Saturday, December 13, 2014

When I see the word “glitch” with no details, I tend to think “Hack.”
Britain's Heathrow Airport recovers after flight chaos
Heathrow Airport cancelled 38 flights on Saturday as it recovered from a computer glitch that wreaked havoc with the London airport system, the world's busiest hub.
… Computer failure the state-of-the-art £700-million ($1-billion, 880-million-euro) Swanwick control centre near Portsmouth on the southern English coast briefly shut down Britain's skies on Friday.
… British media reported that there had been a "radar display issue".[UK papers said there was no problem with radar. Bob] Hundreds of flights in Britain and Ireland were delayed or cancelled last year due to a similar problem.


For my Ethical Hackers. See? Just like you learn in class! Definitely worth a read.
Ryan Gallagher reports:
When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies.
It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data.
Read more on The Intercept.
[From the article:
And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.” [Why do serious hacking with trivial tools? Bob]


Lawyers were looking to sue everyone when Y2K caused computers to die. Perhaps they should dig out those plans and point them to vendors who can't read a calendar?
Security by Antiquity’ Bricks Payment Terminals
Last week, several thousand credit card payment terminals at various retailers across the country suddenly stopped working, their LCD displays showing blank screens instead of numbers and letters. Puzzled merchants began to worry that this was perhaps part of some sophisticated hacker attack on their cash registers. It turns out that the incident was indeed security-related, but for once it had nothing to do with cyber thieves.
On Dec. 7, 2014, certain older model payment terminals made by Hypercom stopped working due to the expiration of a cryptographic certificate used in the devices, according to Scottsdale, Ariz.-based Equinox Payments, the company that owns the Hypercom brand.
“The security mechanism was triggered by the rollover of the date and not by any attack on or breach of the terminal,” said Stuart Taylor, vice president of payment solutions at Equinox. “The certificate was created in 2004 with a 10 year expiry date.”
Taylor said Equinox is now working with customers, distributors and channel partners to replace the certificate to return terminals to an operational state. The company is pointing affected customers who still need assistance to this certificate expiry help page. [Not really a help page. More like a “We have no idea which customers we screwed” page. Bob]


Interesting. Too bad we can't apply this principle elsewhere.
The ultimate revenge on a bank
A couple who got more than 700 collection calls from Bank of America over four years will now do a little collecting of their own — to the tune of more than $1.2 million.
… The Coniglios said the bank badgered them after they had fallen behind on their house payments, local station WTSP reported.
The calls didn’t stop even after the Coniglios told the bank that they had hired a lawyer.
The Coniglios sued under the Telephone Consumer Protection Act. A federal judge in Tampa awarded them just over $1.2 million, the report said. The bank’s expense was $606 per call, but the damages were tripled.
“The borrowers, the people who own those phones, you do have a right to privacy. And when they say to stop, you have to stop,” said the Coniglios’ lawyer, David Mitchell.


When marketing the phone, mention the encryption, don't mention the backdoor.
Joshua Brustein reports:
Verizon is the latest big company to enter the post-Snowden market for secure communication, and it’s doing so with an encryption standard that comes with a way for law enforcement to access ostensibly secure phone conversations.
Verizon Voice Cypher, the product introduced on Thursday with the encryption company Cellcrypt, offers business and government customers end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app.
[…]
Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they’re able to prove that there’s a legitimate law enforcement reason for doing so.
Read more on Bloomberg Businessweek.
So it’s not really secure. Okay, thanks for the warning and I suspect most readers of PogoWasRight.org won’t use Voice Cypher.


Of course they did. They're lawyers! (You mean HIPAA doesn't protect medical records from police/government data gathering?)
Jonathan Mayer writes:
Earlier this week, the Ninth Circuit heard oral arguments in a challenge to the NSA’s phone metadata program. While watching, I noticed some quite misleading legal claims by the government’s counsel. I then reviewed last month’s oral arguments in the D.C. Circuit, and I spotted a similar assertion.
In both cases, the government attorney waved away constitutional concerns about medical and financial records. Congress, he suggested, has already stepped in to protect those files.
With respect to ordinary law enforcement investigations, that’s only slightly true. And with respect to national security investigations, that’s really not right.
Read more on TechDirt.


Because lawyers never have to face questions like this in the real world?
UCLA law professor learns Ferguson-related exam question taboo
… Professor Robert Goldstein said the exam question was designed to test students’ ability to analyze the line between free speech and inciting violence. It cited a report about how Michael Brown’s stepfather, Louis Head, shouted, “Burn this bitch down!” after a grand jury decided not to indict Ferguson Police Officer Darren Wilson in the death of Michael Brown.
The question then asked students to imagine that they are lawyers in the St. Louis County Attorney’s office and had been asked to advise the prosecutor “whether to seek an indictment against Head” for inciting violence. The exam reads:
“[As] a recent hire in the office, you are asked to write a memo discussing the relevant First Amendment issues in such a prosecution. Write the memo.”


Because it ain't over yet.
A Look Back At How The Ukraine Crisis Erupted And What To Expect In 2015
… To date, over 5000 people have been killed in the conflict in Eastern Ukraine, with many more wounded and more than half a million displaced. The Russian economy is in shambles, crippled by western sanctions and a precipitous drop in the price of oil, its main source of hard currency. The ruble has lost nearly half its value, more than at any time since the 1998 crisis.
Yet still Putin remains defiant, giving jingoistic speeches, launching clandestine political operations in Europe and unleashing an army of Internet trolls on western media outlets. His approval ratings among the Russian public hover over 80%.
1. Putin will not be deterred: There is little indication that Putin is a rational actor. If anything, he seems to be motivated by a bizarre Eurasian philosophy, which is part revisionist history, part nationalism and part cultural mysticism.
2. Everyday, old Soviets die and new Ukrainians are born: During the Orange Revolution in 2004, people in their twenties had no memory of, nor nostalgia for, the Soviet Union. Now, it’s people in their 30’s. The trend is clear. As time passes Ukraine becomes more European and less Russian.
3. Energy prices are likely to go down, not up: The speed of the fall in the price of oil took nearly everyone by surprise, but the direction has been clear for some time. Even when I wrote the original article this past spring and the price of oil was over $100, Citigroup was predicting $90 oil and Barron’s thought it could go to $75.
Now the price for Russian oil has dropped to the low $60 range, more than a 40% decline since the summer.


Amusing.
YouTube lets users create animated GIFs
… A new tool quietly added by YouTube allows viewers to select an excerpt of up to six seconds from a video to turn it into an animated GIF, which can then be shared through a direct download link or embedded on any website through code.
For the time being, the feature is available only on a limited selection of videos, including all of the ones published by PBS Idea Channel. Users simply select the Share menu under the title and then click GIF.


Amazing stuff happens every week!
LAUSD is lawyering up in response to the federal grand jury investigation into the procurement process for all those iPads. Meanwhile, the district might not be ready for assessments due to a “lag” in distributing new devices. And the district says it needs $11 million more to fix its broken student information system. [The cover story for this month's “Incompetent Management Magazine?” Bob]
Video games as college sports. [No stadium, no scholarships, sounds cheap to me. Bob]
… Congratulations Maggie Simpson and Edna Krabappel for having your research papers accepted into two scientific journals.
… “The Cost of Juvenile Incarceration” – New York State spends $352,663 a year per offender. By comparison, the state spends $19,552 a year per student.


A very useful collection of software you can run from a thumb drive.
The Best Portable Apps
A portable app is a “lite” version of a software, which can be run without being installed on the host computer, and which doesn’t modify the computer’s configuration information. In other words, you can run it, and use it, and no-one will ever know you were there.
Apart from being more flexible and secure when working on public computers, another good use for portable apps is to keep your number of installed apps to an absolute minimum. Installed programs take up space and can cause a computer to run slower, so the less you have installed the better. My personal policy is that I never install something if there is a portable version available.

(Related) Points to the collection above and four more...
5 Websites For Every Portable Application On The Web


How to mess with your boss...

Friday, December 12, 2014

An attack somewhat similar to Sony, but clearly not by the same hackers. A very interesting article. Sort of the opposite of “Win friends and influence people!” You can see where this is going.
Now at the Sands Casino: An Iranian Hacker in Every Server
… early on the chilly morning of Feb. 10, just above the casino floor, the offices of the world’s largest gaming company were gripped by chaos. Computers were flatlining, e-mail was down, most phones didn’t work, and several of the technology systems that help run the $14 billion operation had sputtered to a halt.
Computer engineers at Las Vegas Sands Corp. (LVS) raced to figure out what was happening. Within an hour, they had a diagnosis: Sands was under a withering cyber attack.
… This was no Ocean’s Eleven. The hackers were not trying to empty a vault of cash, nor were they after customer credit card data, as in recent attacks on Target, Neiman Marcus, and Home Depot. This was personal. The perpetrators wanted to punish the company, or, more precisely, its chief executive officer and majority owner, the billionaire Sheldon Adelson. Although confirming their conjectures would take some time, executives suspected almost immediately the assault was coming from Iran.
… In October 2013, Adelson, one of Israel’s most hawkish supporters in the U.S., arrived on Yeshiva University’s Manhattan campus for a panel titled “Will Jews Exist?”
… “What are we going to negotiate about?” Adelson asked. “What I would say is, ‘Listen. You see that desert out there? I want to show you something.’ ” He would detonate an American warhead in the sand, he said, where it “doesn’t hurt a soul. Maybe a couple of rattlesnakes and scorpions or whatever.” The message: The next mushroom cloud would rise over Tehran unless the government scrapped any plans to create its own nukes.
… Iran’s Supreme Leader Ayatollah Ali Khamenei responded two weeks later, according to the country’s semiofficial Fars News Agency, saying America “should slap these prating people in the mouth and crush their mouths.”
… Physically, Adelson and Sands are well protected. He appears in public with a phalanx of armed bodyguards, said to be former agents of the U.S. Secret Service and Mossad, Israel’s intelligence agency. Sands paid almost $3.3 million to protect Adelson and his family last year, according to a company filing. That’s on top of what Sands spends on vaults, security cameras, biometric screening devices, and one of the largest private police forces of any U.S. company, all to safeguard the millions of dollars of cash and chips that flow through its operations every day.
But the company has been slow to adapt to digital threats. Two years ago it had a cybersecurity staff of five people protecting 25,000 computers, according to a former executive.


My Computer Security students are beginning to understand that much (most?) of Sony's problems are due to bad (ignorant) management.
Sam Biddle reports:
Sony says the recent breach of its servers and weeklong cyber humiliation is an “unprecedented” strike and an “unparalleled crime.” If they’re shocked by these events, they’ve been shocked for almost a year: leaked emails obtained by Gawker show security troubles dating back to February.
If you read the full article on Gawker, you’ll see emails noting a hack that Sony chose not to disclose and where they elected not to notify affected individuals because, well, they just had no legal obligation to notify.
It just continues to get worse and worse for them, doesn’t it? But it all seems self-inflicted, and any attempts to portray them as the victims will be met with, “No, your employees are the victims, and you’re responsible for their embarrassment and potential problems.”

(Related) If managers can't figure out computer security, regulators will explain what they must do.
Katherine Gasztonyi writes:
On Wednesday, December 10, 2014, financial industry regulatory and enforcement agencies issued statements that their organizations will increase scrutiny of financial industry cybersecurity practices going forward.
In New York, the State’s Department of Financial Services Superintendent Benjamin Lawsky issued new guidelines to banks, detailing how their cybersecurity practices would be evaluated. The memorandum—sent to all New York chartered or licensed banking institutions—noted that the Department would take a close look at banks’ data breach detection abilities, cybersecurity corporate governance practices, resources devoted to information security, defenses against cyberattacks, management of third-party service providers, and cybersecurity insurance coverage, among other things.
Read more on Covington & Burling InsidePrivacy.


TED video. Police surveillance and you...
Catherine Crump: The small and surprisingly dangerous detail the police track about you


Law in “space and time.” Could have been written by Steven Hawking.
Orin Kerr writes:
With law school exam season finishing up, here’s a new Fourth Amendment decision with facts that seem straight from a law school exam: United States v. Camou, authored by Judge Pregerson. In the new decision, the Ninth Circuit suppressed evidence from a 2009 search of a cell phone taken from a car incident to arrest at the border. The new ruling might not be the final word in the case. But the court does decide an important question along the way: The Ninth Circuit rules that if the police have probable cause to search a car under the automobile exception, they can’t search cell phones found in the car.
Read more on Volokh Conspiracy.

(Related) Same time, different space. And the ruling is actually the same (as far as this non-lawyer can tell)
Canada: Police can search phones without warrant
The Supreme Court of Canada ruled on Thursday that law enforcement can search the cellphone of someone they’ve just arrested as long as the search is related to that arrest.


The e-rate “tax” goes to internet providers, not to schools, right? Schools become 'eligible for discounts' but are not guaranteed broadband Internet. Seems kind of backwards to me.
OVERNIGHT TECH: Dems applaud funding boost for school Internet


Russia cuts itself off. Russia cuts its own throat. Pick one.
Google shuts Russia engineering office
Google is to close its engineering office in Russia, in the latest sign that a crackdown on internet activity by Russian authorities this year could hasten an outflow of engineering talent from the country.
A series of moves against internet companies, culminating in a new law designed to force them to keep all data about Russians inside the country, has led some Russian entrepreneurs and engineers to consider relocating outside the country.


When one of these Apps reaches a certain level of accuracy, energy utilities will offer them to homeowners for free. Meanwhile, the market is mostly 'green' fanatics.
Weird name, cool tool: Smappee monitors and reports energy consumption for each of your home's appliances
Smappee (it’s a sort of an acronym for Smart App for Energy Efficiency) is a sensor that measures the total electrical power that your home draws from the grid. That's not unique, but Smappee's ability to uniquely identify each appliance—large and small—is new.
… You—or an electrician, if you don’t feel comfortable working inside your breaker box—clamp a pair of sensors to the main power lines coming from the grid into your circuit-breaker panel. (The clamps don't come in contact with the copper wires, reducing the risk of shock, but Smappee nonetheless recommends you hire a professional.)
… Smappee has also developed very low-cost plug-in modules that can be used to remotely power-off devices. One is included with the product, and you can buy three more for just $40.


For my students who read.
The Best Book I Read This Year
The Atlantic's editors and writers share their favorite titles—new, classic, or somewhere in between—from a year of reading.

Thursday, December 11, 2014

Laptops get stolen every day and every day press releases try to make the risk seem trivial. Here is how I (and perhaps my Computer Security students) read between the lines.
From the web site of Corvallis Clinic:
The laptop was stolen from a Corvallis Clinic employee’s locked car at a work-related conference in Portland in mid-November.
This was a breach of Clinic policy in that patient health information was reported to have been maintained on the employee’s personal laptop that had not been evaluated or cleared for use by The Clinic’s IT security officer. [The Clinic had inadequate (or no) data controls in place Bob]
The laptop was protected by a highly secure alpha-numeric password; [That provides no protection at all if the hard drive is pulled and accessed as a 'plug in' drive on another system. Bob] however, the data was not encrypted. Nevertheless, a breach of patient health information is unlikely. [Assumes the laptop was taken for the hardware not the data. Bob]
… The information stored was limited to spreadsheets, so any patient health information that may be on the computer is limited in data. The Clinic IT staff and third-party computer forensic experts are in the process of fully investigating what may have been stored on the laptop. [“We have no clue what this employee copied from our files.” Bob]
… None of the information is known to include Social Security numbers or financial credit information. Also, only patients seen within the last two years are potentially on the spreadsheet. [May include two years of data? Bob]


For my Ethical Hackers. See why I always do my hacking using my lawyer's credentials?
AFP reports:
Iran’s telecommunications minister has said his technicians are developing a system to identify any Internet user in the country at the moment of log-on, the ISNA news agency reported Saturday.
“Because of our efforts, in future when people want to use the Internet they will be identified, and there will be no web surfer whose identity we do not know,” Mahmoud Vaezi said, without elaborating on how this would technically be done.
Read more on Yahoo! News.


Kind of the opposite of giving the police video cameras. If I obviously have a camera, perhaps with blinking lights and a sign that reads, “I'm recording this for my lawyer,” would anyone within range have an expectation of privacy?
Jon Street reports:
The Illinois House and Senate have overwhelmingly passed an amendment that would make it unclear as to when it is legal to record an encounter with a police officer and when it is illegal.
Earlier this year, the Illinois Supreme Court struck down a similar law which made recording conversations with police or anyone else without their permission illegal. The court ruled that the state does not have the constitutional authority to criminalize recording in situations where individuals have no reasonable expectation of privacy.
Read more on The Blaze.


Spain, The Forbidden Kingdom? Will our grandchildren wonder what happened to Spain?
Spanish news to vanish from Google News globally
Google’s decision to close Google News in Spain because of a law requiring aggregators to pay news publishers for linking content also means that the publishers’ content will vanish around the world.
The company said it will block reports from Spanish publishers from its more than 70 Google News international editions in addition to the Spain shutdown on Dec. 16 — two weeks before a new Spanish intellectual property law takes effect.
Spain’s AEDE association, which represents large news publishers, lobbied for the law nicknamed the “Google Tax.”
The association declined comment Thursday on Google Inc.’s decision.


Circling the drain? Consider: The Soviet Union broke up because (at least in part) they could not keep pace with Reagan's spending on Star Wars tech. Now lower oil prices mean they have no money to spend on anything.
Russia’s Rate Increase Fails to Halt Ruble’s Slide to Record
Russia’s fifth interest-rate increase this year failed to stem the ruble’s worst rout in 16 years, risking further damage to an economy battered by sanctions and oil prices near the lowest since 2009.
… “This is a spineless decision,” Vadim Bit-Avragim, who helps oversee about $4 billion at Kapital Asset Management LLC in Moscow, said by phone. “If the central bank’s goal was to defend the ruble, it would’ve raised rates by 2-3 percentage points.”


“Hey, we're a monopoly. Take it or leave it.”
Comcast Faces Lawsuit For Turning Customer Routers Into Free Public Wi-Fi
Last year, Comcast announced that the company was deploying its Xfinity Home Hotspot initiative that would turn a user’s home router into a public hotspot. However, the initiative was met with criticism and a pair of Comcast customers is suing the company claiming that the imitative poses risks to subscribers and that Comcast’s actions were carried out without their permission.
The suit was filed in the US District Court in Northern California by Plaintiff Toyer Grear and daughter Joycelyn Harris. They are seeking to give their suit class action status for all Comcast customers whose wireless routers double as Xfinity Wi-Fi hotspots. “Without authorization to do so, Comcast users the wireless routers it supplies to its customers to generate additional, public WiFi networks for its own benefit,” the complaint states.


Perhaps not revelatory, but still interesting.
Measuring the Digital Economy – OECD
Directorate for Science, Technology and Innovation: “The growing role of the digital economy in daily life has heightened demand for new data and measurement tools. Internationally comparable and timely statistics combined with robust cross-country analyses are crucial to strengthen the evidence base for digital economy policy making, particularly in a context of rapid change. This report presents indicators traditionally used to monitor the information society and complements them with experimental indicators that provide insight into areas of policy interest. The key objectives of this publication are to highlight measurement gaps and propose actions to advance the measurement agenda.”


For my geeks. Grab the specs and build your own.
Google Launches Cardboard App Collection
Google is pushing its virtual reality headset Google Cardboard harder than ever, with updates for users, developers, and makers. When Google unveiled Google Cardboard at Google I/O 2014 in June, most people regarded it as a jokey take on the emerging VR form factor. But it turns out Google was deadly serious.
To demonstrate its commitment to Cardboard, Google has rolled some of its favorite Cardboard apps into a collection on Google Play. Included are a live performance from Jack White, a tour of the Shire from The Hobbit, and a 3D brick-breaking game. As well as Google’s own dedicated Cardboard app.
In order to help developers create the best Cardboard apps, Google has also released software development kits (SDKs) for Android and Unity. And for makers there are new building specs crafted with specific tools in mind. Finally, as proof Google is serious about Cardboard, it’s hiring a handful of people to work on creating virtual reality experiences.

Wednesday, December 10, 2014

“Well, it's only been five years! These things take time.”
Unencrypted Data Lets Thieves ‘Charge Anywhere’
Charge Anywhere LLC, a mobile payments provider, today disclosed that malicious software planted on its networks may have jeopardized credit card data from transactions the company handled between November 2009 and September 2014...
In a statement released today, the South Plainfield, N.J. electronic payment provider said it launched investigation after receiving complaints about fraudulent charges on cards that had been legitimately used at certain merchants. The information stolen includes the customer name, card number, expiration date and verification code.
… “The investigation revealed that an unauthorized person initially gained access to the network and installed sophisticated malware that was then used to create the ability to capture segments of outbound network traffic,” the company explained. “Much [As in “many bits” or 90% of the traffic? What constitutes “Much” in a case like this? Bob] of the outbound traffic was encrypted. However, the format and method of connection for certain outbound messages enabled the unauthorized person to capture and ultimately then gain access to plain text payment card transaction authorization requests.”
… The incident is the latest reminder of what happens to businesses that handle credit card data and other sensitive information and yet fail to fully encrypt the data as it traverses their network. The company has provided a searchable list of merchants who may have been affected by the breach.


Gee, what happened to, “It's programmed in Korean!”
FBI Has Yet To Find North Korea Link In Sony Hack
Since the massive security breach at Sony Pictures has occurred, speculation has been that North Korea was behind it. Sony, with the help of cybersecurity firm Mandiant and the FBI, has been investigating the perpetrators behind the breach. However, a senior FBI official stated has stated that government agency has not confirmed that North Korea is behind the attack,


If you violate copyright, you can not be seen to succeed.
Pirate Bay Has Been Raided and Taken Down: Here’s What We Know
The popular file-sharing service Pirate Bay was taken down today following a raid in Sweden by police who seized servers and computers.
The Pirate Bay portal went down Tuesday morning after Swedish police raided a server room in Stockholm over alleged copyright violations. In addition to its file-sharing section, Pirate Bay’s forum Suprbay.org was also down.
… Pirate Bay may not be the only target. According to TorrentFreak, other sites related to file sharing such as EZTV, Zoink, and Torrage went down today as well, though it’s not yet known if they were also raided.
Founded in 2003, Pirate Bay has been in the legal crosshairs for years, but has managed to stay afloat despite efforts by governments, anti-piracy groups and the music and film industries to close it down. Today’s raid comes after a number of recent events have occurred around the service, putting it in the spotlight once again.
… Despite the previous convictions, Pirate Bay has managed to forge ahead without its founders, catering to millions of daily users. Although today’s raid is not the first—Pirate Bay was also raided in 2006—in 2012 its operators bragged that they had moved their operations to the cloud to make the service virtually impervious to police raids. By hosting their operation from multiple cloud hosting providers located in a number of countries, a single police raid would not be able to disrupt their operation. Or so they thought.
It’s unclear how long authorities can keep Pirate Bay down this time before it pops up again.


Not sure why BSA conducted this poll. They usually devote their efforts to suing companies that use unlicensed software. Perhaps they see Big Data analytics as a way to find more victims?
Industry survey: Big Data important to most companies
A new survey of more than 1,500 senior executives in the U.S. and Europe makes clear how much businesses across the spectrum make use of data.
The poll released by BSA | The Software Alliance found that 67 percent of executives said that data analytics were important to their companies, and that data analysis is important to 60 percent of small companies.
For Washington and other global capitals, the results should make is clear how important it is to implement policies that don’t undermine companies using that data, said trade group head Victoria Espinel.
… At the top of the list of pro-innovation policies, she said, are laws that don’t force companies to keep data servers in one place or try to balkanize the Internet by imposing limitations. Those policies, which some countries have contemplated in response to concerns about U.S. surveillance in the wake of Edward Snowden’s leaks, could have a disastrous effect on companies, Espinel warned.
Instead, countries should make trade deals that allow data to flow back and forth across borders free, she said.
For more information, visit www.bsa.org/datasurvey.


There's an App for that! By why? I see an advantage if the cops can tap the driver's phone and automagically access driving records, but they can get that information now. Is this a case of “We can, therefore we must?”
Official: Iowans will use app to show license
Need to show your driver’s license? In Iowa, there will soon be an app for that.
A smartphone app that’s under development will allow users to show the digital license to law enforcement officers during traffic stops and at security checkpoints at Iowa airports, according to Paul Trombino, director of the state Department of Transportation. The free app will be available sometime in 2015.
“We are really moving forward on this,” he said to Gov. Terry Branstad during a state agency budget hearing Monday. “The way things are going, we may be the first in the nation.” [and I'll be one of the first to laugh at their failure. Bob]
Trombino said users will use a pin number for verification, The Des Moines Register reported (http://dmreg.co/1z3jODu ).
“Having this really allows people to protect their identity,” [Huh? Bob] he said, and suggested that the technology could be used for other state licenses.


A very encouraging App. Perhaps we can develop an App that will keep politicians from passing stupid laws! (No, I don't think so either...)
Facebook users may soon be notified before posting drunk pictures
… Yann LeCun, the man behind Facebook's Artificial Intelligence Research lab, said he envisions a day when artificial intelligence will give intoxicated users an option to turn back the posts before it is too late, reported the Washington Times.
He also said that the future artificial intelligence would be like an assistant that can say "Uh, this is being posted publicly. Are you sure you want your boss and your mother to see this?"
The technology would work by recognizing the difference between how users look like when they are sober and drunk.


For the student gaming club.
SimCity 2000 Is Free On Origin
SimCity 2000 is currently available for free on Origin. EA is giving away the classic city-building simulator as part of its On The House promotion. This is designed to get you using Origin in the hopes you’ll actually buy some games in the future. If you dislike such blatant marketing, you can instead buy SimCity 2000 on GOG.com for $2.99 and preserve your integrity.

Tuesday, December 09, 2014

Details from the hackers, still nothing from Sony. This is beginning to smell.
Hackers demanded monetary compensation from Sony before cyber attack
An email sent to Sony Pictures chiefs Michael Lynton and Amy Pascal has emerged in which monetary compensation was demanded days before the studio was crippled in a cyber attack.
"We've got great damage by Sony Pictures," writes "God'sApstls" in the message that was sent Nov. 21, with the subject line: "Notice to Sony Pictures Entertainment Inc."
"The compensation for it, monetary compensation we want," it continues. "Pay the damage, or Sony Pictures will be bombarded as a whole. You know us very well. We never wait long. You'd better behave wisely."
… Mashable was first to publish the email, which was reportedly found in new documents released by hackers on Monday.


A guide for my Ethical Hackers?
Chris Halsne reports:
A just-released audit finds that Colorado state computer systems are vulnerable to a cyber attack.
The report mirrors the results of a year-long FOX31 Denver investigation.
We found gaping holes in security, some of which exposed the Social Security and bank account numbers of state employees and contractors.
Monday, the State Auditor`s Office blamed the Governor`s Office of Information Technology for creating an, “environment ripe for breach by an external attacker or internal employee.”
Read more on Fox.


For my Data Governance class.
From the press release:
Despite a growing number of data breaches occurring under the glare of the public spotlight, 71 percent of employees in a new survey report that they have access to data they should not see, and more than half say that this access is frequent or very frequent.
As attention shifts from sophisticated external attacks to the role that internal vulnerability and negligence often play, a new survey commissioned by Varonis Systems, Inc. and conducted by the Ponemon Institute suggests that most organizations are having difficulty balancing the need for improved security with employee productivity demands. Employees with needlessly excessive data access privileges represent a growing risk for organizations due to both accidental and conscious exposure of sensitive or critical data.
The survey report, “Corporate Data: A Protected Asset or a Ticking Time Bomb?” is derived from interviews conducted in October 2014 with 2,276 employees in the United States, United Kingdom, France, and Germany.
… Both IT practitioners and end users are witnessing a lack of control over employee access and use of company data, and the two groups generally concur that their organizations would overlook security risks before they would sacrifice productivity. Only 22 percent of employees surveyed believe their organizations as a whole place a very high priority on the protection of company data, and less than half of employees believe their organizations strictly enforce security policies related to use of and access to company data. Further, the proliferation of business data is already negatively impacting productivity — making it harder for employees to find data they truly need and should be able to access, and to share appropriate data with customers, vendors and business partners.
… For a full copy of the study, go to http://www.varonis.com/research/why-are-data-breaches-happening.


Tools for my Ethical Hackers. Remember he first tool of Hacking: a good lawyer!
Spider a Website with Wget – 20 Practical Examples
How do I download an entire website for offline viewing? How do I save all the MP3s from a website to a folder on my computer? How do I download files that are behind a login page? How do I build a mini-version of Google?
Wget is a free command line program – available for Mac, Windows and Linux (included) – that can help you accomplish all this and more. What makes it different from most download managers is that wget can follow the HTML links on a web page and recursively download the files. It is the same tool that a US soldier had used to download tons of secret documents from the army’s Intranet that were later published on the Wikileaks website.
… It will help if you can read through the wget manual
Wget can be used for downloading content from sites that are behind a login screen or ones that check for the HTTP referer and the User Agent strings of the bot to prevent screen scraping.


“Wow! Where can I get one of dese devices that will rat me out to da cops!”
Data from wearable devices could soon land you in jail
… In what's thought to be a first-of-its-kind civil lawsuit, a personal injury lawyer in Canada used data from a Fitbit wristband in an insurance fraud case to support his client's claims.
Previously, insurance civil suits relied on physician examinations and not historical data collected from a wearable.
… Muller's client voluntarily shared several months of Fitbit data with Vivametrica so it could be compared with data from other Fitbit users. His client, a former personal trainer, had been in an accident that affected her ability to work; the data was used to back up her claim.
… Wearables are a perfect fit for litigation, according to Neda Shakoori, an attorney who leads an eDiscovery initiative with the law firm of McManis Faulkner.
Wearables not only track physical activity, but they can transmit geolocation information, and more sophisticated wearables, like Google Glass, can also take photos and videos and perform web searches.


I'll bet that exactly how they said it.
Amazon tells FAA to change drone laws or it'll move research abroad
… "Without the ability to test outdoors in the United States soon, we will have no choice but to divert even more of our [drone] research and development resources abroad," said Amazon’s vice president of global public policy Paul Misener in a letter to the FAA seen by the Wall Street Journal. "I fear the FAA may be questioning the fundamental benefits of keeping [drone] technology innovation in the United States," said Misener.


How many people (voters?) need to 'sign' a petition for anyone in government to notice? I would think supplying individual politicians with lots of detail about petitioners would be a minimal requirement.
Silicon Valley Bets Millions That This Site Can Improve Our Democracy
… Change.org founder and CEO Ben Rattray argues that one of the most basic ironies of the internet is how it has so far failed to open up what is supposed to be the most participatory process of all.
“You’ve democratized all these industries, but you haven’t democratized democracy,” Rattray says.


Timely. I'm giving a short presentation at the next faculty meeting on how I find articles for this blog.
Pew Study: Americans Thankful to Internet for Making Them Better Informed
A survey report by Pew Research Center reveals that most Americans are thankful to the Internet for helping them learn new things, having them stay better informed on topics that are important to them, and increasing their capacity for sharing creations and ideas with others.
The positive views regarding the Internet show that Americans enjoy having massive amounts of information readily available to them, as opposed to being overwhelmed.
The results of the survey shows that 87 percent of respondents improved how they are able to learn new things, with 53 percent saying that the improvement has been by "a lot." This is more evident for the respondents that are below 50 years old, live in households with higher incomes, and have higher levels of educational attainment.

Monday, December 08, 2014

A trickle of detail – but not from Sony.
Kaspersky drops deets on Sony hacker malware
Kaspersky bod Kurt Baumgartner has released more details into the Sony-plundering malware and links it to attacks on Saudi Aramco and South Korea.
Research conducted in the wake of the epic Sony breach last month had connected those behind the attack known as the Guardians of Peace (GOP) with the 2012 hacking of Saudi Aramco by 'WhoIs Team' that hit 30,000 computers with the Shamoon malware at a time when tensions were high between Saudi Arabia and Iran.
… Baumgartner's work added further weight to claims the malware used in both attacks and the 2013 Dark Seoul hacks were deployed by the same actors.
"In all three cases: Shamoon, Dark Seoul and Destover, the groups claiming credit for their destructive impact across entire large networks had no history or real identity of their own," Baumgartner (@k_sec) wrote in an analysis piece.

(Related) Kick 'em while they're down!
Sony’s PlayStation Network Hit With Cyber Attack
Sony Computer Entertainment Inc. says it has no information of a loss of data following a cyber-attack on its Internet-based services for PlayStation video-game consoles, the company said on Monday.
“We are still investigating the incident, including possible causes of it, but we haven’t found any trace of any sorts of information leaked out,” the company’s spokesman said.
… The latest PlayStation attack comes hot on the heels of large-scale hacking attacks on Sony Pictures Entertainment, where personal data of Hollywood movie starts were being exposed.
There is no evidence that the two cases are related.


Medical ethics. One reason to anonymize the data? No need to inform those who have the evil genes.
Adam Wernick reports:
If you agree to participate in a genome research study, what happens if the researchers find a risky gene in your sequence? Do they have an obligation to tell you? What if you don’t want to know? And what about your family members, who might share that problematic gene with you? Do they have a right to know?
“We’re in a unique historical movement,” says Dr. Robert Green, a medical geneticist at Boston’s Brigham and Women’s Hospital and Harvard Medical School. “I think in five years, or maybe seven or eight years, the cost and the availability of well-interpreted genomes will be so ubiquitous that anyone who’s interested in finding out this information about themselves can readily and easily find out about it.”
But for now, there’s a mess of conflicting demands and limited laws surrounding genetic information.
Read more on PRI.


Nothing sounds good.
Russia’s bleak economic picture
The rouble trouble afflicitng Russia is but one consequence of Vladimir Putin’s dismal charting of Russia’s future. His rambling, incoherent state-of-the-nation speech last week merely confirmed this fact, says international media
The Economist is worried that Putin may be sold on his own flawed rhetoric. “The most worrying thing about Putin’s address is that he may actually believe it,” says its editorial. “Just as the Russian media invented Ukrainian fascists to justify its hybrid war in Ukraine, it is now inventing American aggression to justify its isolation and confrontation with the West.


Cute
Mark Zuckerberg Defends Free Facebook
Facebook founder and CEO Mark Zuckerberg has defended the social network he cooked up in his dorm room at Harvard. In particular, he has defended its status as a free service paid for by advertising, which has been in the firing line of late thanks to newcomers such as Ello.
[A related tweet:
I see you when you are sleeping
I know when you're awake
I know if you've been bad or good
So be good for goodness sake
-Mark Zuckerberg


I want one. (If I can use it on my students...)
How To 3D-Print New Star Wars Lightsaber
You’ve watched the first teaser trailer for Star Wars: A Force Awakens, and you’ve watched the best parodies of the new Star Wars movie, so what’s next on the agenda? Why, 3D-printing your own copy of the new three-pronged lightsaber via Instructables, of course. It may only be plastic, but it’s surely better than nothing.


This is rather slick for anyone just learning about computers. Perhaps I can get my students to make a similar site for Math, Computer Security, etc.
Teach Parents Tech - A Good Way to Send Tech Help
Almost all of us have people in our lives that need help navigating their computers and or the Internet. Teach Parents Tech is a free service from Google that can help you help those people in your life that need some tech guidance.
To send tech support through Teach Parents Tech simply specify a recipient, choose the type of help that your recipient needs, and enter your recipient's email address. Your recipient will receive a set of videos designed to help them with the tasks that are troubling them. As the sender, you can preview the videos before they are sent.


Sometimes, it's hard to believe I'm not an expert on The Cloud.