Saturday, January 10, 2015

Perspective. The other face of North Korean technology...
Dissection of North Korean Web Browser Shows Country May Run Off Single IP Address
Addresses in the 10.x.x.x space are not designed to be routable on the Internet, but it appears from Hansen's explorations that all of Democratic People's Republic of Korea (DPRK) is non-routable IP space. It was well known that North Korea exercised rigid control over what IP addresses were used because it owned a small block of IP addresses, but it appears to be funneling all traffic through one—or a handful—of public IP addresses.
"They're treating their entire country like some small to medium business might threat their corporate office," Hansen wrote.
Hansen felt it was "odd" that the entire country could run off one IP address. "Ultimately running anything off of one IP address for a whole country is bad for many reasons," he said.
It seems pretty reasonable when considering the small portion of population who has access to the Internet in the first place—when the total number of Internet users number in the thousands, it's convenient to run it through this system. And as the same Hacker News thread noted, Red Star OS is not the only system being used in North Korea, and researchers and students at universities are given access to the broader Internet.
North Korea goes to great lengths to limit what their people can do. "It’s quite a feat of engineering. Creepy and cool," Hansen said.


Interesting. Should be fun to follow!
Susan K. Livio reports:
Health insurance companies will be required to protect client information by encrypting the data, under legislation Gov. Chris Christie signed into law today.
The bill follows a series of incidents involving stolen laptops containing policyholder information protected only by user passwords.
Read more on NJ.com.
[From the article:
Customers’ personal information is sacred, and if a company is requiring them to provide sensitive information, then they should make sure it is protected,” said Sen. Shirley Turner (D-Mercer) who sponsored the legislation with Sen. Nia Gill (D-Essex). “These safeguards are long overdue. All insurance companies should make protecting the privacy of its customers, who are required to submit highly personal data, a top priority. "


Social statistics never seem to ask, “Why?”
Facebook Still the King of All Social Media
Facebook might be losing some of its cool, but the decade-old site is still riding high as the king of the social media space.
According to new data from the Pew Research Center, Facebook is still "by far" the most popular social media site. In fact, if you don't have a Facebook account, you're actually in the minority at this point. Some 71 percent of Internet users are now on Facebook, including – for the first time ever – more than half (56 percent) of those ages 65 and older, the research firm said Friday.
But on a more concerning note for Zuckerberg and Co., Pew found that Facebook's overall growth has slowed in the past year. The site's membership rates have seen "little change" from 2013 while other platforms like Twitter, Instagram, Pinterest, and LinkedIn saw "significant" increases in usership. Facebook-owned Instagram, for instance, increased its overall user figure by nine percentage points between 2013 and 2014, posting "significant growth" in almost every demographic group.
… Seventy percent of Facebook users engage with the site every day, a significant increase from the 63 percent who did so in 2013.
… Interestingly, Twitter engagement has dropped. Some 36 percent visit the site daily, a 10 percentage point decrease from the 46 percent who did so in 2013.


New week, new laughs.
Hack Education Weekly News
… The big news this week: President Obama’s proposal to make 2 years of community college free for some students. Not a lot of details on how the plan would be funded (the federal government would pick up three-fourths of the cost; states the rest).
… On his last day in office Arizona Superintendent John Huppenthal said that schools that violated the state’s ban on ethnic studies could risk losing state funds. His target: schools that teach hip hop. [Because there are some things man was not meant to know? Bob]
… “Nursery school staff and registered childminders must report toddlers at risk of becoming terrorists, under counter-terrorism measures proposed by the [UK] Government,” reports The Telegraph.
… The New York City Board of Education is lifting its ban on cellphones in schools.
Via The Oregonian: “Oregon schools’ biggest worries about giving new online Smarter Balanced tests this spring aren’t about slow Internet connections or a lack of computers; officials in many districts are concerned that elementary students can’t type well enough to handle the new tests.” [...and we no longer teach cursive writing. How will we communicate? Bob]
… The for-profit Northeastern Institute of Cannabis “prepares people for positions ranging from dispensary workers to medical marijuana educators.”
Homeschooling is on the rise in the US. “According to the most recent federal statistics available, the number of school-age children who were home-schooled in the United States was close to 1.8 million in 2011–12, up from 1.5 million five years earlier.” (From Vox: “The states that don’t require homeschooled kids to learn math or English, in one map.”) [Next: Homecolleging? Bob]


A perfect article for the first day of my Business Intelligence class.
Mobile Business Intelligence: Hot, or Not?
Last month when I spoke to Carsten Bange, CEO of BARC and co-author of its BI Survey 14, he positioned mobile business intelligence as a trend that generated lots of hype but had experienced little traction in the enterprise.
… Companies are beginning to realize that deploying mobile business intelligence requires more than simply porting BI software to mobile devices or purchasing mobile BI apps, Bange said. "For example, they need a strong mobile policy and mobile device management before they deploy apps with sensitive data."
… Yet the latest study on mobile BI by Dresner Advisory Services – which, like BARC, does annual surveys – shows a more consistent interest in mobile business intelligence. While the percentage of respondents who called mobile BI "very important" or "critical" dipped briefly in 2013, Howard Dresner, the firm's founder and CEO, said the number "recovered and then some" in 2014.
Infrastructure appears to remain a sticking point for mobile business intelligence adoption. "Mobile is a heck of a lot easier if you are in the cloud," Dresner pointed out. Despite this, 58 percent of respondents use their existing on-premise systems to support mobile BI in 2014, while 24 percent used public cloud and 22 percent used private cloud. Those numbers have remained fairly constant over the past four years.
Wearable form factors like smartwatches could give mobile BI a boost, Dresner predicted. Wearables "are very relevant for BI for anyone in an operational role," he said. "If the system can let me know about something that has happened that is relevant to what I am doing now, that is a pretty big deal."

Friday, January 09, 2015

My Disaster Recovery students have to create a plan to restore all computing functions in 96 hours. Sony would fail that class too.
Sony Corporation: Network Is Still Down Following ‘The Interview’ Hack
Sony’s film division says its computer network is still down more than six weeks after being hit by a massive computer hack. Sony Pictures Entertainment CEO Michael Lynton told the Associated Press on Thursday that the cyberattack hasn’t impacted the company’s film and TV schedule.
The network should be back up by the end of January, according to the report. In the meantime, Sony Pictures’ employees are still being paid by paper check.
The Sony hack was likely the largest cyberattack ever to occur on American soil, experts say, by hackers who eventually claimed the attack was a response to the production of “The Interview,” a comedy film that depicted the fictional assassination of North Korean leader Kim Jong-un.
… Sony's losses due to the cyberattack were still being calculated, but Lynton told the AP that they would not be “disruptive to the economic well being of the company.”

(Related) This should be obvious...
Blaming North Korea in Sony hack complicates case
he Obama administration's extraordinary decision to point fingers at North Korea over the hacking of Sony Pictures Entertainment Inc. could lead to a courtroom spectacle in the event charges are ultimately filed against someone without ties to the isolated country, such as a disgruntled employee or an unrelated hacker.
… "Once the government says it has good reason to believe North Korea did it, then that is good reason to believe that the defendant did not do it unless the defendant was an agent of North Korea," said Jennifer Granick, director of civil liberties at the Stanford Center for Internet and Society.

(Related) The story of the Sony hack may not play out for months!
Why You Still Shouldn't Totally Trust FBI Claims On North Korean Hacking Of Sony

(Related) Really interesting. This is how the industry views Sony.
5 Key Questions Facing Sony in Wake of Hack Attack
… Sony’s leaders must mend fences with top talent and theater chains, and convince the corporate brass in Japan that they are still fit to lead the studio amid all the collateral damage.
“The brand has been tarnished,” says media analyst Hal Vogel. “They look a bit incompetent in the way they handled this. They fumbled about like they had a loose football.”
1) Who’s in Charge Here?
Sony Pictures co-chair Amy Pascal and Sony Entertainment CEO Michael Lynton are battling for their professional lives. At first blush, Pascal is the more damaged party. Her racially insensitive email joking about President Obama’s preference for African-American films has her trying to make amends with civil rights leaders, while her uncensored musings about A-list stars has made her a master at apologizing.
… Likewise, Lynton’s finger-pointing at exhibitors as the ones responsible for pulling the plug on “The Interview’s” release have put him at odds with the major circuits.
2) Studio for Sale?
3) Will ‘The Interview’ Pave the Way for More Online Film Releases?
4) Will Exhibitors Forgive and Forget?
5) Where was the MPAA?
At one point during the crisis, Lynton said to CNN, “You would expect the industry to rally around and support you.”
He was right. Rival studios didn’t step into the fray, and their mouthpiece, the MPAA, was curiously low key until the FBI concluded that North Korea was behind the attack. Only then did MPAA chairman Chris Dodd issue a strongly worded statement condemning the attack as a work of cyber terrorists.
In the weeks after the attack, Dodd worked behind the scenes trying to organize a letter of support for Sony, but it never materialized; studios had their own fears of becoming a target of the hackers.


If your systems are at risk when clocks are “corrected” then you probably already have the scientists and programmers who can handle the issue.
Leap second: computer chaos feared as scientists let world catch up with clocks
… The Earth’s spin is gradually slowing down, by about two thousandths of a second per day, but atomic clocks are constant. That means that occasionally years have to be lengthened slightly, to allow the slowing Earth to catch up with the constant clock.
But last time it happened, in 2012, it took down much of the internet. Reddit, Foursquare, Yelp and LinkedIn all reported problems, and so did the Linux operating system and programmes using Java.
The reset has happened 25 times since they were introduced in 1972, but the computer problems are getting more serious as increasing numbers of computers sync up with atomic clocks. Those computers and servers are then shown the same second twice in a row — throwing them into a panic.


Worth a quick read.
New Clues from Doc Searls and David Weinberger
“Fifteen years ago, four of us got together and posted The Cluetrain Manifesto which tried to explain what most businesses and much of the media were getting wrong about the Web. These New Clues come from two of the authors of that manifesto, and of the book that followed. There’s more information here about this project, and about its authors, Doc Searls doc@searls.com and David Weinberger david@weinberger.org.
New Clues – (Open Source Document) excerpt:
“Hear, O Internet. It has been sixteen years since our previous communication. In that time the People of the Internet — you and me and all our friends of friends of friends, unto the last Kevin Bacon — have made the Internet an awesome place, filled with wonders and portents. From the serious to the lolworthy to the wtf, we have up-ended titans, created heroes, and changed the most basic assumptions about How Things Work and Who We Are. But now all the good work we’ve done together faces mortal dangers. When we first came before you, it was to warn of the threat posed by those who did not understand that they did not understand the Internet. These are The Fools, the businesses that have merely adopted the trappings of the Internet. Now two more hordes threaten all that we have built for one another. The Marauders understand the Internet all too well. They view it as theirs to plunder, extracting our data and money from it, thinking that we are the fools. But most dangerous of all is the third horde: Us. A horde is an undifferentiated mass of people. But the glory of the Internet is that it lets us connect as diverse and distinct individuals. We all like mass entertainment. Heck, TV’s gotten pretty great these days, and the Net lets us watch it when we want. Terrific. But we need to remember that delivering mass media is the least of the Net’s powers. The Net’s super-power is connection without permission. Its almighty power is that we can make of it whatever we want. It is therefore not time to lean back and consume the oh-so-tasty junk food created by Fools and Marauders as if our work were done. It is time to breathe in the fire of the Net and transform every institution that would play us for a patsy. An organ-by-organ body snatch of the Internet is already well underway. Make no mistake: with a stroke of a pen, a covert handshake, or by allowing memes to drown out the cries of the afflicted we can lose the Internet we love. We come to you from the years of the Web’s beginning. We have grown old together on the Internet. Time is short. We, the People of the Internet, need to remember the glory of its revelation so that we reclaim it now in the name of what it truly is.” David Weinberger, Doc Searls. January 8, 2015.


For my Statistics students. All you need to do is memorize 24 trillion possible hands!
Self-taught computer program finds super poker strategy
… The program considered 24 trillion simulated poker hands per second for two months, probably playing more poker than all humanity has ever experienced, says Michael Bowling, who led the project.
… The strategy applies specifically to a game called heads-up limit Texas Hold ‘em.
… Poker is hard to solve because it involves imperfect information, where a player doesn’t know everything that has happened in the game he is playing — specifically, what cards the opponent has been dealt.


For my Math students.
A Couple of Graphing Calculators for Your Chrome Browser
A few days ago I wrote about the new graphing calculator Android app offered by Desmos. In that post I neglected to mention that Desmos also offers a Chrome app. The Chrome app version of Desmos works like the web version. Along with all of the graphing functions Desmos allows you to share your equations and graphs. Desmos graphs your equations as you type them and redraws them as you alter your equations.
Graph.tk is a free online graphing utility that is also available in the Google Chrome Web Store. Graph.tk allows you to plot multiple functions through its dynamically re-sizing grid. To graph an equation on Graph.tk just click the "+" symbol to enter a new equation. One thing that isn't clear the first time you use Graph.tk is that you need to delete the existing default equations before you start.

Thursday, January 08, 2015

The data we've been waiting for! Well, maybe not data, but “assurances” that the FBI knows what they know and we can trust their wisdom. Do not consider things like “IP spoofing” or hackers trying to deliberately mislead law enforcement.
At the International Conference on Cyber Security held at Fordham University on Wednesday, FBI Director James Comey revealed new details about why the FBI and “the entire intelligence community” [A slight exaggeration... Bob] has a “very high confidence” that North Korea was responsible for the so-called Sony Hack. The full text of these parts of his remarks are appended at the end of this post.
Most importantly, Mr. Comey stated:
“[T]here are a couple things I have urged the intelligence community to declassify that I will tell you right now.
[S]everal times they got sloppy. Several times either because they forgot or because they had a technical problem they connected directly and we could see them. And we could see that the IP addresses being used to post and to send the e-mails were coming from IPs that were exclusively used by the North Koreans.” (my emphasis added).

(Related) Another revealing talk. This is the best “intelligence” he can report? I'm underwhelmed.
Intel chief Clapper watched 'The Interview'
Director of National Intelligence James Clapper finally got a chance to watch “The Interview” over the weekend.
His review?
“It’s obvious to me the North Koreans don’t have a sense of humor,” the intelligence chief said during a speech at Fordham Law School on Wednesday, ABC News reported.


“Yeah, but it's really cool!”
DHS IG Report – Border Patrol Use of Drones Ineffective
“Although CBP’s Unmanned Aircraft System program contributes to border security, after 8 years, CBP cannot prove that the program is effective because it has not developed performance measures. The program has also not achieved the expected results. Specifically, the unmanned aircraft are not meeting flight hour goals, and we found little or no evidence CBP has met its program expectations. We estimate it costs $12,255 per flight hour to operate the program; CBP’s calculation of $2,468 per flight hour does not include all operating costs. By not recognizing all operating costs, CBP cannot accurately assess the program’s cost effectiveness or make informed decisions about program expansion. In addition, Congress and the public may be unaware of all the resources committed to the program. As a result, CBP has invested significant funds in a program that has not achieved the expected results, and it cannot demonstrate how much the program has improved border security. The $443 million CBP plans to spend on program expansion could be put to better use by investing in alternatives.”


If you already have a 52 inch TV, why not turn it into a computer monitor?
CES 2015: Intel’s Compute Stick looks like a Chromecast, but puts a Windows 8.1 PC on your TV for $149
… Today’s CES announcement of the Intel Compute Stick hints at just that. It’s a pocket-sized device with a quad-core Atom processor, and it delivers a full Windows 8.1 computer experience that you can plug into any display with an HDMI input. And there’s a Linux version coming as well that’s 40% cheaper.


Documentation is not easy to find, but this looks like a useful “Big Data” tool.
Dato Joins New Wave of Machine Learning Startups
Guestrin is a professor of machine learning at the University of Washington and the brains behind an open source project called GraphLab, a freely available tool originally designed to help machines analyze “graphs”—i.e. the online relationships between people and the stuff they use on the net. In May 2013, he launched a startup around this machine learning software, called it GraphLab too. And this past fall, the startup’s first commercial product was released.
But on Thursday, in announcing that it had received an additional $18.5 million in funding, the startup also changed its name to Dato. According to Guestrin, the new name is meant to show that the company’s software can handle all sorts of machine learning tasks—not just graph analysis.


For my students.
5 Sites To Find Your Next Dream Job In A Tech StartUp
… Some people like the idea of working for a startup. The salary will be lower and the perks not as flashy, but you earn something else. Going to work each morning knowing that you’re on the ground floor of something, that you’re part of building something, instead of just being another cog in the corporate machine.
But how can you find these “tech start-up jobs”? Leaving aside the big sites such as TechCrunch, and LinkedIn, let’s look at 5 job-hunting sites further down the totem pole.

Wednesday, January 07, 2015

How would you determine that hackers claiming to be ISIS maniacs are really teenagers playing at hacking?
I can’t remember whether I’ve ever seen parents keep their children home from school as a result of a school web site defacement, but that’s what happened in Yorkshire when the defacement suggested an Islamist group.
Kenny Toal reports:
A local authority has advised all public bodies and organisations to make sure their security software is up to scratch after hackers, claiming to be from an Islamist group, targetted a primary school website.
Some parents at Sowerby Community Primary, in Thirsk, kept their children off school today after the security breach last night.
But police say while they are investigating there is no threat to the school or its pupils. [A bit too far to the “no worries” side. Bob]
Read more on ITV.


For my Ethical Hackers (and my friends in the banking world)
Thieves Jackpot ATMs With ‘Black Box’ Attack
Previous stories on KrebsOnSecurity about ATM skimming attacks have focused on innovative fraud devices made to attach to the outside of compromised ATMs. Security experts are now warning about the emergence of a new class of skimming scams aimed at draining ATM cash deposits via a novel and complex attack.
At issue is a form of ATM fraud known as a “black box” attack. In a black box assault, the crooks gain physical access to the top of the cash machine. From there, the attackers are able to disconnect the ATM’s cash dispenser from the “core” (the computer and brains of the device), and then connect their own computer that can be used to issue commands forcing the dispenser to spit out cash.
… If you liked this story, check out my ongoing series about ATM skimmers.


For my Ethical Hackers. Could work like a “Stingray for Wifi”...
Wi-Fi Password Phishing Attacks Automated With New Tool
Wifiphisher attacks work in three stages. In the first stage, victims are deauthenticated from their access point with the aid of deauthentication packets sent to the broadcast address, from the client to the access point, and from the access point to the client.
In the second phase, the victim access point’s settings are copied and a rogue access point is set up. Because the legitimate access point is jammed, clients will connect to the rogue access point. In this stage, the tool also sets up a NAT/DHCP server and forwards the right ports, the developer explained.
In the final phase, a man-in-the-middle (MitM) attack is launched by using a minimal Web server that responds to HTTP and HTTPS requests, and victims are presented with a fake router configuration page when they try to access a website. This configuration page informs users that a firmware update is available for the device and instructs them to enter their WPA password.


Why does the education community fail to understand parental concerns? Do they view the entire world as children?
BreakingNews.ie reports:
Concern is being expressed about a new Primary Online Database being established by the Department of Education.
Under the plan, all children’s PPS numbers along with details of their religion and ethnic backgrounds will be included on the database, which the Department said will be used to develop education policy into the future.
Read more on BreakingNews.ie.
[From the article:
… Parents of all primary school children are being sent letters outlining how the new POD will work and what information will be stored, the letter states that the information will be kept until the child reaches the age of 30.
… "They themselves say they will be sharing the data with the Department of Social Protection and other agencies," McGarr said.
… The Department of Education's website says the scheme "has been thoroughly piloted with a selection of schools" [So they are already doing this? Bob] and "extensively discussed with the education partners and management bodies." [But not parents. Bob]
… The Department also reports that only information on ethnic and religious background requires the consent of a parent of guardian.
"All other information… was deemed by the Data Protection Commissioner as nonsensitive personal data and therefore does not require written permission from parents for transfer of the information to the Department," the letter to parents says.


Why, exactly? An infographic.
These 50 Apps Will Track Everything. And We Mean Everything
When we say these apps let you track anything, we’re not kidding. If you can think of it, your phone can track it.
One of the coolest (and creepiest) uses of a device that’s always connected is the ability to keep track of things. We can track our sleep, movement, money, and so much more thanks to these incredibly powerful devices that are at our sides 24 hours a day, seven days a week.
Of course, in order to take advantage of all of this tracking, you’ll need the right apps. Here’s 50 apps that track everything you could ever imagine.


Why? Does James Bond need sensors disguised as buttons on his tux? Does everyone need a wear-it-on-your-wrist selfie-taking-camera?
Intel CEO shows off wrist-worn drone, pledges to employ more women
Chief Executive Brian Krzanich demonstrated a tiny computer built into the button of his jacket and a wristband that was capable of transforming into a flying camera at the 2015 Consumer Electronics Show in Las Vegas on Tuesday.
Intel, known more for its computer chips, is attempt to expand into the area of smart gadgets that you can wear. Krzanich said during his keynote that Intel was pushing to create computerized apparel and other gadgets equipped with sensors, an area that Intel hopes is rife with growth as the demand for smartphones and tablets begins to taper off, according to a Reuters report.
… The drone on his wrist is called Nixie, and it can be launched into the air equipped with a camera and is capable of navigating around obstacles.

(Related) Better late than never I suppose. Note that Ramirez never suggested that the FTC would do anything.
Top regulator fears 'smart-home hacking'
The head of the Federal Trade Commission (FTC) raised alarms on Tuesday about the potential hazards to people’s privacy that come with the rise of connected bracelets, cars and other devices.
The billions of “smart” devices on the so-called “Internet of Things” pose serious threats to personal privacy, Chairwoman Edith Ramirez said at the Consumer Electronics Show in Las Vegas, even while they may help with daily tasks or improve people’s health.
… To counter the concerns, Ramirez told companies to “build security into their devices from the very outset.”
Device developers should also limit the data they collect to that which is necessary for a specific purpose and then get rid of it when it is no longer needed, she suggested, and make sure that users are fully aware of what it collected and why.


A Big Data tool. Any change should be investigated and explained. (That's my inner auditor speaking.)
Twitter Releases Anomaly Detection Tool
AnomalyDetection is a package for R, the free software environment for statistical computing and graphics. Twitter has been using the tool to detect anomalies such as spikes caused by user engagement on the social media platform during breaking news, major sporting events and holidays.
From a security standpoint, AnomalyDetection can be utilized to detect activities associated with bots and spam, which may cause anomalies in the number of followers and favorites. Anomalies can also be detected in system metrics after the release of new software, Twitter said.
An anomaly can be positive or negative. An example of a positive anomaly is a point-in-time increase in number of Tweets during the Super Bowl. An example of a negative anomaly is a point-in-time decrease in QPS (queries per second). Robust detection of positive anomalies serves a key role in efficient capacity planning. Detection of negative anomalies helps discover potential hardware and data collection issues,” Twitter software engineer Arun Kejariwal explained in a blog post.
The social media giant has released AnomalyDetection as open source to give the community the chance to contribute to improving the tool. The R package is available on GitHub.


Dang copyright! Not the diagnostic codes but the parts! Don't you need the part information to order the proper replacements?
Ford Tries to Shut Down Independent Repair Tool with Copyright
EFF – “…The Ford Motor Company…recently sued Autel, a manufacturer of third-party diagnostics for automobiles, for creating a diagnostic tool that includes a list of Ford car parts and their specifications. Ford claims that it owns a copyright on this list of parts, the “FFData file,” and thus can keep competitors from including it in their diagnostic tools. It also claims that Autel violated the anti-circumvention provisions of the Digital Millennium Copyright Act by writing a program to defeat the “encryption technology and obfuscation” that Ford used to make the file difficult to read. We’re pretty skeptical of Ford’s claims. Mere facts and data cannot be copyrighted, but sometimes a “compilation” of data can be—if the selection and arrangement are sufficiently creative. It seems unlikely that Ford broke new creative ground when deciding which parts to include in the database and the order in which they would appear. Ford does allege that it included fictitious part descriptions in the database, but that’s probably not enough to pass muster. After all, similar fictions were included in the phonebook that the Supreme Court found to lack originality in the leading case defining the limits of copyrightability for compilations, Feist v. Rural. Feist, the Supreme Court explained that compiling the names, towns, and phone numbers of all of a company’s telephone subscribers in alphabetical order was not sufficiently original for the compilation to be copyrighted. It explained that alphabetical ordering was “commonplace,” and that the “selection” of all current subscribers and basic information about them was not a creative decision. Without seeing the FFData compilation, we can’t be sure whether or not it is creative enough for copyright coverage. Of course, even if we had a copy of the file, under Ford’s theory we couldn’t look at it without running afoul of the DMCA. And that points to a deeper problem. When the Supreme Court recognized the copyrightability of creative data compilations, it noted that people are free to copy the facts out of such a work as long as they don’t copy the creative elements of selection and arrangement. But because the DMCA restricts access to a work in the first place, this important limitation on copyright’s scope does not apply in circumvention cases, according to most courts’ interpretation of the DMCA. If a data compilation is copyrightable, then people are not free to extract non-copyrightable facts from the work, look at the work to figure out whether it is copyrightable, or access the work for other legitimate purposes such as news reporting, scholarship, and remix.”


For my gamer students.
Play Thousands Of MS-DOS Games For Free
You can now play thousands of classic (and not-so-classic) MS-DOS games online and directly in your Web browser for free. This is thanks to the latest release from the Internet Archive, which has compiled the collection and made them available to play within the DOSBox emulator running on a virtual machine.
This is the latest addition to the Internet Archive, which already contains hundreds of classic video games offered through the Internet Arcade. Look out for a longer article exploring the MS-DOS collection later this week.

Tuesday, January 06, 2015

Facts are often so confusing that reporters simply ignore them.
61 Million Retail Records Lost in 2014: IBM
According to the company, a total of more than 61 million retail records were stolen, lost or leaked in the United States last year, which is less than the over 70 million records compromised in 2013.
There have been several massive data breaches over the past years in which tens of millions of records had been compromised. The list includes The Home Depot (56 million records), Target (70 million records), Sony (12 million records leaked in the 2011 incident), Steam (35 million records), and TJX (100 million records).
If these incidents are removed from the equation and only breaches with less than 10 million lost records are taken into consideration, we see that the total number of compromised retail records has increased considerably since 2012.
While the number of compromised records has increased over the past years, IBM has determined that the number of breaches reported has decreased since 2012 by over 50%.
Retail and wholesale were the most targeted industries last year. In 2012 and 2013, finance and insurance, information and communications, and manufacturing were the most targeted industries.
In the previous two years, malicious code was the primary attack method, but in 2014 unauthorized access took its place, accounting for roughly half of incidents, IBM noted in its report.
Additional details are available in the retail industry overview report and the holiday trends report.


That's it? No criminal charges? No lawsuit? No vacation in Guantanamo?
Morgan Stanley Fires Employee for Stealing Client Data
US investment bank Morgan Stanley on Monday said it had fired an employee for stealing the personal data of hundreds of thousands of wealth management customers.
Some account information for about 900 of the clients, including account numbers and names, was briefly posted on the Internet and, once detected, was "promptly removed,"the bank said in a statement.
… The employee stole data on about 10 percent of its wealth management customers, or about 350,000 people, it said.


“We don't hire Compliance lawyers, we hire Compliant lawyers. When we tell them what we're going to do and we expect them to tell us, 'Sounds good, go ahead.' We can get away with all kinds of useful stuff. Often for years!”
David Kravets reports:
The Federal Bureau of Investigation is taking the position that court warrants are not required when deploying cell-site simulators in public places. Nicknamed “stingrays,” the devices are decoy cell towers that capture locations and identities of mobile phone users and can intercept calls and texts.
The FBI made its position known during private briefings with staff members of Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Sen. Chuck Grassley (R-Iowa). In response, the two lawmakers wrote Attorney General Eric Holder and Homeland Security chief Jeh Johnson, maintaining they were “concerned about whether the FBI and other law enforcement agencies have adequately considered the privacy interests” of Americans.
Read more on Ars Technica.
[From the article:
"In Tacoma, judges now require police (to) specifically note they plan to use an IMSI catcher and promise not to store data collected from people who are not investigation targets," he said. "The Florida and Massachusetts state supreme courts ruled warrants were necessary for real-time cell phone tracking. Nine states—Colorado, Illinois, Indiana, Maryland, Minnesota, Tennessee, Utah, Virginia, and Wisconsin—passed laws specifically requiring police to use a warrant to track a cell phone in real time."


Public used to mean you could go to the courthouse and get the information. Now public means anyone with an Internet connection, anywhere in the world, can get the information.
Christine Dobby reports:
A Romanian website that says it’s dedicated to keeping ‘information free and open’ is raising difficult questions about how much personal information should be included in Canadian legal rulings.
Over the past year, close to 100 people have complained to the Canadian Legal Information Institute (CanLII), after coming across legal decisions that mention their names through Google searches. The rulings are public information, but most are shocked to see the details of their court cases – often family law, criminal or immigration matters – on the Internet for anyone to read.
Read more on Globe and Mail. This case has a number of factors to consider, including the fact that the rulings were obtained (perhaps illegally, it seems) from the CanLII site, and at various times, the Romanian site operator has required a fee to remove personal documents. At other times, he has reportedly claimed that only a request is necessary to secure removal of the documents.
But putting aside the issue of fee for removal for now, how is this any different than someone downloading files from PACER or state courts, and uploading them to their own site, where they might be indexed by Google?
What’s the solution when it comes to court records where the presumption is that they are public records?


It looks like there should be a market for “personal security” but I doubt it. Perhaps my students will prove me wrong.
Poll: Large concern over data collection through smart devices
Nearly eight in 10 people are concerned about their personal information being collected through smartphones and other devices, according to a poll released Monday.
The survey commissioned by TRUSTe, a consumer privacy company, also found that 69 percent of people believe they should own the data that is collected through their smart devices.
Twenty percent, on the other hand, believe the benefits of the products outweigh privacy concerns.
… About one in three people reported owning a smart device separate from a phone. Those include smart TVs, navigation systems, fitness trackers, home appliances, watches or alarm systems.


I use this in all my Math classes. My students love it.
Desmos - A Graphing Calculator for iPad, Android, and Your Browser
Desmos is a free graphing calculator that has been available for a few years as a browser-based tool and as an iPad app. Late last month Desmos launched a free Android app.
The Desmos calculator performs all of the functions you would expect to see in a graphing calculator with a couple of extras that you don't find in typical graphing calculators. Desmos allows you to share your equations and graphs. Desmos graphs your equations as you type them and redraws them as you alter your equations. See some of the best features of Desmos in the videos embedded below.
The Android app will work without an internet connection nor do all of the sharing features work on Android version.


Perhaps my Data Management and Business Intelligence students will find a use for one of these. (Hint, hint!)
4 Data Visualization Tools For Captivating Data Journalism
Presenting information doesn’t have to be dull and dry. Whether you’re looking for a quick and easy solution or more complex data processing, these four tools will ensure that, whatever data you’re working with, your visuals will leave a lasting impression.

Monday, January 05, 2015


Bruce (once again) raises some interesting questions. I doubt politicians care about the answers.
We Still Don't Know Who Hacked Sony
Welcome to a world where it's impossible to tell the difference between random hackers and national governments.
If anything should disturb you about the Sony hacking incidents and subsequent denial-of-service attack against North Korea, it’s that we still don’t know who’s behind any of it. The FBI said in December that North Korea attacked Sony. I and others have serious doubts. There’s countervailing evidence to suggest that the culprit may have been a Sony insider or perhaps Russian nationals.
No one has admitted taking down North Korea’s Internet. It could have been an act of retaliation by the U.S. government, but it could just as well have been an ordinary DDoS attack. The follow-on attack against Sony PlayStation definitely seems to be the work of hackers unaffiliated with a government.
… When it’s possible to identify the origins of cyberattacks—like forensic experts were able to do with many of the Chinese attacks against U.S. networks—it’s as a result of months of detailed analysis and investigation. That kind of time frame doesn’t help at the moment of attack, when you have to decide within milliseconds how your network is going to react and within days how your country is going to react. This, in part, explains the relative disarray within the Obama administration over what to do about North Korea. Officials in the U.S. government and international institutions simply don’t have the legal or even the conceptual framework to deal with these types of scenarios.
… It’s a strange future we live in when we can’t tell the difference between random hackers and major governments, or when those same random hackers can credibly threaten international military organizations.


Do they all have lousy security?
There’s someone else I need to follow, as he/they seems to be hacking a number of universities and colleges.
In a post on Pastebin yesterday, @MarxistAttorney (web site) claimed a number of hacks, including, California State University, University of Kentucky, University of Connecticut, University of Maryland, Coastal Carolina University, and Abertay University.
For each entity, there is a data dump for proof of claim; other data dumps are linked from his web site. DataBreaches.net is not linking to the individual data dumps, but has reached out to each of the universities mentioned above to ask them if they will confirm or deny that they have been hacked and that those are their data. The University of Kentucky has already acknowledged our inquiry and states that they are investigating the claimed hack.
This post will be updated as more information or responses become available, but in a quick attempt to verify the claims, DataBreaches.net found that one of the data dumps that had been labeled California State University had originally been posted elsewhere as a hack of the San Diego Zoo with attribution to “Paw Security(@PawSecReturns) #Op4Pawz.”
Google searches of strings in some other dumps did not locate any duplicates or previous postings.
Does “Attorney” have a gripe against U. of Maryland that contributed to it being targeted? Perhaps, as this tweet suggests:
You should've accepted me into your university #Carbonic http://carbonic.in/dumps/umd.txt @UofMaryland
Update: In response to this site’s inquiry, “Attorney” emailed the following statement and posted a copy of it on Pastebin:
Greetz to @TeamCarbonic.
I targeted universities for the sole pleasure of the “lulz” that came out of this. It is true, I have thousands upon thousands of logins, employee ids, and various other sensitive information regarding the universities. What I intend to do with this data is publicize it to undermine the idiots at the IT Team.
Regards,
Attorney
Apart from an initial response from U. of Kentucky saying that they were looking into things, DataBreaches.net has received no responses yet to the inquiries it sent to the universities asking them to confirm or deny they were hacked.
This might be a good time to remind everyone that no federal agency has really taken any point or serious interest in investigating data breaches in the education sector. The FTC claims it does not have authority over non-profits under Section 5 of the FTC Act. They have not responded substantively to this blogger’s analysis and EPIC’s analysis that the FTC does have authority under the Safeguards Rule if financial information is involved.


The “Internet of Things” facilitates yet another surveillance tool that car owners might like? As “Things” get “smarter” you will find your life “guided” by software.
GM uses OnStar 4G LTE – not a crystal ball – to predict breakdowns before they happen
… Here’s how GM describes the system: “Data is sent to OnStar’s secure servers and proprietary algorithms are applied to assess whether certain conditions could impact vehicle performance. When indicated, notifications are sent to the customer via email, text message, in-vehicle alerts or through the OnStar RemoteLink smartphone app.”
… Essentially, this means GM has figured out what symptoms various components demonstrate before they fail and has its servers watching out for them. When they’re detected, you’re notified before the battery, starter, or fuel pump kick the bucket.
Though the system will only work on those three components and on those specific vehicles at first, GM will be rolling the prognostic capabilities into its full 2016 line throughout the year.

(Related) We're becoming more “thingie” (thingy?)
International CES: The Internet of Things Takes Center Stage
… The new devices at the event, which opens to the news media on Monday and to the public on Tuesday, will include a Wi-Fi-connected ceiling fan controlled by a Nest Learning Thermostat, and automated door locks, light switches and LED bulbs. Under Armour, the sports apparel company that has experimented with smart sports clothing, will exhibit at CES, as will the Girl Scouts of America, which is introducing a new digital app.
… In some cases, companies have joined in head-scratching collaborations, building devices that do not show an obvious need for an Internet connection, but that may find consumer interest anyway. For example, two separate wristbands on display — the Reemo and the Myo — will let their wearers control video games, phones and connected devices in the home using arm waves and gestures.
Other devices are targeting a niche consumer base. Tagg’s GPS-enabled pet trackers can report your pet’s location and the temperature there. Connected workout clothing from Hexoskin will let trainers monitor athletes from afar — even from different countries.


The new Madison Avenue? Do you have at least X followers on social media? Is it possible you like/use/need our product? Let us pay you ridiculous amounts of money to keep doing what you are doing but with our ads pasted on top.
Lady Gaga Has Turned Her Instagram Selfies Into Ads For A Japanese Beauty Brand
Lady Gaga has taken 50 selfies that will act as the centerpiece for the Japanese beauty brand Shiseido's ad campaign during one of Japan's busiest shopping periods.
The pop star, infamous for her Instagram selfies, has become the face — and the photographer — of Shiseido’s 2015 New Year’s campaign, according to WWD.
A Lady Gaga Shiseido ad appeared in numerous Japanese national and regional newspapers over the New Year's period. Forty-six were published on New Year's Day, with the remaining four pushed out Friday.
… Making the activity all the more interesting is that Gaga has failed to mention the selfies are part of a marketing push, or any affiliation with Shiseido. If anyone were to complain about the lack of signposting, Gaga and Shiseido could incur the wrath of advertising regulators.


Perspective.
Google Was Asked To Delete 345 Million Links In 2014 Over Copyright Infringement
Google is getting asked to remove more and more links over copyright issues, with requests up 75% year-over-year.
Torrent Freak has compiled all of Google's weekly transparency reports into one study that looks at the whole of 2014.
… It's important to note that Google isn't hosting the copyright-infringing material. Rather, publishers are asking Google to remove search links to that material.
Copyright holders contact Google and ask the company to hide links to websites containing content posted illegally. The biggest sites that rights holders complained about in 2014 were 4shared, Rapidgator, and Uploaded, all well-known places to illegally download music and movies.


Where to put your advertising dollars? If you rely on this infographic, you're doing it all wrong!
Want To Buy Some Ads? Should You Go Facebook or Google?
You’ll need to make this decision based on the needs of your business, but we’ve found a handy infographic that breaks down some key differences between the two. It will push you in the right direction and help you make an educated decision.
Via Wishpond


One for the toolkit.
Jing - A free tool to capture Images & Video
I have long been a fan of Jing, TechSmith’s free screen capture software. It’s a fast and easy way to grab a quick screenshot or record a video on the fly. Recently, TechSmith upgraded Jing to include a FREE membership to Screencast.com; you now get 2GB of free storage and 2GB of bandwidth per month. Screencast.com allows you to safely upload and store video as well as images, to control who views your content, to download media in a variety of formats, and to share content in a myriad of ways.
After downloading and installing Jing (available for Mac and PC), create your free Screencast.com account.