Saturday, October 25, 2014

At some point, someone needs to be the “Bad Example.”
Back in 2013, I blogged about a breach involving TerraCom and YourTel. Their breach response was so poor that I devoted two posts to criticizing them. But as bad as the breach and their response were, things got even worse when Scripps News kept investigating and uncovered more problems. It was no surprise, therefore, to learn that the Indiana Attorney General was investigating.
What is a surprise, however, is an announcement today by FCC that they intend to fine TerraCom and YourTel $10 million:

They probably got my brother...
On July 30, 2014, Delaware River and Bay Authority (“the Authority”) was notified [“Someone had to tell us” Bob] of a possible security compromise involving credit and debit card data stored on certain systems at the Cape May-Lewes Ferry‘s terminals and vessels. An investigation into this incident was immediately initiated and our team, including third-party forensics experts, has been working continuously to understand the nature and scope of the incident. Although this investigation is ongoing, we have determined that the security of card processing systems relating to food, beverage, and retail sales at the Cape May – Lewes Ferry were compromised and some data from certain credit and debit cards that were used from September 20, 2013 to August 7, 2014 at Cape May – Lewes Ferry’s terminals and vessels may be at risk.
… “Despite any company’s best efforts, intrusions can occur. [True as stated. But that's like saying, “It's the best we can do.” Not, “It's the best thing to do.” Bob] With the help of professional experts, we want to understand the nature and scope of this incident so we can learn from it.” The Authority is also working with these experts to enhance the security of its credit and debit card processing systems at the Cape May-Lewes Ferry’s terminals and vessels. Gehrke emphasized that the food, beverage, and retail locations at the Cape May – Lewes’s terminals and vessels have been processing credit and debit card transactions securely since August 8, 2014. [“We have fixed our lousy security.” Bob] Gehrke also stressed that only food, beverage, and retail sales locations were affected by the security compromise. The Cape May – Lewes Ferry reservation system, including on-line bookings and terminal point-of-sale locations, utilized for the purchase of vehicle or passenger tickets was not compromised.
… An update on the Cape May – Lewes Ferry web site states:
The credit and debit card data potentially at risk includes the card number, the cardholder’s name and/or the card’s expiration date. We have not determined that any specific cardholder’s credit or debit card data was stolen by the intruder. [“We didn't know we were breached, we have no idea what was taken...” Typocal. Bob] We’re offering free identity protection services, including credit monitoring, to any customer who has purchased food, beverages or retail items at the Cape May – Lewes Ferry from September 2013 through August 2014.

For my Ethical Hackers. Halloween is coming. What do you think of a nation-wide zombie alert? (They had to send this alert, right? If an alert message comes in, what would tell them it is false?)
Bogus federal agency emergency warnings irk AT&T U-verse subscribers
… Red banners lined the television screens of viewers in the affected areas, falsely alerting them an important message was inbound. U-verse is AT&T's fiber optic service.
"A Federal Emergency Management Agency (FEMA) investigation indicates that a nationally syndicated radio show not affiliated with AT&T accidentally sent a message over the National Emergency Alert System," stated an AT&T spokeswoman.

A scam by any other name would still stink. I had worked out the rough outlines of a Computer Leasing company once, but with the proliferation of hand-held devices (phones, tablets, etc.) I kind of lost interest. Perhaps it is time to re-visit this market?
Court shuts down alleged PC tech support scam
A court has shut down a New York tech support vendor after the U.S. Federal Trade Commission accused the company of scamming computer users into paying hundreds of dollars for services they did not need.
The FTC's complaint against Pairsys, based in Albany, New York, also alleged that the company charged customers for software that was otherwise available for free.
Pairsys cold-called computer users in the U.S. and other countries, claiming to be representatives of Microsoft or Facebook, and convinced them to allow the company's workers to gain remote control over the customers' PCs as a way to diagnose computer problems, the FTC said.
Pairsys charged computer owners US$149 to $249 to fix nonexistent problems on their PCs, the FTC alleged.

I prefer Calibre, but the local library makes it easier to use Adobe DE to download eBooks.
Adobe Updates Digital Editions Following Privacy Controversy
In response to accusations that it's spying on users of the e-book reader application Adobe Digital Editions, Adobe Systems has released a new version of the software that addresses some of the reported issues.
Earlier this month, reports surfaced about Adobe collecting information from Digital Editions 4.0 users, including the books they read and the ones stored in their library. Researchers also noticed that all the data was sent back to Adobe's servers without being encrypted.
Adobe Digital Editions allows users to view and manage eBooks and other digital publications across their preferred reading devices—whether they purchase or borrow them. All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers," Adobe said at the time.
Adobe maintains its position that the data collected by the e-book reader software has been in line with the end user license agreement and the company's privacy policy. However, the company wants to be more explicit about its practices so it has added a dedicated page to the Adobe Privacy Policy where it details the collection and use of data.
On the other hand, many experts and users say there still are some questions related to Adobe's data collection practices that remain unanswered.

For my Ethical Hackers. Half for you, half for your professor...
Apple Pay glitch: Nearly 1,000 Bank of America debit transactions mistakenly duplicated
As a result of an apparent glitch in Apple's newly-launched Apple Pay mobile payment system, the debit transactions of nearly 1,000 customers of Bank of America were mistakenly duplicated on the system.
A source familiar with the glitch has revealed on the condition of anonymity that the Apple Pay malfunction was seemingly rooted in a processing error which occurred between Bank of America and at least one payment network. The source also said that the glitch was fixed on Wednesday.

It is an interesting question, but is repeating the failures of inBloom the best way to answer it?
Benjamin Herold reports:
A coalition of prominent research universities is receiving federal support to redesign and scale up a massive repository for storing, sharing, and analyzing learning and behavioral data that students generate when using digital instructional tools, demonstrating the continued faith that many personalized-learning proponents have in the power of “big data” to transform schooling.
But the project, which is dubbed “LearnSphere” and in some respects echoes the ill-fated attempt by controversial nonprofit inBloom to facilitate the collection and sharing of large amounts of educational information, also raises raising new questions in the highly charged debate over student-data privacy.
Read more on Government Technology.
[From the article:
  • Chat-window dialogue sent by students participating in some online courses and tutoring programs;
  • Potentially, "affect" and biometric data, including information generated from classroom observations, computerized analysis of students' posture, and sensors placed on students' skin, in order to track measures such as student engagement.
[Can this data be “anonymized?” Bob]

Eventually, there will be a resolution.
Cindy Cohn and Andrew Crocker write:
Today EFF filed our latest brief in Jewel v. NSA, our longstanding case on behalf of AT&T customers aimed at ending the NSA’s dragnet surveillance of millions of ordinary Americans’ communications. The brief specifically argues that the Fourth Amendment is violated when the government taps into the Internet backbone at places like the AT&T facility on Folsom Street in San Francisco.
Read more on EFF.

Some interesting insights.
The Internet of Things Will Change Your Company, Not Just Your Products
Product management. Successful IoT plays require more than simply adding connectivity to a product and charging for service — something many companies don’t immediately understand. Building an IoT offering requires design thinking from the get-go. Specifically, it requires reimagining the business you are in, empathizing with your target customers and their challenges, and creatively determining how to most effectively solve their problems.
Finance. Finance teams, which are not known for their flexibility to begin with, often have trouble changing their traditional planning, budgeting, and forecasting processes to accommodate radically new IoT business models. I saw this when traditional manufacturers tried to build internet intelligence into products like refrigerators, office products, and health management devices. The finance departments of these companies struggled to account in the same set of books for both one-time revenues for product sales and the recurring subscription revenues for IoT-related services.
Operations. When product-based companies add services and connectivity, operational requirements increase. The resulting challenges may include new contract-manufacturing relationships, which can be a complicated and disorienting process for the uninitiated.
Sales. In IoT businesses, sales departments often struggle to determine how to best take a combined product and service to market.
Human resources. HR has the job of developing the human capabilities needed to capture the IoT opportunity. These may involve new areas for the company (e.g., telemetry, communications and connectivity protocols, electrical hardware engineering). Building them can be an especially daunting task when the business itself is unsure of what capabilities are required.
Engineering. It is rare for a single company to have all the required engineering capabilities under one roof. Consider the breadth and scope that may involve communications and connectivity technologies (telemetry, WiFi, Bluetooth, Zigbee), electrical hardware engineering (sensor technologies, chips, firmware, etc.), and design and user experience. Developing these engineering skills is one big challenge; integrating them into a functional, integrated engineering effort is another.

Interesting. Apparently ignorance is not bliss, it is fear!
The Chapman University Survey on American Fears
“Chapman University has initiated a nationwide poll on what strikes fear in Americans. The Chapman University Survey on American Fears included 1,500 participants from across the nation and all walks of life. The research team leading this effort pared the information down into four basic categories: personal fears, crime, natural disasters and fear factors. According to the Chapman poll, the number one fear in America today is walking alone at night.”

Okay, this is a bit depressing. I know I haven't seen them in a while, but are you telling me ALL the dinosaurs are gone?
Your Life On Earth - How the World Has Changed In Your Lifetime
Your Life On Earth is a feature of the BBC's Earth website. Your Life On Earth shows you how the world has changed during your lifetime. Enter your birthdate and Your Life On Earth will show you things like how much the world's population has grown, how many new species have been discovered, and how many earthquakes and volcanic eruptions have occurred since you were born.

For the library.
A Handy Sheet of Google Search Modifiers
Back in August I shared an infographic featuring search strategies that every student can use. Yesterday, Vicki Davis posted a great companion to that infographic. Vicki shared this Google Search Modifiers Poster (link opens a PDF). Many of the modifiers featured in the poster can also be used by opening the advanced search menu in Google and making search choices.
The infographic and the search modifiers poster together make a good set of reminders for students. Print them out and post them in your library, computer lab, or classroom.

For my Data Science students.
Open Data Hub of the European Union
“This portal is about transparency, open government and innovation. The Open Data Portal will provide access to open public data from the European Union. It will also provide access to data of other Union institutions, bodies, offices and agencies at their request. The published data will be downloadable by everyone interested to facilitate reuse, linking and the creation of innovative services. Moreover, this Data Portal will promote and build literacy around Europe’s data. The data publishers, application developers and the general public will be able to use new functionalities enabled by the semantic technologies.”

An Android Camera App.
– automatically detects and analyzes faces, scenes, objects and lines and guides you to the perfect frame in every click. Camera51 invites you to start taking photos like a professional. It uses photography principles used by professional photographers and artists and applies this vast knowledge in a fun and simple interface.

My students may resist this, but perhaps I can use these ideas when I tutor.
Want To Become An Expert At Something? Try Deliberate Practice
It’s all too easy to feel crestfallen when you’re arduously trying to improve a certain skill (say, learning a new programming language), yet seem to be fighting (and losing) an uphill battle. In cases like these, it may be high time to try your hand at some deliberate practice to get you over that infuriating plateau.
… But hold on…there is another way! All it takes is one hour of deliberate practice each day. Allow me to explain.

Time for humor.
LAUSD’s new superintendent Ramon Cortines says that construction bonds shouldn’t pay for iPads and Pearson curriculum. Currently, construction bonds are paying for the district’s iPads and Pearson curriculum. So the LAUSD iPad saga continues…
Via Tressie McMillan Cottom: the top degree-granting institutions for African Americans. Take a guess at what they are. Then read Tressie’s article and analysis. [Not what I guessed. Bob]
… Researchers from the Stanford Center on Longevity and the Berlin Max Planck Institute for Human Development issued a statement this week about the promises made by “brain training” companies: “To date, there is little evidence that playing brain games improves underlying broad cognitive abilities, or that it enables one to better navigate a complex realm of everyday life.” (Hello ed-tech: please keep this in mind the next time you see someone drop the phrase “brain based” into their blog posts or webinars.) Meanwhile, “Research shows Portal 2 is better for you than ‘Brain training’ software.”
… “The Impact of Open Textbooks on Secondary Science Learning Outcomes.” From the abstract: “Although the effect size of the gains were relatively small, and not consistent across all textbooks, the finding that open textbooks can be as effective or even slightly more effective than their traditional counterparts has important considerations in terms of school district policy in a climate of finite educational funding.” [Part of my reasoning for having students create their own textbooks. Bob]

Friday, October 24, 2014

An update on the “Facebook is evil” company.
Ello Raises $5.5 M for Social Network, Promises No Ads or Selling User Data
Ello Pbc., an ad-free social network that pledged to never sell user data, has made its philosophy binding and secured funding from investors who agree with its approach to make money other ways.
Ello filed to be a public benefit corporation, a designation that bakes specific operating principles and guidelines into the company’s legal charter. In the startup world–where companies often change core parts of their operations every month or so–the move to cement the promise is an unusual one, but not without precedent.
… Founded in March and launched in August, Ello captured significant attention and early buzz from people concerned about their privacy and the amount of advertising on Facebook, Tmblr and other social networks. Ello said it grew from having 90 users when it launched to a current pace of receiving between 20,000 to 45,000 requests per hour from people wanting to join the network.

For my Computer Security students.
Microsoft: 40% of Americans experience regular fraud attacks, 73% take steps to protect their phones
A Microsoft survey has revealed that 40% of Americans experience weekly or daily fraudulent attempts to access their personal computers and valuable data. Let that sink in.
Breaking that statistic further reveals that by device, 40% of Americans reporting online attacks on their PCs, 18% via their phone, 28% via landline telephones, and 22% via tablets. These attacks are weekly, or up to daily.
… If you want to read the full details of the survey, including the major types of scams, which ones most people are worried about, which type of scams are getting more popular, and how to start protecting yourself from identity theft, go here.
[The Powerpoint slides: new Microsoft survey

Eye catching, but not really surprising.
There are now more phones than people, and each is checked 1,500/week
… GSMA intelligence reports that there are more mobile devices than there are people in the world -- and the world population is 7.125 billion as of 2013.
[Look at their home page:

Tecmark Survey Finds Average User Picks up their Smartphone 221 Times a Day!
… We polled 2,000 smartphone users in the UK (55.2% female and 44.8% male). We asked them 22 different questions about their smartphone usage.
Download the raw data (which includes gender and regional breakdowns as well).

Amusing review of amusing Apps – prepare to be amused.
David Pogue for CTU Presents