Saturday, January 24, 2015

That's why I have my Ethical Hacking students hack my lawyer's car. (As always, using the server we hacked in North Korea)
Kyle Wiens writes:
Cars, especially, have a profound legacy of tinkering. Hobbyists have always modded them, rearranged their guts, and reframed their exteriors. Which is why it’s mind-boggling to me that the Electronic Frontier Foundation (EFF) just had to ask permission from the Copyright Office for tinkerers to modify and repair their own cars.
“Two of EFF’s requests this year are on behalf of people who need to access the software in cars so they can do basic things like repair, modify, and test the security of their vehicles,” says Kit Walsh of the EFF. “Because Section 1201 of the DMCA prohibits unlocking ‘access controls’—also known as digital rights management (DRM)—on the software, car companies can threaten anyone who needs to get around those restrictions, no matter how legitimate the reason.”
Read more on Wired.

A false reading could result in an attempt to pump 2,000 gallons of fuel into a tank that's only down 1,000 gallons. How quickly could they stop the pumps?
US Gas Stations Exposed to Cyberattacks: Researchers
Malicious actors could theoretically shut down more than 5,300 gas stations in the United States because the automatic tank gauges (ATGs) used to monitor fuel tanks are easily accessible via the Internet.
ATGs are electronic devices that monitor fuel level, temperature, and other parameters in a tank. The devices alert operators in case there is a problem with the tank, such as a fuel leak.
… “Many ATGs can be programmed and monitored through a built-in serial port, a plug-in serial port, a fax/modem, or a TCP/IP circuit board. In order to monitor these systems remotely, many operators use a TCP/IP card or a third-party serial port server to map the ATG serial interface to an internet-facing TCP port. The most common configuration is to map these to TCP port 10001,” Rapid7’s HD Moore noted in a blog post.
Kachoolie provides a service that allows users to test if their tank gauges are secure.

If you have nothing to hide, you will be happy to reveal all of your proprietary functions?
Apple agrees to China’s security checks on iPhones
Apple has agreed to China's demand of carrying out security checks on its products, including iPhone, the country's cyber security regulator has announced. The decision makes Apple the first foreign company to accept its proposal on security checks, Cyberspace Administration of China, said.
The move is significant because other US companies including Google and Facebook have earlier refused to undergo security checks. "These firms have had to leave the Chinese market because of their refusals to comply," State media said.

I have multi-tools in my glove box and my toolkit. You probably should skip this if you fly. I wouldn't want to be tackled by the TSA as I go through security.
The wearable tool, the new Leatherman Tread
… “The idea originated on a trip to Disneyland with my family,” said President Ben Rivera. “I was stopped at the gate by security for carrying a knife, when what they had actually seen was my Skeletool. I was unwilling to give it up, so they made me take it all the way back to my hotel room. I knew there had to be another way to carry my tools with me that would be accepted by security.” When he returned from his trip, Rivera, who began his tenure at Leatherman Tool Group 24 years ago as an engineer, began by wearing a bike chain bracelet to see how it would feel. As his thoughts took shape, he brought his idea to the engineers at Leatherman who helped fast track his plans.
… The Tread bracelet began taking shape. Each complex link was metal injection molded for strength and intensity. The bracelet was crafted to be fully customizable with slotted fasteners, so the user could rearrange links, add new ones, or adjust for wrist size to ¼”. Even the clasp is functional with a bottle opener [Mmm, beer! Bob] and #2 square drive. Other link tools include a cutting hook, hex drives, screwdrivers, box wrenches, and a carbide glass breaker.

Your “digital estate?” Personally, I have a plan to live forever. (So far, it's working)
Everybody Dies: What is Your Digital Legacy?
Alethea Lange – CDT – “What happens to your email when you die? For most people this hopefully isn’t an urgent question, but a few high profile cases have made it an issue for lawmakers and judges around the world. You might think that your family could show up with a death certificate and/or a court order and get access to your digital content, but it’s not that straightforward. The federal Electronic Communications Privacy Act (ECPA) governs what types of information cloud service providers like Google and Yahoo! can disclose and under what circumstances — and it doesn’t account for death. Companies are inclined to point to their terms of service to decide when and how to provide access to accounts, but this is often decided on a case-by-case basis. This has left a confusing and delicate gap in the law that competing entities are rushing to fill. It’s easy to forget the amount of administrative work we conduct in online accounts —many of us only receive electronic statements and bills— and one of the tasks facing grieving families and friends is to close and settle accounts for their deceased love ones. This is challenging without access to email or other digital accounts where statements and other notifications are commonly sent. Additionally, years of family memories can be stored in a password-protected account, often through cloud services. The combination of sentimental and practical reasons to give access, and the serious privacy concerns implicated in doing so, has made this a hot button issue. Several states have already introduced legislation, and we expect to see more this legislative session. Currently, anyone can write their will to include instructions for the dispensation of online accounts in whatever way they wish. ECPA does not prevent account holders from granting access to their own accounts by sharing passwords or other security details. (Pro-tip: Don’t put your passwords in your will because that document will become part of the public record. Instead, leave instructions for where to find a list of passwords to chosen accounts.) This is a good solution — it allows individuals to express their wishes, gives clarity to tech companies, and doesn’t require anyone to look at the U.S Code. However, only 45 percent of Americans have a valid will at death, and far fewer specifically address access to digital accounts, leaving many personal representatives with uncertain fiduciary duties.”

Entertaining with “education”
Hack Education Weekly News
A new law in Illinois would require students hand over their social media passwords to schools if the school has reason to believe that their social media accounts have evidence she or he violated a school policy. Even if it’s posted at home, after school hours. Remind me again how the federal government is going to protect student privacy again?
75% of college campuses employ armed officers. [Afraid of mad gunmen or law suits? Bob]

For my Math students (with iPad)
Every Khan Academy course is now available on the iPad for the first time
… with the introduction of a completely redesigned app for the iPad — now, everything that lives on the site is also available to iPad users. That includes some 150,000 learning exercises, content that product director Matt Wahl said was "where the majority of people spend their time on Khan Academy today."

Just a tip for my Data Analytics students. Learn to program in “R” or SAS or SPSS (not free)
Microsoft Buying Revolution Analytics For Deeper Data Analysis
Microsoft announced Friday that is will close a gap in its data-analysis portfolio by acquiring Revolution Analytics, an eight-year-old vendor that has developed a commercially supported enterprise platform around the open-source R statistical- and predictive-analysis language.
"We're making this acquisition to help more companies use the power of R and data science to unlock big data insights with advanced analytics," wrote Microsoft's Joseph Sirosh, corporate vice president, machine learning, in a blog post on Jan. 23.
SAS is the marketshare leader in advanced analytics, followed by IBM, which acquired SPSS in 2009 in order catch up in that arena.

Note: Sharing data is easy, if you want to share data. Implications for e-Discovery?
How Chicago Solved Its Open Data Dilemma
How Chicago Solved Its Open Data Dilemma, Loraine Lawson – “In New York City, obtaining a public data set required an open records request and the researcher toting in a hard drive. So grab a notepad, Big Apple, and let the Windy City show you how to do open data. A recent GCN article describes how Chicago simplified the release and updating of open data by building an OpenData ETL Utility Kit. Before the kit, the process was onerous. Open data sets required manual updates made mostly with custom-written Java code. That data updating process is now automated with the OpenData ETL Utility Kit. Pentaho’s Data Integration ETL tool is embedded into the kit, along with pre-built and custom components that can process Big Data sets, GCN reports. “What’s different now is we have a framework that can be easily used by a lot of people,” Tom Schenk, the city’s chief data officer, told GCN. “I could also give that tool to a number of users around the city of Chicago and they’d to be able to program ETLs that are going be easier for them to understand, easier for them to create. It allows us to be more nimble.” In a particularly compelling use case, the city tapped into an application programming interface (API) that monitors water quality at Lake Michigan beaches and used the ETL to push out information hourly. If you’re curious about the OpenData ETL Utility Kit — and I’m looking at you, New York City — you can download it from github.”

I'll ask my students. Is this important?
Download your WhatsApp Contacts
You can now use the WhatsApp messenger on your Mac or Windows PC provided you have the WhatsApp app running on a mobile phone that is not an iPhone. Go to on your desktop, scan the QR code on the screen with WhatsApp on your phone and you can instantly send or receive messages to any of your WhatsApp contacts from the computer.

Think of this as a live link rather than a dead citation.
Try Citebite for Linkly Directly to Quotes from the Web
Cite Bite is a simple tool for creating a direct link to a passage of text on a webpage. It's a simple process to create a direct link to a quote using Cite Bite. To use the service just copy and paste the chunk of text you want to share into Cite Bite. Then copy and paste the url of the source into Cite Bite. Cite Bite then creates a url that you can share with others to send them directly to the quote you want them to read.
Applications for Education
Cite Bite could be a handy little tool for those times when you want all of the students in your classroom to read and discuss a passage from an online article. While you could probably accomplish the same thing by just posting the source link on your classroom blog, the benefit of Cite Bite is that it will automatically highlight and direct students to the passage you want them to discuss.

'cause this is important! (No iPhone App? What are they, a bunch of Commie Pinkos?)
How to watch the Super Bowl on your Android phone or tablet
… Fortunately, you can stream the game live right from your Android tablet or phone. NBC will live stream the game, and you shouldn't even have to log in or provide any sort of pay TV credentials. The network will even stream the halftime show this year. It will stream ads too, though they won't necessarily be the same ads that air on broadcast TV.
On tablet, you'll want to pick up the NBC Sports Live Extra app.
If you have Verizon, you'll want to grab the NFL Mobile app.
Don't have Verizon? Well, NBC will stream the game on its NFL Sports Live Extra website, too. You can always try firing up your web browser on your phone and going there, but there's no guarantee it'll work.

Friday, January 23, 2015

What is going on here? Perhaps there is even more damage that I thought. What could keep Sony from simply adding up the costs? Have they lost all their accounting records? No backups anywhere?
Sony Hacking Attacks Delay Earnings Report
Sony Corp. said Friday that it will miss a stock-market deadline for issuing its third-quarter results due to the hacking attacks that hit its movie unit late last year.
The Japanese electronics giant said it still plans to hold briefing sessions for the media and analysts on Feb. 4, the original date scheduled for its earnings report, but would only provide estimated figures for the performance of its movie subsidiary Sony Pictures Entertainment Inc.
All other segments, including its financial division and electronics arm, will report finalized numbers, it said.
… Part of the movie unit’s intranet system is expected to remain powered off until early February, preventing accountants from using software to finalize the results. [Bull! Bob]
Sony Chief Executive Officer Kazuo Hirai said previously that the financial damage to Sony from the hacking campaign would likely be limited.
The statement on Friday said the impact would be “light.”

Sharing data without consideration? This makes me think it might be better not to register your guns in the first place.
Raquel Okyay reports:
Gun rights advocates have asked Rochester District Court to end a state regulation they contend authorizes the state to secretly compile personal mental health information without cause to confiscate firearms in violation of the Second, Fourth, Fifth and Fourteenth Amendments.
“We made a motion for preliminary injunction to shut down the Integrated SAFE Act Reporting System,” said Webster-based attorney and policy analyst, Paloma A. Capanna. “Our concern here is that the New York State police in conjunction with local law enforcement are using confidential mental health information to strip people of their firearms and pistol licenses.”
Read more on Rockland County Times.
[From the article:
Montgomery, who is also a U.S. military veteran, sought voluntary treatment for insomnia at Eastern Long Island Hospital in May, was treated by a mental health professional and sent home, she said. “A few days later he received a call from the Suffolk County Police telling him they had to come by and pick-up his guns.”
… The complaint said the state is actively conducting an overreach into the personal health records of tens of thousands of New Yorkers, more than 99 percent of whom do not even know that the confidentiality of their doctor-patient relationship has been compromised.

They hear, but do they listen?
Privacy is Dead, Davos Hears
"Privacy as we knew it in the past is no longer feasible... How we conventionally think of privacy is dead," she added.
Another Harvard researcher into genetics said it was "inevitable" that one's personal genetic information would enter more and more into the public sphere.
Sophia Roosth said intelligence agents were already asked to collect genetic information on foreign leaders to determine things like susceptibility to disease and life expectancy.
"We are at the dawn of the age of genetic McCarthyism," she said, referring to witch-hunts against Communists in 1950s America.
What's more, Seltzer imagined a world in which tiny robot drones flew around, the size of mosquitoes, extracting a sample of your DNA for analysis by, say, the government or an insurance firm.
… "Governments are talking about putting in back doors for communication so that terrorists can't communicate without being spied on. The problem is that if governments can do that, so can the bad guys," Nye told the forum.
"Are you more worried about big brother or your nasty little cousin?"
… And at a separate session on artificial intelligence, panellists appeared to accept the limit on privacy as part of modern life.
Rodney Brooks, chairman of Rethink Robotics, an American tech firm, took the example of Google Maps guessing -- usually correctly -- where you want to go.
"At first, I found that spooky and kind of scary. Then I realized, actually, it's kind of useful," he told the forum.
Anthony Goldbloom, a young tech entrepreneur, told the same panel that what he termed the "Google generation" placed far less weight on their privacy than previous generations.
"I trade my privacy for the convenience. Privacy is not something that worries me," he said.

Students must be taught that they have no rights.
Illinois School Districts To Require Facebook Passwords From School Bullies
There's no arguing the fact that bullying is something that should be combated, but is that enough to go against the Fifth Amendment and require someone to hand over their password as part of an investigation? That's the reality Illinois schools could soon face, as their government has decided that if asked, a student must hand over access to their social media accounts -- in effect, requiring them to cough up their password.
A requirement like this isn't new, and in fact it's been put into use many times before. Most often, cities or governments will end up banning the practice.

I'm curious as to who initiates this poorly worded nonsense? Is it really intended to force acceptance of “compromise” legislation that is not quite as idiotic, or is it just uncompromisingly idiotic?
Orin Kerr’s not the only one with concerns about the DOJ’s proposal to revise the Computer Fraud and Abuse Act (CFAA). Over on Twitter, Nate Cardozo of EFF got some attention with his tweet claiming that an article and links to it could become a felony under the proposal.
As Nate explained to me in other tweets, this noncommercial blog (and blogger) could also be at risk due to the changes in the proposed language.
Tim Cushing has more on TechDirt.

Russia keeps talking like this is no big deal...
Russia: 'Don't call us losers' over oil prices
… Russia, which depends on the oil and gas industry for the majority of government revenue and export earnings, is faced with a dire situation. Oil prices have plunged below $50 per barrel, which has slammed the value of the ruble, sent inflation soaring above 10 percent and caused ripple effects throughout the country.
But Dvorkovich was upbeat at the World Economic Forum, turning on the top economist at the International Energy Agency for daring to suggest Russia was the biggest loser from the oil price plunge.
"We are not losers. Don't call us losers," Dvorkovich said during a panel discussion.

(Related) ...but this is more like what they must be thinking.
Oil price drop is ‘economic warfare against US enemies’

(Related) Interesting, but hard to reach any conclusions.
Beyond the Gas Pump: A New World Order for Oil

If nothing else, Kim Dotcom is innovative and amusing. This could be a very useful App (and an easy way to watch movies without the MPAA being able to prove it?)
Kim Dotcom Hopes To Bury Skype With Launch Of Encrypted MegaChat
If there's one thing Internet legend Kim Dotcom despises, it's being spied on. Likewise, he hates that governments take it upon themselves to spy not only on him, but everyone. Not long after his Auckland mansion was raided some three years ago, his love for privacy and security only skyrocketed. What eventually came of that was Mega, a cloud service that offers an impressive 50GB of free storage, as well as promises that your data will be safe from prying eyes.
… We reported on this venture last month, and today, the first bit of functionality rolls out: video calls. Dotcom says that his "Skype-killer" will roll out in parts, with text chat and video conferencing to come soon.
A major feature of Mega's chat service, aptly named MegaChat, is that it can be used right inside of a Web browser, rather than through a dedicated app like with Skype.

For my Data Management students. An update on the old paper invoice scam we were discussing last week.
Email Scam Nets $214 Million in 14 Months: FBI
… In the scheme, fake invoices are delivered to businesses which deal with overseas suppliers, asking for payment by wire transfer.
The scam has claimed 1,198 US victims and 928 in other countries, according to the statement. US firms have lost more than $179 million of the total.
In one version of the scheme, a business which works with overseas supplier is contacted by phone, fax or email asking for payment. The emails are "spoofed" to look as if they came from the legitimate supplier. Phone and fax requests also appear genuine.
In another version, email accounts of high-level executives are compromised to allow the criminals to request a wire transfer, often including instructions to "urgently send" funds.
A third version of the scheme involves the hacking of an employee's email account, which then sends out bogus invoices to vendors or suppliers.

For my Computer Security students. An infographic.
How To Set Up A VPN (And Why It’s A Good Idea To Use One)

I think of something like this when I repeat myself for the 4 billionth time...
Amazon goes after Apple with Kindle Textbook Creator
Amazon wants to make it easier for people to craft textbooks for its e-book platform, so the company just released the Kindle Textbook Creator, an app that makes it easy for publishers to create their own richly-formatted textbooks that can be viewed on a wide variety of devices.

Thursday, January 22, 2015

We might have a chance to learn something! (As will every Class Action lawyer in the country.) Is there a way to get copies of the exhibits from both sides? For Academic purposes of course. My Computer Security (and Ethical Hacking) students would find it quite interesting.
From the yay-a-judge-standing-up-for-transparency dept.:
R. Robin McDonald reports:
A federal judge in Atlanta has put lawyers in litigation over credit and debit card security breaches at The Home Depot that he will reject attempts to seal large portions of the court record.
“The first 10 years I was on the bench pretty much we just went along with whatever y’all wanted to do about sealing documents. At least I did,” U.S. District Chief Judge Thomas Thrash Jr. told the lawyers at a Jan. 16 status conference on the multi-district litigation. “And then in these big commercial cases it became clear that things were just getting out of hand, and the lawyers were wanting to seal virtually everything.”
Read more on Daily Report.

We have learned something here. Processor contracts need to be rewritten! (Roughly $0.20 per card?)
Tracy Kitten reports:
A breached retailer has won a court ruling against its payments processor and merchant bank, setting a $500,000 cap on how much it must pay for a point-of-sale breach it suffered in late 2012. Now the processor and bank must pick up the rest of the breach-related tab.
On Jan. 15, the U.S. District Court for the Eastern District of Missouri ruled that the St. Louis-based grocery chain Schnuck Markets Inc. was not the sole party responsible for covering losses and expenses associated with its payments breach, which is estimated to have compromised some 2.4 million credit and debit cards.
Read more on,

Can it be? A government that does computer security right? Wow!
Claudia Lauer reports:
The Arkansas Department of Information Systems blocked all .zip files from the state’s email system after a malware attack was identified.
The department sent out notice over email and social media about 10:30 a.m. Wednesday. Department spokesman Janet Wilson said only a fraction of the more than 15,000 computers on the state’s computer network were affected.
“There were less than 50 machines that were actually infected,” she said. “We have multiple layers of defensive mechanisms. Some of them are malicious traffic filters and there are other measures as well. Those filters caught the malware attack. We ran a test on the computers in the network, and those 50 were identified quickly and taken off of the state network and replaced.”

What? You thought these things were secure? How do you think my Ethical Hackers can guarantee a 20% reduction in your insurance rates? Or consistently prove it's the other guy's fault?
Swati Khandelwal writes:
…. Since 2008, US-based Progressive Insurance has used the SnapShot device in more than two million vehicles. The little device monitors and tracks users’ driving behavior by collecting vehicle location and speed records, in order to help determine if they qualify for lower rates.
However, the security researcher Corey Thuen has revealed that the dongle is insecure and performs no validation or signing of firmware updates. [In other words, it does not check to see if modifications are authorized Bob] It has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols, possibly putting the lives of people inside the vehicle in danger.
Read more on The Hacker News.

This reads rather funny...
Mark Govaki reports:
The attorney for a former defense contractor employee accused of stealing sensitive government data questioned the timing and scope of federal agents’ search and why the FBI would erase surveillance video.
John M. Sember, 28, is accused in a complaint filed in Dayton’s U.S. District Court of either destroying or taking sensitive information from government computers after his defense contractor job ended at Wright-Patterson Air Force Base.
Read more on Dayton Daily News.
[From the article:
… Sometimes conflicting testimony from Fairborn police officers, federal agents and Sember himself was given in U.S District Court Judge Thomas Rose’s courtroom Friday during a hearing on defense motions to suppress and to dismiss the indictment.
… A wide array of computer and electronic equipment was seized from Sember’s Fairborn residence after a search warrant was served March 28, 2014. Items taken included a surveillance system DVR located in a small room behind a book case in his bedroom.
… Sember answered a question from assistant U.S. attorney Dwight Keller by saying he initiated the discussion about what may be found on the surveillance footage when FBI Special Agent Andrew J. Eilerman was going to return the surveillance DVR last fall.
… He also testified he didn’t think the footage — including a time stamp — would be erased before the outcome of his case.
FBI Special Agent James Howley testified he seized the DVR from Sember’s home because it could contain classified information and for “officer safety.” Hawley also said he didn’t ask anyone at the FBI to look at the footage and they did not know of any protocol allowing or disallowing the destruction of evidence without a court order before a case was decided.
Howley said an FBI forensic lab worker erased the DVR — believing the worker didn’t view it — at the request of Eilerman.

This isn't really a new idea, is it?
If you’re interested in surveillance – and curbing it – add this to your must-read list:
Kaminski, Margot E. and Witnov, Shane. The Conforming Effect: First Amendment Implications of Surveillance, Beyond Chilling Speech (January 2015). University of Richmond Law Review, Vol. 49, 2015. Available for free download at SSRN: (article is .pdf, 54 pp)
First Amendment jurisprudence is wary not only of direct bans on speech, but of the chilling effect. A growing number of scholars have suggested that chilling arises from more than just a threat of overbroad enforcement — surveillance has a chilling effect on both speech and intellectual inquiries. Surveillance of intellectual habits, these scholars suggest, implicates First Amendment values. However, courts and legislatures have been divided in their understanding of the extent to which surveillance chills speech and thus causes First Amendment harms.
This article brings First Amendment theory into conversation with social psychology to show that not only is there empirical support for the idea that surveillance chills speech, but surveillance has additional consequences that implicate multiple theories of the First Amendment. We call these consequences “the conforming effect.” Surveillance causes individuals to conform their behavior to perceived group norms, [Ask any dictator Bob] even when they are unaware that they are conforming. Under multiple theories of the First Amendment — the marketplace of ideas, democratic self-governance, autonomy theory, and cultural democracy — these studies suggest that surveillance’s effects on speech are broad. Courts and legislatures should keep these effects in mind.

I admit I can't figure out what Putin is doing here. Perhaps a bit of, “Yes, our economy is collapsing but our military is still strong?” Perhaps, “We really, really want the Ukraine?” Perhaps, “How dare they defy me?”
Ukraine says more Russian troops crossed border; fighting escalates
Ukraine's president on Wednesday accused Russia of moving additional troops and military hardware into his country, a charge the Moscow quickly denied amid intense fighting in eastern Ukraine.
… “The situation is getting worse because now we have information that more than 2,000 additional Russian troops are crossing our border together with 200 tanks and armored personnel carriers,” Poroshenko said in a Bloomberg TV interview. He did not say when the incursion occurred.
The troops and hardware were in addition to about 8,000 Russian soldiers and 300 tanks and armored vehicles already deployed in the country's coal-mining region of Donbas, he said.
… Russia had recently amassed more than 50,000 troops “in full combat readiness” and hardware close to Ukraine's borders, the Ukrainian Foreign Ministry said on its website Wednesday.

When all else fails, RTFM! (I find a simple Google search works fine.)
5 Sites To Find & Download User Manuals

Tools for my geeky students.
Need A Disk Cleanup? Visualize What Takes Up Space On Your Windows PC

Perhaps we can analyze this data to see if we get the same results? (If we do, perhaps some of the local PDs will be interested?)
Jeremy Gillula and Dave Maass write:
Police cars mounted with automatic license plate readers (ALPRs) wind their way through the streets of Oakland like a “Snake” game on an old cell phone. Instead of eating up pixels of food, these cameras gobble down thousands of license plates each day. And instead of growing a longer tail, ALPRs feed into a giant database of locational data as they conduct surveillance on every driver within the city limits, and sometimes beyond.
This is the portrait that emerged when EFF analyzed eight days of ALPR data provided by the City of Oakland in response to a request under the California Public Records Act.
Read more on EFF.
[From the EFF:
Want to take a look at the data yourself? Do you have a better analysis method? Want to draw your own conclusions? Please do! You can find the ALPR data here and the crime data here, both in CSV format, or here in a Google Fusion Table.

More reading for my students. We'll discuss at least a dozen of them...
9 Business Intelligence and Analytics Predictions for 2015

Wednesday, January 21, 2015

This is more than a bit concerning. I like to think I know a bit more about securing my computers than the average user and I hope my students complete their Computer Security classes as “above average” also. Will than mean they automatically become suspected terrorists? What happens if their security is better than the FBI's hacking? Can the FBI call in air strikes?
DOJ wants to give the FBI permission to hack into PCs of Tor and VPN users
When people use anonymizing tech such as Tor or a VPN, then that should not imply they are trying to “hide” because they are up to no good. It does make it challenging for law enforcement to know the location of the person trying to protect his or her anonymity as well as to know what district has legal jurisdiction to issue a warrant. However, the DOJ has proposed changes to Rule 41 that would allow U.S. law enforcement to hack into computers of people using anonymizing services without needing to first know the location of those computers. According to law professor Ahmed Ghappour, the proposed amendment could result in “possibly the broadest expansion of extraterritorial surveillance power since the FBI’s inception.”
While that doesn’t mean the FBI would use malware to infect the PCs of all people using anonymizing services, it could mean the government would legally be allowed to secretly deploy malware for remote searches on PCs. That malware would allow the FBI to go through and covertly upload files, photos, emails, or do anything the computer is capable of doing, such as turning on the webcam and microphone. It also means the location of the PC doesn’t matter, be it domestic or on foreign soil.
The DOJ said (pdf) it is not looking for the power to search electronic storage in foreign countries, as the Fourth Amendment does not apply to non-U.S. persons, but Ghappour argues, "the practical reality of the underlying technology means doing so is almost unavoidable."

(Related) If my students write their own secure Apps, the FBI would have to capture and analyze all communications in order to “isolate” those they believe are trying to protect communications.
Forget WhatsApp: 6 Secure Communication Apps You’ve Probably Never Heard Of

(Related) Just a reminder of how well the DOJ's ideas of what is acceptable have worked in the past.
DOJ to pay $134K over fake Facebook profile
The Justice Department will pay $134,000 to settle a lawsuit brought by a woman who was impersonated online by a Drug Enforcement Agency (DEA) officer without her knowledge.
The settlement was revealed in a court filing made available on Tuesday. It was first reported by the Associated Press.
The woman, Sondra Arquiett, was arrested as part of a drug case in 2010. An agent with the DEA used her name and images from her phone to create a sham Facebook profile designed to target others they suspected were involved in the case while she was awaiting trial.

Analyzing the Internet of Things. If you had this information, could you build a business around it?
Snowplow tracking apps hold cities accountable for cleanup
As another storm flung snow at Chicago, Alexandra Clark wondered how she'd get to work. Like an increasing number of snowbound city dwellers, she had a ready tool at hand: an app that tracks hundreds of city snowplows in close to real time.
But something seemed out of whack.
"Plow tracker said my street was plowed an hour ago - Pull the other leg," the 31-year-old video producer tweeted at the mayor's office, including a photo of her snowed-in street.
Across the country, local leaders have made plow-tracking data public in free mobile apps, turning citizens into snow watchdogs and giving them a place to look for answers instead of clogging phone lines at city call centers to fume.
… The apps tap into GPS data already collected by the city to direct plows, so no extra money is spent in the creation. It's a politically deft move by cities where bungled storm responses have cost officials their jobs, and a way to show skeptics that plow drivers are working hard — and not just clearing the streets of the wealthy and well-connected.

Looks like we're already doing most of this...
Training Students to Extract Value from Big Data
“As the availability of high-throughput data-collection technologies, such as information-sensing mobile devices, remote sensing, internet log records, and wireless sensor networks has grown, science, engineering, and business have rapidly transitioned from striving to develop information from scant data to a situation in which the challenge is now that the amount of information exceeds a human’s ability to examine, let alone absorb, it. Data sets are increasingly complex, and this potentially increases the problems associated with such concerns as missing information and other quality concerns, data heterogeneity, and differing data formats. The nation’s ability to make use of data depends heavily on the availability of a workforce that is properly trained and ready to tackle high-need areas. Training students to be capable in exploiting big data requires experience with statistical analysis, machine learning, and computational infrastructure that permits the real problems associated with massive data to be revealed and, ultimately, addressed. Analysis of big data requires cross-disciplinary skills, including the ability to make modeling decisions while balancing trade-offs between optimization and approximation, all while being attentive to useful metrics and system robustness. To develop those skills in students, it is important to identify whom to teach, that is, the educational background, experience, and characteristics of a prospective data-science student; what to teach, that is, the technical and practical content that should be taught to the student; and how to teach, that is, the structure and organization of a data-science program. Training Students to Extract Value from Big Data summarizes a workshop convened in April 2014 by the National Research Council’s Committee on Applied and Theoretical Statistics to explore how best to train students to use big data. The workshop explored the need for training and curricula and coursework that should be included. One impetus for the workshop was the current fragmented view of what is meant by analysis of big data, data analytics, or data science. New graduate programs are introduced regularly, and they have their own notions of what is meant by those terms and, most important, of what students need to know to be proficient in data-intensive work. This report provides a variety of perspectives about those elements and about their integration into courses and curricula.”

For my Analytics students. Same techniques used for judging “significant” scientific papers, in far less than 25 years.
Big data tops humans at picking 'significant' films: study
The most accurate predictions of which movies the U.S. Library of Congress will deem "culturally, historically, or aesthetically significant" are not the views of critics or fans but a simple algorithm applied to a database, according to a study published on Monday.
The crucial data, scientists reported in Proceedings of the National Academy of Sciences, are what the Internet Movie Database ( calls "Connections" - films, television episodes and other works that allude to an earlier movie.
… The 1972 classic "The Godfather," for instance, is referred to by 1,323 films and television episodes, which as recently as 2014 quoted the "offer he can't refuse" line, referred to the famous horse-head scene, or played the theme music, for instance. "Godfather" made the registry in 1990.

For my students.
Intellectual Property and Trust in the Age of Digital Media
“The 2015 Edelman Trust Barometer reveals a new formula for building trust, one in which engagement carries a multiplier effect. Engagement and ongoing communication and dialogue with multiple stakeholders are both more critical than ever, but also more difficult to execute well. Today’s reality is that CEOs are not trusted to be credible spokespersons for their organization (only 43 percent believe CEOs have credibility) and more people now look for business information on search engines (31 percent) than television (22 percent) or newspapers (21 percent). Businesses and other institutions need a new strategy for starting and influencing conversations about their organization or industry, one in which the creation and stewardship of intellectual property plays a key role. Today’s media landscape is vastly different compared to 15 years ago, when the Trust Barometer was first fielded. For the first time in 2015, search engines are now the most trusted source for general news and information among the informed public, surpassing traditional media by two percentage points among the global informed public, and by eight percentage points among Millennials. Social media has risen to a trust level of 48 percent (59 percent among Millennials). Today, it’s all about starting peer-to-peer conversations and making sure that your content is easy to find.”

(Related) It's one thing to “know” about social tools, it's quite another to implement them.
Transforming the business through social tools
“After years of rapid and increasing adoption, the use of social technologies has become a common business practice. [Really? Bob] Now the responses to McKinsey’s latest survey on these technologies indicate that in certain functions (namely, sales and marketing), companies are applying social tools extensively and becoming more digital organizations overall. We asked executives about their companies’ use of social tools in 18 specific business processes. Among them, social technologies are the least integrated into the work flow for operations processes, such as order to cash and demand planning. They are the most integrated into public-relations, customer-relationship-management (CRM), and marketing processes—where these technologies are a natural extension of existing tools. As a result, executives say the use and integration of social tools have had the most significant impact on the day-to-day work for many customer-facing activities.”

Something to motivate my students? Better than mowing lawns or shoveling snow... (Remember, your professor gets one percent.)
How one boy grew a popular Instagram feed into a social media empire
Tanner Zagarino is a typical 16-year-old boy. He goes to public high school on Long Island, where he competes for the school wrestling team. He likes clothes and posting selfies with his friends. He jokes around with his mom, who gets roped into those selfies sometimes. He’s typical in every way but one: Zagarino rakes in more than $10,000 a month from social media.
His Instagram photos have attracted 439,000 fans. His tweets have drawn more than 93,000 followers. Judging from the comments on his posts, most of his fans are teen and tween girls. Advertisers consider him an “influencer,” a guy who can get people to buy stuff. Zagarino already has a fashion blog and is establishing a YouTube presence. He just started a year-long stint as a “Hot Guy” panelist for Seventeen magazine. He can pull in up to $35,000 a month from all this work, says manager Kyle Santillo.

Just because I like books...
Get Free eCopies of Class Books on Forgotten Books
There are plenty of good places to find free ebooks online, here's another worth taking a look at. Forgotten Books republishes thousands of classic works that are in the public domain. Forgotten Books offers all of their titles as free PDF downloads and provides links to ePub versions of the titles. If you desire a higher quality resolution for your PDFs, Forgotten Books offers those to their paying members.

For my next Intro to Computer Security class.
Which Web Browser Is The Most Secure?

Tuesday, January 20, 2015

Any collection of thoughts on security is worth reviewing. (My Ethical Hackers look for areas that are not addressed.)
Computerworld reports:
The Office of the Australian Information Commissioner (OAIC) has released an updated information security guide with tips on stopping rogue employees and advice on using cloud storage offerings.
The Guide to securing personal information replaces the older Guide to information security and is designed to help government agencies and private sector companies meet their obligations under the Australian Privacy Principles (APPs).
Read more on Computerworld (AU).

Does this surprise anyone?
CISOs in the Dark on State of Security Readiness: Cisco
The gulf between reality and perception is widening, according to Cisco’s annual survey of CISOs and security executives.
Nearly 75 percent of CISOs in the survey said the security tools they have in place were very, or extremely, effective, according to Cisco’s 2015 Annual Security Report, released Tuesday.
There is nothing to celebrate, however, as it’s not clear the CISOs have an idea of what they should have. It turned out less than 50 percent of respondents had standard security tools such as patch and configuration management, the survey found.
The full Cisco 2015 Annual Security Report can be downloaded online in PDF format.

(Related) This might be helpful.
World Economic Forum Proposes New Cyber Risk Framework
With the annual World Economic Forum meeting in Switzerland just days away, the organization and its partners have released a new framework designed to help businesses calculate the impact of cyber-threats.
The framework, called "cyber value-at-risk", was proposed in a new report entitled 'Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats' and was created in collaboration with Deloitte. The idea behind the framework is to help organizations answer questions about their susceptibility to cyber attacks, how valuable their key assets are and who might be after them.
The challenge cybersecurity poses is also mentioned in the World Economic Forum's 10th annual Global Risks report, which notes that the Internet of Things will bring not only its share of innovations to the business world, but new risks as well.

(Related) Another report for Davros. Leave it to Microsoft to publish their report in PowerPoint.
Second Annual Report on How Personal Technology is Changing our Lives
Microsoft’s second annual survey of Internet users around the world, released here in advance of the World Economic Forum that is taking place this week in Davos, Switzerland, shows that fifteen years into the 21st century, Internet users still think overwhelmingly that personal technology is making the world better and more vital. Large majorities of the online populations in all five developed countries we surveyed (France, Germany, Japan, South Korea, and the United States) and all seven developing countries we surveyed (Brazil, China, India, Indonesia, Russia, South Africa and Turkey) say that technology has vastly improved how they shop, work, learn, and generally get stuff done.
If there is one persistent concern about personal technology that nearly everybody expresses, it is privacy. In eleven of the twelve countries surveyed, with India the only exception, respondents say that technology’s effect on privacy was mostly negative.”

This argument isn't new. Yes, this is a “search.” I can see the police using it to locate hostages or “bad guys” before entry. (Warrant or exigent circumstances) My concern is using it everywhere, on a fishing expedition for crimes.
New police radars can 'see' inside homes
At least 50 U.S. law enforcement agencies have secretly [Does that mean they didn't send out a press release? Bob] equipped their officers with radar devices that allow them to effectively peer through the walls of houses to see whether anyone is inside, a practice raising new concerns about the extent of government surveillance.
Those agencies, including the FBI and the U.S. Marshals Service, began deploying the radar systems more than two years ago with little notice to the courts and no public disclosure of when or how they would be used. The technology raises legal and privacy issues because the U.S. Supreme Court has said officers generally cannot use high-tech sensors to tell them about the inside of a person's house without first obtaining a search warrant.
… Agents' use of the radars was largely unknown until December, when a federal appeals court in Denver said officers had used one before they entered a house to arrest a man wanted for violating his parole. The judges expressed alarm that agents had used the new technology without a search warrant, warning that "the government's warrantless use of such a powerful tool to search inside homes poses grave Fourth Amendment questions."
… Other radar devices have far more advanced capabilities, including three-dimensional displays of where people are located inside a building, according to marketing materials from their manufacturers. One is capable of being mounted on a drone. And the Justice Department has funded research to develop systems that can map the interiors of buildings and locate the people within them.

Has anyone looked for evidence of misuse?
AP reports:
A little-known side to the government’s health insurance website is prompting renewed concerns about privacy, just as the White House is calling for stronger cybersecurity protections for consumers.
It works like this: When you apply for coverage on, dozens of data companies may be able to tell that you are on the site. Some can even glean details such as your age, income, ZIP code, whether you smoke or if you are pregnant.
Although there’s no evidence of misuse of data included in the report, the potential for misuse is the concern.

How low will oil go? How much does shipping add?
Iran sees no OPEC shift toward a cut, says oil industry could withstand $25 crude
(Reuters) - Iran sees no sign of a shift within OPEC toward action to support oil prices, its oil minister said, adding its oil industry could ride out a further price slump to $25 a barrel.
… "Iran has no plan (to hold an emergency OPEC meeting) and is currently in consultations with other OPEC member states in a bid to prevent the sharp fall in the oil price, but these consultations have yet to bear fruit," he said.

(Related) Fighting here could shut off natural gas pipelines to Europe.
Ukraine conflict: Security in east deteriorating, say observers
The Organisation for Security and Co-operation in Europe (OSCE) told the BBC that fighting around Donetsk airport was spreading further into the city.
… Ukrainian forces and pro-Russian rebels both say they control the airport.
… Russia said Ukrainian President Petro Poroshenko had not responded to a letter from President Vladimir Putin with a proposal for both sides to pull back their heavy weapons.
"It's the biggest, even strategic mistake of the Ukrainian authorities to bank on a military solution to the crisis," Deputy Foreign Minister Grigory Karasin was quoted by Interfax news agency as saying.

What is social media worth?
Facebook 'worth $227bn to global economy in 2014'
Facebook was worth $227bn (£150bn) to the global economy in 2014, and supported 4.5m jobs worldwide, according to a new report by professional services firm Deloitte, commissioned by Facebook.
… The report, entitled Facebook’s Global Economic Impact, reveals that the social network, which has 1.35bn users and an $8bn cost base, stimulates economic impact by providing tools for marketers, a platform for app developers and demand for connectivity.

For my Data Management and Business Intelligence students. (The true believers anyway)
Air Force UFO files hit the web
The fabled Project Blue Book, the Air Force's files on UFO sightings and investigations, have tantalized and frustrated extraterrestrial enthusiasts for decades. But this week, nearly 130,000 pages [Not really “Big” Big Data, but it could be amusing. Bob] of declassified UFO records — a trove that would make Agent Fox Mulder's mouth water — hit the web.
UFO enthusiast John Greenewald has spent nearly two decades filing Freedom of Information Act requests for the government's files on UFOs and other phenomena. On Jan. 12, Greenewald posted the Blue Book files — as well as files on Blue Book's 1940s-era predecessors, Project Sign and Project Grudge — on his online database, The Black Vault.

Newly released UFO files from the UK government

For our introductory classes.
What Does An Internet Minute Look Like in 2014 Compared To 2013?
So what happens in one minute on the Internet? How has that changed from 2013 to 2014? The infographic below breaks it down.

In case of emergency?
5 Sites & Apps To Listen To Police Scanners