Wednesday, June 17, 2015

Potential jobs for my Computer Security students! (And my Ethical hacking students?)
Big league breach? Cardinals investigated for hacking the Astros
Employees of the St. Louis Cardinals are under federal investigation for hacking databases belonging to the Houston Astros, the New York Times reported on Tuesday.
The employees, who have not been named, are alleged to have hacked into a database used by the Astros to track player development.
The database was developed by a former Cardinals executive who had left to join the Houston team. Cardinals employees alleged used a list of master passwords belonging to the executive from his time with the team to access the system, according to the Times.

Beware of passengers playing Flight Simulator games? I think each of these problems have already been addressed and there is a “Best Practice” solution for them. The question as always is; “Have developers of these new technologies designed in security?”
The Ever-evolving Cyber Threat to Planes
Hackers and cyber-terrorists present an ever-evolving threat to airlines, with experts constantly testing for new vulnerabilities -- including the fear that drones could be used to throw a plane off course.
Most agree hacking a plane would be a near-impossible feat, but some professional hackers have claimed airline computer systems are riddled with weaknesses that could allow someone to break in, perhaps even through the in-flight entertainment system.
US computer security expert Chris Roberts recently claimed to have hacked into a plane's controls through the entertainment console and to have issued a "climb" command.
But speaking at the Paris Air Show this week, Alain Robic of Deloitte Consulting, an expert on cybersecurity, said the claims were not credible.
Robic was working for Airbus in 2005 when a hacker showed them how he could penetrate the flight controls from a passenger seat while they were designing the new A380.
"The bosses were shocked. It was a revolutionary moment. They re-engineered everything to separate the systems so it could never happen again," said Robic.
David Stupples, a professor of electronic and radio systems at City University in London who advises Airbus, said the latest threat he was exploring was whether a drone could be used to send radio signals to an aircraft and confuse its systems.
"If I could get a signal to the aircraft that caused it to become confused while it's on its final approach, could I cause an incident? My view is yes," said Stupples, adding that flying near to the plane could allow the drone to overpower signals from the ground.
Stopping this kind of activity means preventing drones from flying near airports -- something which has only recently become possible with new forms of radar capable of spotting tiny aircraft.
Stupples said there was a greater threat of an employee with access to the computer data hubs uploading malware to an aircraft's systems.

(Related) Making the right promises, but not moving with any sense of urgency? (I'm sure the photograph that accompanies the article is just a coincidence.)
First responder network will be secure, chief assures lawmakers
Strong cybersecurity will be built in to a nascent network for emergency first responders, its director said at a Tuesday hearing.
“We have a unique opportunity as we develop a network that’s going to be deployed that we can start from the beginning and bake in security from day one,” said TJ Kennedy, the acting executive director of FirstNet.
… “We’re not reinventing the wheel,” he told lawmakers. “We’re leveraging a lot of best practices that are in place both in the private sector and in government today.”
… FirstNet was conceived after the September 11 attacks, when many first responders had incompatible communication systems. It was authorized by Congress in 2012.

On Monday I posted an article about Google providing search for the Patent Office, because the government couldn't do it. Here's some more evidence that (for whatever reason) lots of government departments and agencies can't do IT.
Feds leveraging data from egov site
by Sabrina I. Pacifici on Jun 16, 2015
Via Government Executive: “It’s surprising how many agencies now use to “access their own data,” said David Lebryk, the fiscal assistant Treasury secretary who on Monday delivered an upbeat assessment of governmentwide progress in implementing the 2014 Digital Accountability and Transparency Act. “We’re off to a great start on tough challenges, but outsiders don’t really appreciate how complex government is,” he said at a breakfast sponsored by the Johns Hopkins University Government Analytics program and REI Systems. “We’re not a small business,” Lebryk said, referring to the federal government. “We’re the biggest entity in the world. And at a time of budget constraints, there is more scrutiny of spending, of which the DATA Act is a part.” Lebryk and Comptroller David Mader are leading the team charged with implementing the DATA Act, which is designed to standardize spending information in machine-readable formats to make it accessible to the public. “With no new funding,” Lebryk said, “we’ve tried to think it through creatively, to use technology as our friend. We’re not doing massive system changes, and it’s important that the data be owned by the agencies.”

Not all new features are welcome.
How to turn off Twitter's annoying new autoplay feature
Twitter has introduced a new autoplay feature, meaning all videos, Vines and gifs in your timeline will automatically start playing as you scroll down.
While the sound is muted until you actively click on it, some users are already complaining about autoplay. Twitter said that during testing the feature generated more views and engagements for advertisers, so you're likely to see a whole lot more brand clips cropping up in your feed. Not happy about being bombarded by ever more adverts? Here's how to turn it off.

I suppose this could be social networking too.
Amazon’s Next Delivery Drone: You
In its ceaseless quest to speed delivery, Inc. wants to turn the U.S. into a nation of couriers.
The Seattle retailer is developing a mobile application that would, in some cases, pay ordinary people, rather than carriers such as United Parcel Service Inc., to drop off packages en route to other destinations, according to people familiar with the matter.
… But the concept faces many hurdles, from how Amazon will vet deliverers to whether physical retailers will cooperate with a key rival. Major shippers are efficient; it costs UPS an average of about $8 to deliver a package in the U.S.
Amazon ships an average 3.5 million packages a day, according to SJ Consulting Group, so it would need a lot of couriers to make a meaningful impact.

Do you think my students know about this? I've been surprised to learn how many don't know social networking. I try to learn what they do, but have to try much harder to see why I would use them. Perhaps I'm just anti-social?
What is Snapchat? App's founder explains social media phenomenon
Ever wondered what Snapchat is but been too embarrassed to ask? You're probably not the only one.
Evan Spiegel, the photo messaging app's co-founder and chief executive, has provided the parent's guide to the phenomenon in a four-minute YouTube video.

Perspective. What they do is interesting. Too tired/lazy to go to a restaurant? Food delivered to your home seems hot. (The service, not necessarily the food.)
The 13 European tech startups that are most likely to be worth $1 billion next
Roughly three European tech companies a year have been sold or floated on the stock exchange, or otherwise valued by investors, at $1 billion or more since 2000, according to data from British investment bank GP Bullhound.
But since April 2014, Europe has added 13 companies to its list of "unicorns."

A smart addition? I think so. It supports the businesses they rely on. (Digest Item #2)
Etsy Now Offers Crowdfunding
Etsy has launched its own crowdfunding platform designed to help Etsy sellers expand their businesses. Fund on Etsy is essentially Kickstarter for handmade products. It exists within the Etsy ecosystem, which means most of the buyers and sellers involved will already have some sort of relationship.
Right now, Etsy only exists as a marketplace for handmade products, but Fund on Etsy means small businesses can seek funding in order to launch a new product. They can then use the profits to add employees, purchase new tools, or expand their studio space. Which means that, potentially at least, everyone’s a winner.
Fund on Etsy is starting life as a U.S.-only pilot program for selected sellers. This will run from now until August 16th, at which point Etsy will decide whether it was successful enough to roll out on a larger scale. In the meantime, just remember that crowdfunding can be a bit of a gamble, as there are no guarantees that sellers will deliver on their promises.

Something for my techie students.
How to build a Twitter "Hello World" web app in Python
As the documenters of the API economy, ProgrammableWeb is producing a series of tutorials – the “Hello World of APIs” – that demonstrates how to integrate an application with the most significant API providers in the industry, using a variety of the programming languages to achieve it. Each tutorial will walk through the steps a developer will undertake in understanding the API in question and ultimately an example of an application to call the API.
… By the end of the tutorial a developer familiar with Python should have sufficient knowledge to be able to build an application of his or her own that integrates with the Twitter REST API.

A good article for my IT Governance and Risk Management class. This could have come directly from the textbook. (Students, you have been warned!)
Security Leaders - Welcome to the Spotlight
In my previous column, I discussed how many security leaders today are being thrust into the lime light and the resulting pressures on both careers and security needs. As I previously stated – being in the spotlight and suddenly accountable to the company for enterprise security is a double-edged sword.
Let me talk through some of the things successful security executives have shared with me from their accomplishments and challenges. I believe sharing struggles and failures is just as important as sharing successes, because I’d rather learn from someone else’s mistakes.
1. Learn and understand your business goals.
2. Leave your comfort zone.
3. Define your desired level of security
4. Fail fast, recover faster.

A resource for Big Data, and all my student researchers. I post a couple of my favorites, but scan the entire list.
15 Massive Online Databases You Should Know About
An invaluable tool for students and academics alike, CiteSeerX is a public search engine and digital library of academic and scientific papers. Often considered the first automated citation indexing system, it was the inspiration for Google Scholar and Microsoft Academic Search. Though the latter has since been integrated into the Bing search engine.
CiteSeerX focuses on indexing public scholarly documents.
The reference site documents the collections of over 72,000 libraries around the world, covering 170 countries and territories.

For ALL my students. Learn how to communicate in the digital age! (...and again, proofread!)
Before You Send an Email, Run it Through This Checklist
Are you getting ready to send an email to a friend or colleague? Wait! Don’t click the send button just yet! Take your email and run it through this email etiquette checklist! It will allow you make sure you don’t do anything you’ll regret!

At least learn what Poison Ivy looks like. Not quite a Leaf Recognition App, but headed that way. (If Face Recognition is called Facial Recognition, is this App a Leafal Recognition App?)
Try LeafSnap for Help Identifying Plants
LeafSnap is a free iPad app designed by Columbia University, Smithsonian, and the University of Maryland for the purpose of helping people identify plants by taking pictures of them on their iPads. With LeafSnap installed on your iPad or iPhone you can take a picture of a leaf, upload it to the app, and then the app’s visual recognition technology will help you identify the name of the plant. It doesn’t work for all leaves and you do need to isolate the leaf be before you take a picture of it. In other words, you can’t just snap a picture of a big tree and ask LeafSnap to identify it.
If taking pictures of leaves is not a practical option for you and your students, LeafSnap still has valuable content for you. LeafSnap offers a large gallery of pictures of leaves. The gallery is organized alphabetically. Tap on any picture in the gallery to see more pictures of the same leaf, descriptions of the tree that it grows on, and where those trees grow.
… Earlier this week I shared the Merlin Bird ID app that helps students identify birds.

Dilbert explains privacy in the age of drones.

No comments: