Tuesday, February 24, 2015

For my Ethical Hackers: When you have the keys to the castle. Don't show everyone what you can do with them.
Howard Altman reports:
The U.S. Attorney’s Office says that there are no signs of a data breach caused by the theft of five laptop computers from U.S. Central Command sometime in April 2013.
“There is no indication of a data breach at this point,” said spokesman William Daniels. “As cases proceed, we always remain open to new information and evidence. However, at this point, the indictment only alleges theft of government computers.”
On Friday, Scott Duty, a former civilian employee of Centcom, headquartered at MacDill Air Force Base, was arrested on a theft charge in connection with the command’s stolen laptops, according to court documents.
Read more on The Tampa Tribune.

Oh gee. Yet another technology introduced without the bother of security. What a surprise.
Pete Bigelow reports:
A 14-year-old boy may have forever changed the way the auto industry views cyber security.
He was part of a group of high-school and college students that joined professional engineers, policy-makers and white-hat security experts for a five-day camp last July that addressed car-hacking threats.
“This kid was 14, and he looked like he was 10,” said Dr. Andrew Brown Jr., vice president and chief technologist at Delphi Automotive.
With some help from the assembled experts, he was supposed to attempt a remote infiltration of a car, a process that some of the nation’s top security experts say can take weeks or months of intricate planning. The student, though, eschewed any guidance. One night, he went to Radio Shack, spent $15 on parts and stayed up late into the night building his own circuit board.
Read more about how this teen blew everyone’s mind with what he accomplished with only $15 in parts and some creative thinking on AutoBlog.
[From AutoBlog:
Windshield wipers turned on and off. Doors locked and unlocked. The remote start feature engaged. The student even got the car's lights to flash on and off, set to the beat from songs on his iPhone. Though they wouldn't divulge the student's name or the brand of the affected car, representatives from both Delphi and Battelle, the nonprofit that ran the CyberAuto Challenge event, confirmed the details.
If car makers weren't taking cyber threats seriously before the demonstration, they were afterward.
… In the product-planning life-cycle, it could take three to five years for those alterations to reach new vehicles. And that's to say nothing of the 230 million vehicles already on the road.
In short, the car-hacking problem will probably get worse before it gets better.

(Related) Should security be considered for any organization that relies on technology?
The Emergence of Cybersecurity Law
“This paper examines cyberlaw as a growing field of legal practice and the roles that lawyers play in helping companies respond to cybersecurity threats. Drawing on interviews with lawyers, consultants, and academics knowledgeable in the intersection of law and cybersecurity, as well as a survey of lawyers working in general counsel’s offices, this study examines the broader context of cybersecurity, the current legal framework for data security and related issues, and the ways in which lawyers learn about and involve themselves in cybersecurity issues. These discussions are presented across the paper’s three sections:
  • Cybersecurity and the Law explores the context in which cyberlaw is developing, examining the importance of cybersecurity to companies and corporations and how inside and outside counsel are responding.
  • Legal Developments in Cyberlaw provides an overview of the current state of the legislation, regulations, and other sources of law and policy influencing cybersecurity.
  • How Lawyers Help Meet Cyberthreats examines lawyers’ roles cybersecurity in more detail, including both the tasks they should perform and the tasks they do perform. This section also examines how lawyers are improving their knowledge of cybersecurity.”

France is legitimately concerned. Still, ground-to-air missiles are probably too much.
French Authorities Hunt Pilots as Drones Seen Over Paris Landmarks
French authorities Tuesday were trying to hunt down the pilots of drones that were spotted flying over Paris landmarks and high-security buildings including the U.S. embassy.
The small, remotely-controlled flying objects were seen overnight Monday to Tuesday over the U.S. embassy and nearby Interior Ministry, as well as over the Eiffel tower nearly 2 miles to the west and Place de la Bastille over 2.5 miles to the east.

If backdoor access is legitimate for one government, is it legitimate for all governments? Any “proposal” that is so easy to show as ridiculous probably is. Has no one in government considered these questions?
Yahoo executive challenges NSA over encryption demands
… "If we're going to build defects, backdoors or golden master keys for the US government, do you believe we should do so... for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government?" asked Mr Stamos, Yahoo's chief information security officer.
After initially dodging the question, Adm Rogers - who took over as director of the NSA last year - responded: "I think that we're lying that this isn't technically feasible.
"Now, it needs to be done within a framework. I'm the first to acknowledge that."
… According to a transcript provided by the Just Security website, he argued that he did not want the FBI and NSA to unilaterally decide what access they should have, but insisted an agreement was achievable.
Pressed on whether he thought that access should also be granted to other nations' governments, Adm Rogers said: "I think we can work our way through this."
Mr Stamos responded: "I'm sure the Chinese and Russians are going to have the same opinion."

(Related) Tell me again why law enforcement is helpless when phones are encrypted?
Spies Can Track You Just by Watching Your Phone’s Power Use
… Researchers at Stanford University and Israel’s defense research group Rafael have created a technique they call PowerSpy, which they say can gather information about an Android phone’s geolocation merely by tracking its power use over time. That data, unlike GPS or Wi-Fi location tracking, is freely available to any installed app without a requirement to ask the user’s permission. That means it could represent a new method of stealthily determining a user’s movements with as much as 90 percent accuracy—though for now the method only really works when trying to differentiate between a certain number of pre-measured routes.

There is no easy “anonymous” from your personal computer.
Neil Ungerleider reports:
If you have cancer, HIV, diabetes, lupus, depression, heart disease—or you simply look up health-related information online—advertisers are watching you. A new paper on what happens when users search for health information online shows that some of our most sensitive internet searches aren’t as anonymous as we might think.
Marketers care very much about what diseases and conditions people are searching for online. Tim Libert, a doctoral student at the Annenberg School For Communication at the University of Pennsylvania and the author of the paper says that over 90% of the 80,000 health-related pages he looked at on the Internet exposed user information to third parties.
Read more on FastCompany.
[From Fast Company:
Health privacy is protected by the Federal Health Insurance Portability and Accountability Act (HIPPA), but the law is not meant to oversee business practices by third party commercial entities or data brokers. "Clearly there is a need for discussion with respect to legislation, policies, and oversight to address health privacy in the age of the internet," says Libert.
To avoid the watchful eye of marketers, Libert recommends users make use of two different tools, Ghostery and Adblock Plus, which can at least partly prevent marketers from obtaining patient health information based on Internet browsing habits.

(Related) Why isn't the FDA monitoring such claims? Would these App have been required to do a full “drug testing” level research before the market? Could this technology work?
Detecting melanoma? FTC says there’s not an app for that
The Federal Trade Commission (FTC) announced on Monday that it has reached settlements with two developers who claimed their apps could accurately detect the risk of melanoma.
The two apps — MelApp and Mole Detective — instructed users to take a picture of a mole and promised to give an early assessment of whether it was skin cancer. The commission alleged the companies lacked adequate evidence to support their claims.
Each company was required to hand over a small amount of money and was prohibited from claiming their apps can detect skin cancer unless it is supported by scientific testing.

I'm sure everyone in the EU will immediately stop using Facebook.
From the close-but-no-cigar dept., Samuel Gibbs reports:
A report commissioned by the Belgian privacy commission has found that Facebook is acting in violation of European law, despite updating its privacy policy.
Conducted by the Centre of Interdisciplinary Law and ICT at the University of Leuven in Belgium, the report claimed that Facebook’s privacy policy update in January had only expanded older policy and practices, and found that it still violates European consumer protection law.
“Facebook’s Statement of Rights and Responsibilities (SRR) contains a number of provisions which do not comply with the Unfair Contract Terms Directive. These violations were already present in 2013, and they are set to persist in 2015,” wrote the authors.
Read more on The Guardian.
The Register has more on Facebook’s attempt to head off a Belgian investigation.

Better than nothing? Why are you doing nothing?
Need Cyber Protection? Avast for Business Offers it Free
… Avast for Business is a free cloud-based security management tool specifically designed for small businesses.
Vince Steckler, CEO at Avast, says in a statement on the release of Avast for Business:
“We believe the time is right to provide great security that is not only free, but also simple for SMBs to implement and manage. A small business may not view their customer database or online orders at the same level as data of an enterprise. Avast for Business addresses the problem of those businesses using consumer products and not being adequately protected; it gives those enterprises a business-class solution they can grow with.”
… Avast for Business takes about five minutes to set up. And one manager can monitor any threats on any device protected under the same Avast for Business account, the company claims. Based on a cursory glance at the software, the browser-based dashboard for the free service is easy-to-read and manage. Adding and activating devices running Avast for Business starts with one click.
The software can be downloaded onto one employee’s computer. That user then becomes the “cloud manager.” A link can be emailed to other users covered by the same cloud account.

“Russians don't do anything without a plan.” from “The Hunt for Red October”
Report to Allege Direct Kremlin Link to Ukraine Invasion
The editor of a leading independent Russian newspaper says he plans this week to publish what purports to be an official Kremlin strategy document outlining Russia's 2014 invasion of Ukraine.
Novaya Gazeta editor Dmitri Muratov said the document appears to have been prepared weeks before Ukraine's pro-Russian President Viktor Yanukovych was driven from office in February 2014, following weeks of anti-government protests in Kyiv.
… Muratov quotes the 2014 document as saying Moscow was obliged to intervene in Ukraine to protect against the possible loss of the Ukrainian market for Russia's natural gas. [Huh? Bob] He said the document also noted the risks to the Russian economy and to western European consumers, if Moscow were to lose control of pipelines carrying natural gas through Ukraine to Western markets.

(Related) Why does he keep talking like this?
Vladimir Putin: War with Ukraine would be 'apocalyptic' but unlikely

For my Statistics students. What would you like to predict?
Microsoft Nails All But 4 of 24 Oscar Predictions
… In all, Microsoft, relying on an apparently awesome prediction model managed by research guru David Rothschild, nailed 20 out of 24 predictions. Last year, the bow-tied economist and pollster at Microsoft’s New York City research lab correctly foresaw 21 of 24 Oscar winners and 19 of 24 the year before that.

So far, we don't have a virtual Mr. Roger's Neighborhood.
Easy Coding for Kids With Microsoft’s Kodu
Microsoft’s Kodu GameLab Encourages Kids to Code
… Its simplicity makes it engaging, as does its sensory programming features within the simulation environment. It isn’t designed to introduce children to the core of programming languages, or key conventions such as variables, branching, looping or subroutines.
Other Coding for Kids Options
Alice: A 3D environment focused on visual programming through a drag-and-drop, WYSIWYG editor. Variant, Storytelling Alice, has been shown to increase engagement with coding. High level 3D animations and social interactions provide appeal across the learning spectrum, tying directly into the children’s contemporary digital world.
Scratch: Another 3D visual programming tool, developed by the MIT Media Lab. Since its 2007 inception over 800,000 users have signed up. It’s entirely open, with content sharing the key to the community. All projects are Creative Commons licensed so each project is up for download and modification. There are some damn fun mini-games.
Hackety-Hack: Ruby for teenagers. Teen’s actually engage with the Ruby programming language, learning algorithm structures, commands, strings, basic math functions and more. Calls its users “Hackers” for that ultra-cool feel, and has integration with a desktop social site for idea sharing and help.
Daisy the Dinosaur: For the very young. Aged towards 5-8 year olds, but perfectly functional for older kids. Very basic visual programming interface based around moving and interacting with Daisy the Dinosaur. My 5 year old loved it, and the 3 year old was pretty inspired, too. Only available for iOS.
Code-Monster: JavaScript with a friendly monster. The monster guides you through a series of JavaScript variables. Each change you make to the code alters the appearance of a shape on the parallel screen. Creator Greg Linden wanted to teach his own kids to code: this is the result.

For all my students.
5 New Tools to Snag the Job of Your Dreams

For my “International” students. (They like Google Translate best too)
5 Ways to Translate Text on Your iPhone or iPad

For all my students.
Even With Debt, College Still Pays Off

Hiring Managers: Recruiters Aren't Working
… Their first and foremost concern? A lack of talent. While millions of Americans are still looking for work, nearly half (48 percent) of hiring managers report that they aren't seeing enough qualified candidates, and a quarter (26 percent) predict hiring will getting harder in the next 12 months as the U.S. economy continues to pick up steam.
… All of this indicates that the job market is on the road to a fierce recovery, giving employees – particularly those in competitive positions – more options, and thus the ability to bargain and make greater demands from their employers.

No comments: