Saturday, December 19, 2015

An update. It's not the DNC's data at issue, it's the Sanders campaign data that they can't get to. They (all candidates?) store it on the DNC's database because it's cheaper and nothing could possibly go wrong.
How Berned Is Bernie Sanders By The DNC Data Breach?
… The fracas began on Wednesday morning, with the crash of a software firewall that is supposed to prevent campaigns from seeing the voter data compiled by rival candidates. (All the Democratic presidential campaigns have access to the DNC data, and can then add their own information and analysis to the database.) The crash allowed members of Sanders’s staff to view proprietary voter lists of the Hillary Clinton campaign, including, according to news reports on Friday, information on voters less inclined to support the former secretary of state in the critical early states of Iowa and New Hampshire.
To punish the Sanders campaign for the breach, the DNC said the campaign could not have access to the party’s voter data.
The DNC files are filled with public information — no private information, à la credit card company hacks, would have been compromised here — that’s been gathered from various secretaries of state offices across the country. Those files contain names, addresses, elections voted in, and in some states, date of birth and gender.
Without access to these files, the Sanders campaign’s ability to canvass voters in a targeted manner — go to this house, but not that one — is lost, as are its capabilities to create a tailor-made phone list to contact voters who are more likely to #FeelTheBern. It basically means Sanders staffers have to campaign like it’s 1999
… the campaign could have saved or printed lists outside the NGP VAN system.
But the long-term effects are alarming enough that the Sanders campaign filed a lawsuit in federal court on Friday seeking to re-gain access to the DNC’s voter file, saying that the committee was “attempting to undermine” its campaign, and that the organization “continues to hold our data hostage.”
Campaigns gather information from voters that serve to enrich this file — who a caller says they’ll vote for or whether a landline number is dead are seen as valuable tidbits — and they agree to update the system after the campaign so that future candidates can use it.
But what probably angers Sanders and his people the most is being locked out of information they’ve collected on potential Sanders volunteers. If a person whose door is knocked on says they’d like to volunteer for the campaign, that’s quite a boon, and the campaign would store that information away in the system. When staffers were locked out of the NGP VAN system, they would have lost access to these files, Klaber said.




Does the FBI see China in every hack? Maybe China is in every hack. Or maybe they have a low threshold for “sophistication?”
FBI probes breach at Juniper Networks -CNN
… Juniper on Thursday said it discovered two security issues that can affect products or platforms running the ScreenOS software. It released an emergency security patch, advising customers to update their systems and apply the patched releases with "the highest priority." (juni.pr/1msg7WM)
CNN reported that U.S. officials are concerned because hackers who took advantage of the flaw could access the network of companies or government agencies that used the Juniper product.
The breach is believed to be the work of a foreign government because of the sophistication involved, U.S. officials told CNN. (cnn.it/1msgmkF)




The opposite of sophistication? Just think of it as a password you were unlikely to guess. (What do 28 backspaces spell in Chinese?)
The Simplest Hack: Hitting The Backspace 28 Times Will Break You Into a Linux Computer
Linux may be the operating system of choice for some computer snobs, but there is apparently one giant flaw in it: you can break into it really, really, really easily. All you have to do is hit the backspace key enough times, something on the order of 28.
Wait, what?
Lorenzo Franceschi-Bicchierai at Motherboard does a pretty good job unpacking this. Essentially, the backspace bug causes the system to bring up a Grub rescue shell. From this shell, hackers have access to all the data on the computer, and can use it to install malware, delete files, or outright steal them. The bug was discovered by two researchers at the Cybersecurity Group at the Polytechnic University of Valencia, and published on the personal site of researcher Hector Marco.
The researchers indicate that the Grub problem affects Linux systems from 2009 to the present date, though older systems may be affected. Already, many major distributions, including Debian and Ubuntu, have released emergency patches to fix the problem. So if you're a Linux user and think you might be affected, either try hitting the backspace key 28 times on the login screen, or just install the patch and don't chance it.




Perspective. Who has the weakest security? Sounds like a project for my Ethical Hacking class!
Target Corporation Hops on the Bandwagon of Mobile Wallets
It seems like all retail giants are eager to offer customers new ways to pay with a smartphone. First it was the disruptive Apple Pay, which was joined by others including Samsung Pay, Android Pay and the recently launched Walmart Pay. Now lobbying its way in, is Target Corporation.
… sources mentioned that the country's fourth largest retail chain has already undertaken certain decisions, including which financial institutions and credit card companies to partner with. Also, the company’s management is inclined to process transactions through scanning technology, using the QR code to establish communication with payment terminals, just as Wal-Mart and Starbucks do. The company will eventually integrate the mobile payment platform, with its existing mobile shopping app.


(Related) Perspective. Has anyone tried to collect Best Practices for Apps?
Mobile App Momentum Continues, Surveys Find
Companies are coming up with all kinds of new ways to use mobile apps, from customer service to an intranet alternative. So it is no surprise that many businesses use at least a dozen mobile apps. In a report published today, Apperian, a provider of mobile application management software, found that the mean number of apps across its customers is nearly 35 while the median number is 13.
Interestingly, however, Apperian found that the number of mobile apps deployed is not a leading indicator of an organization's success with mobile apps. It is more important to have mobile apps that support business processes aligned with strategic initiatives, according to Apperian, which also found that companies tend to deploy mobile apps meant for specific business functions rather than mobile apps used by entire workforces.




Do you feel more secure?
Budget bill heads to President Obama's desk with CISA intact
Earlier today, the US House of Representatives passed a 2,000-page omnibus budget bill that contains the entirety of the controversial Cybersecurity Information Sharing Act. Just moments ago, the Senate passed it too.
Update: As expected, President Obama has just signed the bill, enacting both the $1.1 trillion budget and CISA.




Goes to both security and privacy.
How to Remove Hidden Personal Data in Microsoft Office
Microsoft Office creates and maintains a metadata file attached to your document. Each time you send it, your details are passed forward to the recipient, and anybody else that document moves forward to. This is okay in certain situations, but at other times it can be handy to clean your documents of any personal data before releasing them into the wild.
The Document Inspector is an amalgam of all of the different inspector services available to Microsoft Office. Their main functions are to locate and remove any additional data from your documents. Before using the Document Inspector, save your current document.




I find it difficult to believe that Directors would be unsatisfied with the information they receive (on any subject) for long.
U.S. Senators Introduce SEC Cybersecurity Disclosure Legislation
The legislation asks each publicly traded company to disclose information to investors on whether any member of the company’s Board of Directors is a cybersecurity expert, and if not, why having this expertise on the Board of Directors is not necessary because of other cybersecurity steps taken by the publicly traded company.
A study released earlier this year from the Ponemon Institute found that 78 percent of the more than 1,000 CIOs, CISOs and senior IT leaders surveyed had not briefed their board of directors on cybersecurity in the last 12 months. In addition, 66 percent said they don't believe senior leaders in their organization consider security a strategic priority.
A separate survey published in January by the National Association of Corporate Directors (NCD) that found that more than half (52 percent) of the 1,013 corporate directors surveyed were not satisfied with the amount of information they were receiving about cyber-security. In addition, 36 percent said they were unsatisfied with the quality of that information.




If you never ask yourself the question, you don't have an answer when someone else asks. AKA: “We don't need no stinking privacy!”
FAA Finally Admits Names And Home Addresses In Drone Registry Will Be Publicly Available
The FAA finally confirmed this afternoon that model aircraft registrants’ names and home addresses will be public. In an email message, the FAA stated: “Until the drone registry system is modified, the FAA will not release names and address. When the drone registry system is modified to permit public searches of registration numbers, names and addresses will be revealed through those searches.”




The NFL bit could be interesting. If many companies grab content that requires specific (proprietary) Apps to access, we'll need a new kind of TV guide – powered by Watson!
Apple Loop: Multiple iPhone 7 Designs Leak, Tim Cook's $24 Billion NFL Dream, Apple Fights Microsoft
… Is Apple really going to go after Thursday Night Football? Reports came in this week that the NFL has reached out to Apple for a potential bid, along with Amazon, Google, Yahoo, and the more traditional broadcast partners. It’s an idea championed by Forbes’ Eric Jackson, who believes a bid from Apple of $4 billion over five years would bring in $24 billion in profits:
The extra sales of Apple TVs, content via iTunes that people would then buy on their Apple TVs, plus incremental iPhone sales would all be new iOS ecosystem sales not currently factored in by Wall Street analysts in their current price targets for the Apple stock price.
Therefore, they would have to model in all this additional revenue which would be prompted by large numbers of Americans and those internationally who love their NFL migrating to Apple to be able to stream the games on their Apple TV hockey pucks.
The Wall Street analysts would have to take their best guess of future profits flowing to Apple from this move (which I have argued is $24 billion) and multiply that number by the current forward price-to-earnings multiple which Apple has (which is 11x).




“Always bet on ignorance and intellectual laziness.”
Furor over Arabic assignment leads Virginia school district to close Friday
A Virginia county closed all of its schools Friday because of intense backlash over a class assignment about Islam, with some parents alleging that their children were being subjected to Muslim indoctrination and educators emphasizing the importance of exposing U.S. students to the world’s fastest-growing religion.
A high school geography teacher in rural Augusta County asked students to try their hand at writing the shahada, an Islamic declaration of faith, in Arabic calligraphy. The task, community reaction to it, and a sudden influx of outrage from around the country — including angry emails, phone calls and threats to put the teacher’s head on a stake — led the school district to close rather than risk disruption or violence.
… The shahada translates to: “There is no god but God. Muhammad is the messenger of Allah.” Some translations start with: “There is no god but Allah.” [Nothing about ISIS at all? Bob]




Something to illustrate why my Data Management students need Data Management. ('cause it never hurts to keep pounding home the benefits of a good education!)
Microsoft pursues analytics ambitions with Metanautix acquisition
Microsoft has furthered its pursuit of enterprise analytics with the acquisition of Metanautix, a company that makes it possible for businesses to pull together all their data and gain insights into it.
Metanautix's product can pull information in from a variety of private and public cloud data sources including traditional data warehouses, NoSQL databases like Cassandra and business systems like Salesforce. Once it's aggregated, businesses can use SQL to query the resulting data pipeline in order to glean insights from the information.




Perhaps I can have the university buy me some of this – for my students of course.
Intercept – A secret catalogue of government gear for spying on your cellphone
by Sabrina I. Pacifici on Dec 18, 2015
The Intercept has obtained a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States. The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before…”




Just because it's cool (and local) You can see a long way if you're high enough.
A New Kind of Landscape Photography
Denver and the Colorado Rockies, as you’ve never seen them before
… In the late morning, as it passed over the Pacific, it turned back and looked at the continent to the east. Gazing over Los Angeles; the Mojave desert; the Grand Canyon; and the southern tip of Utah, it captured an image of Colorado.




My favorite Saturday reading.
Hack Education Weekly News
From the Indy Star: "Scores on thousands of student exams could be incorrect because of a computer malfunction that inadvertently changed grades on Indiana's high-stakes ISTEP test, according to scoring supervisors familiar with the glitch."
… Coursera has released a list of its “most coveted certificates in 2015.” Number one: digital marketing.
Colorado College has suspended a student for 6 months for derogatory comments he made on Yik Yak.
… Career Education Corporation says it will close all its Le Cordon Bleu schools, citing the new “gainful employment” regulations.
… From Desmos (and Dan Meyer): Marbleslides.




What else would you call it?
Wookieepedia


No comments: