Tuesday, April 21, 2015

For my Ethical Hacking students. Think of this as “evidence.”
Google Now Lets You Download Your Entire Search History
Google will now let you download and export your entire search history.
The search giant already allowed users to view their history, but now they can download their entire history in just a few simple steps.
As first noticed by the unofficial Google Operating System blog and pointed out by VentureBeat, users just need to go to their Google Account history and then hit the gear icon in the upper right corner and hit "download."
A user's search history will only appear for the time that they have enabled the Web history setting.
Once a user opts to download their history, a window appears warning the user not to download the archive on a public computer.

Computer security for all my students.
Protect your Google Accounts with a USB Security Key
Most big-name web services like Gmail, Microsoft, Evernote, WordPress and Dropbox now support 2-step authentication to improve the security of your online accounts. Once you enable two-factor authentication, a malicious person will not be able to log into your online account even if they know the password – they’ll need access to your mobile phone as well to get in.
The verification codes required for logging into a 2-step enabled account can be generated either using a mobile app – like Authy or Google Authenticator – or you can have them sent to your mobile phone via a text message or a voice call. The latter option however will not work if the mobile phone associated with your account is outside the coverage area (like when you are in a foreign country).
There’s another option that makes the process of logging into a 2-factor enabled account Google less cumbersome. Instead of generating the verification codes on a mobile phone, you can use a hardware based authenticator that can be inserted into a USB port on your computer and you’ll be signed-in automatically without having to hand-type the digits.
The option works for both Google and Google Apps accounts and you don’t even need the mobile phone – watch video demo.
I am using the least-expensive Yubico key though there are more options to choose from. The first stop is to associate the USB security key with your Google Account.

No surprise. Just aggregating all existing resources and simplifying the interface.
Frequent contributor Joe Cadillic has more on surveillance in St. Louis – a story first reported by the St. Louis Post-Dispatch that was noted last week on this site.
Joe writes:
What police are telling you is, Motorola’s ‘Real Time Crime Center’ is spying on you through numerous platforms:
Real-Time Intelligence Client brings together streaming video with analytics, resource tracking, social media, voice, Computer Aided Dispatch (CAD) and records information onto a single, intuitive interface with geospatial mapping.
And it gets worse:
The Real-Time Intelligence Client lets analysts prepare and distribute live tactical video, recorded video clips, documents, photos and key information to your officers in the field, and to other agencies for multi-jurisdictional response. Push-a-Link and Push-a Snapshot make it easy to distribute video and photos to dispatched units. Real-time analytics monitor video streams and detect user-defined events of interest – to improve response times by alerting RIC operators to crowd formations, dropped bags and other suspicious behavior as it occurs.
Read more on MassPrivateI.
[Real Time Crime Center brochure:

Also for my Ethical Hacking students. Some tools for your toolkit.
Mobile app privacy insanity – we’re still failing massively at this
… For the uninitiated, what I’m going to show in this post amounts to nothing more than looking at the requests that mobile apps are making over the web to back end services and inspecting the responses that are returned. It’s the mobile equivalent of looking at the network tab in the developer tools of your favourite browser. In this case though, I’m simply proxying my iPhone traffic through Fiddler which you can set up in about a minute. The particular patterns I’m looking for are discussed at length in my Pluralsight course titled Hack Your API First so if you want to understand the process in detail, go and check that out.

Shouldn't this be obvious? You could cut any utility (water, gas, electric) and then pose as a repairman.
David Kravets reports the latest development in a case previously noted on this site:
A federal judge issued a stern rebuke Friday to the Federal Bureau of Investigation’s method for breaking up an illegal online betting ring. The Las Vegas court frowned on the FBI’s ruse of disconnecting Internet access to $25,000-per-night villas at Caesar’s Palace Hotel and Casino. FBI agents posed as the cable guy and secretly searched the premises.
The government claimed the search was legal because the suspects invited the agents into the room to fix the Internet. US District Judge Andrew P. Gordon wasn’t buying it. He ruled that if the government could get away with such tactics like those they used to nab gambling kingpin Paul Phua and some of his associates, then the government would have carte blanche power to search just about any property.

You knew that, right? Nothing new, but a fair summary.
Your Lawyer Is Vulnerable to Cyberattacks
Lawyers help their clients as they negotiate confidential business transactions, hold intellectual property, manage funds and litigate disputes, among many other business activities. In the ordinary course of business, lawyers also maintain numerous confidential documents and data of and about their clients.
As a result, lawyers have a big bull's-eye drawn on their backs, visible to cybercriminals. The worst part is that most lawyers do not realize how vulnerable they are, since few lawyers understand IT security and cyber-risks. As a result, many do not properly protect that confidential information.
… "If you're a major law firm, it's safe to say that you've either already been a victim, currently are a victim, or will be a victim. ... The question is, what are you doing to mitigate it?" asked Chad Pinson, a managing director at Stroz Friedberg, according to a Bloomberg report.
At least 80 of the 100 biggest firms in the country, by revenue, have been hacked since 2011, according to Mandiant, the same Bloomberg report noted.
… The ABA established a Cybersecurity Task Force, which published an "ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms and Business Professionals."

The next “We can, therefore we must?” May be a tad premature.
Should Your Voice Determine Whether You Get Hired?
Technology is changing every facet of work, including how companies profile and select their employees. The development of different apps, software, and algorithms has produced many novel methodologies for screening job candidates and evaluating their potential fit for a role or organization.
The latest of such methods is voice profiling, the use of computer-based algorithms to predict job fit based on an analysis of a candidate’s voice.
… Although the idea that each voice is unique makes intuitive sense, some voice profiling tools, such as Jobaline, are based on a rather unconventional premise: Instead of trying to decode a candidate’s personality, intelligence, or mood state, they aim to predict “the emotion that that voice is going to generate on the listener.” In other words, the algorithm functions as a mechanical judge in a voice-based beauty contest. Desirable voices are invited to the next round, where they are judged by humans, while undesirable voices are eliminated from the contest.

Perspective. In Japan, the trains do run on time.
Japan maglev train breaks world speed record
A Japanese magnetically levitated train has broken its own world speed record for the second time in five days.
The maglev broke the 600 kilometres per hour (372.82mph) barrier for the first time on Tuesday and hit a top speed of 603 kph (374.69mph) on a test track in Yamanashi Prefecture, west of Tokyo.
Operated by Central Japan Railway, the manned test run surpassed the 590 kph (372.82mph) that it recorded on the same track on Thursday.
… Plans are in place for Japanese firms to build a maglev system in the United States, where it would link Washington DC and Baltimore in a mere 15 minutes.

How does this fit into the EU's claim of monopolistic practices? (Also, some design tips for my website students)
Big Google algorithm change this week will usher in a new mobile era
New changes to Google’s search algorithms, taking effect this week, have a chance to cause some major headaches for businesses without mobile-ready websites. The company is slated to implement new tweaks to its search ranking tomorrow to prioritize sites that feature “mobile-friendly” designs.
The change has been a long time coming – Google first announced it back in November – but starting Tuesday, companies that haven’t made the switch will start feeling the hit in Google’s search results. The changes will favor sites that avoid technologies like Flash that don’t work on phones, have layouts that automatically scale so that users don’t have to scroll side-to-side or zoom, and have links placed far enough apart that they can be easily tapped with a finger.
… The algorithm change signifies a bigger shift by Google towards separating its mobile and desktop search results, Meyers said, because tomorrow’s change will only affect searches run from mobile devices including smartphones and tablets.

Would you cut off a large share of your market?
Google is known for its not great support. If you have a problem with a Google account or associated service, good luck trying to talk to someone at Google about it. It’s a very hands-off way of dealing with products, and it looks as though that also extends to support for older devices being able to use those services.
This week Google has retired its Data API v2 for YouTube, which means that a long list of smart devices manufactured in 2012 or earlier will no longer have functioning YouTube apps.
… It’s not as though Google hasn’t given fair warning about this change. The retirement of Data API v2 was announced in March 2014, and a migration guide for developers was made available in September last year. That’s plenty of time for upgrades to happen. However, there’s still a range of devices that will lose functionality, including 2nd-generation Apple TV, Google TV version 3 or 4, Sony and Panasonic smart TVs and Blu-ray players manufactured pre-2013, any device running iOS 6 or earlier, and any game consoles that don’t support Flash or HTML5.

They proved it can be done. Was it worth the expense? Where else could we use this technology?
Chevy Runs Digital Video Ads in Print (Yes, You Read That Right)
Here's something you don't see every day: Chevrolet bought print ads to show off its digital videos.
The ad, which promotes Chevy's Colorado truck, appears in the May issue of certain subscriber issues of Esquire and Popular Mechanics. And it allows readers to watch one of three short videos, which were created by Chevy's creative agency Commonwealth//McCann.
Some 10,000 subscribers each to Esquire and Popular Mechanics -- those considered likely Colorado buyers -- received copies with a video player embedded inside the print page.

Perspective. Interesting that Warton has jumped in this so quickly.
Live and lucrative? Why video streaming supremacy matters
Two hot new apps will let couch potatoes everywhere live vicariously through other people’s experiences — as they are happening.
Meerkat and Periscope are the latest in socially connected apps that let users broadcast live video. While similar apps such as Ustream have been around for years, Meerkat and Periscope have gained users quickly through the attraction of a minimalist interface, a sense of immediacy, and the ability for viewers to send messages and even bestow their approval of live streams in real time.

If nothing else, Kim Dotcom is a never ending source of amusement.
Kim Dotcom may get kicked out of New Zealand—but not because of copyright
… An extradition trial, delayed many times, is currently scheduled for June.
Now it's come to light that Kim Dotcom may get kicked out of New Zealand sooner than that, but it has nothing to do with copyright. The New Zealand Herald reports that the country's Immigration Minister has launched an inquiry to decide whether to deport Dotcom because of an unreported driving violation, in which he pled guilty to driving 149 kilometers per hour in a 50 kilometer per hour zone. (That's 93 mph in a 31 mph zone.)
Dotcom pled guilty to the offense in 2009, but when he filed his New Zealand residency application in 2010, it asked if he'd ever been convicted of an offense involving "dangerous driving." He answered "No."
… The inquiry was opened after the Herald revealed the conviction in an earlier article. [Apparently newspapers have better access to government records than the government. Bob]
If Dotcom was deported over the driving matter, it would be to Finland or Germany, not the US, where he would have to stand trial. However, it would clearly complicate his legal case, and it isn't clear how such a move would affect his chances of finally ending up in the US.

For my Data Management students. How would you predict an increase in demand for Ice Cream cones?
Twitter Could Predict Emergency Room Rush Hours
… Research that will be published in the IEEE Journal of Biomedical and Health Informatics combines Twitter posts and air quality and hospital data to form a model that researchers believe can predict emergency room trends more effectively and immediately than existing disease surveillance models, such as that published by the U.S. Centers for Disease Control and Prevention. While health and data tools such as Google Flu Tracker have used social media and search engines to monitor the spread of contagions, this new model is the first to look at chronic illnesses such as asthma, the researchers say.
… To find a connection between tweets about asthma and asthma-related emergency room visits, they combed through Twitter streams for 19 keywords, such as “asthma attack” and “inhaler.” After filtering out the tweets that contained the keywords but did not reflect “asthma affliction,” they compared the Twitter post trends to air quality data from the Environmental Protection Agency. Finally, they compared that information to numbers from the Children’s Medical Center of Dallas. They found a correlation between tweets about asthma, changes in air quality and asthma-related emergency room visits.
… The global Twitter data set available to the researchers consisted of nearly half a billion tweets, about 1.3 million of which contained asthma-related keywords. They narrowed that pool down to those that had location coordinates (35,152), and from there selected only those from the Dallas area (4,660). They did away with non-English tweets [Strange choice in Texas, especially with online translation tools. Bob] and any “that mentioned asthma in an irrelevant context,” the paper says.

Believe it or not, this is for my Statistics students. (We already discuss the statistics behind the movie “MoneyBall”)
Even the messiah can strike out three times on his first day in the majors. Last Friday, Kris Bryant, the Cubs’ anointed savior, was called up from the minors after weeks of debate about whether he should’ve just started the season in the majors. There is an aura of myth to Bryant’s arrival, as though the stars have aligned to offer the Cubs a chance to fulfill a prophecy. Yet Bryant is still an untested prospect, and, as Cubs fans know too well, even the best prospects can fail to live up to expectations.
But Bryant really is special — he’s the rare prospect that has both scouts and stats in complete agreement. Because of the unique intersection of scouting know-how and minor league data, Bryant is likely to match the hype.

I assure you I did not play these games. I grew up in New Jersey. We played Cops & Robbers (with real cops)
Remember Those Computer Games from School? Play Them Now for Free
… Since most of these titles are at least 20 years old, they’ve become publicly available. Some are clones of the originals, but there’s something here for everyone who enjoyed an educational game during free periods of computer class.

For my students. If they like it, I might actually get a smartphone! (Okay, probably not.)
Take Back Your Smartphone with FreedomPop’s Free Phone Plan
… FreedomPop is now offering a truly accessible phone plan with 100% free service, and they’ll even throw in a certified pre-owned Samsung Galaxy SIII for you!
… Using our limited-time deal, you’ll get a Galaxy SIII and a free month-long trial of the Unlimited plan – which includes all the talk, text, and data you can use – for just $99.99! After your trial month is up, you can choose to continue using the Everything plan for $19.99/month or try out the absolutely free plan. With 200 minutes of talk, 500 texts, and 500 MB of data for free each month, you’ll have all your smartphone needs to thrive.
This plan is 100% free every month and will last for life; all you have to do is act now!
… If you’re sick of getting played by US mobile phone carriers, it’s time to act. Use this link to join FreedomPop and get started with an awesome free plan. The free plan is perfect for students and those who don’t use their phones often, but if you need unlimited resources, why pay T-Mobile or AT&T hundreds of dollars when FreedomPop lets you have them for $20?

No comments: