Wednesday, July 01, 2015

For my Risk Management students. The “attack” does not have to be aimed at you.
SF Bay Area Residents Cut Off from the Internet by Unidentified Attackers
Federal investigators are currently conducting an investigation on a series of attacks directed at high-capacity Internet cables located in San Francisco Bay Area, in California. Federal agents said that the latest attack was reported this Tuesday, but other acts of vandalism date back a year.
… But the first attacks in the area occurred July 6, 2014, according to the FBI.
… Cyber security experts believe that the series of attacks underscore the vulnerability of the “critical” internet infrastructure in the region.
… Five years ago, California’s internet cables were sliced in four sites, leaving tens of thousands with no cell phone connectivity and Internet service for several hours. The FBI believes that California attackers may test the capabilities, impact and response time of authorities. [Translation: “We're unlikely to catch these guys.” Bob]
… The agency also disclosed that cutting the cables required dedicated tools because they have a tough protective outer layer although their diameter is not larger than that of a pencil.

For my Computer Security students. “We're changing the definition of 'Secure.'” So change your set-up procedures to “uncheck” the default opt-in.
Simon Rockman reports:
A Windows 10 feature, Wi-Fi Sense, smells like a significant security risk: it shares access to password-protected Wi-Fi networks with the user’s contacts. So giving a wireless password to one person grants access to everyone who knows them.
Wi-Fi Sense doesn’t reveal the password to your family, friends, acquaintances, and the chap at the takeaway who’s an contact, but it does allow them, if they are also running Wi-Fi Sense, to log in to your Wi-Fi. The password must be stored by Microsoft, and transferred to a device for it to work; Microsoft just tries to stop you looking at it.
Read more on The Register.
[From the article:
… There is method in the Microsoft madness – it saves having to shout across the office or house “what’s the Wi-Fi password?” – but ease of use has to be teamed with security.
… In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the corporate wireless network.
The feature has been on Windows Phones since version 8.1. If you type the password into your Lumia, you won’t then need to type it into your laptop, because you are a friend of yourself. Given the meagre installed base of Windows Phones it's not been much of a threat – until now.
With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.
… In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense.
(So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.)
Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect. Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment.

Also for my Computer Security students.
FTC- Start with Security: A Guide for Business
by Sabrina I. Pacifici on Jun 30, 2015
… Companies that consider security from the start assess their options and make reasonable choices based on the nature of their business and the sensitivity of the information involved. Threats to data may transform over time, but the fundamentals of sound security remain constant. As the Federal Trade Commission outlined in Protecting Personal Information: A Guide for Business, you should know what personal information you have in your files and on your computers, and keep only what you need for your business. You should protect the information that you keep, and properly dispose of what you no longer need. And, of course, you should create a plan to respond to security incidents. In addition to Protecting Personal Information, the FTC has resources to help you think through how those principles apply to your business. There’s an online tutorial to help train your employees; publications to address particular data security challenges; and news releases, blog posts, and guidance to help you identify – and possibly prevent – pitfalls.

Using Social Media to engage. A model for the rest of us?
Treasury Public Engagement Pages
AGENCY: Departmental Offices, Treasury
ACTION: Notice and request for comment.
SUMMARY: The Department of the Treasury (Treasury) is issuing this notice to inform the public and solicit comments about a new method it is using to collect information and opinions posted on social media platforms. Relying on Treasury-generated “hashtags” and other social media identifiers, Treasury is aggregating public posts relating to Treasury activities and missions from third-party social media websites. Treasury is collecting and, in some cases, republishing this material to facilitate public engagement and awareness of Treasury and bureau initiatives. In this manner, social media will enable Treasury to interact with the public in effective and meaningful ways; encourage the broad exchange of and centrally locate a variety of viewpoints on proposed and existing Treasury missions; and educate the general public about evolving Treasury initiatives.

The pendulum swings...
Charlie Savage reports:
The Foreign Intelligence Surveillance Court ruled late Monday that the National Security Agency may temporarily resume its once-secret program that systematically collects records of Americans’ domestic phone calls in bulk.
But the American Civil Liberties Union said Tuesday that it would ask the United States Court of Appeals for the Second Circuit, which had ruled that the surveillance program was illegal, to issue an injunction to halt the program, setting up a potential conflict between the two courts.
Read more on NY Times.

This seems to be a common strategic goal. Perhaps they shouldn't let the machines set the strategy?
Mark Zuckerberg on how Facebook's AI will be "better than humans"
… In a question and answer session on Facebook, the Facebook founder and CEO wrote about why the social media company is developing AI tools focused on areas such as facial and voice recognition.
… Facebook has various projects developing AI to improve the services the social network offers. It runs AI labs looking at how to use deep learning to do everything from voice translation to image recognition in New York, Silicon Valley, and Paris, and earlier this year acquired voice-recognition AI startup
"In order to do this really well, our goal is to build AI systems that are better than humans at our primary senses: vision, listening, etc.
"For vision, we're building systems that can recognize everything that's in an image or a video. This includes people, objects, scenes, etc. These systems need to understand the context of the images and videos as well as whatever is in them.
"For listening and language, we're focusing on translating speech to text, text between any languages, and also being able to answer any natural language question you ask."

Gosh, maybe Apple should hire a lawyer. Or not believe everything the book publishers (or music labels) tell them.
Apple conspired to fix ebook prices: US court
Apple violated antitrust laws by colluding with publishers to raise electronic book prices when it entered a market in 2010 that had been dominated by, a divided federal appeals court panel said.
A three-judge panel of the 2nd US Circuit Court of Appeals in Manhattan ruled 2-to-1 that a lower-court judge correctly found Apple Inc violated the law to upset Inc 's control of the market.

Something for my Data Analysis students?
The New Data Republic: Not Quite a Democracy
… Lack of data knowledge hamstrings people in two ways: First, they are unable to use the readily accessible data well themselves, and second, they are unable to tell when others are using data poorly or disingenuously. Consequently, people with limited understanding of how to use and assess data (as well as evaluate the insights derived from data analytics) become second-class citizens in a data-ocracy.

Interesting article. Are we looking at a new type of “undue reliance?”
… Radio stations run on ratings, and Nielsen is by far the dominant ratings provider, as it is in television. It has a near-monopoly on the biggest markets in the U.S. But many in the industry are starting to wonder if Nielsen has been getting the ratings wrong.
What if people kept listening, but weren’t all being counted anymore? What if a new Nielsen counting method wasn’t working as it was intended to? That failing would hurt many stations in the ratings, but some more than others, and possibly none more than smooth jazz.
That, at least, is how an alternative theory goes. And it’s a theory that’s gaining supporters because of a new device that’s helping stations of all types regain some of the listeners they lost. All they have to do is turn it on.

So, have I become obsolete – again?
Have LinkedIn and Medium Killed the Old-Fashioned Blog?
… Twitter has made it possible to demonstrate expertise by sharing links and short insights, 140 characters at a time. If you’re in a visual field—whether that’s fashion, design or even real estate—sites like Pinterest, Instagram, and Houzz may offer the fastest route to establishing a vision, following and clientele. For folks who like to talk or shoot more than write, creating a podcast or YouTube channel can be a better fit than a blog, and just as effective at sharing your ideas.
But the real blog-killer isn’t any of these alternatives: it’s the hosted publishing that’s emerged on sites like LinkedIn and Medium, where anyone can just log in and start posting. In a world where you can now showcase your ideas on the site where you’re hosting your virtual résumé—LinkedIn—do you really need to have your own independent publishing platform?

No comments: