Saturday, January 17, 2015

For my Ethical Hackers. Think there would be a market here?
Want to Hire a Hacker? Find One on Hacker's List
… The new site Hacker's List has only been operating for less than three months yet has been flooded with over 500 hacking jobs that are waiting for a successful bidder.
… compared to popular freelancing sites such as Odesk and Elance where both the bidder and buyer need to build a credible profile, the identities of those involved in a project at Hacker's List are kept anonymous.
… The site, which is registered in New Zealand, contains a 10-page terms and conditions section. The most important message it conveys is that users are not allowed to "use the service for any illegal purposes."
… Hacking jobs that are offered on the site have prices that range from $100 to $5,000. The hackers' hourly rates would go between $28 and $300. One woman who hails from California is offering $500 to anyone who can successfully hack into the Gmail and Facebook accounts of her boyfriend under the suspicion that he's cheating on her. A man from Sweden is willing to pay as much as $2,000 to anyone who can gain access to his landlord's website.

NOT in Denver! Note the very typical “we had no clue” language.
Maura Lerner reports:
Metro State University is investigating a computer security breach that may have exposed personal information about students, faculty and staff.
In a campuswide e-mail Friday, interim president Devinder Malhotra wrote that a computer hacker apparently got “unauthorized access” to the university database in mid-December, and that investigators are still trying to determine the scope of the data breach.
We do not believe this server contained any financial data or credit card information,” he wrote, but he said some of the databases included employee Social Security numbers.
Officials say they learned about the problem Jan. 2, when a cybersecurity service notified them about a blog posting “by a computer hacker” who claimed to have hacked into 75 websites. “We were just one of those,” said Anne Sonnee, the interim vice president for communications.
Read more on Star Tribune.
A statement on the university’s web site states:
… To date, we have established the validity of the claimed attack, disabled the vulnerability that we believe permitted this breach, isolated the risk from other servers, and notified law enforcement. The university is also taking additional measures to minimize future security risks.
… While our investigation may take several weeks to establish the nature and scope of the possible breach, out of an abundance of caution and with the goal of full transparency, we are communicating what we do know about this situation as soon as possible.
… While we are not yet able to determine who the affected individuals are, in the interim it may be prudent to take precautions
There is a related Q & A about the breach on the university’s web site.
A search of Pastebin discloses a post on December 31st by “Abdilo” (@abdilo_ on Twitter), a self-described teenage hacker from Australia. The paste references having allegedly hacked Metro State in December: broke into you cause i like 22 jump street, thanks for the 22k ssns)
If that claim is true, at least 22,000 people may have had their Social Security numbers stolen.

Computer Security managers: How will you deal with this when it happens to you? Note that headlines like these are easily disproved because of the easy access to news.
Twitter hackers declare World War III
HACKERS took over Twitter accounts of the New York Post and United Press International, writing bogus messages, including about hostilities breaking out between the US and China.
One tweet posted under the UPI account on Friday quoted Pope Francis as saying, “World War III has begun”. Another message delivered on the Post account said the USS George Washington, an aircraft carrier, was “engaged in active combat” against Chinese warships in the South China Sea.

Interesting new law.
Canada Prohibits Installation of Software, Updates Without Consent
A new provision in Canada’s Anti-Spam Legislation (CASL) prohibiting the installation of software without consent from the device’s owner came into effect on Thursday.
According to the Canadian Radio-television and Telecommunications Commission, the new rule applies when someone installs or causes the installation of software on another individual’s device in the course of commercial activity.

I try not to post about “potential” legislation or “proposed” rules because the change so much before becoming reality. But this is just dumb!
Obama backs call for tech backdoors
President Obama wants a backdoor to track people’s social media messages.
… “Social media and the Internet is the primary way in which these terrorist organizations are communicating,” Obama said during a press conference with Cameron on Friday.
“That’s not different from anybody else, but they’re good at it and when we have the ability to track that in a way that is legal, conforms with due process, rule of law and presents oversight, then that’s a capability that we have to preserve,” he said. [“Preserve” all you want. Change technology at your peril! Bob]

Interesting. Sort of the opposite of Elon Musk's concern that AI will take over the world?
Facebook open-sources new AI smarts
Facebook has released as open source some software modules that can speed image recognition, language modeling and other machine learning tasks, in a move to advance computer artificial intelligence for itself and others.
Such modules could be used by startups or other companies that want to build AI-based products and services, but may not have the "deep engineering" expertise on hand to develop such capabilities in-house, said Soumith Chintala, a Facebook research engineer who works for the Facebook AI Research (FAIR) lab.
Facebook does not yet incorporate AI technologies into its social networking service, Chintala said, though the techniques being developed at FAIR may one day be used to improve customer experience.
… The new modules run on Facebook's Torch, an open source development framework for building deep learning applications. Google, Twitter, Nvidia, Intel, and Nvidia have used this framework for their projects.

Something to add to our programming language catalog?
Apple's Swift is on fire
To make the lives of iOS developers easier — and to discourage them from bolting to Google’s Android — Apple in June introduced Swift, describing it grandly as “the first industrial-quality systems programming language that is as expressive and enjoyable as a scripting language.”
Half a year later, how’s Swift doing?
Pretty well, judging from the latest rankings from Red Monk’s Stephen O’Grady, who predicted last summer that Swift was going to be “a lot more popular, and very soon.”
Even so,” O’Grady wrote Thursday, “the growth that Swift experienced is essentially unprecedented in the history of these rankings.

Uber was able to shake up this quasi-monopolistic industry. Now taxis are being forced to do what they could have done on their own several years ago.
For my Business Intelligence class: This is equally “substitutes” and “new entrants”
Riders May Soon Be Able To ‘E-Hail’ A Regular Taxi Using A Smartphone
Los Angeles wants taxi drivers to get on board with a mobile app that will allow customers to hail a taxi from their smartphones.
If and when implemented, taxi drivers who don’t use the app “e-hail” could face fines of up to $200 a day, starting in August.

Is this now accurate or still too high?
Here Is AT&T's Epic $8 Billion Friday-Night News Dump
The running joke in news is that companies dump news when people aren't looking, like before holidays or on Friday nights before long weekends.
AT&T met the latter criteria this week.
On Friday night, AT&T disclosed that in the fourth quarter, it will take a $7.9 billion noncash, pretax loss related to an adjustment in assumptions made for its pension plan.
The company announced that on Dec. 31, it adjusted its assumed discount rate for its pension obligation to 4.3%. Previously, the company had used a 5% discount rate, according to its most recent 10-K filed with the SEC.
… The company also said that contributing to the loss were "updated mortality assumptions," which means that people covered under AT&T's pension plan are now living longer.

For my researching students?
Google – Still in the Search
by Sabrina I. Pacifici on Jan 16, 2015
In-depth reporting and writing about the continuing evolution of Google search from both a tactical and strategic perspective. For consumers, researchers, librarians, lawyers and educators, this is a must read. It takes time, focus and mindfulness to read long articles in this increasingly rapid fire burst of bits of information that shoot at us every waking moment. The concept of information overload has seemingly long ago given way to the deluge as the new normal. This article is a reminder why we need to stay engaged in all facets of future developments in the realm of search, discovery and knowledge sharing. Enjoy and keep being “the best.”

A Glimpse of the Future: The ‘Oscars of Innovation in Higher Education’
When it comes to modern higher education, a few things are universally clear. First, there is no one right answer for every student. Second, everyone involved is still learning what methods will work best in the 21st century. But some clear winners do stand out for their effective, outside-the-box approaches, and a few of them were honored at the recent inaugural Reimagine Education Conference.
… The Overall Winner award, which carried a grand prize of $50,000, was split between two teams: PaGamO from National Taiwan University, and PhET Interactive Simulations from the University of Colorado, Boulder. (See a complete list of the winners in different categories here.)

Every week, amusement!
Hack Education Weekly News
… The Obama Administration announced $25,000,000 in grants to 13 HBCUs to develop cybersecurity programs.
Indonesia plans to replace textbooks with tablets, reports Edukwest.
Via the AP: “Arizona became the first state in the nation on Thursday to enact a law requiring high school students to pass the U.S. citizenship test on civics before graduation.”
Ed-tech is in its infancy, according to The New York Times. Despite the role of universities in its development, education has not been “touched by Internet technology.”
UMass is outsourcing textbook sales to Amazon.
Once again, a study finds that college students prefer print books to e-books.
OverDrive says e-book checkouts from libraries are up 33%.

Friday, January 16, 2015

It's the ability to generate headlines that determines how journalists treat a breach.
Kyle McCarthy points out that there were at least five colleges that had breaches larger than Sony’s breach in 2014.
So he made a list? Why is there absolutely NO mention of the fact that no federal agency enforces data security in the education sector? Isn’t THAT the bigger story?

For my Ethical Hackers: The perfect smoke screen? Let's take advantage of Nigel's British accent for a little social engineering...
The UK And US Will Launch Staged Cyber Attacks On Major Banks
The UK and US are about to launch cyber attacks on each other. But don't worry: there'll actually be staged exercises to test out defences against hackers as online global threats rise, the BBC says. The move has been hailed an "unprecedented" arrangement between the allies.
Cyber attacks will be carried out by the countries' intelligence services, the MI5 and the FBI.
First up is the financial sector: The Bank of England and commercial banks in the City and Wall Street are going to be targeted to see how well businesses can cope with hacking dangers. Transport services will also be hit in the digital battles.

They conclude there is no good substitute for gathering everything. Strategically, I have to agree – unless you can tell me in advance how to identify bad actors? This is exactly the document I need for my Business Intelligence class.
National Academy of Sciences Releases Report – Bulk Collection of Signals Intelligence
James R. Clapper – Director of National Intelligence” “On January 17, 2014, the President, through Presidential Policy Directive 28, directed my office to assess “the feasibility of creating software that would allow the Intelligence Community more easily to conduct targeted information acquisition rather than bulk collection.” In order to fulfill this direction, I asked the National Academy of Sciences to study this critical issue, leveraging their reach across both the public and private sectors. NAS is a non-partisan, peer-reviewed body established specifically to perform such tasks for the U.S. Government. NAS brought together a committee of experts from top technology firms and academia to consider whether technological alternatives to bulk collection exist while retaining critical intelligence capabilities. The independent, peer-reviewed report, Bulk Collection of Signals Intelligence: Technical Options, is publicly available at NAS’s website. The IC is always looking for ways to fulfill our national security mandate while protecting civil liberties and privacy. I want to thank NAS for their expertise and providing an impartial look at feasible alternatives to bulk collection.”

For the Ethical Hacker's Toolkit. (Article 3)
KeySweeper Spies On Wireless Keyboards
A security researcher by the name of Samy Kamkar has created a fake phone charger capable of sniffing out and storing any and all keystrokes made on Microsoft-branded wireless keyboards. The device, which Kamkar has dubbed KeySweeper, would be cheap to make and virtually impossible to detect.
KeySweeper looks exactly like a phone charger plugged into the wall. However, it’s actually sniffing out keystrokes, which it can then send via SMS to whoever planted the device. Luckily, this only works on Microsoft keyboards originally manufactured before 2011. Unfortunately, Kamkar maintains these are still being manufactured and sold today. Oops.

Bad news for Colorado. (and proof that Google doesn't know everything?)
The Enemy Of The Google Car Is — Snow!
… The Google Car has a critical foe however — and it isn't the traditional auto industry.
It's snow.
Speaking at the Detroit Auto Show, the guy in charge of Google bold experiment in self-driving said that alpine conditions are not something the Google Car will be tackling, at least not right away.
It turns out in Mountain View, it doesn’t snow,” Chris Urmson told Bloomberg.

Most of my students are too young to have had a shot at a cool domain name and all the three letter domains (IBM, CIA, etc.) have been taken so this is pretty cool!
Google Domains Now Available for Businesses
Google Domains is now available to all Web users in the United States. The service lets users purchase domains, create email addresses and build a website using the Google platform.
… Google Domains supports more than 50 domain endings. You can purchase popular top-level domain names (TLDs) like .com, .net, .org, .biz, .cc, .co, as well as specialized ones that represent your brand, such as .company, .consulting, .coffee, .florist, .guru, .management, .partners, .productions, .rentals, .supplies, .solutions, .technology and many more. Google says it will also be adding hundreds of new TLDs in the next few years.
… Original TLDs like .com, .net, .biz, .info and .us start at $12 for the first year. Country code and general TLDs like .co, .company, .consulting, .coffee, .florist, .guru, .management, .solutions and .technology start at $20.
Google Domains also offers free private registration, which hides your name, address and other contact information from public view — for instance, during a WHOIS domain database search.

No good idea goes unlitigated. And I doubt this one will survive. The movie studios don't want to change, no matter how profitable it might be. (Article 2)
Wavelength Makes Movie Sharing Legal
Wavelength is a new service promising a way of sharing movies online, legally, and for free. Which means it’s unlikely to last very long. Wavelength is powered by Ultraviolet, a cloud locker service the movie studios created to allow people to share movies with friends. But “friends” is such a tricky term when applied online.
Ultraviolet enables the buyer of a movie to stream it to multiple devices and share it with up to six other people. Wavelength utilizes this system, with random strangers sharing their legally-bought collections with other random strangers. Which essentially means it uses Hollywood’s own technology against itself.
Spencer Wang, the brainchild of Wavelength, knows the studios will move against him and his service with extreme expediency. However, he’s hoping that enough people will sign up in the meantime to persuade the studios and their retail partners that Wavelength offers a legitimate alternative to piracy. We wish him luck… and he’ll need it.

For all my students.
Elon Musk Donates $10 Million To AI Research, Hopes To Prevent Skynet
… With a generous $10 million donation to the Future of Life Institute, funds will be handed out in the form of grants to those researching AI as well as those dealing with AI in different fields, such as ethics, law, and economics.
FLI makes it clear that anyone is eligible to receive a grant, stating, "The best ideas will win regardless of whether they come from academia, industry or elsewhere."
… Those interested in applying for a grant will want to head on over to the Future of Life website on the 22nd, which is when applications will be accepted.

(Related) A computing benchmark? As Lara Croft becomes more lifelike, the AI becomes more dangerous? Check this infographic.
How Has Tomb Raider’s Lara Croft Changed Over The Years?
Lara Croft is easily one of the most iconic characters in gaming. When it comes to being a badass, few characters do it like Lara.
Over the years, the character has gone through some serious evolution, with the most recent reboot seeing some particularly huge changes. The image below takes a fascinating look at how the character has morphed, and how the promotional material differs from the final release.

The things every student should know... Do you know the keystrokes to do these actions?
The 15 function-key strokes everyone should know to zip around Microsoft Office

Something for my students to ponder. Assuming they have the time.
Netflix Binges and the New Tech Utopia
For over 150 years, many of history's great economists, from Karl Marx to John Maynard Keynes, predicted that machines would usher mankind into a scholarly fantasy of enlightened leisure. Robots would, they argued, serve all of our needs while we spent the days reading classics, debating philosophy, and indulging in fine art.
Well, it turns out that the prophecy was half right. Many prime age workers enjoy unprecedented levels of leisure, but—and here’s the other half—they would apparently rather doze off into a midday nap watching the Desperate Housewives of New Jersey than debate the merits of Plato's Republic.
The most likely people to engage in free online college lectures are those who already have a graduate degree or are high-income earners. The same is true for volunteering and political involvement.

I can't help myself, I like lists.
The Best Websites On The Internet
The websites on this list are those that we consider to be the best: genuinely useful, top-of-the-line sites that will get you what you need.

Thursday, January 15, 2015

We have met the enemy and he is us. So that means what we did was Okay!” (Apologies to Walt Kelly) Why would the CIA investigate domestic security breaches?
CIA board breaks with watchdog, clears agency of spying on Senate
In a break with its former inspector general and overseers on Capitol Hill, a CIA accountability board has determined that agency officials did not wrongly spy on the Senate early last year.
Instead, the board — which was tapped to intervene in an escalating standoff between the CIA and the Senate Intelligence Committee last summer — determined that the spy agency staffers were in the right to access Senate files on a shared network after believing that a security breach may have occurred.
Senate staffers “were or should have been aware” that the agency occasionally monitored their use of the network, the board said in a 38-page report released on Wednesday, because of previous “discoveries of [committee] staffers’ misconduct” on the system.

Will I be forced to be social? (Note that your employer creates your page and all changes must go through HR)
Facebook at Work’ Launches So You Can Never Not Be on Facebook
Facebook is doing everything it can to monopolize your time online, ramping up efforts in video, messaging, and news, among other media. Now it’s unveiling a whole new portal that officially acknowledges what you already do anyway: spend all your time at work on Facebook. Called Facebook at Work, the service announced on Wednesday works pretty much just like regular Facebook, except you use it to connect to colleagues who may or may not be friends. Most important of all, the color scheme is different, [Wow! Bob] which lets your boss looking over your shoulder know that, even though you’re on Facebook, you’re still “working.”
For now, Facebook says it’s making Facebook at Work available to a handful of partners, who will be testing the product ahead of its full-blown launch, tentatively slated for later this year. Facebook itself says it’s been using Facebook at Work internally for years.
We have found that using Facebook as a work tool makes our work day more efficient,” Lars Rasmussen, Facebook’s director of engineering, tells WIRED. “You can get more stuff done with Facebook than any other tool that we know of, and we’d like to make that available to the whole world.”

The Internet of “Things You Really, Really Hate!” Is the “average driver” a safe driver? Will this “feature” urge me to drive like the “average driver?”
This year, your car will start yelling at you for driving poorly
… General Motors' OnStar division is announcing today that it's launching a "driver assessment" program in cars that will track how well drivers drive — hard braking, hard acceleration, and so on — and offer detailed feedback after collecting 90 days' worth of data. Afterward, they'll have the option of forwarding the data on to Progressive as part of its Snapshot insurance discount program, where you can get discounted insurance rates for driving well. (Progressive already offers a hardware dongle that can plug into existing cars to accomplish the same function.)
Privacy is a big concern here: although GM says that control of the system is "is in the hands of the customer," it only notes that drivers control whether they receive an assessment. The company is using anonymized driving data to compare participating drivers to national averages — do you drive better or worse than the average driver?

Timely question since I'm having my students write their own textbook this quarter.
Openness and Ownership: Who Owns School Work?
Many districts already have in place policies that claim copyright over employees’ work — particularly if it is done while at work or on work-issued equipment. But the Prince George’s County measure would have gone farther by saying that all work, done on one’s own time or on one’s own devices – was owned by the district. Furthermore, it took the usual step to claim copyright over students’ work.
No surprise, the policy was put on hold after public outcry over the move and questions about its legality (after all, students, unlike teachers, are not school employees).

Are you a slave of your smartphone? (Undue reliance) This should give my Ethical Hackers some interesting (evil) ideas!
Australians Wake Up An Hour Early
And finally, Australians living in Queensland were rudely awoken an hour earlier than usual when their smartphones were mistakenly changed to daylight savings time. This led to some bleary-eyed commuters actually turning up for work an hour before they were due to begin for the day.
Both Virgin Mobile and Optus sent out the automatic update to their customers’ phones, despite Queensland having opted out of switching back and forth between daylight savings time as long ago as 1972. Both networks blamed a network glitch, and apologized for the trouble it caused.

For my students in many classes.
Getting Employee Security Awareness Training Right
Time after time, attackers seem to find ways to get users to open an attachment.
Throwing technology at this is one way to address the issue. Another is through security awareness training – but depending on who is being asked, that may be either a panacea or an undersized Band-Aid. Training employees right, experts said, takes a mix of clearly-defined goals, executive support and understanding of employees roles and the target audience.
"The number one problem in the typical security awareness program is a lack of well-defined, measurable objectives for the program," said Gartner analyst Andrew Walls. "Well-defined objectives enable the design, development/acquisition of effective security education and training that produces measurable improvements in security."
In general, Walls said, there are four types of objectives in security awareness programs:
disciplinary baselines meant to establish justification for disciplinary actions when an employee breaks policy;
regulatory compliance;
establishing, diminishing or maintaining certain behaviors and the development of knowledge among employees in regards to security and
risk management.

For my Data Management students? Is this a tool we could use?
Private Equity firm Acquires Identity Finder
Identity Finder, LLC software helps organizations discover and protect sensitive data such as personal information, medical records, credit card accounts, and intellectual property stored across the enterprise and the cloud.

For my students. Is this sufficient?
DoD Cloud Computing Security Requirements Guide
Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG). Version 1, Release 1. 12 January 2015 Developed by the Defense Information Systems Agency (DISA) for the Department of Defense (DoD).
“Cloud computing technology and services provide the Department of Defense (DoD) with the opportunity to deploy an Enterprise Cloud Environment aligned with Federal Department-wide Information Technology (IT) strategies and efficiency initiatives, including federal data center consolidation. Cloud computing enables the Department to consolidate infrastructure, leverage commodity IT functions, and eliminate functional redundancies while improving continuity of operations. The overall success of these initiatives depends upon well executed security requirements, defined and understood by both DoD Components and industry. Consistent implementation and operation of these requirements assures mission execution, provides sensitive data protection, increases mission effectiveness, and ultimately results in the outcomes and operational efficiencies the DoD seeks.”

I'll ask my students if I should use this.
Google Launches Google Classroom Mobile Apps
Just a few hours ago Google announced the launch of Google Classroom mobile apps for students. The new Google Classroom iOS and Android apps enable students to take pictures and attach them to the assignments that they submit to you. This could be a great option for math students who have trouble typing responses to mathematics problems as they now can write on paper and submit assignments to you by taking a picture of their papers.
The Google Classroom iOS and Android apps allow students to share material from other mobile apps like Docs and Gmail.
Today, Google also announced new desktop features for teachers. You can now archive your classes when you're done with them at the end of a semester or school year. Archived classes will become "read only" so you and your students can still go back at look at the content, but not change the content. The other new desktop feature is a new teacher assignments page where you can see all of your students' assignments and mark assignments as reviewed.

My researching students might like this.
RefME Helps Students Create Bibliographies
… The free RefME iPad and Android apps enable students to scan the barcode on a book, periodical, CD cases, and many other media cases to have a citation formatted for that item. RefME provides more than 6,500 citation and bibliography formats for students to use. If your students don't have an iPad or Android device, they can still take advantage of RefME's service by simply logging into the website and performing a search for the book, periodical, or website that they need to cite. If RefME finds the item, a citation will be created that students can import into their accounts.
… After creating a RefME account students create their first projects in RefME. A project is essentially a folder for the citations that students are going to create for a paper. Students select a project name then add a reference to it by scanning the barcode on a book or periodical. When they have finished scanning all of their references (they can also add references manually) student can export their lists of citations to Evernote, email the list, or create a Word document of citations on the RefME website.

Wednesday, January 14, 2015

The Putin legacy?
Russia braces for ‘junk’ downgrade as oil drags
The ruble continues to fall, sanctions are biting and the slide in the price of oil shows no sign of slowing – it's hitting Russia hard and means a credit rating downgrade to "junk" status could be on the way.

Russia Says Inflation Could Hit 17% By March
… Russia's national currency has lost some 16 percent against the dollar since the start of the year after plummeting around 41 percent in 2014.
Russia's budget depends heavily on revenues from oil and gas, and the ruble continued to fall as the price of a barrel of Brent fell to around $46 on Tuesday.

Something for my Computer Security and my Disaster Recovery students to consider.
Strategy: Planning and Recovering From a Data Breach
Mandiant’s 2014 threat report cites an average of 243 days to discover a breach.
Given the near-certainty that some form an attack or data breach will happen in your organization, it makes sense to consider scenarios and plan for them when it happens. A data breach plan lays out the key steps and the key personnel to involve when a data breach happens, and needs to incorporate the following three elements:
Forensics and evidence collection
Forensics teams no longer serve just in post-incident response. As part of a continuous monitoring security framework, forensics teams can proactively look for possible risks in the network.
Identifying regulatory mandates impacted
Almost every state in the US, and EU government entity has data privacy and regulatory compliance mandates, which typically requires appropriate disclosure when consumer information or corporate information is exposed.
Managing notification of breach
Part of the data breach plan must include the specific steps to notify anyone who may be impacted, but doing it in a way that adequately addresses their concern. This includes training call center personnel, creating a specific call center line to address calls related to the breach, and offering credit monitoring services.
As Gartner advocates in their “adaptive protection process”, IT organizations should shift their mentality to a continuous response mentality where systems are assumed to already be compromised.

Look for yourself.
JPat Brown writes:
After the Department of Homeland Security released documents which indicated that it was monitoring social media via its National Operations Center’s Media Monitoring Capability program, MuckRock’s Todd Feathers requested a copy the program’s automated logs from 2011 to present.
According to the earlier acquired docs, the automated logging mechanism “captures the date and time of the search, the analyst user ID, and the character search term. The purpose of such searches is to locate a previously issued MMC report.”
Read more on MuckRock.

I find this very strange. Do we fail to teach people that this is possible?
CFPB Report Finds Nearly Half of Borrowers Do Not Shop for a Mortgage
“Today, the Consumer Financial Protection Bureau (CFPB) released a report finding that almost half of consumers do not shop around for a mortgage when purchasing a home. The report also found that informed consumers are more likely to shop, especially if they are familiar with available mortgage rates. As part of its Know Before You Owe mortgage initiative, the CFPB is releasing “Owning a Home,” an interactive, online toolkit designed to help consumers as they shop for a mortgage. The suite of tools gives consumers the information and confidence they need to get the best deal. “Our study found that many consumers are not shopping for a mortgage. Consumers put great thought into the choice of a home, but the mortgage process continues to be intimidating,” said CFPB Director Richard Cordray. “The Know Before You Owe Owning a Home toolkit makes it easy to see how shopping for a mortgage can translate into big dollars saved in the long run. We want to enable consumers to be more savvy shoppers.”

Another chunk of Big Data.
OECD Public Data is in Beta
Find, compare and share the latest OECD data: charts, maps, tables and related publications’. Start with one or two short search terms, then refine your results by adding more words.

(Related) Not all Big Data is immediately useful.
Map – Literally every goat in the United States
Washington Post – “There were 2,621,514 goats in the United States as of 2012, the year of the most recent USDA Agricultural Census. If America’s goats were their own state, its population would be larger than that of Wyoming, Vermont, D.C. and North Dakota — combined. This is what all those goats look like on a map.”

To share with my fellow teachers...
Create, Share, and Find Online Courses on Versal
Versal is service that you can use to create online classes that are bit more robust than your average flipped lessons. On Versal you can build online courses that incorporate text documents, images, videos, maps, slideshows, and more. When you build a course in Versal you build it lesson-by-lesson in an easy-to-follow outline. To build a lesson you drag content widgets onto a blank canvas. The content widgets include all of the previously mentioned media plus a whiteboard for drawing (perfect for math lessons), GeoGebra animations, timelines, and quizzes. When you add a quiz to your lesson you can require that students meet a minimum percentage in order to advance to the next lesson in your course. You can invite students to take your course and or embed your course into your blog or website. You can track the progress of invited students.
If you don't have the time to create a course from scratch or if you're looking to take a course yourself, jump into Versal's public course catalog. These courses can be embedded into your blog or website. Unless you upgrade to a premium account, you won't be able to track your students' progress on courses that you didn't create.
What makes Versal an appealing option for developing online courses is the wide variety of content types that you can add to your courses. Versal's whiteboard, Desmos, and GeoGebra gadgets are perfect for developing online mathematics courses. The option to require students to complete a quiz with a minimum score before moving into the next lesson is perfect for ensuring that students don't rush through your course.
On Wednesday at 7pm Eastern Time Versal is hosting a free webinar on using their service.

Unbelievable. We didn't make the list?
Which Universities Have Produced The Most Startup Founders?

Tuesday, January 13, 2015

Interesting, but unlikely to get much coverage in the US. Someone now knows a lot about Turkish citizens. Enough to generate false backgrounds for terrorists?
Hasan Bozkurt reports:
The Presidency’s State Audit Institution (DDK) has revealed that the state failed to protect Turkish citizens’ ID information. The servers of the administration’s website has been easily breached, ID information of citizens have been stolen. These include the General Directorate of Population and Citizenship Affairs, the General Directorate of Land Registry and Cadaster, Revenue Administration, the Social Security Administration, the Ministry of Health and the Ministry of Justice.
Underlining that more than 70 million of Turkish citizens’ ID copies stored in GSM operators, in the report expressed that more than 50 million of citizens’ ID information stolen by third parties.
Read more on BGN News.

Embarrassing, otherwise trivial. (TIP: Don't use the password: “CENTCOMtwits”)
U.S. CENTCOM Twitter, YouTube Accounts Defaced By ISIS
A couple of official social media accounts of the United States' Central Command have been breached today, with the Islamic State militant group ISIS claiming responsibility.
Both the Twitter and YouTube accounts of the Central Command were accessed to change both the banner and profile picture, as well as add a couple of messages.

(Related) “See? We're 'doing something!'” Would any non-government group respond as quickly? In fact, even if they simply reiterate “Best Practices” this is a good thing, and I shouldn't give them too much grief.
Agency to host seminar on social media hacks
… The General Services Administration (GSA) announced it would hold a web seminar this Thursday to teach federal agencies how to guard against and respond to social media hacks.
The seminar was announced hours after U.S. Central Command's (CENTCOM) Twitter account was taken over by individuals claiming allegiance to the Islamic State in Iraq and Syria (ISIS).
… An arm of the GSA – called DigitalGov — helps federal agencies use social media and other digital services. On Monday afternoon, it began Tweeting out instructions on how to prevent social media attacks and set up two-step verification.
It also sent instructions via email on Monday to hundreds of social media managers in the federal government, offering similar guidance in case of a social media attack.
… After the Associated Press’s Twitter account was broken into last year, the agency warned that the government would have to guard against similar attacks.
It said it is easy to guard against the attacks, which are usually the result of “lazy device security.”
“In fact, what’s often blamed on social media hacking is rooted in poor account management: easy-to-guess passwords; passwords that aren’t changed periodically or after staff changes; or lazy device security such as unlocked computers or mobile devices,” the agency wrote in a blog post last year, which it linked to on Monday.

My students claimed “worries about security” were the number one issue holding Cloud Computing back in their organizations.
Data Security Concerns Still Challenge Cloud Adoption: Survey
The CSA's Cloud Adoption, Practices and Priorities Survey Report fielded responses from 212 participants
According to the survey, 73 percent said concerns about the security of data are a top challenge holding back cloud adoption. In addition, other top responses include concerns about regulatory compliance (38 percent) and loss of control over IT services (38 percent). Some 72 percent admitted they did not know how many shadow IT apps were within their organization but wanted to.

Knee-jerk over-reaction or just waiting for the inevitable terrorist event that “justifies” striping encryption?
David Cameron Hates Privacy
British Prime Minister David Cameron wants to ban apps that ensure user privacy by using end-to-end encryption. He made the pledge to act against this trend in light of the terrorist attacks in Paris which left 17 people dead.
Cameron asked and answered his own question, saying, “Are we going to allow a means of communication which it simply isn’t possible to read? My answer to that question is: ‘No, we must not.’” Actually, most sensible people would answer, “Yes, we must.
While encrypted services can be used by people plotting harm, they’re used much, MUCH more widely by people who care about privacy and security. Destroying the notion of end-to-end encryption is an absolute non-starter, effectively banning the likes of Whatsapp and Snapchat from operating in the UK.

Would you rather have the NSA pass relevant data to the FBI or give the FBI the resources they need to capture the data themselves. (Let's not ask if they really need the data.)
DOJ IG Report on FBI Access to NSA Surveillance Data
U.S. Federal Bureau of Investigation access to overseas surveillance collected by sister organization the National Security Agency has expanded in recent years, with the law enforcement agency gaining access to collected but unprocessed data in 2009, according to a report released by the government. The FBI’s access to email and other data collected from overseas targets in the NSA’s Prism program has been growing since 2008, according to a 2012 U.S. Department of Justice inspector general’s report declassified last Friday by the DOJ. The agency made the highly redacted inspector general’s report public in response to a Freedom of Information Act request by the New York Times. In 2008, the FBI began reviewing email accounts [Specific accounts or browsing through all of them? Bob] targeted by the NSA through the Prism program, according to the report and a New York Times story. Then, in October 2009, the FBI requested that information collected under the Prism program be “dual routed” to both the NSA and the FBI so that the FBI “could retain this data for analysis and dissemination in intelligence reports,” [with attribution? Bob] according to the IG’s report. And in April 2012, the FBI began nominating email addresses and phone numbers [I read this as the FBI “tasking” the NSA. That is definitely wrong in my humble opinion. Bob] that the NSA should target in it surveillance program, according to the document. The IG’s report, however, concluded that the FBI took a responsible approach toward the surveillance program. The FBI’s Prism team “implemented its targeting procedures with commendable deliberation, thoroughness and professionalism,” the report said.”

It's for the children!
Facebook Is Placing ‘Amber Alerts’ for Missing Children in News Feed
… Facebook said Tuesday it has partnered with the National Center for Missing and Exploited Children to include “Amber Alerts” in the news feeds of users near a child reported missing.
The alerts will appear in the second slot of the feed, along with a photo and details about the case.
The initiative highlights how social media has become a crucial source of information for many people.

But what if I don't “like” anything?
Facebook Is Now Better At Judging Your Personality Than Your Friends Are
A new study, published Monday in the journal PNAS, suggests that computers are now better judges of character than your friends, family, and even your partners.
The project, conducted by researchers at the University of Cambridge and Stanford, used an algorithm to calculate the average number of "Likes" a computer needs to draw a remarkably accurate identification of who you are.

Be careful what you wish for...
Google News Offline In Spain; Newspaper Publishers Are To Blame
Google isn’t serving up headlines from Spain on Google News, and Spanish users can’t access Google News at all. The reason: a Spanish law that requires Google to pay for the use of headlines.
Google’s response: shutting down the service entirely.
On December 16th 2014, Spain passed a law saying Spanish newspapers must be paid for content, even if they are willing to give it away for free.
… Publishers were not prepared for the consequences.
Enrique Dans, an information technology and systems professor of the Instituto de Empresa (IE) Business School in Spain, published an article on Medium arguing that the Google tax is greedy, and irresponsible. Professor Dans predicts that the law will be impossible to enforce, and if it is used to chase small companies and individual journalists, would only hurt the field of journalism.
… Spanish speaking people have rallied behind hashtags like #EnlaceLibre (#FreeLinks), and #Todoscontraelcanon (#EverybodyAgainstTheFee).
… many are even boycotting AEDE publications with the use of browser extensions like AEDE Blocker.
Predictably, with Google News dropped from the wire of Spanish headlines, Spanish publications aren’t seeing as much traffic as they used to. They lost anywhere from ten to fifteen percent of their regular traffic with the loss of Google News – and with it revenue.
France, Belgium, Germany, and Portugal have all considered similar laws, SearchEngineLand reports. For example: in 2012 Germany implemented ‘ancillary copyright’ for publishers, but ended up permitting ‘very small excerpts of text’ to be shown for free, – giving Google some leeway in presenting snippets in news searches.
All four of these other nations have worded their law such that a publisher can demand payment, but is not required to – a key difference from Spain’s approach.

I have some students who could use a job...
The powerful woman behind Intel’s new $300 million diversity initiative
… “A confluence of industry events has brought [the lack of women and minorities in technology] to the center stage, from the threats and harassment that have characterized the debate in the gaming world to the publication of hiring data and diversity statistics in the tech industry,” Intel CEO Brian Krzanich told the audience during his keynote address at CES.
… While Krzanich announced the newly-formed “Diversity in Technology” initiative, it’s Intel president RenĂ©e James who will be the one handling the day-to-day oversight of the investment.
… Intel’s plan, says James, is to use the money to help build a pipeline of female and underrepresented engineers and computer scientists. That includes funding programs that teach STEM (science, technology, engineering and mathematics) to young people in underserved areas, collaborating with higher education institutions, investing in women and minority-owned companies and creating bolder hiring and retention incentives and programs to encourage diversity within Intel.

No doubt we'll increase our 2 year degrees. Unless they define “community college” more restrictively than I think they can.
The Genius of Obama's Two-Year College Proposal
… Community colleges, which educate nearly half of the nation’s 24 million college students, are already far more affordable than public four-year institutions. The annual tuition at public community colleges is $3,260, less than half the $8,890 average in-state tuition at public four- year institutions. Obama’s initiative would reduce community-college tuition costs to zero for students across the economic spectrum—a plan that would cost the federal government $60 billion over 10 years. (It is possible, though not confirmed, that Obama will reserve Pell Grant money to offset other costs, such as books, transportation, food, and housing.)
… Some liberals even joined in the criticism. Because the program is not limited to low-income students, middle-income and even wealthy community-college students could benefit. Donald Heller, dean of Michigan State University's College of Education, told Politico, "Should we really be giving those kids free tuition when their families can pay?" And the Institute for College Access and Success called the proposal "a Wolf in Sheep’s Clothing," arguing that "making tuition free for all students regardless of their income is a missed opportunity to focus resources on the students who need aid the most."

Tools for my Business Intelligence students? (Can we turn these outward?)
How Are You Doing On Instagram? These Websites Will Tell You
… Whether you’re new to Instagram or a long-time user, these websites’ wide array of features are sure to help you better understand your Instagram community and let you know how you did this past year.