Monday, April 06, 2015
For my Ethical Hackers, another example of “low hanging fruit.” Before you lay siege to the castle, ask if anyone would be kind enough to lower the drawbridge for you.
Taylor Amerding reports:
Plenty of people are careless with their own personal passwords – using the same one for multiple sites, and/or making them so simple that they are comically easy to crack – but hardly anyone would intentionally sell them for a few bucks to someone they know would use them to do them harm.
Apparently, however, some of them don’t have those qualms about selling corporate passwords. A recent global survey of 1,000 employees at large (more than 3,000 workers) organizations, commissioned by vendor SailPoint, found that one in seven would sell their password to an outsider for as little as $150.
Read more on CSO.
My answer has always been “No!” Management is responsible for ensuring the security is adequate and continues to operate correctly – before there is a breach.
Krishna Bahirwani reports:
Black Hat Asia ended with a discussion started by Black Hat founder Jeff Moss on if security providers, should be held liable for data breaches, because of the critical data they claim to “secure”. The recent number of hacking incidents everywhere have made this a widespread issue and security professionals worldwide have voiced their opinions.
Read more on DNA India.
So facial recognition is used to match the photo on the US passport with the face of the person in front of the TSA agent? Has anyone ever tried to enter the US this way?
DHS – Privacy Impact Assessment for the U.S. Customs and Border Protection
by Sabrina I. Pacifici on Apr 5, 2015
Privacy Impact Assessment for the U.S. Customs and Border Protection 1:1 Facial Recognition Air Entry Pilot, DHS/CBP/PIA-025. March 11, 2015.
“The U.S. Customs and Border Protection (CBP) is conducting the 1:1 Facial Recognition Air Entry Pilot to allow Customs and Border Protection Officers stationed at air ports of entry to use facial recognition technology as a tool to assist them in determining whether an individual presenting themselves with a valid U.S. electronic passport is the same individual photographed in that passport. The operational goals of this pilot are to determine the viability of facial recognition as a technology to assist Customs Border Patrol Officers in identifying possible imposters using U.S. e-passports to enter the United States and determine if facial recognition technology can be incorporated into current CBP entry processing with acceptable impacts to processing time and the traveling public while effectively providing CBPOs with a tool to counter imposters using valid U.S. travel documents. CBP is publishing this Privacy Impact Assessment to evaluate the privacy risks of using facial recognition software at an air port of entry.”
Some of the most highly sought after data, from some of the least secure devices.
Heathcare Internet of Things
by Sabrina I. Pacifici on Apr 5, 2015
Heathcare Internet of Things – Jason Healey, Neal Pollard, and Beau Woods.
“The Internet of Things (IoT) of digital, networked technology is quickly moving to the forefront of society, the global economy, and the human experience. The IoT sometimes refers to colossal, impersonal concepts like connecting electricity grids to the Internet for economic or environmental considerations. But the IoT can be intensely personal as well. In the world of healthcare, software engineers are weaving networked medical devices into the fabric of the IoT. These devices, which can be worn or even implanted inside the body, are used to medicate, treat diseases, and maintain general health and wellness. This report, a collaboration between Intel Security and Atlantic Council’s Cyber Statecraft Initiative at the Brent Scowcroft Center on International Security, explores security risks and opportunities that networked medical devices offer to society. It also provides recommendations for industry, regulators, and medical professionals to maximize value to patients while minimizing security risks arising from software, firmware, and communication technology across these devices. Individuals wear networked devices to learn more about themselves, their diet, their exercise regimen, and their vital signs. Doctors can adjust and optimize implanted medical devices, such as pacemakers, quickly and accurately— and often with no need for intrusive medical procedures. In hospitals, new devices network to provide more effective and less expensive monitoring and treatments. According to one estimate, these technologies could save $63 billion in healthcare costs over the next fifteen years, with a 15-30 percent reduction in hospital equipment costs.”
The Office of the Australian Information Commissioner (OAIC) has issued updates to the Australian Privacy Principle (APP) guidelines. The APP guidelines were released in February 2014 ahead of the commencement of privacy law reform, and are the primary guidance for entities in how to interpret and comply with the APPs. These updates have been made following feedback from stakeholders throughout the first year of the new privacy laws.
… to update guidance about ‘reasonable steps’ and examples for consistency with the OAIC’s Guide to securing personal information (2015).
… A summary of the changes and a link to previous versions of these Chapters of the guidelines is available on the APP guidelines page of our website.
SOURCE: Office of the Australian Information Commissioner’s Office
Think of the requirement for a “certain kind of crazy.”
Zachary D Spilman writes:
There is an interesting article about mental health issues in the recent issue of the Military Law Review: Major Cara-Ann M. Hamaguchi, A Precarious Balance: Managing Stigma, Confidentiality, and Command Awareness in the Mental Health Arena, 222 Mil. L. Rev. 156 (Winter 2015) (available here).
examines the conflict between privacy and the military mission, and advocates for a better balance between the two by centralizing information for commanders and establishing specific administrative consequences for commanders and leaders who fail to respect established privacy standards. This article also examines the current uses of mental-health information for mission and readiness requirements, and calls for more transparency for Soldiers. While parts of this article apply to the entire spectrum of mental conditions and disorders, this article focuses specifically on combat-stress and Post Traumatic Stress Disorder (PTSD).
Read more on the National Institute of Military Justice Blog CAAFlog.
Lawmakers know better than the cop on the scene? Blind obedience to orders? Are we going crazy?
Vegas woman gets $200 distracted driving ticket for applying lip balm at a red light
… Stephanie Fragoso, 37, thought it was just another day at the wheel. She was driving to take care of something at the Department of Motor Vehicles, of all places, when she pulled away from an intersection, and the officer who had stopped at the red light next to her pulled her over.
He told Fragoso that she was getting a ticket because she was putting on makeup.
“I said no, I was putting on Chapstick,” Fragoso told The Washington Post.
Plus, she was stopped at a red light. A red light!
… Laws banning texting or using a cellphone while driving have become ubiquitous. But the one that snared Fragoso goes even further. And this week, police in Las Vegas were cracking down: Fragaso said the officer told her that drivers caught with their hands anywhere but on the wheel were liable to be ticketed.
Tools & Techniques.
How to Share Your Windows Clipboard with Your Android Device & Vice Versa
… If you’re an Apple user, you may already know how to sync your Mac and iOS clipboards. What about for Windows and Android though? Among some incredible clipboard managing tools you can use to become a cpro at managing your clipboard, there are a few good options for syncing your clipboard.
… Keep reading to find out the good, the bad and the ugly about these five clipboard syncing tools.
For my SciFi students.
Education in Science Fiction
Arguably the first work of science fiction, Frankenstein is a story about technology and education (and monsters). As a fan of the genre, I’m probably just as interested in the depiction of education in science fiction as I am in the historical and present-day narratives about education technology. I’m particularly interested in how these are intertwined – Salman Khan’s invocation of Ender’s Game, for example.
I asked for recommendations on ed-tech SF on Twitter the other day (I storified the responses).
Now I’ve started a bibliography, building a list of novels, short stories, and movies that explore education’s future. (Not all of these fit neatly into the SF genre.)
For my students. Could this be applied to other subjects?
Is it Possible to Learn Spanish in Just 10 Days?
The idea of learning a new language in just 10 days sounds absurd. Learning a new language completely will certainly take longer than that, but you if done correctly, you can actually manage to lay down a solid groundwork and actually begin speaking Spanish (you may be able to apply these techniques to other languages, too).
So how can you pull this off? Just check out the infographic below and follow the steps. Before you know it, you’ll be ready to talk in a language other than your native one.
Via Thomas Cook
For my Math students.
GraphFree - An Online Graphing Tool for Students and Teachers
GraphFree is a new online graphing tool for students and teachers. On GraphFree students can enter plot graph points manually or enter an equation or function to see a graph generated. Each graph can then be saved as an image to use in a document, a presentation, or in a SMART Notebook folder. GraphFree provides a helpful gallery of tutorial videos and an extensive guide for new users.
GraphFree provides a nice alternative to some expensive graphing calculators and apps. For a lot of high school students GraphFree will provide all of the functions that they need. GraphFree can also be used by teachers to simply download a blank graph to use for in-class graphing assignments done on paper.
Chromebook users might also want to take a look at these Chrome apps for graphing.
Interesting. Analyzing an “online footprint.” There IS an App for that, but only the pointy haired manager would rely on it like this. Business Intelligence students, take note!