Saturday, December 06, 2014
This article quotes a couple of emails from GOP. I think North Korea has better translators than whoever wrote these emails.
Hackers Target Sony Again With Email To Staff Threatening Their Families
Sony staffers, reeling from a devastating hacking scandal, have received threatening emails from self-alleged hackers called the "Guardians of Peace" or GOP, reports USA Today.
Those emails allegedly threaten employees' families if they don't support GOP's goals.
For my Computer Security class. What do you think of a bank that does not find and implement this “Best Practice?”
Treasury Dept: Tor a Big Source of Bank Fraud
A new report from the U.S. Treasury Department found that a majority of bank account takeovers by cyberthieves over the past decade might have been thwarted had affected institutions known to look for and block transactions coming through Tor, a global communications network that helps users maintain anonymity by obfuscating their true location online.
The findings come in a non-public report obtained by KrebsOnSecurity that was produced by the Financial Crimes Enforcement Network (FinCEN), a Treasury Department bureau responsible for collecting and analyzing data about financial transactions to combat domestic and international money laundering, terrorist financing and other financial crimes.
Brief clash, but amusing.
Judge Posner vs. David Cole: What’s the Value of Privacy Unless You Have Something to Hide? (Video Clip)
Yesterday, Just Security editor David Cole spoke with United States Court of Appeals Judge Richard Posner about the value of privacy. The short and fascinating discussion, part of a Georgetown University Law Center event on Cybercrime and the Fourth Amendment, can be found here.
PCWorld also provided additional reporting on the event, with more details on their respective positions. Posner has taken a consistent line on the relative value of privacy in the context of data collection. In 2005, he said:
The collection, mainly through electronic means, of vast amounts of personal data is said to invade privacy. But machine collection and processing of data cannot, as such, invade privacy. Because of their volume, the data are first sifted by computers, which search for names, addresses, phone numbers, etc., that may have intelligence value. This initial sifting, far from invading privacy (a computer is not a sentient being), keeps most private data from being read by any intelligence officer.
(Related) Same conference anyway...
Brian Donahue reports:
Leslie Caldwell, assistant attorney general in the criminal division of the Department of Justice announced on Thursday the creation of a new team within its Computer Crime and Intellectual Property Section (CCIPS) during a talk at a Georgetown Law conference titled, “Cybercrime 2020: The Future of Online Crime and Investigations.” Known as the Cybercrime Unit, the team is tasked with enhancing public-private security efforts.
Caldwell made sure to distance herself, the new cybercrime unit, and the Justice Department as a whole from what she described as the overarching misconception that privacy is an afterthought in the DOJ.
Read more on ThreatPost.
(Related) Similar to Judge Posner's conclusions.
Owen Bowcott reports:
Britain’s legal regime governing mass surveillance of the internet by intelligence agencies does not violate human rights, a tribunal has ruled.
But the investigatory powers tribunal said (IPT) it had identified one area where it had concerns about whether there were adequate legal safeguards.
Read more on The Guardian.
Ethics huh? Is there a difference if the data is big?
The Ethics of Big Data in Higher Education
“Data mining and predictive analytics—collectively referred to as “big data”—are increasingly used in higher education to classify students and predict student behavior. But while the potential benefits of such techniques are significant, realizing them presents a range of ethical and social challenges. The immediate challenge considers the extent to which data mining’s outcomes are themselves ethical with respect to both individuals and institutions. A deep challenge, not readily apparent to institutional researchers or administrators, considers the implications of uncritical understanding of the scientific basis of data mining. These challenges can be met by understanding data mining as part of a value-laden nexus of problems, models, and interventions; by protecting the contextual integrity of information flows; and by ensuring both the scientific and normative validity of data mining applications.”
Code of practice for learning analytics
An interesting article in the Internet of Things
‘Things’ Are Heating Up: What’s New in the Internet of Things
… Before we can reach that future of 200 billion or more networked objects, developers will have to deal with a host of on-the-ground challenges. At the recent BizTech@Wharton conference, panelists from the venture capital business, hardware start-ups and emerging software companies shared their experiences as pioneers in the Internet of Things — and they even brought some of their newest devices along.
… The goTenna device, which resembles a high-end pen case with a small strap attached, can be paired with a smartphone to enable people — in the words of goTenna’s website — “to communicate without any need for central connectivity whatsoever — no cell towers, no Wi Fi, no satellites — so when you’re off-grid you can remain connected.” The catch, of course, is that it only enables communication with another goTenna-equipped device, and the range is only a few miles, [More than Wifi or cellphones. Bob] but sometimes, that sort of person-to-person connectivity is just what you need.
How do smart people react when they see what Putin is doing? Perhaps we could hire a few?
Russia's Brain Drain Is Astounding
No doubt the Republicans will blame Obama.
… Market Watch recently reported: "For the first time since Ulysses S. Grant was president, America is not the leading economic power on the planet ... The International Monetary Fund recently released the latest numbers for the world economy. And when you measure national economic output in “real” terms of goods and services, China will this year produce $17.6 trillion — compared with $17.4 trillion for the U.S.A."
Interesting. Perhaps I can use the results of this study to make my students go away.
Remote Workers Viewed as More Productive
… While there has long been a perception that employees who work from home don't work as hard as those in an office, perceptions are shifting, according to a study from Dell and Intel. More than half of employees globally now believe that their peers who work from home are just as productive, or more productive, than those in the office.
Remote employees also feel like they get more done from the comfort of their own home. Of those who spend any time working from home, half believe they are more productive there than in the office, while 36 percent think they are equally as productive in both locations. Just 14 percent of those surveyed believe they get less done when working from home.
Report #1: The Workforce Perspective https://kapost-files-prod.s3.amazonaws.com/uploads/direct/1417726739-20862-0734/The_Evolving_Workforce_Global_Quant_FINAL_112614.pdf
Report #2: Expert Insights https://kapost-files-prod.s3.amazonaws.com/uploads/direct/1417726613-25022-7892/The_Evolving_Workforce_Experts_FINAL_112614.pdf
How (not) to market a Presidential candidate? I'd love to see how some of those Tweets evolved before they were released. (Not that either the original or the “fully vetted” version would reflect the candidate's opinion.)
Aides to Mitt Romney’s presidential team in 2012 are airing their frustrations with the campaign, alleging that tweets had to be approved by nearly two dozen people by the end of the race.
“So whether it was a tweet, Facebook post, blog post, photo — anything you could imagine — it had to be sent around to everyone for approval,” former Romney campaign aide Caitlin Checkett told Daniel Kreiss, an assistant professor at the University of North Carolina’s School of Journalism and Mass Communication in a new academic paper.
“Towards the end of the campaign that was 22 individuals who had to approve it,” Checkett said.
Zac Moffatt, the Romney campaign’s digital director, cracked that they had “the best tweets ever written by 17 people.”
… The Obama campaign’s digital team had significant autonomy to push out content to supporters. That allowed them to respond nimbly to news events, according to the paper, in a way the Romney campaign found more difficult.
(Related) I'm not sure where we teach this skill...
The 7 Attributes of CEOs Who Get Social Media
… Five years ago, when boards were searching for a leader, social media competency wasn’t even on the radar. Now, according to the board members and CEOs we interviewed for our book, a strong social presence is often high on the list of factors they consider when vetting CEO candidates.
Perhaps I can have my students sing their presentations?
Collaboratively Create Music and Vocal Recordings On Almost Any Device
Soundtrap is a web-based platform for collaboratively creating music and vocal recordings. On Soundtrap you can create music from scratch by using their built-in virtual instruments. If you have your own instruments to record, you can use the microphone on your laptop to record yourself playing. Students who have Midi devices can record to Soundtrap too. Of course, you can just turn on your device's microphone to record a vocal track. After recording your tracks you can blend them together in the Soundtrap editor.
Soundtrap offers a collaboration option. Click the "collaborate" tab to in the Soundtrap editor to invite others to edit with you. Soundtrap will work in the Chrome web browser on a laptop, iPad, Chromebook, and Android tablet. A Chrome app is also available.
Soundtrap's free plan allows you to store five tracks in your account. You can download all of your creations as MP3 files.
Applications for Education
The best way for students to avoid any worries about copyright infringement when creating a multimedia project is to use audio tracks that they've created. Soundtrap could be a great tool for that purpose. Soundtrap's collaboration option could be a great solution when students working on a group project need to develop spoken tracks.
Very cool. Starts with his birth certificate...
The Collected Papers of Albert Einstein Online
“Princeton University Press proudly presents The Digital Einstein Papers, an open-access site for The Collected Papers of Albert Einstein, the ongoing publication of Einstein’s massive written legacy comprising more than 30,000 unique documents. The site presents all 13 volumes published to date by the editors of the Einstein Papers Project, covering the writings and correspondence of Albert Einstein (1879-1955) from his youth to 1923. The volumes are presented in the original language version with in-depth English language annotation and other scholarly apparatus. In addition, the reader can toggle to an English language translation of most documents. By clicking on the unique archival identifier number below each text, readers can access the archival record of each published document at the Einstein Archives Online and in some cases, the digitized manuscript. Approximately 7,000 pages representing 2,900 unique documents have been digitized thus far. The site will present subsequent volumes in the series roughly two years after original book publication.”
… FBI agents took some 20 boxes of documents from LAUSD offices in what looks to be a federal grand jury investigation into the deal with Pearson, Apple, and the district. It's unclear if LAUSD or one of the companies is the target of the criminal investigation.
… Lest you think LAUSD is the only one with ed-tech shadiness: “An audit by the New York City comptroller’s office found what it called “grossly inaccurate” record keeping at the Education Department, where more than 2,000 computers and tablets at a sample of department locations were either unused — still swaddled in their original wrapping — or could not be located at all,” reports The New York Times.
… The University of Florida will pay $7 million to Colorado State University for its football coach, the “largest such buyout in college football history.”
Resources for my Math students.
Calculators & Tools
Friday, December 05, 2014
Whoever these hackers were, they clearly owned Sony. This may be the very best “Bad Example” I've ever had for my Computer Security class!
Over 30,000 Deloitte employees’ salary info possibly stolen from Sony because former Deloitte employee had saved some files?
Kevin Roose reports:
Along with the files smuggled out of Sony Pictures this week, we also discovered a cache of documents apparently relating to internal personnel matters at Deloitte. This appears to be an accident of circumstance. The files appear to come from a single target’s computer. While this person appears to be currently employed in human resources at Sony Pictures, the employee had previously worked at Deloitte, and had saved some files. These were exfiltrated with the other documents by the alleged hackers, who call themselves Guardians of Peace.
Included among the Deloitte files is a spreadsheet that appears to contain the 2005 salary information for 31,124 U.S. Deloitte employees. The same spreadsheet also contains race and gender data for each worker, although unlike the Sony Pictures files, names are not attached to the salary information. If the spreadsheet is accurate, the data provides a rare look inside a high-profile firm’s salary structure.
Read more on Fusion. Deloitte has not confirmed the veracity of the data.
I wonder if Sony is insured?
Study Shows Costs of Cyber Incidents From Insurer's Perspective
Cyber risk assessment and data breach services company NetDiligence published a new study on Monday focusing on the costs incurred by insurance underwriters due to cyber incidents.
… The average claim payout was $733,109.
The financial services and the healthcare industries were the most affected, accounting for a total of 44% of the claims. However, these sectors accounted for only 4% of the total number of records exposed. The report puts the entertainment sector (52% of exposed records) and the technology sector (39% of exposed records) at the top of the chart.
The average claim payout in the healthcare sector was $1.3 million. In the case of the entertainment ($1.4 million), media ($1.1 million), retail ($1.1 million) and technology ($700,000) sectors, high payouts were the result of major cyberattacks, NetDiligence said.
… The complete Cyber Claims Study (PDF) from NetDiligence is available online.
If this is how “policy makers” see the Internet of Things, I think we need to chat. It reads like some of their “Principles” were developed by Al Gore. (Did he invent the Internet of Things too?)
10 Policy Principles for Unlocking the Potential of the Internet of Things
Center for Data Innovation – Daniel Castro & Joshua New December 4, 2014
“The Internet of Things” encapsulates the idea that ordinary objects will be embedded with sensors and connected to the Internet. To date, most discussion of the Internet of Things has highlighted the technology; to the extent it has addressed policy, the focus has been largely negative (i.e. how to limit the supposed risks from deployment). In contrast, this report highlights principles that policymakers in all nations need to apply in order to maximize the considerable promise of the Internet of Things for economic growth and social well-being. Of two conflicting approaches to the Internet of Things, neither: the “impose precautionary regulations” nor the counter “leave it completely up to the market” will allow societies to gain the full benefits from the Internet of Things revolution. This report presents ten principles to help policymakers establish policies and programs to support and accelerate the deployment and adoption of the Internet of Things.”
A useful summary?
Seen It All Before: 10 Predictions About Police Body Cameras
Worth reading! For all my students. For most, what we know is what we learned first. Most software, especially Microsoft software, has many ways to accomplish the same thing. It's worth looking at lists like this to discover new and easier ways to do what you already know how to do.
10 Simple Windows Tricks You’re Missing Out On
Too cool for school! I'm gonna grab a few of these!
Autodesk's Design Software is Now Free for Students and Teachers
Autodesk has offered a number of their mobile apps for free for a while. This week they made all of their software available for free to students and teachers. All of Autodesk's free design software can be found here.
If you're wondering what you can do with Autodesk's software in your classroom, check out Autodesk's Digital Steam Workshop. Autodesk's Digital STEAM Workshop is your one-stop shop for design projects ideas. Explore the projects section of the Autodesk Digital STEAM Workshop to explore the possibilities for using Autodesk's design programs in your classroom. You can explore the possibilities by selecting a design tool, a subject, a skill level, and the length of time you have to dedicate to a classroom project. When you select a project you will be taken to a page containing the steps you and your students need to take in order to complete your chosen project.
Autodesk offers a self-guided ecourse to help teachers get a better sense of how Autodesk's software can be used in math, science, and engineering lessons. The course is divided into three sections; Getting creative with Digital STEAM, Defining your student design challenge, and Enhancing teacher software skills.
For a list of the best blogs about education and teaching tools, check out the nominees for awards. I read a few of these every day. (See the article above.)
Thursday, December 04, 2014
Sony: perhaps it's worse than they know. It looks like Sony will be the model for “Big Data” security breaches for a some time to come.
Kevin Roose reports:
Yesterday, I reported on a spreadsheet apparently taken from Sony Pictures Entertainment, one of the largest and most powerful studios in Hollywood, by a group of hackers calling themselves Guardians of Peace. The document, which listed the names, titles, and salaries of more than 6,000 Sony Pictures employees including senior executives (and may have revealed a gender pay discrepancy), appears to be part of an enormous data breach that hit the studio last week, forcing them to shutter computer systems, move employees to paper and pencils, and call in the FBI and private security researchers to investigate the hack.
Here are just a few of the revelations I found in the leaked archives – most in normal, unencrypted Excel and Word files, labeled as plain as day:
A spreadsheet listing the names, birth dates, and social security numbers of 3,803 Sony Pictures employees, including all of the company’s top executives. (Happy birthday, Wendy!)
A spreadsheet listing the division-by-division Sony Pictures payroll, as well as breaking down costs for raises and other pay changes. (The company’s total salaries, as of May, were listed at $454,224,070.)
A spreadsheet listing Sony Pictures employees who were fired or laid off in 2014 as part of the company’s reorganization, along with the reasons for their termination. Also on this spreadsheet: estimates of “TOTAL COST TO SEVER,” or the amount Sony Pictures calculated it had to pay to terminate each person’s employment, including severance pay, COBRA health benefits, and outplacement costs.
Read more on Fusion.
Today, the Hollywood Reporter reports:
Sony Pictures Entertainment chiefs Michael Lynton and Amy Pascal have released a memo to staff addressing a recent hack against the company. The memo, which was sent to all of Sony’s approximately 6,600 employees, is an apparent admission that information leaked online this week is accurate.
Acknowledging that “a large amount of confidential Sony Pictures Entertainment data has been stolen by the cyber attackers, including personnel information,” Lynton and Pascal sent a message to the company’s employees reassuring them that “the privacy and security of our employees are of real concern to us” and offering them identity protection services.
Read more on Yahoo!
Once again, it seems, Sony is playing catch-up in communications. Given recent revelations by Brian Krebs and Kevin Roose, it needs to get its PR team in high gear to issue a press release that confirms what it already knows.
(Related) Another peek at the Sony data.
Unprecedented leak of Sony Pictures internal personal data
“After sifting through almost 40GB of leaked internal data, one thing is clear: Sony Pictures appears to have suffered the most embarrassing and all-encompassing hack of internal corporate data ever made public. The data dump, which was reviewed extensively by BuzzFeed News, includes employee criminal background checks, salary negotiations, and doctors’ letters explaining the medical rationale for leaves of absence.
… And there is extensive documentation of the company’s operations, ranging from the script for an unreleased pilot written by Breaking Bad creator Vince Gilligan to the results of sales meetings with local TV executives. The documents made public this weekend, covering the company’s human resources, sales, and marketing teams, among others, are just a fraction of approximately 100TB of data the hackers claim to have taken from Sony.
(Related) Are we finally getting facts? This is probably the malware. More testing required. Neither the article or the very detailed blog post blames North Korea.
Researchers Analyze Data-Wiping Malware Used in Sony Attack
Researchers from Trend Micro say they have identified the piece of malware that appears to have been used in the recent cyberattack targeting the corporate network of Sony Pictures.
… Trend Micro detects the threat as BKDR_WIPALL. Researchers have determined that the attack starts with BKDR_WIPALL.A, which is the main installer and is disguised as an executable file named "diskpartmg16.exe."
The threat uses an encrypted set of usernames and passwords to log into the targeted organization's shared network. The goal is to grant full access to everyone that accesses the system root, researchers explained in a blog post.
Interesting. I would expect the average customer to agree with the judge.
Missy Baxter reports:
In a much-anticipated court ruling, a Minnesota federal judge said Tuesday that Target Corp. had a duty to protect debit and credit card information from cyberthieves.
U.S. District Judge Paul Magnuson rejected Target’s attempt to dismiss claims filed by a group of financial institutions seeking damages related to the retailer’s data breach in late 2013, court documents said.
The judge ruled that the plaintiffs, which include the $282 million CSE Federal Credit Union of Lake Charles, La., have a plausible case for negligence because Target played a key role in allowing cyberthieves to hack into computer systems and obtain card data and possibly personal information of card holders, the documents said.
Magnuson agreed to allow three of four claims made by plaintiffs to move forward, but dismissed one count that claimed negligent misrepresentation by omission, which was related to Target’s security system, the documents said.
Read more on Credit Union Times.
An interesting collection of guesses? An easy article to write if you call you largest advertisers...
Cybersecurity Threats 2015: More Espionage, More Apple Malware
… Until now, Russia, China and the United States have dominated the cyberespionage scene, but their success will start to attract new players to the practice.
"We can expect some of the developing economies -- countries forecasted for high economic growth -- to engage in these activities to protect their growth status," Carl Leonard, a senior manager at Websense Security Labs, told TechNewsWorld.
… Russian cyberattacks on the West, as a form of retaliation for political actions taken against the Kremlin, will continue, forecast SentinelOne.
A lack of accountability within the Beijing regime will allow China's cyberespionage efforts to continue unabated, the firm also said.
… Pakistan may be in the forefront of a trend SentinelOne predicted for 2015: Attacks as a Service.
Instead of shopping here and there to gather the tools for an attack, SentinelOne explained, an attacker will be able to go to a website, choose malware, choose what to steal -- banking credentials, healthcare records, credit card numbers and such -- request a number of infections, and pay for the package.
While most cyberespionage has been directed at computer systems, cyberspies increasingly will target mobile devices, predicted Michael Shaulov, CEO of Lacoon Mobile Security.
… The Internet of Things also will become an attack surface in 2015.
Printers, smart TVs, appliances, wearable computers -- a whole host of cloud connected devices will be a new source of cyberthreats in the coming year, predicted Willy Leichter, global director of cloud security for CipherCloud.
Interesting to see their calculation of the probability of war.
Slovakia Warns of Danger of Wider Ukraine Conflict
Slovakia’s prime minister Tuesday said that clashes between Ukrainian government forces and pro-Russian separatists may still expand into a broader war involving other nations and that Europe should push forcefully for peace talks.
“There’s a 70% probability of a military conflict in Ukraine and not only there,” Robert Fico told an economic conference in the Slovak capital.
How poorly must you manage a program to attract FBI attention?
LA School District's $1.3B iPad Contract Goes Up In Smoke Following FBI Raid
The ambitious, deeply troubled effort by the Los Angeles, Calif. school district to provide every student with an iPad ended this week with FBI agents seizing documents under a federal subpoena. Federal officials are investigating questions regarding the $1.3 billion contract. Ramon C. Cortines, the superintendent for L.A. schools, put an end to the contract yesterday citing controversy surrounding the failed plan. Agents reportedly removed about 20 boxes of documents during the raid.
… The review’s findings suggested that the deployment of the iPads focused on delivering the tablets to classrooms, with not enough resources being dedicated to providing teachers with training. The report also suggested that some teachers were unhappy with the curriculum.
Genius! This App alone could sell millions of iPhones!
Avoid the coffee line: First look at Starbucks’ order-ahead mobile feature
Starbucks launched a major new initiative today, allowing people to place orders from their iPhone for pick-up at a nearby store.
… For now, the pilot program is running only in 152 Starbucks cafes in Portland...
… Starbucks will continue the rolling out the service to more cities in 2015, with the aim of being nationwide by the end of the year.
Free seems to be the way to go.
Nature makes all articles free to view
News release: “All research papers from Nature will be made free to read in a proprietary screen-view format that can be annotated but not copied, printed or downloaded, the journal’s publisher Macmillan announced on 2 December. The content-sharing policy, which also applies to 48 other journals in Macmillan’s Nature Publishing Group (NPG) division, including Nature Genetics, Nature Medicine and Nature Physics, marks an attempt to let scientists freely read and share articles while preserving NPG’s primary source of income — the subscription fees libraries and individuals pay to gain access to articles. ReadCube, a software platform similar to Apple’s iTunes, will be used to host and display read-only versions of the articles’ PDFs. If the initiative becomes popular, it may also boost the prospects of the ReadCube platform, in which Macmillan has a majority investment. Annette Thomas, chief executive of Macmillan Science and Education, says that under the policy, subscribers can share any paper they have access to through a link to a read-only version of the paper’s PDF that can be viewed through a web browser. For institutional subscribers, that means every paper dating back to the journal’s foundation in 1869, while personal subscribers get access from 1997 on. Anyone can subsequently repost and share this link. Around 100 media outlets and blogs will also be able to share links to read-only PDFs. Although the screen-view PDF cannot be printed, it can be annotated — which the publisher says will provide a way for scientists to collaborate by sharing their comments on manuscripts. PDF articles can also be saved to a free desktop version of ReadCube, similarly to how music files can be saved in iTunes.”
It might be fun to tell my students they can't use PowerPoint, but I want slides! This is for younger students.
Many Ways to Create and Share Digital Stories
Earlier today I read Alan Levine's blog post Always Be Attributing. In that post he referenced a resource that anyone with an interest in digital storytelling should bookmark. 50 Web Ways to Tell a Story is a wiki of tools for creating digital stories. On the wiki you will find pages of tools arranged by output type (slides, audio, collage, video) and a page of tools that offer features for teachers (student account management).
Applications for Education
50 Web Ways to Tell a Story is more than just a list of tools. The wiki includes a page about developing story ideas. The Story Ideas page offers excellent story starter suggestions that can be used in almost any classroom setting.
Wednesday, December 03, 2014
“Facts” are leaking rather than being disclosed. Note: “Korean” is not a programming language.
Malware fuels growing suspicion that North Korea hacked Sony Pictures
The destructive malware that infected Sony Pictures’ network last week was written in Korean, a source familiar with a recent FBI alert told Fox News, further fueling suspicions that North Korea launched the cyber attack.
The source added that the Korean-written malware also may have been an effort to confuse investigators about its origin.
… Fox News is told that the malware has two destructive threads: it overwrites data and it interrupts execution processes, such as a computer’s start-up functions. The FBI warns that the malware can be so destructive that the data is not recoverable or it is too costly a process to retrieve. [Have you backed up your data recently? Bob]
(Related) So now we have a “new” group to blame for Sony and perhaps the Ukrainian reactor?
Iranian hackers were identified in a report released Tuesday as the source of coordinated attacks against more than 50 targets in 16 countries, many of them corporate and government entities that manage critical energy, transportation and medical services.
Over the course of two years, according to Cylance, a security firm based in Irvine, Calif., Iranian hackers managed to steal confidential data from a long list of targets and, in some cases, infiltrated victims’ computer networks to such an extent that they could take over, manipulate or easily destroy data on those machines.
… But the “most bone-chilling evidence” Cylance said it collected was of attacks on transportation networks, including airlines and airports in South Korea, Saudi Arabia and Pakistan. Researchers said they had found evidence that hackers had gained complete remote access to airport gates and security control systems, “potentially allowing them to spoof gate credentials.”
A sidebar on Big Data? Lesson: If you handle Big Data, make sure your programs can count big numbers?
'Gangnam Style' Has Been Viewed So Many Times It Has Actually Broken YouTube
PSY's music video has now had so many views on YouTube that the video sharing platform has had to "upgrade" so people can still watch it.
On its Google+ page, YouTube says it didn't ever think something like this would ever happen, "until we met PSY".
The South Korean pop sensation has now amassed well over 2 billion views on his original Gangnam Style music video, alongside nearly 9 million 'likes' and just over 1 million 'dislikes'. That turns out to be more numbers than YouTube is coded to display, based on a 32-integer system
Technology probably can't prevent harassment, but it can collect evidence. The question is, what do we do with it?
A New Harassment Policy for Twitter
It’s no secret that Twitter is currently playing host to an uptick in targeted harassment. The site has long provided an easy way for people to lob hostile and threatening messages into someone’s timeline, but things seem to be getting worse, not better. Gamergate targets like Zoe Quinn, Anita Sarkeesian, and Breanna Wu have all been inundated with death and rape threats that have forced them to cancel talks and flee their homes. After her father’s death, Zelda Williams—Robin Williams's daughter—quit the social network after sustained harassment. A recent PEW study found that half of women have been sexually harassed online.
Twitter has admitted there is a problem. After Zelda Williams signed off for good, the service re-upped its efforts to handle abuse. And today, the service announced a handful of changes aimed at making it easier for victims of harassment to report abusers.
Perhaps even judges have had enough?
Ross Todd reports:
A federal magistrate judge in San Jose has refused to sign off on an indefinite gag order prohibiting Microsoft Corp. from disclosing a warrant for access to a Hotmail account holder’s email.
U.S. Magistrate Judge Paul Grewal, who has previously pushed back against government requests for electronic surveillance, ruled Nov. 25 that investigators are not entitled to delay notification without specifying an end point.
Read more on The Recorder. (Free sub. Required)
(Related) It's contagious!
Matt Reynolds reports:
A federal judge ordered the federal government Monday to provide more detail on a “mysterious” law enforcement database that sparked the investigation of a man charged with violating the trade embargo against Iran.
The U.S. government maintains that Homeland Security investigators did not spy on defendant Shantia Hassanshahi using the National Security Agency’s bulk telephony metadata program, which collects individuals’ phone calls and records.
But Hassanshahi argues that the government used the mass surveillance program, or at least something like it, to access telephone records that helped secure his arrest.
Perhaps we should watch “Minority Report” again?
Pizza Hut launches digital menu that reads your mind by tracking eye movement… and tells you what to order in 2.5 seconds
Anucyia Victor reports:
It can tell you what you want to eat in the blink of an eye, simply by tracking the movement of your retina.
In exactly 2.5 seconds the subconscious menu reads the minds of customers, by using a mathematical algorithm to identify a customer’s perfect pizza.
The incredible software was developed for Pizza Hut by Swedish eye tracking technology pioneers Tobii Technology.
Read more on Daily Mail.
Definitions can change. (Perhaps not in government bureaucracies)
Steve Kolowich writes:
The U.S. Education Department wants to encourage colleges and the tech companies they work with to protect student data from misuse. But the agency’s power to protect the privacy of people taking free, online courses is essentially nonexistent.
“Data in the higher-education context for MOOCs is seldom Ferpa-protected,” Kathleen Styles, the Education Department’s chief privacy officer, said Tuesday at a symposium on student privacy.
Read more on Chronicle of Higher Education.
For my fellow teachers. (I've heard this before, haven't I?)
Change Is Coming: What U.S. Colleges Must Do To Survive
Universities and colleges across the nation are getting it wrong.
So says University of Delaware president Patrick Harker, who has a plan to transform traditional Ivory Tower institutions into student-focused powerhouses that will shatter old educational models and usher in a new era of educational excellence.
The problem is, he says, it will be painfully difficult and some schools are bound to be left behind.
... a thought-provoking paper about major challenges facing the education system.
… But technology enables new processes, and those new processes can deliver lower costs and higher quality. For example, massive open online courses (MOOCS) can play a role. We’re also starting to see more interactive, problem-based learning that allows students to learn by doing, which is a positive sign.
Why I'm never in a Dilbert cartoon: I don't even have a flip phone.
Tuesday, December 02, 2014
Stranger and stranger. Both North Korea and the FBI benefit by feeding the “North Korea has powerful hackers” hype. Still no clear indication what happened here.
North Korea Issued A Mysterious Message About The Hack On Sony Pictures
North Korea is not denying allegations made by US officials that the country was behind a massive hack on Sony Pictures last week that took down the company's computer network.
When contacted by the BBC, a North Korean government spokesman said: "Wait and see."..
… It's still not known exactly who the Guardians of Peace are. They say they have a source inside Sony who had similar opinions and let them inside the computer network. But US intelligence agencies aren't buying that claim.
NBC News says it has knowledge of classified briefings that suggested North Korea was a possible source of the hack.
The FBI has issued a confidential report to businesses in the wake of the Sony Pictures hack which explains that U.S. businesses should remain vigilant against new malicious software that can be used to launch "destructive" cyberattacks.
While the report doesn't name the Sony incident, it describes an attack that cybersecurity experts tell Reuters is large-scale hack that took down the Hollywood company. The hack is said to "mark [the] first major destructive cyber attack waged against a company on U.S. soil." Similar attacks have taken place in Asia and the Middle East, but not the United States
“We have no evidence the data was misused” would be much more believable if they had discovered the hole in their security a couple of years ago... If they can't recognize a security failure would they recognize “evidence” of misuse?
Highlands-Cashiers Hospital in North Carolina is notifying more than 25,000 patients after discovering that an error by their IT vendor, TruBridge, had exposed patient information on the Internet between May 2012 and September 29, 2014. TruBridge is a wholly owned subsidiary of Computer Programs and Services, Inc.
Forensic investigation revealed that although patients’ names, addresses, dates of birth, diagnoses and treatment information, health insurance information, and in some cases, Social Security numbers, were accessible, there was no evidence that they had been accessed or misused.
You can read the hospital’s full November 24th notification on their web site, here.
What do you do with your degree in computers and a degree in finance or an MBA? You use your hacking skills to “analyze” the market.
For more than a year, a group of cybercriminals has been pilfering email correspondence from more than 100 organizations — most of them publicly traded health care or pharmaceutical companies — apparently in pursuit of information significant enough to affect global financial markets.
The group’s activities, detailed in a report released Monday morning by FireEye, a Silicon Valley security company, shed light on a new breed of criminals intent on using their hacking skills to gain a market edge in the pharmaceutical industry, where news of clinical trials, regulatory decisions or safety or legal issues can significantly affect a company’s stock price.
Starting in mid-2013, FireEye began responding to the group’s intrusions at publicly traded companies — two-thirds of them, it said, in the health care and pharmaceutical sector — as well as advisory firms, such as investment banking offices or companies that provide legal or compliance services.
Should we trust a politician where Privacy is at issue?
Facebook can gain direct access to your mobile and take pictures or make videos at any time, MPs warn
Christopher Hope reports:
Facebook can gain direct access to a person’s mobile and take pictures or make videos at any time without explicit consent, MPs warn as they call on social media companies to simplify their terms and conditions.
The MP said that they should simplify the conditions of using their services, which are designed for US courts, because they are so impenetrable that “no reasonable person” can be expected to understand them.
Read more on The Telegraph.
Not a computer security failure, but I want to make sure my students picked up on this.
The Denver Channel reports on an ID theft ring:
A Jefferson County grand jury has returned a 165-count indictment against a suspected ID theft ring that operated for six months in 2013.
According to the indictment, members of the nine-member enterprise obtained personal and financial information of people and businesses and used this information to create checks and identification.
Read more on The Denver Channel.
As data gets bigger, so too does the risk.
- Data loss and downtime costs enterprises $1.7 trillion1
- Companies on average lost 400%2 more data over the last two years (equivalent to 24 million emails3 each)
- 71% of IT professionals are not fully confident in their ability to recover information following an incident
- 51% of organizations lack a disaster recovery plan for emerging workloads4; just 6% have plans for big data, hybrid cloud and mobile
- Only 2% of organizations are data protection “Leaders”; 11% “Adopters”; 87% are behind the curve
- China, Hong Kong, The Netherlands, Singapore and the US lead protection maturity; Switzerland, Turkey and the UAE lag behind
- Companies with three or more vendors lost three times as much data as those with a single-vendor strategy
EMC Corporation (NYSE: EMC) today announced the findings of a new global data protection study
Read through the complete findings at http://emc.im/DPindex
To view the Global Results Infographic, visit http://emc.im/DPindex
...so even if you wear your Star Wars StormTrooper helmet, the FBI will know who you are.
University of Adelaide reports:
University of Adelaide forensic anatomy researchers are making advances in the use of “body recognition” for criminal and missing persons cases, to help with identification when a face is not clearly shown.
PhD student Teghan Lucas is studying a range of human anatomical features and body measurements that can help to identify a person, such as from closed circuit television (CCTV) security videos, no matter what clothing the person may be wearing.
Part of Ms Lucas’s research has involved using a database of anatomical measurements of almost 4000 US armed services personnel. “We compared eight facial and eight body measurements to investigate whether or not there is enough information on the body to use for identification. Results consistently show that compared with the face, less body measurements are needed before eliminating duplicates and achieving a single ID match. The larger the range of each of the measurements, the less chance there is of finding a duplicate.
“With a combination of eight body measurements it is possible to reduce the probability of finding a duplicate to the order of one in a quintillion. These results are comparable with fingerprint analysis,” she says.
Read more on Medical Xpress.
The world is falling apart! Chicken Little
Ukraine, Russia and the ceasefire that never was
When 1,000 people have died in less than three months, when civilians cower in basements and tens of thousands more flee their homes we can no longer speak of a ceasefire in eastern Ukraine.
It is a fiction. All that has happened is that the front lines have remained static. There are no big offensives going on - for the moment.
(Related) Their analysis does not match my analysis. Let's see who is right.
As ruble tumbles, what will Putin do next?
Against the backdrop of a falling currency, the threat of capital controls and a four-year low in the price of oil, analysts are wondering what Russia's "superhero" President Vladimir Putin will do next.
The Russian ruble suffered its worst one-day decline since 1998 on Monday, falling four percent to trade at over 53 rubles against the dollar as oil prices tumbled to multi-year lows.
On Tuesday, the ruble had weakened around 3 percent against the greenback to trade at 52.89 but year-to-date, the currency has fallen around 35 percent against the dollar on the back of a sharp decline in the price of oil – Russia's main export and revenue source.
Adding insult to injury, the Russian economy ministry now believes that the country will enter recession next year, predicting that gross domestic product (GDP) will shrink 0.8 percent in 2015, revising an earlier forecast of 1.2 percent growth.
… "I don't think the West either is in the game of regime change, because they fear that someone after Putin might be much worse. At least Putin is naturally cautious by instinct and very calculating, or that is the view in the West," he told CNBC in an email on Tuesday.
"But I do think Putin is at a cross roads between isolation and rediscovery of a new relationship with the West which could be better for both sides. Unfortunately at the moment isolation from the West looks more likely and that will be bad for Russia over the long term."
Of course they are...
The Justice Department appealed federal judge’s October ruling that it must release documents on its policies and procedures for use of location-tracking technology in Northern California.
SOURCE: Courthouse News.
(Related) Of course the do...
Cyrus Farivar reports:
Newly discovered court documents from two federal criminal cases in New York and California that remain otherwise sealed suggest that the Department of Justice (DOJ) is pursuing an unusual legal strategy to compel cellphone makers to assist investigations.
In both cases, the seized phones—one of which is an iPhone 5S—are encrypted and cannot be cracked by federal authorities. Prosecutors have now invoked the All Writs Act, an 18th-century federal law that simply allows courts to issue a writ, or order, which compels a person or company to do something.
Read more on Ars Technica.
Interesting. Does this suggest that Brazil is the “most sociable country” or should we be looking for the next Steve Jobs there?
The Global Geography of Internet Addiction
Thanks to its young population armed with smartphones, Brazil beat nine other Internet-connected countries for its citizens’ frequency of web use, according to a new report from business consultancy A.T. Kearney.
The study surveyed people who use the Internet at least once a week. The respondents also skewed toward the young, with 64 percent aged 45 or younger. In this survey, 51 percent of Brazilian Internet users said they were online all day long, and 20 percent used the Internet more than 10 times a day.
… Social networking drives Internet use in the top countries. In Brazil, respondents spend 58 percent of their online time on social networking sites—a higher proportion than in any other country.
For my students.
ExamTime Presents a Mind Map About Creating Mind Maps
ExamTime is a service that students can use to create flashcards, mind maps, and practice quizzes to help them study. After I published my chart of free mind mapping tools, the folks at ExamTime shared with me a mind map about creating mind maps. ExamTime's mind map on mind maps outlines ideas and best practices for developing mind maps. That mind map is embedded below.
For my students.
Concerned About Copyright? A Guide For Legally Using Images On The Web