Thursday, September 24, 2015

You allocate time and treasure based on your strategic vision. “It is better to look good than to feel good.” Billy Crystal
Apple iOS privacy bugs again -- lockscreen unsafe in 9.0.1 update
… José Rodriguez reported lockscreen failings in iOS versions 5.1–5.1.1, 6.0–6.1.3, 7.0–7.0.1, 8.0–8.3, 9.0 and now he says the bug is still in 9.0.1.

The never-ending story... OPM “discovers” things they should have known about immediately.
Andrea Peterson reports:
One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people’s fingerprints were stolen as part of the hacks.
That’s more than five times the 1.1 million figure the agency had cited in earlier updates after the cyberattacks were disclosed over the summer. However, the agency said the total number of those believed to be caught up in the breaches remains the same.
Read more on Washington Post. And then do read Emptywheel’s commentary on what OPM’s revelations really demonstrate.

Strange. They should be better than this.
Josh Chin reports:
The email attachment would tempt anyone following the diplomatic standoff between China and other countries in the South China Sea. The Microsoft Word document contained text and photos depicting Thai naval personnel capturing Vietnamese fishermen and forcing them to kneel at gunpoint.
But the attachment was a decoy: Anyone who opened it inadvertently downloaded software that searched their computers for sensitive information and sent it to an obscure corner of the Internet. Manning that corner, according to a new report from U.S. security researchers, was Ge Xing, a member of a Chinese military reconnaissance unit.
Read more on WSJ.

Apparently the obvious isn't obvious in Washington. All those antennas on Embassy roofs are not just for TV.
ACLU – Capitol Hill staffers should be able to make encrypted calls, send secure text messages
by Sabrina I. Pacifici on Sep 23, 2015
“Today, the ACLU sent a letter to both the House and Senate, urging them to provide secure voice and text messaging capabilities to Members and their staff. (The Washington Post writes about our letter today. In recent years, computer security researchers have warned about the poor security of cellular networks, which in many cases use broken encryption technology that is several decades old. As a result, it is often trivially easy for third parties—which can include foreign intelligence services, criminals and stalkers—to intercept calls and text messages Although the calling and texting services provided by wireless carriers are not secure, there are a number of widely available secure communications apps that individuals and organizations can use to protect themselves. These include tools like Apple’s iMessage and Facetime, Facebook’s WhatsApp, and Open Whisper Systems’ Signal. In the letter we sent today, to the House and Senate Sergeants at Arms—who are also responsible for Congress’ digital security—we encourage the Sergeants to provide smartphones and secure communications apps, such as Signal or FaceTime, to members and their staff. As we note in the letter:
“While the civil liberties implications of vulnerable government information technology may not be readily apparent, they are nonetheless, and increasingly, significant….secure communications facilities preserve effective checks and balances in constitutional government, and insecure facilities threaten them. Those checks and balances serve as safeguards of individual liberties and civil rights. They also protect the civil liberties and privacy of the thousands of Congressional and government employees, who are themselves attractive targets of both foreign adversaries and, indeed, insider threats. Ensuring the security of Congressional communications against all interception—whether by foreign governments, criminals, or even other branches of the U.S. government or rogue Congressional staffers — would promote both basic liberty interests and national security.”

Perspective. For my Computer Security students.
The price of your identity in the Dark Web? No more than a dollar
… In Trend Micro's new report, dubbed "Understanding Data Breaches," the security firm explores who is most often targeted in data breaches, how they take place, and what happens to data once it leaves corporate networks.
Using the Privacy Rights Clearinghouse (PRC)'s Data Breaches database, Trend Micro found that hacking or malware was behind only 25 percent of data breach incidents from 2005 to April this year. Insiders are also a common reason for data loss, as well as the use of physical skimming devices and the loss or theft of devices including laptops, flash drives and physical files were also found to be the root cause of damaging data breaches.
However, not all data breaches are caused maliciously. Unintended disclosure, through mistakes or negligence, is also a reported reason for information to end up in the wrong hands.

The price of getting it wrong?
Babak Siavoshy writes:
One of the more interesting cases slated for review by the Supreme Court next term is Spokeo v. Robins (here’s a WSJ blog post with an outline of some of the issues). First things first: several regular and guest contributors to this blog have written a ‘friend of the court’ brief in the case. You can find that brief here; scotusblog has the dozens of other briefs supporting one side or the other.
While I’m planning to write more about the case’s substantive legal issues (which concern Article III standing), this post will be dedicated to the small bit of silliness outlined in the title. Namely, what will the justices’ reactions be when they look themselves up on Spokeo’s service, and find results that may strike them as a bit… revealing?
Read more on Concurring Opinions.

Because deflated footballs aren't enough?
Feds approve NFL drone flights

This is not what I mean when I teach my students to manage their social media accounts.
VW scrubs diesel references from social media, YouTube
Volkswagen appears to have scrubbed many references to clean diesel from its webpage and social media accounts amid a growing scandal over its attempts to trick regulators’ air pollution tests.
… While the Justice Department has reportedly launched a criminal investigation, at least one Democratic lawmaker is called for the Federal Trade Commission (FTC) take action against its allegedly deceptive advertising — which appears to have been scrubbed from the web.

A new technology for 'digital evidence?'
New on LLRX – Vermont’s Legislature is Considering Support for Blockchain Technology and Smart Contracts
by Sabrina I. Pacifici on Sep 23, 2015
Via LLRX.comVermont’s Legislature is Considering Support for Blockchain Technology and Smart Contracts: Bitcoin is a significant disruptive technology with a growing impact on the financial sector and legal sectors, around the world. Alan Rothman expertly educates us on new legislation from Vermont that is intended to move the state towards using blockchain technology for “records, smart contracts and other applications.” One of the key distinctions Rothman highlights is that Vermont is not in any manner approving or adopting Bitcoin, but rather, the state is diversifying and adapting the underlying blockchain technology that supports it.
[From the article:
“Blockchain technology shall be a recognized practice for the verification of a fact or record, and those facts or records established through a valid blockchain technology process shall have a presumption of validity for matters to be determined subject to, or in accordance with, the laws of the State of Vermont.“

New on LLRX – Wearable tech data as evidence in the courtroom
by Sabrina I. Pacifici on Sep 23, 2015
Via LLRX.comWearable tech data as evidence in the courtroom Nicole Black discusses how data downloaded from wearable technology has entered into the discovery phase of personal injury cases. A wealth of data can be collected about the direct activities of individuals who are using wearable devices while exercising, as well as conducting routine and regular activities such as walking. The implications of this concept may have considerable implications on par with those pertaining to the use of social media.

For my geeky students.
A first look at the Chinese operating system the government wants to replace Windows
… NeoKylin has long been part of the Chinese government’s hopes that a successful domestic OS would emerge. This has been driven by Microsoft dropping support for Windows XP—still widely used in China—and the government’s push to limit dependence on foreign technology, primarily for security reasons.
Now NeoKylin is starting to be considered a legitimate option even for users outside the government. Workers in the entire city of Siping switched to it. Over 40% of commercial PCs sold by Dell in China are running NeoKylin, the company says.

For my Ethical Hacking students. That is NOT me in the photograph of General Grant.
How to Change a Picture’s Date in Google Photos

Perspective. Where all browsers are heading.
Firefox 41 integrates WebRTC messaging app as it fights for relevance
Firefox 41, released yesterday, has a new feature: integrated instant messaging, with voice and video, called Firefox Hello.
… This enables Web-based voice and video messaging between Firefox, Chrome, and Opera. Microsoft is working on a related spec, Object RTC, which is available in the most recent preview of the Edge browser

The Plot Twist: E-Book Sales Slip, and Print Is Far From Dead
… Higher e-book prices may also be driving readers back to paper.
As publishers renegotiated new terms with Amazon in the past year and demanded the ability to set their own e-book prices, many have started charging more. With little difference in price between a $13 e-book and a paperback, some consumers may be opting for the print version.
On Amazon, the paperback editions of some popular titles, like “The Goldfinch” by Donna Tartt, are several dollars cheaper than their digital counterparts. Paperback sales rose by 8.4 percent in the first five months of this year, the Association of American Publishers reported.

A challenge to my students. Write a replacement.
Copyright on 'Happy Birthday' Song Ruled Invalid
… "Happy Birthday to You," the most popular tune in the English language, is copyrighted. So, using the tune means paying licensing fees.
At least, that used to be the case. On Tuesday, a federal court judge in Los Angeles ruled that copyright on "Happy Birthday to You" is in fact invalid. If the ruling stands, the song will enter the public domain, free for all to use.
That's a blow to Warner/Chappell Music and its parent company, the Warner Music Group, which has held the tune's copyright since 1988 and collects around $2 million in annual licensing fees, according to The New York Times.
… The "Happy Birthday" tune -- which was co-written by Kentucky sisters Patty and Mildred Hill and originally titled "Good Morning to All" -- was first published in 1893 by Clayton Summy, a company later purchased by Warner/Chappell.
The copyright case was filed in 2013 by the independent filmmaker Jennifer Nelson. In July Nelson produced powerful new evidence in the form of a songbook published in 1927 -- eight years before Warner/Chappell's copyrighted version appeared -- that contains the song's lyrics.
Considering that Summy never acquired the rights to the tune's lyrics, the judge ruled, the copyright is invalid.

I admit I like to tease my students with cool Apps. Perhaps I can inspire them to write their own Apps. (A couple I found interesting.)
The 20 most fascinating iOS apps from TechCrunch Disrupt
The best new app for bibliophiles, Shelfie (free) is like Shazam for your book collection. Simply take a photo of books on your shelf (a shelf selfie, or “shelfie” if you will) to create a digital library that you can share with fellow book-lovers. The makers of Shelfie have also struck deals with several publishers, including Harper Collins, to let you read an ebook version of a print book you already own for free or with a discount.
Built to empower citizen journalism, Witness is a different type of livestreaming app. You can use it to record video whenever you feel you are in danger or want to document criminal activity, all while being able to call 911 and communicate with police. The footage then gets sent anonymously to Witness’ secure servers, where it can be retrieved as legal evidence shall you have to appear in court. Sign up on their website to get early access to the iOS app.

For all my students.
… The app lets you browse Khan Academy's huge collection of educational videos and explanations on various topics ranging from math to science, history, economics, art, and more. Find something you want to study later on, while you're in the subway for example? You can bookmark it to be saved and available offline to you. And everything you do is synced between the app and the website. However, the app doesn't have the website's cool exercises that help you better understand each subject matter. I guess they gotta leave something for future versions.
The app is available for free on the Play Store or you can grab it on APK Mirror. The Google+ community is still live if you want to stay on top of the latest beta improvements to the app before they make it to the public release.

For my Website students.
U.S. Web Design Standards
by Sabrina I. Pacifici on Sep 23, 2015
Open source UI components and visual style guide to create consistency and beautiful user experiences across U.S. federal government websites: “Tools for creating beautiful online experiences for the American people Built and maintained by a team of U.S. Digital Service and 18F designers and developers, this resource is built on the highest standards of 508 compliance, reuses best practices of existing style libraries and modern web design to guide us in creating beautiful and easy-to-use online experiences for the American people.”

Statistically speaking...
Yogi Berra Was One Of A Kind

(Related) Some more Yogi Berra quotes.
… You wouldn't have won if we'd beaten you.
… If the world was perfect, it wouldn't be.
You don’t have to swing hard to hit a home run. If you got the timing, it’ll go.

No comments: