Saturday, April 11, 2015

For my Computer Security and Business Continuity students. It can happen to anyone. The trick is to realize that and plan for it. (Are some of these departments thinking, “They wouldn't dare attack us!”?
And yet more police departments pay ransom to unlock their systems. WCSH in Maine reports:
Lincoln County Sheriff Todd Brackett said four towns and the county have a special computer network to share files and records. Someone accidentally downloaded a virus, called “megacode”, that put an encryption code on all the computer data.
The Sheriff said it basically made the system unusable, until they paid a ransom fee of about $300 to the creator of the virus.
And those Midcoast departments aren’t the only law enforcement victims. The Houlton Police Department was also hit by the same or similar virus early this week, and it locked up all their files. Chief Terry McKenna said they, too, were forced to pay the ransom to get their computer data restored
Read more on WCSH.
So now that they’ve publicly admitted that they’ve paid ransom to unlock their files, are they more likely to get hit again? Can they really be sure their employees won’t fall for the next malware attempt?
There’s no doubt that this is a growing problem – or that at least departments are being more transparent in reporting it. Earlier this week, I noted the Tewksbury Police Department case in Massachusetts, but there have been others, too, as the Boston Globe reported:
Among other small-town police forces hit was the Swansea Police Department. It fell victim to the same threat in November 2013 and paid $750 to get its files back.
The police department in the Chicago suburb of Midlothian paid $500 in January. In Dickson County, Tenn., the sheriff’s office came under attack in October. Despite seeking aid from the FBI, [It's hard to prevent this after it happens. Bob] the agency ended up paying $572 in ransom.
Not all departments pay the ransom – and some, thankfully, don’t need to:
But in Durham, N.H., Police Chief Dave Kurz chose not to pay because the department had backed up the encrypted information and could work around the seized database.
“We had to clean essentially all the computers, but all of our data was prepared,” Kurz said.
Others refuse to pay but lose their data:
The four-member police force in Collinsville, Ala., was hit in June, with the hackers demanding $500 to free up a database of mugshots. Chief Gary Bowen dug in, refused to pay, and never got his department’s files back.
“There was no way we were going to succumb to what felt like terrorist threats,” Bowen said.
Obviously, it would be much better if more departments were as prepared as the Durham, NH police were. Because what are all these departments going to do when the attackers start asking for even more money? And what happens when the criminals start really hitting the k-12 systems? Will the districts pay ransom rather than be brought to their knees by locked files?
In related and helpful news, Charlie Osborne reports that Scraper ransomware has been broken, allowing for victims to circumvent payment and access their locked data.

This will (probably) be the last post on this subject. Note: Someone has to use “Worst Practices” so we are motivated to create “Best Practices.”
I continue to look for details on the case of a 14-year old middle school student who is facing two felony counts for allegedly hacking into his district’s network (see previous coverage of the case on this blog here and here).
In today’s installment of How Badly Can a District Screw Up InfoSecurity? Ashley Feinberg of Gawker reports:
Another devious, young techno-wiz was placed safely behind bars this past Wednesday after authorities say he deftly “hacked into his school’s secure computer network” by guessing the password (his teacher’s last name). The crime? Changing the desktop background to two dudes kissin’. The punishment? Arrest on felony charges.
The hacker wunderkind of Holiday, Florida’s Paul R. Smith Middle School, Domanik Green, explained that he uncovered the secret password by “watching the teacher type it in.” At which point, and like a young Julian Assange, he “logged into a teacher’s computer who [he] didn’t like and tried putting inappropriate pictures on his computer to annoy him.”
So he shoulder-surfed the password. Wait until you find out how long ago that happened. In an interview with yet another news station:
Green, interviewed at home, said students would often log into the administrative account to screen-share with their friends. They’d use the school computers’ cameras to see each other, he said.
Green had previously received a three-day suspension for accessing the system inappropriately. Other students also got in trouble at the time, he said. It was a well-known trick, Green said, because the password was easy to remember: a teacher’s last name. He said he discovered it by watching the teacher type it in.
So the district knew last year they had a problem. And what did they do to prevent recurrences? And what did they do to educate the students to understand the seriousness of their conduct?
And why did they issue one password to teachers two years ago, as ABC reports:
During a news conference, Sheriff Chris Nocco said approximately two years ago one password had been given to teachers, which somehow made it into the hands of a student, which was then passed on.
Nocco said the student had the password and was able to make remote access to the computer and was looking for porn.
Apparently a picture of two men kissing is “porn?” Oh well, that may be a whole other discussion.

“Surveillance is as surveillance does.” F. Gump
Joe Cadillic writes that as more and more smart meters and smart devices are deployed, the government will have access to more and more details of our private lives. And it’s the Department of Homeland Security that he’s particularly concerned about:
The answer’s obvious, Homeland Security is behind it. Click here & here to read more.
There’s even a ‘National Energy Sector Cyber Security Organization‘ funded by both the DOE and DHS. For those of you “in the know,” you know there’s really no difference between the DOE and DHS they’re one and the same. Click here, here & here to read more.
Need more proof ‘Smart Meters’ are controlled and monitored by DHS? Look no further than DHS’s ‘Control Systems Security Program' Where they admit to working with “control systems owners, vendors and law enforcement”.
“The Industrial Control Systems Cyber Emergency Response Team collaborates with international and private sector Computer Emergency Response Teams (CERTs) to share control systems-related security incidents and mitigation measures.”..
Read more on MassPrivateI.

From the “You ain't got no stinking privacy!” department: That argument should raise a few eyebrows, even in Philadelphia.
Dustin Slaughter reports:
The City of Philadelphia does not want you to know in which neighborhoods the Philadelphia Police Department (PPD) is focusing their use of powerful automatic license plate readers (ALPR), nor do they want disclosed the effectiveness (or lack thereof) of this technology, as they continue to fight a Declaration public records request filed in January with MuckRock News.
City officials argue in their response that every metro driver is under investigation, in an effort to exempt so-called criminal investigatory records from release under PA’s Right-to-Know Act:
Read more on The Declaration.

This isn't a privacy issue, because the photos are “art”
Hili Perlson writes:
A Supreme Court ruling in favor of photographer Arne Svenson brings troubling news for privacy advocates (already distraught by Edward Snowden’s Smashed Laptop Displayed at the V&A).
When his show “The Neighbors” opened at Julie Saul Gallery in 2013, it was met with outrage, followed by legal action.
Svenson had been taking pictures of New York residents inside their lower Manhattan apartments with a telephoto lens, thus confirming one of the biggest fears New Yorkers have concerning their privacy.
Read more on artnet.
[From the article:
However, conceding that Svenson's work is in fact art is what won the case for him, as the judges' verdict was based on Svenson's First Amendment rights as an artist.
… According to the HR, while New York laws prohibit the “non-consensual use of a person's name, portrait or picture for advertising or trade purposes," the laws also allow an exception for news media and so-called “matters of public concern."

I'm sure everyone will follow everything. (How many people service these accounts?)
Social Media Directory – DHS
by Sabrina I. Pacifici on Dec 27, 2014
“The Department of Homeland Security and its component agencies use numerous social media accounts to provide you with information in more places and more ways [the listing is quite long – what appears below is only a portion of the total]. The Department uses non-government sites to make information and services more widely available. Sometimes we are directly engaging with you on these sites, sometimes we use these services because we want to be where you already are. It’s important to remember that these are commercial sites and are not required to follow government standards.
[Lists omitted. Bob]

Social Networks / Anti-Social Networks. The definition often is very personal.
Divorce by Facebook: New York woman gets OK to file papers online
… Ellanora Arthur Baidoo has been trying to divorce her husband for several years, according to her attorney, Andrew Spinnell.
But, Spinnell said, he and his client haven't been able to find Victor Sena Blood-Dzraku to serve him the papers. Baidoo has been able to reach her husband by phone and "he has told her that he has no fixed address and no place of employment," according to court documents.
"He has also refused to make himself available to be served," the document said.
After exhausting other ways of serving him the papers, Spinnell filed an application asking for "service by alternate means," in this case, via social media.
In his decision, Justice Matthew Cooper said the "advent and ascendency of social media," means sites like Facebook and Twitter are the "next frontier" as "forums through which a summons can be delivered."

Yet another surprising user of social networks? Only if you believe that these elected officials actually type Tweets themselves. I have to think these guidelines are intended to prevent another disaster like the “Hillary's Emails” debacle.
Social Media in the House of Representatives: Frequently Asked Questions
by Sabrina I. Pacifici on Apr 10, 2015
CRS – Social Media in the House of Representatives: Frequently Asked Questions – Jacob R. Straus, Analyst on the Congress; Matthew E. Glassman, Analyst on the Congress. April 2, 2015.
“Recently, the number of Member offices adopting social media as an official communications tool has increased. With the increased use of social media accounts for official representational duties, the House has adopted policies and regulations regarding the creation, content, and use of third-party social media services. This report answers several questions about the regulation of social media accounts in the House of Representatives.
•How does the House define social media?
•How are social media accounts regulated in the House?
•What makes a social media account an official resource?
•Can Members use official funds for social media?
•Is some content prohibited on official social media accounts?
•Do the mass communications regulations apply to social media?”

An interesting application of Data Analytics that my students should be thinking about. (Can you “game” the system?)
Can People Analytics Help Firms Manage People Better?
companies are starting to use data and sophisticated analysis in issues such as recruiting, compensation and performance evaluation because they believe it can help in better decision making.
The Wharton People Analytics Conference 2015 opens in Philadelphia today. Cade Massey, practice professor of operations and information management, and Adam Grant, professor of management and psychology, who lead Wharton’s people analytics initiative, spoke with Knowledge@Wharton about why a data-driven approach to managing people at work is gaining traction.

Laugh at education...
Hack Education Weekly News
… A “discussion draft” of a revision to FERPA was released to the US House of Representatives’ education committee.
Three similar bills recently introduced in the Minnesota legislature would require school districts to notify parents or guardians every time a fellow parent, guardian, or an adult student deems instructional material such as books or movies to be “sexually explicit or obscene and therefore harmful to minors.” Although the bills do not require discontinuing use of the disputed material, the most extreme version would force districts to publicly justify its retention in the curriculum. To make matters worse, all three bills would apparently allow complainants to remain anonymous.
A crowdfunding campaign to robocall all New York parents, urging them to opt their children out of standardized testing. Gee, no issues with privacy or data brokering there.
… From the National Education Policy Center, a report called On the Block: Student Data and Privacy in the Digital Age.” Education Week’s summary:
Its authors, Alex Molnar and Faith Boninger, both University of Colorado researchers, recommend that legal protections be extended beyond students’ formal educational records to include the wide range of student data – including anonymous information and “metadata,” such as what type of device a student is using or where they are accessing the Internet – that is now frequently collected and shared by ed-tech companies. The researchers also recommend that the legal burden to protect students’ information be shifted to include vendors, as well as schools and districts.

This could be useful for my students! What other software might be useful in your browser!
How to Run LibreOffice in Your Web Browser
LibreOffice has done it. They have made the full transition from a speculative branch of popular alternative office software Apache OpenOffice to genuine competitor. Their recent announcement that LibreOffice would be joining the swelling ranks of cloud based office software was met with excitement – there appears to be a massive amount of goodwill toward LibreOffice, and their growing ability to challenge Microsoft continues attract interest.
It isn’t ready just yet. It should be ready by the end of the year. It was originally conceived way back in 2011, alongside announcements for Android and iOS versions – both of which are also yet to appear, with the iOS version potentially never appearing. However, if you want – nay, demand LibreOffice in your browser before the end of the year, MakeUseOf has you covered. Read on, friend!
Using RollApp
If you haven’t come across RollApp yet, it’s certainly worth a look. RollApp builds a cloud based virtual platform, allowing you to run applications within your web browser. Applications behave exactly how their desktop counterparts do, albeit with minute time differences, depending on your Internet connection.

Friday, April 10, 2015

You can see why anyone who deals with security breaches on a regular basis would be disappointed by the way the school handled this. Perhaps someone (their lawyers?) should have walked them through some of the pitfalls of dealing with security breaches, minors, and just plain public relations. Educators in particular seem to need this kind of education.
For those not familiar with it, FCAT is the Florida Comprehensive Assessment Test, a standardized test for assessing student performance.
WTSP reports:
A 14-year-old student at Paul R. Smith Middle School was arrested Wednesday after investigators say he hacked into the school’s computer system and accessed the server containing 2014 FCAT information.
In addition, the student also used the administrative access to take control of a teacher’s computer during class and displayed an image of two men kissing, disrupting classroom activities.
Read more on WTSP. I understand why they did not name the student, but am puzzled that they uploaded the complaint affidavit that shows the student’s physical description, his date of birth, and his mother’s full name and address.
And it’s a shame the news team didn’t ask the school some hard questions about how the student was able to gain administrative access. What does this say about their infosecurity?

(Related) An update.
WTSP has provided a follow-up to a report noted earlier involving a 14-year old student at Paul R. Smith Middle School who is facing two felony charges for allegedly hacking into the Pasco County School District‘s network. Their new report addresses some of the questions I raised in my previous post about the incident.
In their update, the student, who is now named, claims:
“If they would have notified me it was illegal I wouldn’t have done it in the first place but all they said was you shouldn’t be doing that,” said Domanik Green. [Isn't that enough? Bob]
Green had reportedly done something similar last year and was suspended for three days. [But not arrested Bob]
The district’s Responsible Electronic Use Guidelines for Students can be found here, and the Student Code of Conduct can be found here, if you’d like to see how much (or little) they describe computer offenses like hacking and the consequences. Is Green right? Did the district ever tell him that unauthorized access is hacking and that it’s a felony – and that if it happened again, he might be arrested? How did they follow-up on last year’s incident?
But here’s one of the stunning revelations in Casey Cumley’s report:
The sheriff’s office says Green got the password information 2 years ago from a teacher and several students might have had the ability to hack the system.
Why is a password from two years ago still working? And if he did something similar last year, are we to understand that even after that, they still didn’t change the password – or didn’t last year’s incident involve the same password? If it did involve the same password, this is just incredibly negligent on the district’s part, as it would appear they didn’t take what would be obvious, minimal, and reasonable steps to prevent a recurrence of the problem. Even if the password wasn’t involved in last year’s incident, their failure to regularly change passwords may have contributed to the current incident.
And if they’re correct that Green got the password from a teacher two years ago, how did that happen? Was it actually given to him or did he shoulder-surf it? A statement by a district administrator suggests that a teacher may have knowingly provided the password:
“Our department of employee relations are going to investigate why students were allowed to have the password,” said Cobbe.
Amazing, if true. But put down your preferred beverage before you read the next statement from a press conference about the case:
“You have somebody that clearly doesn’t learn their lesson.”
The sheriff was referring to the student. I think his statement is more applicable to the district.
The school district said it is still investigating employees and there will be disciplinary actions taken for anyone who might have shared password information.
Shouldn’t that investigation and any action have occurred last year after they first discovered the student had improperly accessed the network?
And this, children, may be a useful example of why school districts should never be allowed to collect and store sensitive student information and why we can’t have pretty things.
Read the full report on WTSP.

I'm not the only one pointing to poor school security.
Education Sector Struggles With Botnets: BitSight
The education industry – which includes education companies, schools and colleges - brought up the rear in a new study from BitSight examining the connection between botnets and data breaches. According to BitSight, fewer than 23 percent earned an 'A' grade, while more than 33 percent earned an 'F'.
The report examined the ratings and risk vectors for 6,273 companies between March 2014 and March 2015.
organizations with a grade 'B' or below were 2.2 times as likely to have a publicly-disclosed breach compared to those who achieved an A, according to the report.
The second-worst industry in the study was the utilities industry, which had more than 50 percent of the companies receiving a grade of B or lower. Perhaps unsurprisingly, the best scoring vertical was the financial industry, where 74 percent of organizations scored an A.

For my Computer Security students. This is a small network of “kidnapped” computers. Imagine how easy it is to take control of these computers.
U.S., European police break up network of 12,000 computers taken over by criminals
Law enforcement agencies in Europe and the United States have dismantled a network comprising at least 12,000 in computers that had been taken over by criminals, Europol said on Thursday.
The software used to infect the computers was "very sophisticated" but the network was relatively small compared to others uncovered in the past, Europol said in a statement.
… It was impossible to estimate the damage costs, he said, adding that no arrests have been made.

Admitting Tracking ‘Bug,’ Facebook Defends European Privacy Practices
Facebook Inc. pushed back on Thursday against some accusations from Belgian scholars that the social network trampled over its users’ privacy rights – but admitted that the academics found a “bug” that mistakenly tracked people even while they weren’t on Facebook’s website.
The company said it has started to fix the problem
… But Richard Allan, the company’s European policy chief, said in a blog post that the group of Belgian academics reached the wrong conclusions. “The report gets it wrong multiple times in asserting how Facebook uses information to provide our service to more than a billion people around the world,” he said.
The report, commissioned by the Belgian government’s privacy watchdog, analyzed an update of Facebook’s terms of use that went into effect Jan. 31. The Belgian agency is part of a group of European privacy watchdogs, including France and Spain, that are investigating Facebook’s privacy practices.
The watchdog, the Belgian Privacy Commission, doesn’t have the power to directly fine or sanction Facebook. But there is a growing belief among privacy regulators that Facebook and other U.S. tech companies need to face more scrutiny – and potential fines – for their practices of using personal information to fuel their lucrative advertising sales.

(Related) Do you begin to see why we have problems teaching people how to protect themselves?
Millions Of People Think They Use Facebook, But Not The Internet
… Many admit to spending far too much time on the world’s most popular social network, but they are, at least, aware that they’re using the Internet; yet studies (including one by think-tank LIRNEasia) in countries like Indonesia, Africa, and the Philippines have found that those surveyed love Facebook – but assert that they don’t use the web. It’s not simple ignorance. They’ve been brought into this culture. While many of us have been introduced to the idea of Facebook through the Internet, in the minds of millions, the two exist separately because their first interaction with the World Wide Web is via the social network.
… Many service providers offer low-priced Facebook-only data plans, while Facebook Zero gives – you guessed it – entirely free access to the social network exclusively.
… Initially, the fact that people think they’re using Facebook but not the Internet is quite funny. It sounds so improbable.
But considering that Facebook already knows a surprising amount about you, this is potentially a huge issue.

Don't all levels of law enforcement do this? If it works they have precedent. If not all they need do is wait a while and try again. Like hackers, they only need to succeed once.
Microsoft: Feds are 'rewriting' the law to obtain emails overseas
The Obama administration is abandoning decades of established law in order to force Microsoft to hand over data from a foreign server, the software giant claims.
“For an argument that purports to rest on the 'explicit text of the statute,’ the Government rewrites an awful lot of it,” Microsoft said in a new brief as part of its case against the government.
“Congress never intended to reach, nor even anticipated, private communications stored in a foreign country when it enacted” the 1986 Electronic Communications Privacy Act, Microsoft said.
Yet that, it claims, is exactly what the Justice Department is trying to do by issuing a search warrant ordering Microsoft to give up a suspected drug trafficker’s email and records from an Irish data center.
Microsoft has claimed that digital data is no different than paper files in a desk drawer. If the government wants to obtain such files from another country, it needs to go through a foreign treaty process, the company says. Otherwise, it’s up to Congress to change the meaning of the law.

Toward the “Education on demand” market?
LinkedIn to Buy Career-Skills Educator for $1.5 Billion
LinkedIn Corp. has entered the growing market for online learning with its $1.5 billion purchase of Inc., a website that got its start 20 years ago and has since emerged as a leader in professional training videos.
The cash-and-stock deal is LinkedIn’s largest acquisition and gives the professional networking site one of the biggest online libraries of video tutorials, with courses ranging from Web design to digital photography.’s ability to certify the people who have completed courses could also provide valuable data to the millions of recruiters who pay LinkedIn to find and assess potential job candidates. Such credentials can give employers an indication that a candidate has some level of knowledge about a topic, or at least has passed a test about it. But it is unclear if employers will take such nontraditional certifications seriously.
… The overall market for e-learning is estimated to hit $107 billion this year, according to Global Industry Analysts Inc.

Something to distract my students? (Article 5)
Pacapong Combines Class Video Games
Why limit yourself to playing just one classic video game at a time when Pacapong allows you to play four games at once? The four in question being Pac-Man, Pong, Space Invaders, and Donkey Kong. Unfortunately, this combination makes Pacapong fiendishly difficult.
Using the bats from Pong, you launch Pac-Man across the board, collecting pills while avoiding ghosts. And while Pac is doing his thing, YOU have to shoot aliens from Space Invaders while avoiding barrels from Donkey Kong. Simple.
Pacapong, created by developer KingPenguin, is available to download for free on Windows, Mac, and Linux.

Thursday, April 09, 2015

With these Apps, everyone can “broadcast” video in real time. Beyond the concerns of the MPAA (video from theaters) RIAA (videos of rock concerts) there are implications for Privacy and the infrastructure of the Internet.
CIO Journal: MLB to Monitor Use of Video-Streaming Apps
Major League Baseball will be monitoring the way fans use new live-streaming apps, such as Meerkat and Periscope, during games.
Games are licensed content and MLB policy prohibits fans from taking live video. Credentialed media are limited to 120 seconds or less of video, the policy says. “Fans don’t have the right to emulate the game. Live streaming doesn’t change that,” said Bob Bowman, president of business and media for the league.
… The Meerkat and Periscope apps allow smartphone users to broadcast live video from their mobile devices. The apps are competing to become the dominant self-broadcasting software on social media.

Teens, Social Media & Technology Overview 2015
Aided by the convenience and constant access provided by mobile devices, especially smartphones, 92% of teens report going online daily — including 24% who say they go online “almost constantly,” according to a new study from Pew Research Center. More than half (56%) of teens — defined in this report as those ages 13 to 17 — go online several times a day, and 12% report once-a-day use. Just 6% of teens report going online weekly, and 2% go online less often.

You have personal data, therefore you must be working with the NSA!
Facebook hit by class action lawsuit focused on data privacy
A privacy lawsuit brought against Facebook by 25,000 people begins today, with the social network being accused of illegally tracking user data.
The class action case also alleges that the tech giant took part in the NSA’s PRISM programme, which raked personal data from the servers of major US companies with their apparent agreement.
While Facebook denies any involvement, the claimants hope the case will improve tech companies' attitudes to data protection.
Campaigner Max Schrems said in an AFP interview: “We are asking Facebook to stop mass surveillance, to [have] a proper privacy policy that people can understand, but also to stop collecting data of people that are not even Facebook users.

(Related) What I want my lawyer to learn.
Linn Freedman writes:
We have been closely watching the class action suits against PF Chang’s (and other retailers) relating to the bistro’s data breach last year. In December, a federal district court in Illinois dismissed a proposed class action against PF Chang’s because the plaintiffs were unable to show that they had suffered actual harm as a result of the data breach and therefore, did not have standing to pursue the claims. The plaintiffs appealed the dismissal to the Seventh Circuit Court of Appeals, and on March 20, 2015, PF Chang’s requested that the Seventh Circuit affirm the lower court’s dismissal.
Last week, a Washington federal judge followed suit and dismissed another proposed class action against PF Chang’s in Washington federal court because the plaintiff was unable to show that he has suffered any appreciable harm as a result of the data breach.
Read more on JDSupra.

For my Excel and Data Analytics students.
Host Analytics Intros Modeling Cloud
Finance departments are increasingly seeking more sophisticated analytics, self-service analytics and improved access to financial and operational data.
Yet Excel spreadsheets remain the analytic tool of choice for most finance professionals. "Our recent research shows that most companies still use spreadsheets exclusively for budgeting and operational planning, and their plans end up less accurate as a result," said Robert Kugel, senior vice president and research director at Ventana Research.
The main reason users favor spreadsheets, Kugel said, is their ease of use. "… Software vendors have been historically challenged to deliver a modeling environment to match that ease of use," he said.
Host Analytics has introduced Host Analytics Modeling Cloud, a new module in its cloud enterprise performance management (EPM) suite that is designed to allow finance pros to create data models in Excel spreadsheets or via a Web browser or mobile device with a patent-pending "write once, run anywhere" architecture.
Analytical views and reports are saved in a common, cross-platform format, the company promises. So users can create a report in Excel and view it unchanged on a mobile device, or create a report in a Web browser for a power user to analyze in Excel.
… Available now, Host Analytics Modeling Cloud incorporates several buzz-worthy technologies, including HTML5, NoSQL, in-memory computing and a patent-pending cloud-based calculation engine.
Discussing Host Analytics' use of NoSQL, Walter said it provides a "schemaless" database structure so organizations can store models and calculations in optimized structures rather than force-fitting them into the traditional table structures of relational databases.

Your Excel formulas cheat sheet: 15 tips for calculations and common tasks

For my students who take notes. (Take note, students!)
OneNote Is Now Truly Free with More Features Than Before
… For a while, the cross-platform note-taking app Evernote was the de facto standard. That’s not true anymore. While Evernote is still a remarkable app, Microsoft recently upped their game when they announced that OneNote would be more free than ever before.
… When OneNote first went free in 2014, it was only cause for semi-celebration. Sure, it meant that anyone could download it and start taking notes right away, plus it was also made available for Mac at that same time.
But there were still a few killer features that were held behind a premium version only available to Office 365 and Office 2013 customers. With their most recent announcement, Microsoft has removed all restrictions from the free version of OneNote.
… Not sure where to start? Check out these OneNote tips for beginners. And if you’re still yearning for more, keep going with these advanced OneNote tips.

Wednesday, April 08, 2015

Always consider the worst possible outcome of any hack. Protecting your data from deletion also protects it from other risks. I can only find the report in Spanish.
Destructive hacking attempts target critical infrastructure in Americas: survey
Hacking attacks that destroy rather than steal data or that manipulate equipment are far more prevalent than widely believed, according to a survey of critical infrastructure organizations throughout North and South America.
The poll by the Organization of American States, released on Tuesday, found that 40 percent of respondents had battled attempts to shut down their computer networks, 44 percent had dealt with bids to delete files and 54 percent had encountered “attempts to manipulate” their equipment through a control system.
Those figures are all the more remarkable because only 60 percent of the 575 respondents said they had detected any attempts to steal data, long considered the predominant hacking goal.

Russia is not that clumsy. (If they had done it, North Korea would be blamed.) Perhaps hackers who reside in Russia and used this hack to “try out” for the big leagues?
Report: Russia Behind 2014 Attack on White House Computer System
Russian hackers last year were able to breach a White House computer system after a successful cyber-attack on the State Department, a news report said Tuesday.
The report by CNN says the hackers were able to get sensitive information, including non-public details about President Obama's schedule.

For those who have “nothing to hide?”
Sextortion Has Evolved And It’s Scarier Than Ever
Sextortion is an abhorrent, prevalent blackmailing technique – and it’s now even more intimidating.
It’s a simple practise, and increasingly widespread as our obsession with documenting ourselves develops. We record our lives through social media, and communication is so easy. We can share a lot with friends and family.
Cybercriminals are taking advantage of this. And it’s only getting worse.

Whatever it does, it does not prevent cheating. My students can tell you 99 ways to “beat the system” just of the tops of their heads. (Start with a partner positioned behind the camera...)
Lauren R.D. Fox reports:
Rutgers University and other academic institutions are using a monitoring program, Proctortrack, that reveals if a student is cheating on an exam for their online course.
Betsey Chao, a senior at Rutgers told The New York Times, she had to download the software on her computer and it uses her webcam to scan her features and verify her identity before her exams. During the exam, ProctorTrack flashes a red warning band to notify her that it is monitoring her computer activity and recording a video of her. It also shows a live image of Chao or any student who uses the tracking device during an exam. Proctortrack also surveys if students have opened apps or web browsers during online exams.
Read more on Madame Noire.

Interesting article. Perhaps hoodies make you smarter?
Jay Edelson, the Class-Action Lawyer Who May Be Tech’s Least Friended Man
When technology executives imagine the boogeyman, they see a baby-face guy in wire-rim glasses. His name is Jay Edelson.
Mr. Edelson, 42, is a class-action lawyer. He is also, if not the most hated person in Silicon Valley, very close to it. His firm, Edelson PC, specializes in suing technology companies, claiming privacy violations.
… Edelson’s investigative team, which consists of three lawyers and a computer analyst. The group’s job, to put it plainly, is to find ways to sue companies [Another employment option for my Ethical Hackers? Bob]
… One of the members of the investigative unit is Shawn Davis, a digital forensics expert who previously worked as a network security analyst. Now, from an office strewn with cables and old cellphones, he spends his day playing with new devices as well as trawling through websites and mobile apps to try to figure out what kinds of data companies are collecting and how.

Got your attention, didn't it.
Greek PM in Moscow for Putin meet that rattles EU
Greek Prime Minister Alexis Tsipras was to meet Kremlin strongman Vladimir Putin in Moscow on Wednesday as part of an eye-catching visit that has fuelled EU fears that cash-strapped Athens is cosying up to Russia.
The two-day trip comes as Tsipras is battling to unblock a rescue package from the EU and IMF, with some in Brussels warning against any move to barter financial support from Moscow for political backing over the Ukraine crisis.
But analysts say that while the visit might see Moscow lift an embargo on Greek fruit, overall it is more about political grandstanding aimed at pressuring Europe rather than a serious shift in policy. Tsipras, a former Communist who came to power in January, has made no secret of seeking closer ties to Russia at a time when Moscow is at loggerheads with the European Union over the conflict in Ukraine.

For my Big Data students.
NIST Big Data interoperability Framework
by Sabrina I. Pacifici on Apr 7, 2015
NIST is seeking feedback on the Version 1 draft of the NIST Big Data Interoperability Framework. Once public comments are received, compiled, and addressed by the NBD-PWG, and reviewed and approved by NIST internal editorial board, Version 1 of Volume 1 through Volume 7 will be published as final. Three versions are planned, with Versions 2 and 3 building on the first. Further explanation of the three planned versions and the information contained therein is included in each volume.
NIST Big Data Definitions & Taxonomies Subgroup
1. M0392: Draft SP 1500-1 — Volume 1: Definitions
2. M0393: Draft SP 1500-2 — Volume 2: Taxonomies
NIST Big Data Use Case & Requirements Subgroup
3. M0394: Draft SP 1500-3 — Volume 3: Use Case & Requirements (See Use Cases Lising)
NIST Big Data Security & Privacy Subgroup
4. M0395: Draft SP 1500-4 — Volume 4: Security and Privacy
NIST Big Data Reference Architecture Subgroup
5. M0396: Draft SP 1500-5 — Volume 5: Architectures White Paper Survey
6. M0397: Draft SP 1500-6 — Volume 6: Reference Architecture
NIST Big Data Technology Roadmap Subgroup
7. M0398: Draft SP 1500-7 — Volume 7: Standards Roadmap

Interesting failure of the customer feedback system reversed because of pressure from social networks?
He Said, She Said: How Uber Relied on Data in an Assault Dispute
… Stephanie complained to Uber that night. And though the company responded quickly—she had a reply by Sunday morning—the message she received was puzzling. Uber didn't seem to understand the seriousness of what had happened. "Our investigation is complete and the situation is closed," an Uber employee wrote, according to a screenshot of an email Stephanie provided.
… Uber's response didn't reassure her that the driver was being held accountable, Stephanie said. After she started tweeting at journalists about what had happened, she said the company apologized and credited her account for the ride. But she still didn't know what happened to the driver. "To my question of whether he could guarantee that this racist driver would not be the one to pick me up the next time I called an Uber, [the Uber representative] responded that he could not," Stephanie said. "Apparently, I do not have the right to know if the person entrusted with my safety would be fired for endangering me and calling me racial and sexist slurs."
As it turned out, Uber did ban the driver from using its platform, a spokeswoman confirmed. That decision is irreversible. In the 48 hours after her ride, Stephanie's complaint worked its way up the chain of command—a complaint of this nature is considered "critical," said Jennifer Mullin, an Uber spokeswoman. Uber acknowledged it mishandled its initial response to Stephanie's complaint. And the incident highlights how the company draws on its trove of user and driver data to decide how to proceed when a driver and a passenger have a dispute.

Another indication that organizations have to start using all the available data, not just the data they have in their systems. This should be interesting to my Data Management students. (Hint: It really, really should.)
Oracle brings big data back to database administrators
Now that many enterprises are seeing value in big data analysis, it may be time for their database administrators and data warehouse managers to get involved.
Oracle has released a new extension for its Oracle Data Integrator middleware that allows DBAs and data warehouse experts to treat big data repositories as just another data source, alongside their structured databases and data warehouses.
The Oracle Data Integrator for Big Data "makes a non-Hadoop developer instantly productive on Hadoop," said Jeff Pollock, Oracle vice president of product management.
… ODI provides the ability for organizations to pull together data from multiple sources and formats, such as relational data hosted in IBM or Microsoft databases, and material residing in Teradata data warehouses. So it was a natural step to connect to big data repositories to ODI as well.

(Related) This is exactly what my Data Management students found the last time I taught the class.
Why No One Uses the Corporate Social Network
… Altimeter’s research shows that less than half of the enterprise collaboration tools installed have many employees using them regularly (see figure below).

(Related) Twitter – outside the Google box? (I would have thought Microsoft was a better home for Twitter.)
Twitter: A Google Search For A Social Networking Firm?
The market is rife with rumors that Google is seriously considering buying out its social networking peer after somebody said that Twitter had hired Goldman Sachs to deal with a couple of unsolicited suitors.
There are only a handful of companies that have both the resources and the need for a social networking platform and Google seems to top that list. Amazon or Microsoft seem like a stretch of the imagination and Facebook has little need.

Apparently GIFs are more popular than I thought. (Article 5)
Hulu Launches Its Own GIF Tumblr
Hulu has launched its own Tumblr which acts as a GIF search engine for its content. Called The Perfect GIF, the Hulu Tumblr allows you to find just the right GIF to visualize your thoughts, with new GIFs being added on a regular basis.
This isn’t out of charity, of course, with all of the GIFs including the name of the show and the Hulu branding. Thus, Hulu gets free advertising every time someone posts one of its GIFs on a social network. Which, given how popular GIFs are becoming, will be often.

Tuesday, April 07, 2015

Rather unusual, but I expect many more, soon.
It appears we have another criminal prosecution under HIPAA.
In May 2014, ProMedica disclosed that almost 600 Bay Park Hospital patients were to be notified of an insider breach. In June, police announced that no criminal charges would be filed because their investigation found that no patient information such as social security numbers or financial information had been compromised. At the time, they noted that a HIPAA investigation would continue, however.
Today, Amulya Raghuveer reports that Jamie Knapp, the former employee who was a respiratory therapist, has been indicted by a federal court on charges that she unlawfully obtained individually identifiable health information and engaged in unauthorized access of a protected computer. The first charge is under HIPAA, while the second charge is under the Computer Fraud and Abuse Act (CFAA).
She is alleged to have accessed patient’s health information between May 10, 2013 to March 25, 2014.
Read more on NBC.
The case is United States of America v. Knapp, 3:15-cr-00132-JJH-1 in the Northern District of Ohio. The indictment does not specify what types of personal information were accessed, although hospital officials have said no financial information was involved. Attachments to the indictment are currently restricted access.

Something for my Intro to Computer Security students. (All my students actually) Interesting tag line: “You are not an individual. You are a data cluster.”
Digital Shadow Exposes What Facebook Really Knows About You
How much can people discover about you over social media? It began as a mere marketing stunt, but Digital Shadow remains a very useful (and potentially scary) application.
Ubisoft’s Watch Dogs is a sci-fi game that works on a smart premise: that our lives can be laid out to a hacker and used against us. Our family, our friends, our interests, our personalities: they build up a digital trail, leaving us exposed. It sounds like an Asimov or Bradbury concept, but the accompanying Digital Shadow, used to advertise the game, shows us that this dystopia isn’t too far removed from today.
By allowing it access to Facebook, Digital Shadow gets to know you. But how accurate is it really? I let it loose on my profile to find out…
… It’s very easy to use. You just sign in using Facebook as you might when commenting on sites.
Within 10 seconds, it’s pulled together all it needs to know.
… Results vary wildly. It depends on how much time you spend on Facebook, how many photos you’re tagged in, how often you update your status.
As a marketing stunt, Ubisoft has done brilliantly. It’s memorable, emotive, and creepy. As a tool to find out about your digital trail, it’s the tip of the iceberg: Facebook knows even more. Nonetheless, this could be wake-up call for millions of people.

I wonder of there were drones looking over their shoulders as they drafted this?
Legislating for Drones: A Guide and Model Ordinances
by Sabrina I. Pacifici on Apr 6, 2015
McNeal, Gregory S. and Rule, Troy A., Legislating for Drones: A Guide and Model Ordinances (April 2, 2015). Available for download at SSRN:
“Drones, also known as unmanned aerial vehicles, present enormous benefits for local government officials, but they are also creating new conflicts with existing land uses. The growing popularity of drones necessitates the crafting of innovative laws and ordinances designed to safeguard privacy and protect landowners’ property rights. At the same time, many municipalities are also searching for ways to accommodate drone technologies and attract and promote drone-related economic development.
This Guide and its accompanying model ordinances seek to educate local government officials about drone-related laws and to assist them in adopting such laws within their respective jurisdictions. Carefully-crafted drone ordinances can be a low-cost way for local governments to balance competing privacy and economic development concerns related to drones.”

Just because it's a “first” does not mean it's important. Does it?
DOJ files first antitrust case for e-commerce
… David Topkins pleaded guilty to conspiring to illegally fix the prices of posters he sold through an Amazon Marketplace store in the latter half of 2013.
… The Justice Department accused Topkins and his unnamed co-conspirators of using an algorithm to coordinate how they would change the price of their posters and then develop computer code to set prices in accordance with the agreement.

Cheaper than a smartphone but you have to find a monitor to plug into? I don't get it.
Intel's PC-on-a-stick dongle now available for preorder
Newegg is offering preorders of the Compute Stick with a release date of April 24. (Update at 11:11 a.m. PT: now showing out of stock on both with estimated arrival on May 1). The Windows version costs $150 and the Linus version costs $110. Amazon also shows listings for the Windows and Linux versions, but with no pricing or availability information.
… Getting the Compute Stick up and running won't take much. The device is simply plugged into a monitor's HDMI port and turned on. Once it boots up, the owner's operating system of choice is running and with a Bluetooth keyboard and mouse, the device can provide a full computing experience.
… The Compute Stick is also a competitor to the Asus Chromebit announced last week. Like the Compute Stick, the Asus Chromebit connects to an HDMI monitor and with help from Bluetooth, provides a full computing experience. However, the Chromebit is running on Google's Chrome operating system, rather than the Windows and Linux options available on the Compute Stick. Chromebit is slated to launch this summer for under $100.

Still not exactly what I want my students to use when writing their own textbook, but we're getting closer.
4 Quick Ways to Write & Publish Books on the Web
The world of publishing is changing thanks to the Internet. People aren’t willing to put their fates in the hands of traditional gatekeepers anypmore. Writers aren’t just writers anymore. In a lot of ways, writers are the new publishers.
… But I’m not just talking about the print-on-demand kind of self-publishing. There are a handful of new web services and tools that kick it up to the next level.

For my website students.
How Are Websites Built in 2015?
When it comes to building websites, there are a lot of ways in which the job gets done. While we, as end users, just see the final results, designers have a million things to think about when it comes to how they build a site.
Like everything, web design is all about trends. In 2015, there are a few different ways that websites tend to come together. Interested in a look behind the curtain to see how most websites will come to be in 2015? Check out the infographic below for a fascinating look.
Via Rukzuk

For all my students. “One should drink in the culture!” Oh wait, I said that. (Because today is national beer day )
New to Craft Beer? Start with the Best Beer Websites & Communities
… Admittedly, beer is an acquired taste. [Some of us acquired a love of beer at first sip. Bob] At this point, non-drinkers of beer are asking, “Why go through the misery of acquiring the taste?” Because once acquired, beer offers a certain world of taste that no other beverage can — as long as you avoid the mainstream macro brands.
If you simply don’t like beer, that’s fine! Drink what you like and don’t let anyone — including myself — tell you otherwise. But if you want to experience the wonders of craft beer, then these websites will help you on that journey.

For those of us still using the biblical method (Seek and ye shall find)
Teach yourself Touch Typing with Free Tools
Touch typing, or the art of typing with your 10 fingers, can do wonders to your productivity. Most technologically literate people know a bit of typing but if you can type without looking at the computer keyboard, you can get work done faster and gain an edge.
… If you are just getting started, the BBC’s Dance Mat Typing should be your go-to resource. It is a browser-based game for kids where each lesson touches a different set of keys and there’s a game at the end of each level to test what you have learned. The lessons would require the Adobe Flash player enabled in your browser.
The next recommended resource is, a free website where you’ll find interactive tutorials and drills to help you learn typing step-by-step. Typing Study is a similar resource but unlike other typing lesson that focus on the English keyboard, Typing Study has lessons for keyboards of most popular languages including Hindi and it requires no Flash Player either.
Tipp10 (Mac, Windows) and Typist (Mac only) are desktop software that teach typing offline and you also have the option to upload your own text – like pages of your favorite novel – for practice.

Very slick! My students often take pictures of the Math problems I work on the whiteboard. Perhaps there is a use for this App?
Office Lens - Digitize Handwritten Notes and Diagrams
Office Lens is a new app for iOS and Android (still in limited beta) designed for converting pictures of notes on whiteboards and paper into notes that can be edited in Microsoft Word or PowerPoint. If you don't need to edit the notes that your take pictures of, you can simply export the file created by Office Lens to JPEG or PDF. Probably the neatest aspect of Office Lens is that hand-drawn images and figures captured through the app can be separated from the text to move and manipulate as individual objects in PowerPoint slides. See the video below for an overview of Office Lens.
Office Lens could be a great app for students to use to snap a picture of something on a whiteboard then add their own comments to it in a Word Document.
The option in Office Lens to separate hand-drawn objects could be a good way to digitize a brainstorming session. When I brainstorm I often do it in a paper notebook that has pages of edits. By taking a picture of the brainstorming session I could separate each part of the notes then move them into new positions on slides or in a document.