Saturday, January 24, 2015
That's why I have my Ethical Hacking students hack my lawyer's car. (As always, using the server we hacked in North Korea)
Kyle Wiens writes:
Cars, especially, have a profound legacy of tinkering. Hobbyists have always modded them, rearranged their guts, and reframed their exteriors. Which is why it’s mind-boggling to me that the Electronic Frontier Foundation (EFF) just had to ask permission from the Copyright Office for tinkerers to modify and repair their own cars.
“Two of EFF’s requests this year are on behalf of people who need to access the software in cars so they can do basic things like repair, modify, and test the security of their vehicles,” says Kit Walsh of the EFF. “Because Section 1201 of the DMCA prohibits unlocking ‘access controls’—also known as digital rights management (DRM)—on the software, car companies can threaten anyone who needs to get around those restrictions, no matter how legitimate the reason.”
Read more on Wired.
A false reading could result in an attempt to pump 2,000 gallons of fuel into a tank that's only down 1,000 gallons. How quickly could they stop the pumps?
US Gas Stations Exposed to Cyberattacks: Researchers
Malicious actors could theoretically shut down more than 5,300 gas stations in the United States because the automatic tank gauges (ATGs) used to monitor fuel tanks are easily accessible via the Internet.
ATGs are electronic devices that monitor fuel level, temperature, and other parameters in a tank. The devices alert operators in case there is a problem with the tank, such as a fuel leak.
… “Many ATGs can be programmed and monitored through a built-in serial port, a plug-in serial port, a fax/modem, or a TCP/IP circuit board. In order to monitor these systems remotely, many operators use a TCP/IP card or a third-party serial port server to map the ATG serial interface to an internet-facing TCP port. The most common configuration is to map these to TCP port 10001,” Rapid7’s HD Moore noted in a blog post.
… Kachoolie provides a service that allows users to test if their tank gauges are secure.
If you have nothing to hide, you will be happy to reveal all of your proprietary functions?
Apple agrees to China’s security checks on iPhones
Apple has agreed to China's demand of carrying out security checks on its products, including iPhone, the country's cyber security regulator has announced. The decision makes Apple the first foreign company to accept its proposal on security checks, Cyberspace Administration of China, said.
The move is significant because other US companies including Google and Facebook have earlier refused to undergo security checks. "These firms have had to leave the Chinese market because of their refusals to comply," State media said.
I have multi-tools in my glove box and my toolkit. You probably should skip this if you fly. I wouldn't want to be tackled by the TSA as I go through security.
The wearable tool, the new Leatherman Tread
… “The idea originated on a trip to Disneyland with my family,” said President Ben Rivera. “I was stopped at the gate by security for carrying a knife, when what they had actually seen was my Skeletool. I was unwilling to give it up, so they made me take it all the way back to my hotel room. I knew there had to be another way to carry my tools with me that would be accepted by security.” When he returned from his trip, Rivera, who began his tenure at Leatherman Tool Group 24 years ago as an engineer, began by wearing a bike chain bracelet to see how it would feel. As his thoughts took shape, he brought his idea to the engineers at Leatherman who helped fast track his plans.
… The Tread bracelet began taking shape. Each complex link was metal injection molded for strength and intensity. The bracelet was crafted to be fully customizable with slotted fasteners, so the user could rearrange links, add new ones, or adjust for wrist size to ¼”. Even the clasp is functional with a bottle opener [Mmm, beer! Bob] and #2 square drive. Other link tools include a cutting hook, hex drives, screwdrivers, box wrenches, and a carbide glass breaker.
Your “digital estate?” Personally, I have a plan to live forever. (So far, it's working)
Everybody Dies: What is Your Digital Legacy?
Alethea Lange – CDT – “What happens to your email when you die? For most people this hopefully isn’t an urgent question, but a few high profile cases have made it an issue for lawmakers and judges around the world. You might think that your family could show up with a death certificate and/or a court order and get access to your digital content, but it’s not that straightforward. The federal Electronic Communications Privacy Act (ECPA) governs what types of information cloud service providers like Google and Yahoo! can disclose and under what circumstances — and it doesn’t account for death. Companies are inclined to point to their terms of service to decide when and how to provide access to accounts, but this is often decided on a case-by-case basis. This has left a confusing and delicate gap in the law that competing entities are rushing to fill. It’s easy to forget the amount of administrative work we conduct in online accounts —many of us only receive electronic statements and bills— and one of the tasks facing grieving families and friends is to close and settle accounts for their deceased love ones. This is challenging without access to email or other digital accounts where statements and other notifications are commonly sent. Additionally, years of family memories can be stored in a password-protected account, often through cloud services. The combination of sentimental and practical reasons to give access, and the serious privacy concerns implicated in doing so, has made this a hot button issue. Several states have already introduced legislation, and we expect to see more this legislative session. Currently, anyone can write their will to include instructions for the dispensation of online accounts in whatever way they wish. ECPA does not prevent account holders from granting access to their own accounts by sharing passwords or other security details. (Pro-tip: Don’t put your passwords in your will because that document will become part of the public record. Instead, leave instructions for where to find a list of passwords to chosen accounts.) This is a good solution — it allows individuals to express their wishes, gives clarity to tech companies, and doesn’t require anyone to look at the U.S Code. However, only 45 percent of Americans have a valid will at death, and far fewer specifically address access to digital accounts, leaving many personal representatives with uncertain fiduciary duties.”
Entertaining with “education”
Hack Education Weekly News
… A new law in Illinois would require students hand over their social media passwords to schools if the school has reason to believe that their social media accounts have evidence she or he violated a school policy. Even if it’s posted at home, after school hours. Remind me again how the federal government is going to protect student privacy again?
… 75% of college campuses employ armed officers. [Afraid of mad gunmen or law suits? Bob]
For my Math students (with iPad)
… with the introduction of a completely redesigned app for the iPad — now, everything that lives on the site is also available to iPad users. That includes some 150,000 learning exercises, content that product director Matt Wahl said was "where the majority of people spend their time on Khan Academy today."
Just a tip for my Data Analytics students. Learn to program in “R” or SAS or SPSS (not free)
Microsoft Buying Revolution Analytics For Deeper Data Analysis
Microsoft announced Friday that is will close a gap in its data-analysis portfolio by acquiring Revolution Analytics, an eight-year-old vendor that has developed a commercially supported enterprise platform around the open-source R statistical- and predictive-analysis language.
"We're making this acquisition to help more companies use the power of R and data science to unlock big data insights with advanced analytics," wrote Microsoft's Joseph Sirosh, corporate vice president, machine learning, in a blog post on Jan. 23.
SAS is the marketshare leader in advanced analytics, followed by IBM, which acquired SPSS in 2009 in order catch up in that arena.
Note: Sharing data is easy, if you want to share data. Implications for e-Discovery?
How Chicago Solved Its Open Data Dilemma
How Chicago Solved Its Open Data Dilemma, Loraine Lawson – “In New York City, obtaining a public data set required an open records request and the researcher toting in a hard drive. So grab a notepad, Big Apple, and let the Windy City show you how to do open data. A recent GCN article describes how Chicago simplified the release and updating of open data by building an OpenData ETL Utility Kit. Before the kit, the process was onerous. Open data sets required manual updates made mostly with custom-written Java code. That data updating process is now automated with the OpenData ETL Utility Kit. Pentaho’s Data Integration ETL tool is embedded into the kit, along with pre-built and custom components that can process Big Data sets, GCN reports. “What’s different now is we have a framework that can be easily used by a lot of people,” Tom Schenk, the city’s chief data officer, told GCN. “I could also give that tool to a number of users around the city of Chicago and they’d to be able to program ETLs that are going be easier for them to understand, easier for them to create. It allows us to be more nimble.” In a particularly compelling use case, the city tapped into an application programming interface (API) that monitors water quality at Lake Michigan beaches and used the ETL to push out information hourly. If you’re curious about the OpenData ETL Utility Kit — and I’m looking at you, New York City — you can download it from github.”
I'll ask my students. Is this important?
Download your WhatsApp Contacts
You can now use the WhatsApp messenger on your Mac or Windows PC provided you have the WhatsApp app running on a mobile phone that is not an iPhone. Go to web.whatsapp.com on your desktop, scan the QR code on the screen with WhatsApp on your phone and you can instantly send or receive messages to any of your WhatsApp contacts from the computer.
Think of this as a live link rather than a dead citation.
Try Citebite for Linkly Directly to Quotes from the Web
Cite Bite is a simple tool for creating a direct link to a passage of text on a webpage. It's a simple process to create a direct link to a quote using Cite Bite. To use the service just copy and paste the chunk of text you want to share into Cite Bite. Then copy and paste the url of the source into Cite Bite. Cite Bite then creates a url that you can share with others to send them directly to the quote you want them to read.
Applications for Education
Cite Bite could be a handy little tool for those times when you want all of the students in your classroom to read and discuss a passage from an online article. While you could probably accomplish the same thing by just posting the source link on your classroom blog, the benefit of Cite Bite is that it will automatically highlight and direct students to the passage you want them to discuss.
'cause this is important! (No iPhone App? What are they, a bunch of Commie Pinkos?)
How to watch the Super Bowl on your Android phone or tablet
… Fortunately, you can stream the game live right from your Android tablet or phone. NBC will live stream the game, and you shouldn't even have to log in or provide any sort of pay TV credentials. The network will even stream the halftime show this year. It will stream ads too, though they won't necessarily be the same ads that air on broadcast TV.
On tablet, you'll want to pick up the NBC Sports Live Extra app.
If you have Verizon, you'll want to grab the NFL Mobile app.
Don't have Verizon? Well, NBC will stream the game on its NFL Sports Live Extra website, too. You can always try firing up your web browser on your phone and going there, but there's no guarantee it'll work.