudulent activity within 60 days of receiving a disputed account statement).
Businesses, however, do not enjoy such protections. States across the country have adopted the Uniform Commercial Code (UCC), which holds that a payment order received by the [bank] is “effective as the order of the customer, whether or not authorized, if the security procedure is a commercially reasonable method of providing security against unauthorized payment orders, and the bank proves that it accepted the payment order in good faith and in compliance with the security procedure and any written agreement or instruction of the customer restricting acceptance of payment orders issued in the name of the customer.”
Everyone seems to be noticing the Internet of Things.
Businesses Warming to IoT Sensors: PwC
Twenty percent of the businesses polled by PricewaterhouseCoopers (PwC) for its 6th Annual Digital IQ study said that they were investing in sensors this year, a 3 percent gain from last year.
… Gartner forecasts that by 2020, data from 26 billion devices will pour into the Internet of Things. And those devices will have a big effect on IT departments.
(Related) Good definition, interesting infographic.
The Internet of Things for Cars: What Will it Mean for Insurance?
… Forbes has a graceful definition of the Internet of Things: “Simply put this is the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other). This includes everything from cell phones, coffee makers, washing machines, headphones, lamps, wearable devices and almost anything else you can think of. This also applies to components of machines, for example a jet engine of an airplane or the drill of an oil rig. As I mentioned, if it has an on and off switch then chances are it can be a part of the IoT.”
Check out this infographic from Cisco: http://i2.wp.com/quoted.thezebra.com/wp-content/uploads/2014/08/Internet_of_Things_Infographic.jpg
Useful guidelines for anyone.
U.S. Digital Services Playbook
by Sabrina I. Pacifici on Aug 12, 2014
“The American people expect to interact with government through digital channels such as websites, email, and mobile applications. By building better digital services that meet the needs of the people that use our services, we can make the delivery of our policy and programs more effective. Today, too many of our digital services projects do not work well, are delivered late, or are over budget. To increase the success rate of these projects, the U.S. Government needs a new approach. We created a playbook of 13 key “plays” drawn from successful best practices from the private sector and government that, if followed together, will help government build effective digital services.”
It has been a while since I commented on satellite resolution. I still think military satellites are an order of magnitude better.
Elyse Wanshel reports:
Google will soon have an unprecedented ability to spy on you from space. Theoretically, at least. How?
Two months ago, after much lobbying by the biggest satellite company in North America, DigitalGlobe, the US government relaxed restrictions to allow for commercially available satellite imagery up to 25 cm resolution—twice as detailed as the previous limit of 50 cm.
Now, the first commercial satellite set to capture these high-res images, DigitalGlobe’s Worldview-3, will launch this Wednesday. Six months after that, private businesses willing to fork over the money will be able to get their hands on hyper-detailed photos and videos of the globe.
Read more on Motherboard.
A security/surveillance App for my students?
Learn More About Your Date Before It’s Too Late
When you’re dating online, do you really know anything about your date before you meet them? You need to know your date before it’s too late.
Do you know what tools you can use to vet your date in advance? Well, here’s a couple you can try – and the one for Facebook is especially useful.
Why Does This Exist?
The creators of these apps were incensed by rape culture and the silence that surrounds it. After reading studies such as Lisak and Miller’s “Repeat Rape and Multiple Offending Among Undetected Rapists”, 2002, they noted that many rapists are repeat offenders, probably because they don’t even realise that their acts fit the profile. The creators also realised that through social media and a bit of coding we actually have the tools at hand to do something about it.
The creators began by building a predator alert tool for OkCupid, then expanded to creating tools for other social networks.
(Related) Perhaps my Ethical Hackers could come up with a free version?
How to Spy on Your Kid’s iPhone or Android Text Messages
Child safety website TeenSafe has launched a new version of their app, which not only lets you view your child’s Facebook and Instagram activity, but also lets you read the text messages they send and receive on their Android or iPhone.
Better still, you can even read text messages that have been DELETED on the phone!
An App for my wife, the “power shopper.”
– is a new service from Savings.com that instantly compares Amazon product prices to prices around the web and ensures that you are getting the best deal. All you have to do is copy the URL of the product page you are viewing on Amazon and paste it into the PriceJump website search box. PriceJump will do all the hard work of scouring thousands of sites for you.
A bunch of Apps for my students to consider.
The Best Apps for your Android
Perhaps my students will develop a true solution? Because I don't agree with their premise. There is no technology that “solves” or even disrupts education just like there is no single solution for “business.” There is alot of very useful tech – just ask the students.
Why Tech Still Hasn't Solved Education's Problems
… Paul Franz taught in Hawaii before, in 2011, researching ed tech as a doctoral candidate at Stanford. He’s now a language arts teacher in California. On his Twitter feed Sunday, he gave some reasons why the ed tech buzz seems to have simply disappeared. They mirror my own sentiment, that education is a uniquely difficult challenge, both technically and socially, and that its difficulty confounds attempts to “disrupt” it.
Tuesday, August 12, 2014
For my Ethical Hackers.
Kashmir Hill reports:
A few years back, Thomas ‘T.K.’ Kinsey was having a late, inebriated night in downtown Redlands, a far-flung suburb of Los Angeles. He started climbing a fountain, making the kind of bad decision a late-night carouser makes. Suddenly, he heard a voice coming from above telling him to stop. It wasn’t a good angel on his shoulder; it was a member of the police department speaking to him through a speaker in a city surveillance camera. Redlands has over 140 surveillance cameras around the 70,000-person town that have helped the police spot and stop drunk drivers, brawlers, vandals, and people illegally smoking in parks, according to a case study on the site of Leverage Information Systems, the company that provided the camera system. After his encounter being watched by the cameras, Kinsey, a security engineer, decided to gaze back at the system. He and Dustin Hoffman, his boss at IT firm Exigent Systems, discovered that the police were not the only ones who could peer through the eyes of the city’s cameras.
Read more on Forbes.
I suspect this is more common than you might think. I used to send a report each month to managers, listing their employees who had login credentials (and the systems they were authorized to access).
Today’s reminder is from a breach I came across in reviewing records obtained in response to a Freedom of Information Act request I filed.
American Medical Response is a billing/collections agency. In the course of business, they routinely access a database maintained by Acxiom Insight.
Apparently, login credentials of an inactive employee were never properly terminated as there was access to the database between April 2009 and March 2010. AMR did not know about it, however, until Acxiom Insight first contacted them on August 31, 2011 to alert them. All told, 944 people had their files accessed. The files contained their names, addresses, phone numbers, and Social Security numbers.
Affected consumers were notified on January 12, 2012, but were not offered any free credit monitoring services. It’s not clear why Acxiom first detected the problem more than one year after it stopped occurring.
The breach was reported to NYS in January 2012, but doesn’t seem to have appeared in the media at the time.
This will become a highly competitive and highly (hacker) targeted area.
Exclusive: Apple prepares Healthkit rollout amid tangled regulatory web
Apple Inc has been discussing how its "HealthKit" service will work with health providers at Mount Sinai, the Cleveland Clinic and Johns Hopkins as well as with Allscripts, a competitor to electronic health records provider Epic Systems, people familiar with the discussions said.
While the talks may not amount to anything concrete, they underscore how Apple is intent on making health data, such as blood pressure, pulse and weight, available for consumers and health providers to view in one place.
Currently, this data is being collected by thousands of third-party health care software applications and medical devices, but it isn't centrally stored. Apple also hopes physicians will use this data to better monitor patients between visits – with the patient's consent — so the doctors can make better diagnostic and treatment decisions.
(Related) For my Statistics students.
Own your body's data
The new breed of high-tech self-monitors (measuring heartrate, sleep, steps per day) might seem targeted at competitive athletes. But Talithia Williams, a statistician, makes a compelling case that all of us should be measuring and recording simple data about our bodies every day — because our own data can reveal much more than even our doctors may know.
Another interesting area for Privacy.
The Promises and Dangers of Ambient Intelligence in Your Life
… Ambient Intelligence (stylized as AmI) is a new way of thinking about human-computer interactions, characterized by embedded devices, wearables, and passive adaptation of technology to your needs. The goal of AmI is for technology to maximize its usefulness while minimizing its footprint on your attention. In other words, AmI tries to be invisible, pulling data from the environment to make intelligent, helpful decisions for you, without you ever having to ask.
This new paradigm is obviously powerful, but it also comes with its own risks and challenges. As the devices in your world come to know your life in more detail, they also come to know your life in more detail.
What Ambient Intelligence Can Do
AmI is the intersection of two important trends. The first is the so-called “Internet of things” – networked devices like Wifi-enabled lightbulbs, Internet radios, smart homes, smart appliances, and wearable technology that make it easy to present data to the user in a variety of ways.
The second is big data analytics and increasingly powerful artificial intelligence tools, which can absorb the flood of data from all of those sensors and devices and turn it into useful insight that can be used to drive helpful behavior without human intervention.
Perspective. Meanwhile, back in the “end user” world, we're lucky to see speeds in the double digit megabyte range... 60,000 times slower.
Google helps build 'Faster' cable under Pacific Ocean
The cable, dubbed Faster, will connect the US with Japan and cost about $300m (£179m; 225m euros), the consortium said.
The trans-Pacific fibre cable would deliver speeds of 60 terabytes per second - enough to send more than 2,000 uncompressed HD films a second.
For my researching students.
Guide to International Research Resources
by Sabrina I. Pacifici on Aug 11, 2014
“This guide is intended as a repository of resources specifically for research using materials produced and collected in other countries. The main resources included here are links to national libraries, national bibliographies and union catalogs. Additional regional resources have been included where appropriate. Navigation can be done through the tabs at the top or the table of contents to the left. Resources are divided geographically. On each continental main page there are maps indicating what countries are included in the regional subsections. If there are additional resources that you think should be added or if you find a broken link please send a comment on the feedback tab.” [Jennifer Dinalo]
For my Computer Science students (who probably already know this stuff).
11 Shortcuts For Learning Linux In Record Time
Monday, August 11, 2014
It sounds trivial, but ask yourself what other laws, rules, regulations or procedures they don't bother following.
Kevin Cirilli reports:
An internal government report obtained by The Hill says the Securities and Exchange Commission has failed to properly guard sensitive nonpublic information. [READ INSPECTOR GENERAL REPORT.]
The report from the SEC’s Inspector General says the agency failed to clear the room during non-public executive session votes of the five-member board.
It also found that officials didn’t keep complete attendance records during at least one high-profile meeting involving a J.P. Morgan settlement worth $200 million.
The 16-page Office of the Inspector General (OIG) report didn’t blame an individual for leaking information, but it raised questions about how the agency conducts routine business.
Read more on The Hill.
Preparing For Your First Board Meeting? Security Now #1 Topic
Corporate Board Member and FTI Consulting recently conducted a study involving more than 500 directors and general counsel. Among the many interesting findings was a significant rise in concerns related to IT and cyber risk.
When asked, “What keeps you up at night?” directors placed data security at the top of their list. Corporate reputation and crisis preparedness were tied for fifth. General counsel had data security at number two behind regulatory compliance, followed by corporate reputation and crisis preparedness as number three and four respectively.
The pendulum of the law swings again.
Orin Kerr writes:
Back in March, I had a long post titled “A remarkable new opinion on search warrants for online accounts — and why I think it’s wrong.” My post addressed an opinion by Magistrate Judge John Facciola that had rejected the common practice of executing e-mail warrants in two steps. Under the two-step process, the provider gives the government the entire contents of the account. Next, investigators search through the account for the specific evidence sought by the warrant. Facciola ruled that this procedure was “repugnant to the Fourth Amendment.” According to Facciola, the better approach — and perhaps the constitutionally mandated approach — is to have the service provider execute the warrant for the government and then send on the responsive files to investigators.
On Friday, Chief Judge Roberts reversed Magistrate Judge Facciola.
Read more on WaPo The Volokh Conspiracy.
How it should be done?
Failing Expectations: Fourth Amendment Doctrine in the Era of Total Surveillance
by Sabrina I. Pacifici on Aug 10, 2014
Sylvain, Olivier, Failing Expectations: Fourth Amendment Doctrine in the Era of Total Surveillance (July 28, 2014). 49 Wake Forest Law Review 485. Available for download at SSRN: http://ssrn.com/abstract=2473101
“Today’s reasonable expectation test and the third-party doctrine have little to nothing to offer by way of privacy protection if users today are at least conflicted about whether transactional noncontent data should be shared with third parties, including law enforcement officials. This uncertainty about how to define public expectation as a descriptive matter has compelled courts to defer to legislatures to find out what public expectation ought to be more as a matter of prudence than doctrine. Courts and others presume that legislatures are far better than courts at defining public expectations about emergent technologies. This Essay argues that the reasonable expectation standard is particularly flawed if it has the effect of encouraging judges to seek guidance from legislatures on constitutional norms and principles. Judicial review is the vital antimajoritarian check against excessive government intrusions on individual liberty under our constitutional scheme. This is a responsibility that courts cannot pass off to the political branches when, as is the case today, most people expect that the cost of network connection is total surveillance. It is beyond irony that, today, courts consult public expectation to determine private entitlements. This Essays argues that court-administered privacy law doctrine must change if the protection against “unreasonable searches and seizures” is to have any positive legal meaning. The current court-created doctrine will not be able to keep up if it compels judges to measure public expectation. It is time for courts to reassert their positive duty to say what privacy law is.”