Saturday, November 07, 2015

I don't think it's related to the legalization of marijuana – it just sounds that way in the national news. Lots to consider here, including how to do it properly?
Katie Rogers reports:
Students in Cañon City, Colo., could face criminal charges after an investigation found they were trading hundreds of nude pictures of themselves and other teenagers on their phones using special apps to keep the images secret, the schools superintendent said Friday.
The investigation began on Monday, and officials at Cañon City High School determined that students had been circulating between 300 and 400 illicit photos involving at least 100 students, said George Welsh, the superintendent of the Cañon City School District. Some of the students in the photos were eighth graders, and several of the students who possessed the pictures were members of the school’s football team, Mr. Welsh said.
Read more on NY Times.
[From the article:
Amy Adele Hasinoff, an assistant professor at the University of Colorado Denver and the author of a new book, “Sexting Panic,” contends that schools need to find new ways to talk to students about the issue. Rather than just demanding that students abstain from sending risqué images, she said, educators should aim for open conversations that involve guidance in “safer sexting” with trusted partners.

Something smells here. Are these kids like the initial story suggested? If so, why no arrests? Did the CIA Director's hack open more doors for the hackers? A story to follow.
Nathan Ingraham reports:
Earlier this year, a hacking group broke into the personal email account of CIA director John Brenner and published a host of sensitive attachments that it got its hands on (yes, Brenner should not have been using his AOL email address for CIA business). Now, Wired reports the group has hit a much more sensitive and presumably secure target: a law enforcement portal that contains arrest records as well as tools for sharing info around terrorist events and active shooters. There’s even a real-time chat system built in for the FBI to communicate with other law enforcement groups around the US.
The group has since published a portion the data it collected to Pastebin and Cryptobin
Read more on Engadget. The group also hacked the personal email accounts of FBI Deputy Director Mark Giuliano and his wife, as Hacker News reported.

What would you bet that none of the presidential candidates will suggest eliminating the TSA.
Shocker: When it comes to security the TSA still sucks eggs
Billions of dollars later, the TSA is still incompetent and its screening process is full of fail. The House Oversight and Government Reform Committee wanted answers about TSA security gaps. The DHS Office of Inspector General released a damning report and testified the TSA has not made any real improvements since it failed the last round of covert testing.

Perhaps this is why the FCC wants to create specific privacy regulations?
Gerald J. Ferguson and of Alan L. Friel of Baker & Hostetler write:
The Third Circuit interlocutory decision in Federal Trade Commission v. Wyndham Worldwide Corporation was widely reported as a big win for the Federal Trade Commission (“FTC”). But on closer examination, it was a split decision in which Wyndham Worldwide Corporation (“Wyndham”) can claim an important victory. While affirming the FTC’s authority to regulate cyber-security practices under the “unfair practices” prong of the Federal Trade Commission Act (the “FTC Act”), the Third Circuit also rejected the FTC’s contention that FTC settlements and consent orders in cyber-security cases with unrelated parties have created standards against which Wyndham’s practices can be tested for “unfairness.” This Third Circuit decision identifies defenses companies should develop when facing FTC allegations that the company’s cyber-security practices are “unfair.”[1]
Read more on Baker & Hostetler.

A difficult network to map…
A survey by Jinyan Zang, Krysta Dummit, James Graves, Paul Lisker, and Latanya Sweeney will be of interest to some readers. Here’s the Abstract:
What types of user data are mobile apps sending to third parties? We chose 110 of the most popular free mobile apps as of June-July 2014 from the Google Play Store and Apple App Store, across 9 categories likely to handle potentially sensitive data about users including job information, medical data, and location. For each app, we used a man-in-the-middle proxy to record HTTP and HTTPS traffic that occurred while using the app and looked for transmissions that include personally identifiable information (PII), behavior data such as search terms, and location data, including geo-coordinates. An app that collects these data types may not need to notify the user in current permissions systems.
Results summary: We found that the average Android app sends potentially sensitive data to 3.1 third-party domains, and the average iOS app connects to 2.6 third-party domains. Android apps are more likely than iOS apps to share with a third party personally identifying information such as name (73% of Android apps vs. 16% of iOS apps) and email address (73% vs. 16%). For location data, including geo-coordinates, more iOS apps (47%) than Android apps (33%) share that data with a third party. In terms of potentially sensitive behavioral data, we found that 3 out of the 30 Medical and Health & Fitness category apps in the sample share medically-related search terms and user inputs with a third party. Finally, the third-party domains that receive sensitive data from the most apps are (36% of apps), (18%), (17%), and (14%). 93% of Android apps tested connected to a mysterious domain,, likely due to a background process of the Android phone. Our results show that many mobile apps share potentially sensitive user data with third parties, and that they do not need visible permission requests to access the data. Future mobile operating systems and app stores should consider designs that more prominently describe to users potentially sensitive user data sharing by apps.
You access the full report on JOTS.

It also shows the limitations.
Egypt Crash Shows Key Role Surveillance Can Play: Analysts
The Times and the Daily Telegraph reported Friday that the NSA and GCHQ had intercepted telephone calls recorded before the plane catastrophe last Saturday.
They concluded from the intercepts that it was possible that an attack by the Egyptian branch of the Islamic State group, known as Sinai Province, had brought down the plane after it took off from Sharm el-Sheikh.
On Friday, a source close to the investigation said the black boxes recovered from the Saint Petersburg-bound jet pointed to a bomb attack, apparently confirming suspicions expressed by US President Barack Obama and British Prime Minister David Cameron.

I'm betting there is a big “yet” that goes with this story.
The FCC says it can’t force Google and Facebook to stop tracking their users
… The announcement is a blow to privacy advocates who had petitioned the agency for stronger Internet privacy rules. But it's a win for many Silicon Valley companies whose business models rely on monetizing Internet users’ personal data.

A heads-up for my Android toting students.
Beware: New Android malware is ‘nearly impossible’ to remove.
New strains of Android malware are masquerading as popular apps like "Candy Crush" and Snapchat, but once installed dig themselves so deeply into smartphones they are "nearly impossible" to remove,and could force people to replace their devices, according to cybersecurity firm Lookout.
The company says it observed over 20,000 samples of this type of adware in the digital wild. Some of the malicious apps functioned like their real counterparts, but they all also quietly gain "root access" to a device and install themselves as system applications. That means they have practically unlimited access to files on the device -- a big security and privacy risk. That's why it is so difficult to totally remove the apps.
But, luckily, there is a pretty easy way to avoid them: Only install apps from Google's official Play Store.

In theory, I could print a Stanley Steamer with all the modern safety features. Will we see custom “print-a-car” shops?
World's first 3D-printed car could cost you $53,000

My students don't need no stinking App!
5 Delightfully Evil Sites That Generate Excuses for You

Perhaps not reliable enough for lawyers, but for my students?
LawLib is a free law library for your Apple products
by Sabrina I. Pacifici on Nov 6, 2015
LawLibe™ is a law library for your iPhone®, iPad®, or iPod Touch®. LawLibe™ is a free app that comes preloaded with the U.S. Constitution. Then you can download additional legal content directly into the app, including the U.S. Code, Code of Federal Regulations, State Statutes, the Manual of Patent Examining Procedure, and more! Features:
• Fully offline – just download what you need and go!
• Download additional content directly into the app!
• Lightning-fast speed
• Full-text search and in-text highlighting
• Page through content just like a book
• User preferences – adjust the font and font-size for easier reading
• GoTo Button – know the exact section you want? It’s one touch away
• Includes Advisory Committee Notes where available
• Updated frequently to ensure you have the most current edition

For my researching students.
Find the Date of a Published Post with These Insanely Simple Tips

Because it's inevitable!
How to Install Windows 10 for Free on any Windows, Linux, or OS X PC

Another week, another wacky collection...
Hack Education Weekly News
… On the heels of giving the state of Ohio some $32+ million in grants to expand its charter school system, the Department of Education is now putting some restrictions on that money, sending a letter “to state officials in which it said it did not realize the extent of concerns regarding Ohio's charter schools.”
… “Cheating in Online Classes Is Now Big Business,” The Atlantic reports.
Also via the NYT: “A small survey of parents in Philadelphia found that three-quarters of their children had been given tablets, smartphones or iPods of their own by age 4 and had used the devices without supervision.”

No comments: