Tuesday, May 05, 2015

Yep, low hanging fruit.
After a period of relative quiet, it appears that the hacker known as “JM511″ is back and busy.
According to some tweets last night, the University of Illinois has been hacked via SQL injection:
What’s happening? #JM511 I got #SqL_injection#blind On: http://t.co/qeD2Z3o8HN I’m Ur #nightmare @Illinois_Alma
pic.twitter.com/wtIVjSzlt8
JM511 Hacker☠ (@JM511) May 5, 2015
A screencap from the video shows 133 tables and other details:
DataBreaches.net did send a courtesy notification to U. of Illinois, even though @JM511 alerted them himself via his tweets to their Twitter account.




How long is your compromised data at risk? Until it no longer is useful. Did you change your password, get a new credit card, do anything?
Motherboard reports:
Back in March, Motherboard revealed that fully functioning Uber accounts were for sale on the dark web for as cheap as $1 each. At the time, it appeared that the victims of those hacks were based in the United Kingdom. Now, Uber customers from all over the United States have taken to Twitter to complain that their account has been charged for trips they never took, sometimes half way across the world.
In response to Motherboard’s coverage, Uber issued a statement saying that they basically have no new statement since their last one. Note that all these are newly reported charges. And in at least one case, the account was a new one – created after the reported breach that led to reports of Uber account information for sale. The customer admits that she used the same login for her new Uber account that she’s used for other accounts, so it’s not compelling proof, but the rash of new fraudulent charges is certainly concerning.
Read more on Motherboard.




Just consider it “Notice” that the FBI is watching you.
Remember back in October, 2010 when a student, Yasir Afifi, found a GPS device attached to his car and he filed a lawsuit against the FBI in 2011? Not surprisingly, the DOJ sought dismissal of the lawsuit in July, 2011.
I lost track of the lawsuit, but thankfully, Courthouse News didn’t. Today, they report that a federal judge has thrown out his lawsuit:
Finding that the FBI agents are entitled to qualified immunity, Howell said that “neither the Fourth Amendment nor First Amendment rights he [Afifi] seeks to vindicate in this suit were clearly established at the time and in the place where the challenge conduct occurred.”
The Privacy Act claim meanwhile fails because the records about Afifi’s First Amendment represent “an authorized law enforcement activity,” an exception to the law.
Read more on Courthouse News.




This is unlikely to “clear things up.”
Joe Cadillic sends along this article by Tim Cushing:
MuckRock has obtained a whole stack of Stingray-related documents from the FBI. As is to be expected, there’s not much left unsaid by the agency, which is at least as protective of its own Stingray secrecy as it is with that of law enforcement agencies all over the US.
There’s nearly 5,000 pages of “material” here, most of which contains only some intriguing words and phrases surrounded by page after page of redactions.
Read more on TechDirt.




Interesting. I wonder if I'm in the “terorist” half of the country?
Feds scale back proposal for license plate tracking system
The Department of Homeland Security is scaling back its request to hire an outside company to keep track of people’s license plates, now saying it only needs half the country.
While the department had originally announced that it wanted a company to keep tabs on license plates throughout the nation, it now claims to only want data from “at least 25 states” and 24 of the 30 most populated metropolitan areas.
Additionally, instead of requiring that the service make at least 30 million license plate records available each month, now the department says that it only needs at least 6 million.
U.S. Immigration and Customs Enforcement (ICE) — the division of DHS looking for the contract — said that the changes were merely alterations to attract more solicitations from contractors. [“Once in place, we can increase it to 100%” Maybe. Bob]
… The new DHS effort comes a year after it abandoned a previous attempt to build its own license plate reading system in the face of opposition about its impact on Americans’ privacy.




Cute. But are they kidding?
    1. 1 appearance

Former Secretary of State Hillary Clinton has offered to appear one time and one time only before a congressional committee convened to investigate the attack in Benghazi, her lawyer said. I’m going to go out on a limb here and presume CSPAN will be charging $100 to watch the fight, $90 in standard definition, one side will have repeatedly voted against gay rights in congress, many will tune in expecting an all-out brawl, but it will be mostly be defined by defense, leaving many disappointed in the state of the sport in general. [The New York Times]




An application of Big Data Analytics.
Algorithmic Trading Briefing Note
by Sabrina I. Pacifici on May 4, 2015
New York Fed: “High-frequency trading (“HFT”), or high-speed trading (“HST”), a type of algorithmic (or “algo”) trading, is now a well-known feature of the global market landscape. In many markets, a small number of firms may account for a large proportion of trading volume. Although it has been argued that HFT has lowered investors’ trading costs by reducing bid-ask spreads, the risk that HFT activity specifically, and algorithmic trading more generally, poses to firms and the financial markets has sparked debate and raised concern among market participants and regulatory agencies globally. This is, in part, owing to the speed of trading and, therefore, the pace at which exposures may accumulate intraday at financial institutions. Indeed, unexpected events linked to algorithmic and high- frequency trading have caused significant volatility and market disruption, leading to heightened debate around the risks these activities pose to the functioning of global markets. The complexity of market interactions among HFT firms and other market participants increases the potential for systemic risk to propagate across venues and asset classes over very short periods of time. This briefing note focuses on how risks associated with algorithmic trading are monitored and controlled at large financial institutions during the trading day. While market structure and trading rules differ by jurisdiction and asset class, we seek to identify risks common to algorithmic trading and to suggest questions that supervisors might consider as they monitor or examine this activity. Further, by setting forth risk-based principles and questions that firms already engaged in algorithmic trading can use to assess their controls over this activity, we aim to facilitate an informed conversation about sound risk management practices and renew market participants’ focus on improving risk management of this activity. Key supervisory concerns center on whether the risks associated with algorithmic trading have outpaced control improvements. The extent to which algorithmic trading activity, including HFT, is adequately captured in banks’ risk management frameworks, and whether standard risk management tools are effective for monitoring the risks associated with this activity, are areas of inquiry that all supervisors need to explore. Further, algorithmic trading activity has expanded beyond the U.S. equity markets to other markets and asset classes, including futures, foreign exchange, and fixed-income markets. Thus, our supervisory approach needs to remain flexible and adaptable to address growth and evolution of this activity.”




For my students. Know how companies hire! “Game the system?”
Simple Online Tools to Make Hiring Easier
Running an open recruitment process – one where the position is openly advertised – can be overwhelming, especially if you don’t have at your disposal an HR department that’s organized to handle the process. This is often the case in small businesses, volunteer organizations, and some government branches. I’ve often seen recruitment calls receiving too little interest, or, worse, paper CVs piling up on a desk, with no clear plan on how to deal with them.
No wonder so many managers choose to avoid advertizing openings. An extensively cited 2010 study found that 42% of hires happened at companies that didn’t report a vacancy. But hiring like this, by word of mouth, is a mistake.
… Fortunately, time-strapped managers can use freely available tools to publicize your call, gather applications, and collaborate with your team for evaluating the candidates.




For my students. Yeah, we'll probably block this...
Microsoft is first to let you flip the middle finger emoji
These are times when our means of self-expression are expanding beyond our means of thought.
We can take one simple sentiment and decide to text it, e-mail it or to communicate it with a symbol designed by a 4-year-old on a partly cloudy Tuesday.
… as part of Windows 10, it's offering you the chance to emit the one symbol that your mind telepathically ejects at least once a day. Yes, the middle finger. That simple, direct digit that says: "Please, I don't like you very much at all."
The deliriously named Emojipedia noticed this joyous development and noted that this finger was actually approved as part of Unicode 7 (which isn't a planet far, far away) in 2014.




Another assignment for my Data Management students.
5 Ways to Get People to Use Enterprise Social Software
Companies are spending more on enterprise social software, but that doesn't mean employees will use it. What can companies do to boost adoption and improve their ROI?
Investment in enterprise social software appears to be picking up. Frost & Sullivan recently reported that subscriptions for such software grew nearly 30 percent from 2012 to 2013 and predicted the number of enterprise social subscriptions would hit 535 million by 2018.
But actual use of enterprise social software appears to be lagging investment. A Dachis Group study published in 2012 found that only 10 to 20 percent of eligible workers actively used their employer's social business software. Tom Petrocelli, research director, enterprise social, mobile and cloud applications, for Neuralytix, doesn't believe that number has budged much.
Vendors, especially those that bundle social software with other enterprise applications, tout high adoption rates,




For my Math students.
Hundreds of Combinatorics Video Lectures
If you are taking mathematics courses related to combinatorics or probability, I found a page from UCLA containing hundreds of video lectures on the said subjects. It is a collection of lectures from 1993 up to the present and includes lectures from famous mathematicians such as Terence Tao.
For more free video lectures, visit the All for Free page of Math and Multimedia. It also contains posts which links to hundreds of free ebooks and software.


No comments: