Wednesday, September 16, 2015

Oops! A word managers should never need to utter. NOTE: This is not the first time data was loaded into Amazon's public servers.
Insurance carriers, third party administrators (TPAs), and self-insureds had claims data exposed when a cloud-hosted claims management service inadvertently left their databases and files unprotected on a public server.
Another week, another infosecurity failure that exposed oodles of personal information.
This time, it’s a leak that not only exposed insurance claims data, but allegedly included internal documents that reveal how some entities planned to defend against specific claims.
According to a source who contacted, as part of research on data leaks, the self-described “technology enthusiast” (“TE”) downloaded some random data from a publicly available subdomain on Amazon Web Services (AWS). Inspection of the files revealed many GB of SQL database backups with “names, social security numbers, addresses, dates of birth, phone numbers, as well as various financial and medical injury data.”

I hope we're not talking default passwords again.
Edd Gent reports:
Cyber-spies have managed to plant snooping software in Cisco routers, located on three continents, which direct traffic around the Internet.
Security research firm FireEye says it has so far found 14 instances of the router implants in India, Mexico, Philippines and Ukraine, adding that this may be just the tip of the iceberg and that the problem could potentially affect routers from other makers.
Read more on E&T.
[From the article:
A highly sophisticated form of malicious software was installed onto the devices, but Cisco - the world's top supplier of routers - said the attacks were not due to any vulnerability in its own software. Instead, the attackers stole valid network administration credentials from targeted organisations or managed to gain physical access to the routers.

Target still a target.
Joseph Ax reports:
A U.S. judge on Tuesday certified a class action against Target Corp brought by several banks over the retailer’s massive data breach in 2013.
Read more on Reuters.

Worth a try, I suppose.
Jennifer Baker reports:
Civil rights NGO Human Rights Watch (HRW) has launched a legal challenge to find out if its information was shared between the US National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ).
The organisation is unhappy that a ruling by the Investigatory Powers Tribunal (IPT) in February did not reveal the full extent of intelligence sharing.
Read more on The Register.

How different Tom Sawyer would have been...
The Local reports:
Six out of ten Norwegians would use GPS tracking devices to keep tabs on children under the age of 12, according to a new poll by Gallup.
The poll found that only 10 percent of Norwegians found the use of tracking devices unacceptable, while 60 percent were in favour.
Read more on The Local (No).

Wow! Only 10 years? (That's like 200 Internet years) By then, we'll be inserting chips subcutaneously. (See the article above.)
De Blasio to Announce 10-Year Deadline to Offer Computer Science to All Students

Americans agree computer science is important—but only one-quarter of US schools teach it
Gallup and Google just teamed up to conduct one of the most comprehensive studies of computer science education in schools. Interviewing nearly 16,000 7th- to 12th-grade students, parents, teachers, principals and superintendents, this study provides us with yet another painful reminder of how our education system is out of touch with and slow to respond to opportunities for our kids’ futures. Despite massive and growing demand to fill high-paying computer science jobs in all kinds of organizations and industries all over the world, a mere one in four principals in the US report offering computer programming or coding in their school. And as we argue about what should and shouldn’t be taught in US schools, it turns out we agree on at least one thing very clearly: Computer science should be taught. A surprising 85% of parents, 75% of teachers and 68% of principals say that computer science education is “just as important” or “more important” than teaching required courses like math, science, history and English.

What have sex robots ever done to you? Wait, don't answer that. I really don't want to know.
New campaign launches to save us from harmful, lonely life of sex with robots
… The Campaign Against Sex Robots sounds like a funny idea — but when you see the potential for human-rights violations down the road, you’ll have an “a-ha” moment. [More like a “you have got to be kidding!” moment. Bob]

Because God help us if anything should happen.
Feds declare 'No Drone Zone' for Pope's visit

Interesting. Or at least it could be.
Federal Court Invalidates 11-Year-old FBI gag order on National Security Letter recipient Nicholas Merrill
by Sabrina I. Pacifici on Sep 15, 2015
Calyx Institute: “A federal district court has ordered the FBI to lift an eleven-year- old gag order imposed on Nicholas Merrill [document is redacted] forbidding him from speaking about a National Security Letter (“NSL”) that the FBI served on him in 2004. The ruling marks the first time that an NSL gag order has been lifted in full since the PATRIOT Act vastly expanded the scope of the FBI’s NSL authority in 2001. Mr. Merrill, the executive director of the Calyx Institute, is represented by law students and supervising attorneys of the Media Freedom and Information Access Clinic, a program of Yale Law School’s Abrams Institute for Freedom of Expression and Information Society Project. For more than a decade, the government has refused to allow Mr. Merrill and other NSL recipients to tell the public just how broadly the FBI has interpreted its authority to surveil individuals’ digital lives in secret using NSLs. Tens of thousands of NSLs are issued by FBI officers every year without a warrant or judicial oversight of any kind. The letters demand disclosure of user information and are almost always accompanied by complete gag orders. Today’s decision will finally allow Mr. Merrill to speak about all aspects of the NSL and, specifically, to inform the public about the categories of personal information that the FBI believes it can obtain using an NSL… U.S. District Judge Victor Marrero’s decision invalidated the gag order in full, finding no “good reason” to prevent Merrill from speaking about any aspect of the NSL, particularly an attachment to the NSL that lists the specific types of “electronic communication transactional records” (“ECTR”) that the FBI believed it was authorized to demand. The FBI has long refused to clarify what kinds of information it sweeps up under the rubric of ECTR, a phrase that appears in the NSL statute but is not publicly defined anywhere… Merrill first challenged the NSL statute in 2004 in a landmark ACLU lawsuit that resulted in significant changes to the law but ended in 2010 with much of the gag order still intact…”

This is done by a simple program on a computer. Lots of companies do it to personalize advertising (talk about your car, get an ad about cars). Would it be more acceptable if a “trusted third party” ran the program and gave nothing from the content to Twitter? (Is there such a thing as a “trusted third party?”) It is not clear from this article how this benefits Twitter technically. Shortening the URL gains you nothing but complexity if you keep the old URL to display for the user.
Twitter Hit With Suit Claiming It Snoops on Direct Messages
Twitter Inc.’s direct messages may not be as private as it claims, according to a lawsuit filed against the company on Monday.
A lawsuit seeking class action status alleges that Twitter “surreptitiously eavesdrops on its users’ private direct message communications. As soon as a user sends a direct message, Twitter intercepts, reads and, at times, even alters the message.”
The lawsuit takes particular issue with the hyperlinks sent within the private-chat function. The plaintiff claims that, for example, when a hyperlink to a New York Times story is sent via direct message, Twitter goes in and replaces the link with its own link-shortening tool,, before it reaches the intended recipient, which it then masks by displaying the original New York Times link.

Winning friends no matter who is elected? (I hereby announce my candidacy for teacher of the year. Can I get a Donate Button?)
Twitter rolls out donate button for political campaigns
… The button allows mobile users to enter their credit card and identifying information to donate, then return to their place in their Twitter timeline.
“By partnering with Square to enable donations through Tweets, and as the 2016 election season heats up, we’ve upgraded these tools through which citizens can raise their voices to champion causes and candidates they support,” the company announced in a blog.

Kick 'em while they're down? But what if they are not down enough.
Obama cyber sanctions could spur Chinese backlash
Swift economic retaliation against American businesses is expected if the White House levies hacking sanctions against Chinese companies.
But U.S. industry groups are still pressuring the government to stand up to China over what’s believed to be a massive campaign to pilfer corporate secrets from U.S. firms. The alternative, they say, could be even worse: Unabated cyberattacks that drain the American private sector of its global competitive advantage.

Nothing foretells the legalization of marijuana like more revenue for governments to waste spend.
Colorado Just Became The First State In History To Collect More Taxes From Marijuana Than Alcohol
No state has ever generated more tax revenue from marijuana than alcohol—until now.
The Colorado Department of Revenue, according to recently released figures, just brought in $70 million in taxes relating to marijuana, compared to less than $42 million for alcohol taxes, over the course of a year.

An update on Kim Dotcom. Extradition hearing is next Monday.
Megaupload, Kim Dotcom, and others filed their reply brief today in the Fourth Circuit Court of Appeals urging the Court to reverse the trial court's finding of "Fugitive Disentitlement."
Here is an excerpt from the reply brief:
"The government asks this Court to affirm a forfeiture order that is purely advisory, was justified only by Claimants’ exercise of their right to oppose extradition, and was obtained without any opportunity to contest the government’s case on the merits. Our justice system requires more. Claimants have not been convicted of any crime, have not fled the jurisdiction, and have not been extradited. They stand ready to defend their property—located entirely in countries that have refused to enforce the U.S. forfeiture orders. But without considering the merits, the district court declared that property forfeited. That order contravenes fundamental jurisdictional requirements, statutory commands, and due process..."
Read the full reply brief.

(Related) More Kim Dotcoms?
The FBI has seized domains belonging to sites involved in pre-release music piracy. and now display the infamous Department of Justice banner informing visitors that the sites are being investigated for criminal copyright infringement. The RIAA welcomed the news, describing the takedowns as a "huge win."

If you can't put your foot in your mouth, keep shooting yourself in the foot until you can?
The Three Stages Of Hillary Clinton’s Self-Perpetuating Funk
… Candidates can just as easily get caught — or entrap themselves — in self-reinforcing cycles of negative media attention and declining poll numbers. Hillary Clinton looks like she’s stuck in one of these ruts right now.
The Washington Post’s David Weigel recently observed that voters were hearing about only three types of Clinton stories, all of which have negative implications for her. First are stories about the scandal surrounding the private email server she used as secretary of state. Next are stories about her declining poll numbers. And third are stories about how Vice President Joe Biden might enter the Democratic presidential race.

A useful research tool?
Harvard Kennedy School – Think Tank Search
by Sabrina I. Pacifici on Sep 15, 2015
Think Tank Search is a custom Google search of more than 590 think tank websites. For the purposes of this search, think tanks are defined as institutions affiliated with universities, governments, advocacy groups, foundations, non-governmental organizations, and businesses that generate public policy research, analysis, and activity. Inclusion is based upon the relevancy of subject area to HKS coursework and scholarship, the availability of the think tank’s research in full-text on the website, and the think tank’s reputation and influence upon policy making. The list represents a mixture of partisan and non-partisan think tanks.”

Several tools for my geeky students.
Find Out How Much Traffic a Website Gets

No comments: