Saturday, April 04, 2015
I wonder how common this is? One thing I insisted on as a security manager was to regularly (monthly) report who had access to the manager responsible for that asset and to the accessing employee's manager. Apparently, that is not common banking practice?
Kathy Hieatt reports:
The city is investigating a security breach into its bank accounts, including at least one with more than $50 million, according to a news release this afternoon.
Two city employees who are not with the Treasurer’s Office had access to the city’s Bank of America checking accounts from home, according to the release. The City Auditor’s Office discovered the breach and had their access rescinded, it said.
Read more on The Virginian-Pilot.
The article provides a very good summary of de-identification. Could be the starting point for my Ethical Hackers to re-identify people.
Elizabeth Snell writes:
The de-identification of data is an important part of healthcare technology, especially as the use of EHRs and HIEs becomes more prominent. The HIPAA Privacy Rule states that once data has been de-identified, covered entities can use or disclose it without any limitation. The information is no longer considered PHI, and does not fall under the same regulations and restrictions as PHI.
But why would a facility need to de-identify data? What are the potential benefits of the de-identification of data? HealthITSecurity.com decided to dissect this aspect of HIPAA regulations, and explain what the de-identifcation process entails and how covered entities could benefit from the practice.
Read more on HealthITSecurity.com.
This should be interesting.
EFF – Automakers Say You Don’t Really Own Your Car
by Sabrina I. Pacifici on Apr 3, 2015
News release: “EFF is fighting for vehicle owners’ rights to inspect the code that runs their vehicles and to repair and modify their vehicles, or have a mechanic of their choice do the work. At the moment, the anti-circumvention prohibition in the Digital Millennium Copyright Act arguably restricts vehicle inspection, repair, and modification. If EFF is successful then vehicle owners will be free to inspect and tinker, as long as they don’t run afoul of other regulations, such as those governing vehicle emissions, safety, or copyright law. You can support EFF’s exemption requests by adding your name to the petition we’ll submit in the rulemaking. Most of the automakers operating in the US filed opposition comments through trade associations, along with a couple of other vehicle manufacturers. They warn that owners with the freedom to inspect and modify code will be capable of violating a wide range of laws and harming themselves and others. They say you shouldn’t be allowed to repair your own car because you might not do it right. They say you shouldn’t be allowed to modify the code in your car because you might defraud a used car purchaser by changing the mileage. They say no one should be allowed to even look at the code without the manufacturer’s permission because letting the public learn how cars work could help malicious hackers, “third-party software developers” (the horror!), and competitors. John Deere even argued that letting people modify car computer systems will result in them pirating music through the on-board entertainment system, which would be one of the more convoluted ways to copy media (and the exemption process doesn’t authorize copyright infringement, anyway).”
Would the same logic exempt online schools? Note that Netflix has committed to closed captioning – they don't want to exclude any possible market segment.
The Americans with Disabilities Act (ADA) does not apply to Netflix, a federal appeals court ruled this week.
“Because Netflix’s services are not connected to any ‘actual, physical place,’ Netflix is not subject to the ADA,” a three-judge panel on the U.S. Court of Appeals for the Ninth Circuit ruled.
War is an economic event. Not everyone understands that.
Experts say that, by starting the war with Ukraine, Vladimir Putin, might have lost the country irrevocably. The biggest loser of this situation is the Russian gas giant, Gazprom.
Gazprom has recently informed the Russian government that it would extend lower prices for gas deliveries to Ukraine beyond the period of the winter package which lasted until March 31st. The Kremlin agreed to grant Kyiv a price that is in fact lower than today’s prices on the European spot market. In the second quarter of 2015, Ukraine will be buying gas from Russia at the cost of 254,18 US dollars per 1000 square metres. In 2014, Ukrainians were made to pay 485,5 US dollars for the same quantity. How was this victory possible?
The European Commission is to provide between 800 million to 1 billion US dollars for Ukraine’s gas purchases. This money is supposed to help the Ukrainians increase their gas storage at least 12 billion cubic metres by November, which according to the Russians, is needed for sustaining the transit of gas to European customers.
… Mitigation of Gazprom’s stance is caused by the Kremlin’s actions in Ukraine. Because of that, Gazprom’s income in 2014 decreased by 70 per cent and decreased to around 3,3 billion US dollars. As a result, Gazprom had to decrease the dividend payments.
… Gazprom has become the advocate of Ukrainian interests in the Kremlin because the loss of Ukraine would be the kiss of death for the company, especially in the time of decreasing oil prices, diversification of energy and the decreasing demand for raw materials in the EU. The sanctions, which cut off the Russian banks and, therefore, also Gazprom from Western capital also add some pressure to this situation.
Weekly, I smile like a Great White.
Hack Education Weekly News
… The GAO has issued a very critical report about the Library of Congress’s digital infrastructure. (The LOC responds.)
… “Stanford just made tuition free for families earning less than $125,000 per year,” reports Vox. This extends the university’s financial aid program that currently applies to those earning less than $100,000 per year. [All you have to do is get accepted. Bob]
… Automated homework grading at MIT.
If you can make it work in Word, you can make it work in your Data Analysis programs.
You Should Learn Regular Expressions
Regular Expressions, or RegEx, are used for searching patterns in text. For instance, a RegEx like iP(hone|ad|od)s? will find mentions of any iOS device in a document. Knowledge of Regular Expressions is essential for programmers but they can be a great skill to have for non-developers as well – people who use Microsoft Word or spend hours inside Google Spreadsheets.
… Lea Verou’s presentation will give you a good overview of what Regular Expressions are and what you can do with them. Jeffrey Friedl’s book – Mastering Regular Expressions – is still the best printed reference for RegEx newbies and masters. You can explore RegexOne, an interactive Codecademy-like online tutorial for learning RegEx or go here for learning the basics of pattern matching.
RegExr is like a visual playground for Regular Expressions. You enter the text in one block and the RegEx in the other. As you edit the RegEx, the matching strings are highlighted in the input text. You can also hover over any character literal in the RegEx to know what it does. RegEx101 is a similar tool that also describes your RegEx in English as you write.
Regulex and RegExper are both open-source web apps that make it easy for you to understand and read Regular Expressions. You enter a RegEx and the tools will create a Railroad Diagram – for a string to match, it should be able to successfully move from left of the diagram all the way to the left along one of the available paths.
Windows users can download Expresso, a free program that will help beginners write both simple and complex regular expressions through a visual builder. Instead of coding the RegEx manually, you can select the components in a wizard. Reggy for Mac and RegEx Coach for Windows can also help you test regular expressions outside the browser.
Tools & Techniques for my students gathering data from social networks.
Find The Best Instagram Web Viewer: Your Options Compared
Friday, April 03, 2015
Every employee needs to hear this.
IBM discovers new cyberscam
IBM has uncovered a sophisticated fraud scheme run by a well-funded Eastern European gang of cybercriminals that uses a combination of phishing, malware and phone calls that the technology company says has netted more than $1 million from large and medium-sized US companies.
The scheme, which IBM security researchers have dubbed 'The Dyre Wolf,' is small in comparison with more recent widespread online fraud schemes but represents a new level of sophistication.
According to IBM, since last year the attackers have been targeting people working in companies by sending spam email with unsafe attachments to get a variant of the malware known as Dyre into as many computers as possible.
If installed, the malware waits until it recognizes that the user is navigating to a bank website and instantly creates a fake screen telling the user that the bank's site is having problems and to call a certain number.
If users call that number, they get through to an English-speaking operator who already knows what bank the users think they are contacting. The operator then elicits the users' banking details and immediately starts a large wire transfer to take money out of the relevant account.
For my Ethical Hackers: How would you detect someone copying data to a thimbdrive? Only list your top five suggestions.
It’s still too easy for bad actors and others to download ePHI onto thumb drives. And do most covered entities even realize it has happened or is happening?
WDAM in Mississippi reports that Hattiesburg Clinic has been notifying patients of unauthorized access to their records by a former optometry provider who allegedly accessed their records to send letters notifying patients about his new employer.
The clinic states they first became aware of the breach, which occurred between December 11 and December 31, 2014 on January 23rd. They do not say how they learned of the breach, other than that they were made aware of it.
Notification letters, dated March 20th, explained that the doctor had copied patients’ contact information onto a thumb drive that he took with him to his new employer to enable him to send out letters notifying patients of his new employment. The clinic recovered the thumb drive and received assurances that neither the doctor nor the Hattiesburg Eye Clinic, his new employer, retained any information.
Although the clinic indicates it reported the incident to HHS, the incident does not yet appear on HHS’s public breach tool, so either it should appear shortly, or the breach impacted less than 500 patients.
This post will be updated if the incident appears on the public breach tool.
What is Cyber-war? Do my Computer Security students need a clear definition to counter an attack? Of course not. However, it would help them predict “what comes next.”
CRS – Cyberwarfare and Cyberterrorism
by Sabrina I. Pacifici on Apr 2, 2015
Cyberwarfare and Cyberterrorism: In Brief, Catherine A. Theohary, Specialist in National Security, Policy and Information Operations. John W. Rollins, Specialist in Terrorism and National Security. March 27, 2015.
“Recent incidents have highlighted the lack of consensus internationally on what defines a cyberattack, an act of war in cyberspace, or cyberterrorism.
Cyberwar is typically conceptualized as state-on-state action equivalent to an armed attack or use of force in cyberspace that may trigger a military response with a proportional kinetic use of force.
Cyberterrorism can be considered “the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.”
Cybercrime includes unauthorized network breaches and theft of intellectual property and other data; it can be financially motivated, and response is typically the jurisdiction of law enforcement agencies.
Within each of these categories, different motivations as well as overlapping intent and methods of various actors can complicate response options. Criminals, terrorists, and spies rely heavily on cyber-based technologies to support organizational objectives. Cyberterrorists are state-sponsored and non-state actors who engage in cyberattacks to pursue their objectives. Cyberspies are individuals who steal classified or proprietary information used by governments or private corporations to gain a competitive strategic, security, financial, or political advantage. Cyberthieves are individuals who engage in illegal cyberattacks for monetary gain. Cyberwarriors are agents or quasi-agents of nation-states who develop capabilities and undertake cyberattacks in support of a country’s strategic objectives. Cyberactivists are individuals who perform cyberattacks for pleasure, philosophical, political, or other nonmonetary reasons. There are no clear criteria yet for determining whether a cyberattack is criminal, an act of hactivism, terrorism, or a nation-state’s use of force equivalent to an armed attack. Likewise, no international, legally binding instruments have yet been drafted explicitly to regulate inter-state relations in cyberspace. The current domestic legal framework surrounding cyberwarfare and cyberterrorism is equally complicated. Authorizations for military activity in cyberspace contain broad and undefined terms. There is no legal definition for cyberterrorism. The USA PATRIOT Act’s definition of terrorism and references to the Computer Fraud and Abuse Act appear to be the only applicable working construct. Lingering ambiguities in cyberattack categorization and response policy have caused some to question whether the United States has an effective deterrent strategy in place with respect to malicious activity in cyberspace.”
“If we do it, it might violate privacy so we want to contract with a private entity to do exactly the same thing.”
The Department of Homeland Security (DHS) is offering up a contract for companies to keep track of people’s license plates.
The department’s Immigration and Customs Enforcement (ICE) posted a draft solicitation on Thursday, slightly more than a year after the department scuttled a previous attempt to create a license plate tracking system over fears it could infringe on people’s privacy.
The new request, which was first reported by The Washington Post, makes clear that the department “is neither seeking to build nor contribute to a national” license plate reading system. Instead, it wants to use a preexisting commercial service to help track down people suspected of violating the country’s immigration and other laws.
Tony Briscoe reports:
A Cook County man is suing Facebook, alleging that the social media giant has violated Illinois privacy laws with facial recognition software that “secretly amassed the world’s largest privately held database of consumer biometrics data.”
Carlo Licata claims in a lawsuit filed Wednesday in Cook County Circuit Court that Facebook has violated state law by not informing him in writing that his biometric data was being collected or stored, or when it would be destroyed.
Read more on The Chicago Tribune.
Just because it seems to disappear doesn't mean it's gone.
Snapchat Shows Data Requests in Transparency Report
Snapchat, the social network known for its disappearing messages, released its first transparency report Thursday showing hundreds of requests from US and foreign law enforcement agencies.
Between November 1 and February 28, Snapchat said it received 375 requests from US law enforcement officials, and produced at least some data in 92 percent of those cases.
"While the vast majority of Snapchatters use Snapchat for fun, it's important that law enforcement is able to investigate illegal activity," Snapchat said in a blog post.
"We want to be clear that we comply with valid legal requests."
The requests were mostly in the form of subpoenas, warrants or court orders, along with a smaller number of emergency requests.
Outside the US, Snapchat received 28 requests and produced data in six of those cases. The requests came from Britain, Belgium, France, Canada, Ireland, Hungary and Norway.
Are we reacting to sensational news stories rather than researching the facts? Sure looks that way to me.
Eyes in the Sky: The Domestic Use of Unmanned Aerial Systems, House Judiciary Committee
by Sabrina I. Pacifici on Apr 2, 2015
Eyes in the Sky: The Domestic Use of Unmanned Aerial Systems, House Judiciary Committee, May 17, 2013. Serial No. 113–40.
… Within the last few years, high powered computers and data networks have been combined with aircraft, allowing them to be piloted remotely. [“Remote Piloting” does not rely on computers or networks. Think model airplanes – we've been doing this for decades! Bob]
… Law enforcement and public safety are increasingly becoming the most prevalent uses for UAS. [Somehow, I doubt that. Bob]
… The ability to fly a small, unmanned aircraft with cameras and sensors can also profoundly affect privacy and civil liberties in this country. No longer restricted to the high cost and short flight time of manned flight, UAS can hover outside a home or office. Using face recognition software and fast computer chips, a UAS may soon be able to recognize someone and follow them down the street. These new surveillance capabilities, in the hands of the police, may be intrusive to our concepts of individual liberty. That is why I have cosponsored the ‘Preserving American Privacy Act of 2013, a bill sponsored by Representative Ted Poe of Texas and Representative Zoe Lofgren of California.
...because they are our (Taxpayers) employees?
The Washington Supreme Court says public employees don’t have a right to privacy about the fact that they’re being investigated.
Two workers with the Spokane School District, who have been on paid administrative leave for years, sought to have their names redacted on documents released under a public records request.
In a 5-4 decision, the court said the documents — which didn’t detail the substance of the allegations against them — could be released with their identities.
Read more on Houston Chronicle.
Europe doesn't think like the US Congress. Perhaps if Google et. al. Started “euro PACs” they would find themselves loved by the EU?
The European antitrust investigation into Google appears to be heating up. More European countries are looking into Facebook’s privacy settings.
And Apple, which already is under scrutiny for its low corporate tax arrangements in Ireland, is now facing potential antitrust questions from the European Commission about the company’s new music streaming service expected this year.
The downside is that I won't have the terrorist “user guides” freely available for my Criminal Justice or Homeland Security students.
Perspective. This happened because XP was “good enough.”
14-Year-Old Windows XP Still Has More Users Than Windows 8.x
For my Students. There's an App for Apps.
Arc Welder Adds Android Apps to Chrome
Android apps will soon be compatible with any desktop operating system capable of running Chrome. This means that anyone using Chrome OS, Windows, Mac, or Linux will gain access to the thousands of Android apps currently available on Google Play.
This is thanks to ARC Welder, a new Chrome app Google has initially released as a developer preview. ARC Welder converts any Android app into a Chrome app, meaning they can be used on a host of other operating systems. Only a handful of apps have so far been ported to ARC, but the release of ARC Welder means that number is sure to increase exponentially.
ARC Welder is at a very early beta stage, so it’s far from perfect. Some of the Google Play Services are still missing, meaning apps which use them will simply crash. However, it’s clear that Google is working towards making Android and Chrome act as one, which should be a boon for users of the tech giant’s products and services.
For my students who shop Amazon (and perhaps a few of us adjuncts)
6 Amazon Prime Benefits You Might Be Ignoring Right Now
Free Months of Prime
If you’re currently enrolled in a college or university and you have a valid .edu email address, you can register as part of the Amazon Student program which grants you a six-month free trial for Prime. When the trial ends, you can upgrade to a full Amazon Prime membership for 50% off.
Note: This free trial only includes free shipping, free 2-day delivery, and unlimited photo storage with Prime Photos.
Prime Instant Video, Prime Music, Kindle Owners Lending Library, and membership sharing are only available to those with a full Amazon Prime membership.
Believe it or not, I have students interested in poetry.
5 Resources for National Poetry Month
April is National Poetry Month in the U.S. Writing and or understanding poetry can be a challenge for those of who don't consider ourselves the creative writing type. Surely we have students who feel that way too. Here are five resources that can help us understand and create poetry.
ReadWorks has a new selection of famous poems available on their website. The selection is organized by grade level. As with every passage on ReadWorks, each poem is accompanied by a set of guided reading questions.
BoomWriter has put together new vocabulary sheets for Poetry Month. The poetry vocabulary is part of a larger poetry lesson plan for elementary and middle school students. You can download the vocabulary words and lesson plans as PDFs. (Disclosure: BoomWriter advertises on FreeTech4Teachers.com).
The Poetry Foundation offers some helpful resources for teachers and students. One of the resources that immediately jumped out at me when I visited the Poetry Foundation's Learning Lab was the glossary of poetry terms. Students can search the glossary alphabetically, by form & type of poem, by rhyme & meter, by schools & projects, by technique, and by theory or criticism. The Poetry Foundation offers a free mobile app for iOS and Android. The app allows users to search for poems, save poems, and share favorite poems with their friends. You can search for poems by poet, by title, or by entering a line or two of a favorite poem.
Word Mover is a free iPad app and web app from Read Write Think. The app is designed to help students develop poems and short stories. When students open the Word Mover app they are shown a selection of words that they can drag onto a canvas to construct a poem or story. Word Mover provides students with eight canvas backgrounds on which they can construct their poems. If the word bank provided by Word Mover doesn’t offer enough words they can add their own words to the word bank.
Scholastic has assembled a big list of lesson resources for teaching poetry this month. One of the resources that I really like is the Poetry Idea Engine. The Poetry Idea Engine is a simple, interactive tool that helps students create four types of poems; haiku, limerick, cinquain, and free verse. To create poem on Poetry Idea Engine students select one of the four formats. If they pick one of the first three format students will be given a short explanation of the pattern before completing the template to create their poems.
Thursday, April 02, 2015
I wonder if the vendor contract has an “If you do anything stupid...” clause. Why would anyone set up password only access to their systems?
Carly Q. Romalino reports:
A weak network password allowed hackers to infiltrate a Gloucester County school district’s network last week, holding its files hostage for more than $125,000, according to Educational Information and Resource Center experts.
A ransomware attack on Swedesboro-Woolwich Elementary School District’s network last week interrupted state-mandated testing and locked down network files last week. The attackers demanded 500 bitcoins — a hard-to-trace digital currency.
Read more on Courier-Post. Of note, the weak password was used by an unnamed vendor doing work for the school. The vendor reportedly used the account name “breaker” with a weak password for all of its work on clients’ systems.
[From the article:
The “brute force attack” originated outside of the United States, he added.
Hackers identified a potential open port in the Swedesboro-Woolwich system, then assaulted the servers thousands of times per minute with various password and username combinations until one worked, Procopio explained.
Why is this data in a computer at all? Wouldn't a file on a CD/DVD (locked in a safe) be adequate?
From the locker-numbers-today-grades-tomorrow dept.:
Krista Brick reports:
Information technology professionals are trying to determine today how students were able to access a secured computer file at Bethesda’s Westland Middle School and distribute the names, locker numbers and locker combinations for that school’s 1,400 lockers.
Montgomery County Public School’s Westland Principal Alison Serino told MyMCMedia Wednesday that a substitute teacher saw the students making copies of the list on Tuesday and the administration was made aware of what happened this morning.
Read more on mymcmedia.com.
[From the article:
“I’m not sure how this happened,” she said, adding that the locker file is kept on a password protected file on an office computer.
No other student data was accessed from that computer she said. [Ever? The computer is never used or there is no record of activity? Bob]
Very interesting. Does this suggest that management thinks it is cheaper to pay the hackers than to provide adequate backups and security in the first place? Or do they have no faith in their Security people?
30 Percent of Companies Would Negotiate Data Ransom With Cybercriminals: Survey
In a survey from ThreatTrack Security, 30 percent of the 250 organizations pooled said they would negotiate with a cyber-criminal to get their data back. Though that means 70 percent would not support negotiating, the survey also found that 86 percent of security pros believe their peers at other organizations have done so.
The percentage of those willing to negotiate was even higher among organizations that had already been hit by a cyber-extortion scheme. Nearly 40 percent of security professionals said they are employed at an organization that has been targeted in that kind of attack, and 55 percent of them are willing to negotiate. Security professionals within the healthcare and financial services sectors were least likely to recommend negotiating with cyber-extortionists with 92 percent and 80 percent, respectively, saying "no."
The next step up (down) from sexting? (The sex was legal, recording it was legal, only posting it was illegal?)
Four Joliet teenagers were charged with child pornography after a group sex video was posted to Twitter.
The three males – ages 14, 15 and 16 – and one female, 15, all attend Joliet Central High School. They were arrested after the girl’s mother saw the video and called police. The sex was consensual, according to the Joliet police chief, but distributing it online is considered child pornography.
Read more on ABC News.
Is this one of those “Hey look! We did something!” actions? Hackers who have investments in the US are probably rather rare. Or is this just a polite way to target China?
Obama: Groups That Launch Cyberattacks Against U.S. Companies To Face Economic Sanctions
President Obama signed an executive order today that declares cyberattacks from foreign soil to be a national emergency and gives the United States new powers for defending against them. The executive order, titled “Blocking The Property Of Certain Persons Engaging In Significant Malicious Cyber-Enabled Activities” gives the federal government the power to hit foreign hackers with freezes on their U.S. funds and property.
… Prime targets will be foreign officials who the U.S. government suspects of serious hacking activity, such as the officers in the Chinese People’s Liberation Army (PLA) who were blamed for attacking major American businesses in 2014.
A debate that should be coming here soon.
Professor Nils Hoppe has an article in BioNews that I recommend you read. It begins:
One of the legally and ethically problematic issues regularly debated in the context of biobanks and tissue repositories is that of its potential for forensic use. When Anna Lindh (the Swedish foreign minister) was murdered in 2003, her killer was subsequently identified by way of matching DNA traces found at the crime scene with data contained on the killer’s Guthrie card (an archived heel blood test done on every child born in Sweden). This was an elegant and inspired forensic move by the prosecuting authorities in Stockholm, but it led to frantic debate in the relevant scientific communities about whether mechanisms ought to be developed that restricted such use in the future.
The rationale for this discussion was not what one might first suspect it to be: it was not driven by a desire to strengthen individuals’ informational self-determination, or a sign that genetic information was in some way instantly recognised as particularly volatile and needing additional protection (though the jury is still out on that particular question). The driver behind this discussion is essentially the same as that in the context of medical confidentiality taken by the Court in X v Y , succinctly summarised in that judgment by Rose J:
[i]n the long run, preservation of confidentiality is the only way of securing public health; otherwise doctors will be discredited as a source of education, for future individual patients ‘will not come forward if doctors are going to squeal on them‘. (my emphasis). (1)
This is, in essence, a consequentialist public health argument. It is not about protecting the privacy or augmenting informational self-control of individuals, but about providing stability and coherence in the system. If the information is not safe in the system, I will not give my information to the system. This would have disastrous consequences for the provision of clinical care to the benefit of everyone.
Read the full article on BioNews. He raises a lot of really important questions that do need to be debated and addressed.
One-Fifth Of Americans Use Smartphones As Their Primary Onramp To Internet
… The biggest takeaway from the results is that nearly 20% of Americans access the Internet primarily on their mobile phones. That means they don't use a desktop or notebook for Internet access - only their phone. Perhaps for the younger generation, this shouldn't come as too much of a surprise, but even so, 20% is a huge share.
… In households where less than $30,000 is earned each year, 13% of people will rely on their phone entirely; for households where $75,000 or more each year is earned, only 1% rely solely on their smartphones.
… There are some other interesting bits, however. In total (of those who completed the survey), 62% of people have used their smartphones to look up health information, while 57% have conducted online banking. Here's one that impresses me: 18% have used their smartphone to submit a job application.
Suspicious? Google has been parking the corporate jets at Moffett for years. I wonder who they out bid for the lease? Why 60 years? (April 1st?)
Google Takes Over Giant Airship Hangars at Moffett Field
There was no ceremony, no party, just a quiet transfer. Google is now the custodian of the giant airship hangars at Moffett Field.
The tech company will lease the historic buildings and 1,000 surrounding acres for the next 60 years.
The deal calls for Google to restore the hangers.
Timely. My Data Management students will learn how to do some of this...
What is data-driven marketing?
In words tinged with somber acceptance, today's digital marketers proclaim customer data as their new master. No marketing decision shall be made without closely consulting the data-analytics tea leaves. Marketing's black art has just become quantifiable, but what does data-driven marketing really mean?
"Arguably, the most important evolution in the history of marketing is the ability to understand what data you have, what data you can get, how to organize and, ultimately, how to activate the data," says Mark Flaharty, executive vice president of advertising at SundaySky, a tech vendor leveraging customer data to create and deliver one-to-one marketing videos.
… Then there are external data providers such as Avention, formerly OneSource, which offers business-to-business data about customers and prospects, which a company blends with internal data and feeds into an analytics engine to spit out marketing insights. Avention data helps companies better target prospect and manage the customer purchasing lifecycle.
Something for Big Data students to try?
International Statistical Agencies
Via Census – International Statistical Agencies – links to data from around the world. “The U.S. Census Bureau conducts demographic, economic, and geographic studies of other countries and strengthens statistical development around the world through technical assistance, training, and software products. For over 60 years, the Census Bureau has performed international analytical work and assisted in the collection, processing, analysis, dissemination, and use of statistics with counterpart governments in over 100 countries.”
Wednesday, April 01, 2015
One way to raise oil prices? Or, is this what happened in Turkey?
New Attack Campaign Targets Energy Industry in Middle East
Researchers at Symantec have observed a sophisticated, multi-stage attack campaign focused on energy companies in the Middle East.
First observed between January and February, the attack campaign was spotted using a new piece of malware dubbed 'Laziok', which Symantec has classified as a reconnaissance tool and an information stealer. The attacks are focused on the petroleum, gas and helium industries, with by far the largest percentage of victims (25 percent) being located in the United Arab Emirates. Saudi Arabia, Pakistan and Kuwait account for 10 percent apiece of the Laziok infections detected by Symantec. Five percent of the infections occurred in the United States.
This has been true so far, but then the breaches have impacted customers not the core operations. (The exception was Sony and even their stock price increased!)
Elena Kvochko and Rajiv Pant review the impact of some of the major breaches, noting what we’ve all noted – that breaches generally don’t have a huge economic impact on stock prices. Here’s a snippet from their article:
This mismatch between the stock price and the medium and long-term impact on companies’ profitability should be addressed through better data. Shareholders still don’t have good metrics, tools, and approaches to measure the impact of cyber attacks on businesses and translate that into a dollar value. In most cases, at the time a security breach is disclosed, it is almost impossible for shareholders to assess its full implications. Shareholders should look beyond short-term effects and examine the impact on other factors, such as overall security plans, profitability, cash flow, cost of capital, legal fees associated with the breach, and potential changes in management.
Read more on Harvard Business Review.
Perhaps they need more hand-holding?
Enterprise Security Pros Embracing Threat Intelligence, But Question Reliability: Survey
Awareness of the role threat intelligence can play in improving cyber security may be growing, but some still remain unsold on its effectiveness, a new study has shown.
In a new report from the Ponemon Institute commissioned by Webroot, 80 percent of the IT professionals surveyed that had experienced a breach during the past two years said they felt threat intelligence would have helped prevent or minimize the consequences of the attack. The stat is telling, as 40 percent of the 693 people participating in the survey said their organization had been breached during that period.
… Larry Ponemon, chairman of the Ponemon Institute, said one of the main misconceptions organizations have about threat intelligence is that technology alone is sufficient for having actionable and reliable information. Those companies underestimate the need for hiring experts to manage the process of using the intel, he said.
Is all of their evidence collection so poorly documented?
Cyrus Farivar reports:
Last fall, a judge in Charlotte, North Carolina unsealed a multi-case set of 529 court documents that detail the use of a stingray, or cell-site simulator, by local police. After that, the Mecklenburg County District Attorney’s office set out to review the applications and determine which records needed to be shared with defense attorneys.
The DA’s office released a statement Friday saying its review is complete, and the county’s top prosecutorial authority found that “only two cases” involved the use of stingrays “for investigative purposes,” meaning defense attorneys should be notified.
However, the report is not that simple.
Read more on Ars Technica: http://arstechnica.com/tech-policy/2015/03/charlotte-da-review-in-40-cases-cops-dont-even-know-if-they-used-stingrays/
Which part of “Duh!” didn't you understand?
Facebook tracks all users in breach of EU law
You can download the latest version of the report here.
You can download Annex 1 “Facebook tracking through social plug-ins” here
[From the report:
Facebook combines data from an increasingly wide variety of sources (e.g., Instagram, Whatsapp and data brokers). By combining information from these sources, Facebook gains a deeper and more detailed profile of its users. Facebook only offers an opt-out system for its users in relation to profiling for third-party advertising purposes.
Should be interesting.
From the Office of the Privacy Commissioner for Personal Data, Hong Kong:
The Office of the Privacy Commissioner for Personal Data (“PCPD”) published today a Guidance on CCTV Surveillance and Use of Drones (the “Guidance”).
… “While the privacy implications of surveillance tools such as CCTV are fairly well understood, drones when fitted with cameras could add a new dimension to these privacy concerns by virtue of their unique attributes. These include their mobility as well as ability to stay in the air for a considerable period of time, gather information from vantage points and over a broad territory.
… The privacy guidelines for the use of CCTV apply equally to the use of drones. However, to address the drones’ special attributes such as mobility, small size and difficulty to identify the operator, innovative measure to safeguard privacy are called for. Specific illustrations of this approach are provided in the Guidance.
Please read the Guidance at www.pcpd.org.hk/english/resources_centre/publications/files/GN_CCTV_Drones_e.pdf
(Related) In this country, we (or is it only democrats from New Jersey) don't even understand what “commercial” means.
Rep. Bonnie Watson Coleman (D-N.J.) has introduced a bill requiring the Department of Homeland Security to research the risks posed by small to medium-sized commercial drones.
Watson Coleman cited the January incident at the White House when a drone landed on the grounds around 3 a.m.
There is no “Best App for all users?”
How Facebook Controls the Future of Messaging
Facebook, which thoroughly dominates the current era of the online social networking industry, is setting itself up nicely for the next. Many see messaging apps as the future of social: Lightweight, real-time, personal conversations that can become rich environments for media sharing, entertainment, and even commerce. Facebook is in a particularly luxurious position here.
It now owns the two largest messaging services in the world: No. 1, WhatsApp, which last said it had 700 million monthly active users, and was acquired by Facebook for more than $20 billion. And no. 2, its homegrown Facebook Messenger, which now has 600 million monthly active users.
What’s interesting is how the apps are starting to diverge: Two similar concepts with increasingly different feature sets, philosophies, and strengths.
Now this is how you fool April.
Apple Starts a Religion, Microsoft Cancels Windows 10, & More… [Tech News Digest]
… Version 4.0 also focuses on interoperability. "We believe you should use WinJS and your favorite JS frameworks together, whatever they may be," the blog post says. "The AngularJS-WinJS wrapper we now provide allows you to use WinJS seamlessly in your Angular projects."
WinJS 4.0 Preview is downloadable at the TryWinJS website, and the full release is due later this year.
In the IDE realm, Microsoft's Visual Studio 2015 tool set, due this summer, will highlight three principal offerings intended to meet specific needs for developers. Visual Studio 2015 Enterprise with MSDN is geared to teams building high-scale applications and services and unites the Premium and Ultimate versions of the tool set. It also offers advanced testing and devops. Next on the roster is Visual Studio Professional with MSDN, a collection of tools and services for individual developers or small teams to build professional-grade applications. Rounding out the rollout is Visual Studio Community, offering free access to tools for non-enterprise and open source development.
This could be an interesting forum debate for my Business Intelligence class. Could also be fun in my Statistics class.
What to Do When People Draw Different Conclusions From the Same Data
“In God we trust; all others must bring data.” William Edwards Deming
… What if data analysis were crowdsourced, with multiple analysts working on the same problem and with the same data? Sure, the result might be a range of answers, rather than just one. But it would also mean more confidence that the results weren’t being influenced by any single analyst’s biases.
… And a paper released earlier this year gives an indication of how it might work.
The researchers recruited 61 analysts (mostly academics) and asked them to assess whether soccer referees were more likely to give red cards to players with darker skin tones. The analysts split up into 29 teams, and were given a dataset that included numerous variables about both players and referees.
Each team devised their method for answering the question, and then shared that approach – but not any results – with the group. The result was a heated debate over which methods were defensible, and which were not. If you’re looking for a correlation between skin tone and red cards received, does it make sense to control for the position the player plays? What about the country their team is located in, or how many yellow cards they’ve received?
(Related) Or is it?
Once You Align the Analytical Stars, What’s Next?
… For organizations to gain business value from analytics, managers must turn the analytical results into action — the organization must be able to consume analytical results, not just produce them. Consuming analytical results is a growing problem for organizations. Organizations that build the expertise to produce stellar analytical results, also create a sizable gap between their ability to produce these results and their ability to consume them.
This analytics gap can be narrowed from two directions: by producing analytical results that are easier to consume, or by improving capabilities to consume them.
For my students who research (yes, ALL of you!)
Open Government Guide
Reporters Committee for Freedom of the Press: “The Open Government Guide is a complete compendium of information on every state’s open records and open meetings laws. Each state’s section is arranged according to a standard outline, making it easy to compare laws in various states. If you’re a new user of this guide, be sure to read the Introductory Note and User’s Guide.”
(Related) My librarians will love this.
Libraries and Librarians in the Internet Age
Libraries in the Internet Age is the title of the latest video produced by Common Craft. The video provides a clear overview of how libraries and the importance of librarians has changed over time. The video echoes a point that I made in a webinar today and that I have heard many librarians say to students, "Google is not the only search engine." Librarians can help students access databases that they otherwise wouldn't be able to use which in turn takes them to information they wouldn't otherwise find. … You can also click here to watch it.
Libraries in the Internet Age could be a great video to show to students at the beginning of the school year or just before they embark on a new research project. The video might help students realize that there is a lot more to their school libraries than meets their eyes.
Will my students find this adequate? Stay tuned!
Microsoft Corporation (MSFT) Counters Chromebooks With Cheap Notebooks
Microsoft Corporation is gearing up to compete against Google Inc.’s Chromebooks with the launch of two inexpensive notebook computers, before the end of the year. A Taipei research firm reports that the Window-based PCs will be ready for shipping by mid-year, specifically targeting the education sector as well as other wider consumer market.
… This model is to go on sale for $179.
Why would I ever sell my SciFi collection? But then, a place for you to sell is a place for me to buy!
The Best Ways to Sell Books Online
… Here on MakeUseOf, we’ve made you aware of the various ways you can buy books cheaply online, but just how do you go about selling them? How do you get a quick sale, and is it possible to get a rare or unusual book to sell for the right price?
Interesting “How To,” even if it is limited to the Apple platforms. I'm sure we could find Apps for any platform
How To Write and Publish Your First iBook Using iBooks Author