Monday, July 06, 2015

You didn't think they were immune, did you?
Hackers steal data from surveillance company
Hackers said they had penetrated Hacking Team's internal network and stolen more than 400GB of data.
The Italian company said it was working with police to track down the hackers.
Widely shared online, the stolen data includes a list of the countries that have bought Hacking Team's main surveillance tool, Da Vinci, and emails suggesting intelligence agencies use it to spy on activists and journalists.
Lists of passwords and login details for client sites were also revealed. [Q: Why would they be logging on to client sites? A: Gathering intelligence. Bob]
… Security expert Graham Cluley said the company had "no shortage of online enemies around the world".
Its software had been popular with intelligence agencies in many countries, he said, but he questioned how many would continue that relationship given that it had been "so seriously breached".
Human rights group Reporters Without Borders had named Hacking Team as one of its "enemies of the internet" because its software was being used in countries that did not have a "good record on democracy and human rights". [But paid well. Bob]

Technology makes everyone's job easier!
Edmund H. Mahony reports:
In an effort to recover tens of millions in losses, the insurer for pharmaceutical giant Eli Lilly is trying to prove that lax control over confidential, computer data by Lilly’s security contractor enabled thieves to use detailed schematics to carry out brazen warehouse burglaries in Enfield and elsewhere across the country.
National Union Fire Insurance Co. of Pittsburgh could go to trial later this month on a suit over a 2010 Lilly warehouse heist in Enfield that could have been plotted in Hollywood. At the time, Lilly’s warehouses were guarded by a combination of Tyco Integrated Security and ADT, which has since split.
After months of investigation, National Union lawyers Elisa T. Gilbert and Bendan R. O’Brien of The Gilbert Firm in New York assert that they have uncovered evidence of repeated computer breaches and connected them to a computer account used by a former Tyco/ADT manager.
Read more on CTNow.
[From the article:
Hi-tech thieves armed with inside information cut through the warehouse roof in the middle of the night, bypassing arrays of state-of-the-art motion detectors and other security gear. They backed a tractor-trailer rig into the only one of seven loading bays not covered by cameras, packed it with $60 million in cancer drugs and disappeared.
The Enfield heist is believed to have been the biggest pharmaceutical theft ever and the suit, with its demand for $45 million in recovery, could provoke self-examination in the cyber security industry.
… The suit is pending in Miami and last week a federal judge strengthened National Union's case by ruling that should the case not settle before trial, the insurer can present evidence to a jury of three remarkably similar warehouse robberies in Florida, Texas and Illinois.

Perhaps this explains why the government does not want Google, et al. to publish these numbers. The questing is, will anyone in government ask why they numbers don't match?
Last week, the Administrative Office (AO) of the US Courts published the 2014 Wiretap Report, an annual report to Congress concerning intercepted wire, oral, or electronic communications as required by Title III of the Omnibus Crime Control and Safe Streets Act of 1968. News headlines touted that the number of federal and state wiretaps for 2014 was down 1% for a total of 3,554. Of these, there were few involving encrypted communications; and for those, law enforcement agencies were in most cases able to overcome the encryption. But there is a bigger story that calls into question the accuracy of the all of the prior reports submitted to the AO and the overall data provided to Congress and the public in the Wiretap Reports.
Since the Snowden revelations, more and more companies have started publishing “transparency reports” about the number and nature of government demands to access their users’ data. AT&T, Verizon, and Sprint published data for 2014 earlier this year and T-Mobile published its first transparency report on the same day the AO released the Wiretap Report. In aggregate, the four companies state that they implemented 10,712 wiretaps, a threefold difference over the total number reported by the AO. Note that the 10,712 number is only for the four companies listed above and does not reflect wiretap orders received by other telephone carriers or online providers, so the discrepancy actually is larger.

Why people believe politicians have no clue...
David Cameron's proposed encryption ban would 'destroy the internet'
A highly respected cryptographer and security expert is warning that David Cameron's proposed ban on strong encryption threatens to "destroy the internet."
Last week, the British Prime Minister told Parliament that he wants to "ensure that terrorists do not have a safe space in which to communicate."
Business Insider reached out to Bruce Schneier to discuss the feasibility of Cameron' proposed ban on "safe spaces" online.
… My immediate reaction was disbelief, followed by confusion and despair. When I first read about Cameron's remarks, I was convinced he had no idea what he was really proposing. The idea is so preposterous that it was hard to imagine it being seriously suggested. But while Cameron might not understand what he's saying, surely he has advisers that do. Maybe he didn't listen to them. Maybe they aren't capable of telling him that what he's saying doesn't make sense.

(Related) Let's hope they are testing the waters because they think this might be a stupid idea.
Ellen Nakashima reports:
Social media sites such as Twitter and YouTube would be required to report videos and other content posted by suspected terrorists to federal authorities under legislation approved this past week by the Senate Intelligence Committee. [Oxymoron alert! Bob]
The measure, contained in the 2016 intelligence authorization, which still has to be voted on by the full Senate, is an effort to help intelligence and law enforcement officials detect threats from the Islamic State and other terrorist groups.
Read more on The Washington Post.
[From the article:
Google, Facebook and Twitter declined to comment on the measure, but industry officials privately called it a bad idea. “Asking Internet companies to proactively monitor people’s posts and messages would be the same thing as asking your telephone company to monitor and log all your phone calls, text messages, all your Internet browsing, all the sites you visit,” said one official, who spoke on the condition of anonymity because the provision is not yet public. “Considering the vast majority of people on these sites are not doing anything wrong, this type of monitoring would be considered by many to be an invasion of privacy. It would also be technically difficult.”
[If we were still looking at a mere 18,000 days of video uploaded to Youtube every day, ( ) what percentage would you think might contain something that flags them as “terrorist?” Would the NSA or even the FBI provide a definitive search algorithm? Bob]

If this was a US law, would it restrict what politicians can say about other politicians? As I read the bill, using a video of your opponent making a statement (or misstatement) could be harassment.
Be Careful What You Type! Cyberbullying Is Now A Crime In New Zealand
Lawmakers in New Zealand have officially made it illegal to harass others and engage in hate speech through digital means. Otherwise known as cyberbullying, offenders who run afoul of the law face stiff penalties -- up to two years imprisonment or a fine up to $50,000 for an individual, or up to $200,000 for a "body corporate," which is a legal entity like a business, government agency, and so forth.
It's called the Harmful Digital Communications Bill and it's intended to "deter, prevent, and mitigate harm caused by individuals by digital communications, and provide victims of harmful digital communications with a quick and efficient means of redress." The bill covers any form of electronic communication, including text messaging, writing, photographs, pictures, recordings, or any other material that is communicated electronically.
As for specific content, it's now illegal in New Zealand to make racist, sexist, and religiously intolerant comments to a specific person through digital media. It's also illegal to make disparaging comments about someone's disabilities or sexual orientation.

This should be simple, shouldn't it? If I own XYZ Company, the XYZ Blog belongs to the company, but Centennial-Man belongs to me. Or is it based on what I post?
Social media as property breaks new legal ground
A Texas man used social media to promote his gun store, posting politically charged messages that criticized the president and promoted Second Amendment rights.
But after losing ownership of his suburban Houston store in bankruptcy, Jeremy Alcede spent nearly seven weeks in jail for refusing a federal judge's order to share with the new owner the passwords of the business' Facebook and Twitter accounts, which the judge had declared as property.
"It's all about silencing my voice," said Alcede, who was released in May after turning over the information. "Any 3-year-old can look at this and tell this is my Facebook account and not the company's."
Alcede's failed stand charts new territory in awarding property in bankruptcy proceedings and points to the growing importance of social media accounts as business assets. Legal experts say it also provides a lesson for business owners active in social media.
"If your business is something you feel very passionately about, it can be hard to separate those things," said Benjamin Stewart, a Dallas-based bankruptcy lawyer. "The moral for people is you have to keep your personal life separate from your business life."

I probably can't use a drone to monitor my lawn, but I suspect my wife's horse friends could use them to keep an eye on the herd.
Farm Use of Drones to Take off as Feds Loosen Restrictions
… Watching a flying demonstration on Maryland's Eastern Shore, the Missouri farmer envisions using an unmanned aerial vehicle to monitor the irrigation pipes on his farm — a job he now pays three men to do.
"The savings on labor and fuel would just be phenomenal," Geske says, watching as a small white drone hovers over a nearby corn field and transmits detailed pictures of the growing stalks to an iPad.
… Agricultural use of drones is about to take off after being grounded for years by the lack of federal guidelines. The Federal Aviation Administration has approved more than 50 exemptions for farm-related operations since January.

Steve would be furious. But my IT Governance students could learn something here.
People are starting to call Apple's Safari web browser 'the new Internet Explorer'
Apple's web browser Safari risks becoming an outdated program that developers and customers don't use, Ars Technica argues.
Ars Technica makes a convincing case: Apple isn't updating its web browser enough, so it's not supporting tools like certain APIs that web developers use to make sites.
It might not seem like a big problem if Apple doesn't support every new API and developer tool in use, but it could mean that developers decide not to test their sites for Safari, which could mean it eventually becomes an outdated and unsupported browser like Microsoft's Internet Explorer.

Simple: Follow the cash flow, see whose hands it passes through, then replace their hands with your hands.
Facebook Inc (FB) Collects “Headless Chickens” To Change News Forever
Facebook Inc is about to ramp up the publication of Instant Articles, a feature that has caused a rift among, and inside, media companies. So far just five of the pieces have been published, but the firm is set to start putting 30 pieces a day out there, and it could start as soon as this week.
Instant Articles will bring news pieces directly to the Facebook platform. That means that outlets using the service, which include The New York Times, and Buzzfeed among others, will likely rely on Mark Zuckerberg’s team for a huge amount of traffic and as revenue.
The move is a key one for Facebook. Right now when a person sees a news item on their feed clicking the link sends them to a webpage where ads are not controlled by Facebook, they’re controlled by the news site itself and often involve money being sent to arch-rival Google Inc.
Keeping users inside of its own app will allow Facebook to reap a larger part of the profit from the traffic it sends through its site. A note from Evercore Partners published on June 4 showed that Facebook refers the same amount of traffic to top content makers as Google, and it was about to pass the search giant out.

For my researching students.
Amplifying the Impact of Open Access: Wikipedia and the Diffusion of Science
by Sabrina I. Pacifici on Jul 5, 2015
“With the rise of Wikipedia as a first-stop source for scientific knowledge, it is important to compare its representation of that knowledge to that of the academic literature. This article approaches such a comparison through academic references made within the worlds 50 largest Wikipedias. Previous studies have raised concerns that Wikipedia editors may simply use the most easily accessible academic sources rather than sources of the highest academic status. We test this claim by identifying the 250 most heavily used journals in each of 26 research fields (4,721 journals, 19.4M articles in total) indexed by the Scopus database, and modeling whether topic, academic status, and accessibility make articles from these journals more or less likely to be referenced on Wikipedia. We find that, controlling for field and impact factor, the odds that an open access journal is referenced on the English Wikipedia are 47% higher compared to closed access journals. Moreover, in most of the worlds Wikipedias a journals high status (impact factor) and accessibility (open access policy) both greatly increase the probability of referencing. Among the implications of this study is that the chief effect of open access policies may be to significantly amplify the diffusion of science, through an intermediary like Wikipedia, to a broad public audience.” Misha Teplitskiy, Grace Lu, Eamon Duede (Submitted on 25 Jun 2015).

My students get Prime for free (for at least 6 months)
Amazon celebrating 20th birthday with sale to rival Black Friday
Amazon has announced that it will be celebrating its 20th birthday this month by launching a one-day sale extravaganza featuring more products on offer than are available on Black Friday. The catch is that the deals will only apply to Prime members.
… The date will be July 15th, Amazon's 20th birthday, and the sale will feature offers on products from across Amazon's vast catalogue.
… it is worth noting that you will be able to use the 30-day free trial of Prime to get access to the Prime Day offers.

Could be related to the Amazon article. (Love that Tweet!) (Digest Item #2)
Beware Greeks Bearing Credit Cards
The Greeks have been bankrupt 6 times in 150 years. like they want to be #donaldtrump
At the time of writing, Greece is suffering a rather complicated financial crisis which threatens to plunge Europe into crisis. Other Europeans are trying to help by funding a bailout through an Indiegogo campaign, but the country needs billions of dollars rather than mere millions. Suffice to say, things aren’t looking good.
One of the unforeseen consequences of Greece’s financial crisis is Greeks being barred from involvement with the online economy. This is due to the capital control laws recently enacted, which are designed to prevent people moving all of their money from Greek banks to overseas accounts.
The capital control laws also prevent Greeks from making credit card payments to other countries. Unfortunately, this means that Greeks who pay for services from Apple and other foreign companies have encountered problems, with monthly subscription fees blocked from going through.
Losing access to PayPal and the ability to buy music on iTunes obviously isn’t the biggest problem being faced by the average Greek citizen right now. However, it is annoying, both for the affected users and the companies involved. And the whole thing is further damaging Greece’s international reputation.

Perspective. Education didn't work. Prevention was too expensive. Apparently no one bothered to measure the health of the uninsured. (Or maybe they expect the government to kick in half the premium?)
Health Insurance Companies Seek Big Rate Increases for 2016
Health insurance companies around the country are seeking rate increases of 20 percent to 40 percent or more, saying their new customers under the Affordable Care Act turned out to be sicker than expected.
… Blue Cross and Blue Shield plans — market leaders in many states — are seeking rate increases that average 23 percent in Illinois, 25 percent in North Carolina, 31 percent in Oklahoma, 36 percent in Tennessee and 54 percent in Minnesota, according to documents posted online by the federal government and state insurance commissioners and interviews with insurance executives.

A most valuable travel guide.
Here’s What a Beer Will Cost You, From Kiev to Geneva

Dilbert provides a (slightly exaggerated) illustration of “Asynchronous warfare.”

No comments: