Thursday, March 05, 2015
An apology. Please forgive my earlier post on this topic. I should have known the Computer Security people at the State Department would have raised this issue. Just as I should have known they were ignored.
State Department cybersecurity staffers warned Hillary Clinton's office that the secretary's private email service was more vulnerable to hackers than the agency’s email service, Al Jazeera reported.
“We tried,” an unnamed current employee told Al Jazeera. “We told people in her office that it wasn’t a good idea. They were so uninterested that I doubt the secretary was ever informed.”
… it’s also led many to wonder whether the secretary exposed department information to hackers by relying on an email server with weak security measures.
… noncommercial servers rarely contain the layers of digital security offered by commercial data centers. Additionally, State Department networks benefit from government programs that continuously monitor for intrusions and unusual activity.
… The State Department has insisted no classified emails were sent through Clinton's personal account. [Lack of a classification stamp or header does not mean the data contained didn't require classification. Perhaps when State actually looks at the rest of the emails they will change their mind? Bob]
Background for my Computer Security students.
The History of Biometric Security, and How It’s Being Used Today
… While law enforcement, and high-security facilities have been using biometric identification for decades, we’re now living in a world that is making a real push toward biometrics for both identification and access-based technology in consumer goods.
This push is bleeding into consumer markets in the form of fingerprint scanners for automobiles, laptops and mobile devices, facial recognition technology in computer software, and iris recognition used in ATMs in some corners of the globe.
This should be amusing. Might be fun to sic my Data Analysis students on it.
Canadian Journalists for Free Expression (CJFE) is excited to announce the launch of the Snowden Archive, a comprehensive database of all of the documents published to date from the Snowden leak.
Created in partnership with the Faculty of Information at the University of Toronto, the Archive is the world’s first fully indexed and searchable collection of publicly released Snowden documents.
The Archive is a powerful resource for journalists, researchers and concerned citizens to find new stories and to delve deeply into the critically important information about government surveillance practices made public thanks to Edward Snowden.
… The Snowden Archive and additional information on the project can be found at cjfe.org/snowden
For my Computer Security students. A summary of 600,000+ incidents (all in 2014).
Annual Report to Congress: Federal Information Security Management Act
Annual Report to Congress, February 27, 2015: “As cyber threats continue to evolve, the Federal Government is embarking on a number of initiatives to protect Federal information and assets and improve the resilience of Federal networks. OMB, in coordination with its partners at the National Security Council (NSC), the Department of Homeland Security (DHS), and other agencies, helps drive these efforts in its role overseeing the implementation of programs to combat cyber vulnerabilities and threats to Federal systems.
… The fiscal year (FY) 2014 FISMA report provides metrics on Federal cybersecurity incidents, the efforts being undertaken to mitigate them and prevent future incidents, and agency progress in implementing cybersecurity policies and programs to protect their networks. FY2014 proved to be a year of continued progress toward the Administration’s Cybersecurity Cross Agency Priority (CAP) Goal, which requires agencies to “Know Your Network” (Information Security Continuous Monitoring), “Know Your Users” (Strong Authentication), and “Know Your Traffic” (Trusted Internet Connection Consolidation and Capabilities).”
(Related) What makes this report worth $4300? (I'll probably never know)
Identity Fraud Cost U.S. Consumers $16 billion in 2014
Identity thieves were busy during 2014, but a new study estimates that U.S. consumers actually suffered fewer losses than in the past.
According to the 2015 Identity Fraud Study from Javelin Strategy & Research, the number of identity fraud victims decreased slightly last year, dropping by three percent from 2013. All totaled, Javelin estimates 12.7 million U.S. consumers were victimized in identity theft in 2014, compared to 13.1 million the previous year. Total fraud losses fell as well, dropping from $18 billion in 2013 to $16 billion in 2014.
The joys of Big Data.
Bob Parks reports:
The NYPD is paying $442,500 for a three-year subscription to Vigilant Solutions’ database of 2.2 billion licence plate images of cars across America, according to Ars Technica. Advocates in law enforcement say the tool will help find suspects faster. Privacy advocates contend it could dramatically increase the police’s ability to catalog and predict the movements of everyday Americans.
Read more on BoingBoing.
[From the Ars Technica article:
"It could take a decade or more for a constitutional challenge to warrantless license plate tracking to reach the Supreme Court, if it ever does," she wrote by e-mail. "In the meantime, police nationwide have far too much power to track the movements of totally law abiding people. Legislatures in the states and congress must act quickly to pass laws bringing license plate reader technology in line with the golden rule of American criminal jurisprudence: the probable cause warrant."
… According to the New York Daily News, the NYPD will soon have access to the Vigilant database that will allow investigators to “virtually stake out a location." The system also alerts law enforcement when a wanted vehicle turns up well outside of the Big Apple. Vigilant’s software even includes the ability to perform “associate analysis” to figure out who that target frequently drives with. [Meaning “drives where the suspect drives?” Bob]
… Vigilant requires that its licensees—law enforcement agencies—not talk publicly about its LPR database. According to the 2014 edition of its terms and conditions: "This prohibition is specifically intended to prohibit users from cooperating with any media outlet to bring attention to LEARN or LEARN-NVLS."
Privacy down under.
Caroline Bush and Amanda Graham of Clayton Utz write:
Although there is some legislative protection for Australians’ personal information, it doesn’t extend to every instance of what might be considered as an invasion of privacy. Courts in the United Kingdom have found that the cause of action of breach of confidence may provide a remedy for people who are seeking to protect their privacy in the absence of a statutory cause of action – and Australian courts are beginning to follow them, as the recent Western Australian decision of Wilson v Ferguson  WASC 15 highlights.
Read more on Clayton Utz.
Privacy across the pond.
Jennifer Baker reports:
Activists have leaked the latest draft of Europe’s planned data protection law – which is supposed to safeguard Europeans’ personal information when in the hands of businesses and governments.
The proposed rules have been agreed by the European Parliament. Now Euro nations’ government ministers, who sit on the Council of the European Union, are tearing the text apart, and rewriting large chunks of it.
The 305-page document [PDF] – obtained and published by Privacy International, EDRi, Access and the Panoptykon Foundation – shows the changes put forward by the council. The four civil-liberties groups say ministers are effectively ruining any chance of real data protection in the EU.
Read more on The Register.
The law is imperfect and there is a difference between legal and wise. This may be a good article to start that discussion. What would have tipped this over the edge?
Stephanie Castillo reports:
The University of Oregon (UO) is under fire for using a student rape victim’s therapy records against her after she sued the campus for mishandling her sexual assault case.
FERPA is a federal law that protects the privacy of students’ “education records.” These records refer to records directly related to a student, plus records “maintained by an educational agency or institution or by a party acting for the agency of institution,” the U.S Department of Education reported. While medical and psychological treatment records are not defined as education records at colleges and universities, “an eligible student’s treatment records may be disclosed for purpose other than the student’s treatment, provided the records are disclosed under one of the exceptions to written consent.” One such exception is a lawsuit.
Read more on Medical Daily.
“One must keep one's largest market.” That rule overrides the “One must protect customer privacy.”
Apple already agreed to the tough Chinese rules that Obama is furious about
Obama's sharp criticism on China's new rules for foreign technology companies has been undermined by the fact that Apple has already agreed to the plans, Quartz reports.
… As previously reported, Apple agreed in January to allow the Chinese authorities to conduct "security audits" on its products to ensure it's not sharing user data with the US government.
Alibaba opens first U.S. data center, challenging Amazon in the cloud
Alibaba is opening a data center in Silicon Valley — its first outside of China — stepping up its competition with Amazon and ultimately hoping to get U.S. companies to start using its cloud computing services.
The company’s Aliyun cloud-computing subsidiary announced the move overnight, describing it as part of a new effort to serve customers globally. A spokeswoman says the company “will initially target Chinese enterprises based in the United States with the plan to gradually expand its products and services to international clients in the second half of this year.”
Higher prices have support, but what about splitting that revenue?
… Compensation for songwriters whenever a song is bought online or in a CD is set by the federal Copyright Royalty Board and is currently 9.1 cents. Critics say that's far too low and argue that the market -- not the government -- ought to be setting the prices for how much songs are worth. The Songwriter Equity Act would have the Copyright Royalty Board set compensation levels equivalent to their fair market value. It would also broaden the scope of evidence that the federal rate court can look at when determining how much to pay songwriters when their songs are performed publicly.
How Boeing gathers Big Data.
Why big data matters to Boeing, and what it means for your next flight
… “On a plane where we have 8,000 sensors capturing the 8,000 data points per second … if we extrapolate that for more than 5,000 planes … and optimizing that and providing sort of real-time optimization, (that) is where there is a huge benefit for our customers,” said Rao. “But it is also a great opportunity for our company as far as a revenue generation standpoint.”
In total, Rao said Boeing is sitting on a treasure trove of about 100 Petabytes of data, and now the company is looking to unlock that in new ways, benefiting its carrier customers and future flyers.
Taylor Swift has good IP lawyers?
Taylor Swift, Trademarks and Music’s New Branding Model
If you’re ready to “party like its 1989,” you’ll have to talk to Taylor Swift first. The pop star recently applied to trademark that phrase and others related to her songs — a move that marks a shift in the industry, as artists, songwriters and music publishers increasingly become independent brands.
… Swift’s trademark quest could work out fine, or it could backfire, according to R. Polk Wagner, a professor at the University of Pennsylvania Law School
… “It’s a smart move,” adds Christopher Jon Sprigman, law professor at New York University’s School of Law
Reid Hoffman’s Two Rules for Strategy Decisions
Reid Hoffman — the co-founder and chairman of LinkedIn and partner at the venture capital firm Greylock — is a preeminent Silicon Valley strategist.
… Reid’s first principle is speed. One of his most popular quotes is, “If you aren’t embarrassed by the first version of your product, you shipped too late.” Another is, “In founding a startup, you throw yourself off a cliff and build an airplane on the way down.”
… Reid’s second principle is simplicity — simplicity enables speed.
Pour le encourage les students. AT least my geeky students.
Developing IoT Apps Is Easier Than You Think
Networkable sensors (and these could be anything from cameras and GPS receivers to temperature, pressure or humidity sensors) are available off the shelf and are cheap to buy. They may also be incorporated into equipment your company already owns or purchases, like vending machines, vehicles or refrigeration units.
Tools for my students. Make that outline look geekier?
Two Tools for Turning Outlines Into Mind Maps
Some students prefer to see ideas organized in an outline style while others see large concepts better when they're in a mind map format. Text 2 Mind Map and MindMeister's Google Docs Add-on bridge the gap between the outline format and the mind map format. Both tools allow you to type an outline then see that outline turned into a mind map.
To create a mind map on Text 2 Mind Map type out an outline in the text box. After typing your outline click "draw mind map" to have your mind map created for you. If after creating your mind map you need to add more elements to just add them into your outline and click "draw mind map" again. Your mind map can be downloaded as a PDF or PNG file. The mind maps that you create on Text 2 Mind Map can also be shared via email, Facebook, or Twitter.
To create a mind map with MindMeister's Google Docs Add-on create a bullet point list in your document. Highlight your list then select the MindMeister Add-on and click "insert as mind map." A mind map will then be generated based on your list. There are a couple of tips to note about MindMeister's Add-on. First, you cannot edit the position of cells in the mind map. Second, you must use bullet points or number lists generated by the list menus in Google Docs. I tried just selecting a list without the bullet points and MindMeister didn't create a mind map for me.
Another tool for my students.
How to Emulate Android and Run Android Apps on Your PC
In many cases, Android apps are superior to desktop apps. They’re compact, often better written, and have a low resource footprint.
… several methods are available for you to choose from that will enable you to run virtually any Android app on Windows, Linux, or Mac OS X.
For the Unix students.
Linux Treasures: 11 Sublime Native Linux Apps That Will Make You Want To Switch
For my Ethical Hackers? Sometimes just one idea is worth reading the article.
5 Email Tools & Utilities You Should Try
Have you ever been in a situation where you needed to find the email address of someone at a company, but you couldn’t find it? Or perhaps you just need a faster way to look for the address? Then Thrust is your go-to service.
Just enter the person’s name and the company they work for, and Thrust will start looking for their email. When it has found it, there will be a clickable link to open a new email window with the address already pre-populated and ready to go.
A tool of immediate value to my students. (Hint, hint!)
Tagboard - Follow Hashtags from Multiple Networks in One Place
Tagboard is one of the tools that we looked at today in my NCTIES15 workshop about blogs and social media. Tagboard is a free tool that allows you to enter any hashtag like #NCTIES15 and view all of the Tweets, Instagram pictures, Facebook posts, Google+ posts, and Vine posts associated with that hashtag. All of the posts are displayed in a bulletin board/ grid display. You can reTweet and or reply to messages while viewing Tagboard, provided that you are signed into your Twitter account.
One of the things that I always mention in my talk about online personal learning networks is that you don't have to always be connected in order to benefit from having an online PLN. You can check in for fifteen to thirty minutes per day during the commercial breaks of your favorite television show and glean a lot of useful information in that time. A tool like Tagboard could enable to you catch up even faster because you will see more messages in the same amount of screen space. You can also participate in multiple social networks from the same screen while using Tagboard.
Dilbert explains the downside of discriminating against women.