Saturday, April 25, 2015

Relatively small breaches, but it makes me wonder if there is someone who does not like Ascension Health or if this is part of a broader targeting of health providers because of the type of information they store about their “customers?” (Perhaps details of their medical insurance coverage?)
Is Ascension Health being targeted by attackers successfully acquiring employee e-mail account logins via phishing?
Zach Lozano reports that Seton Family of Hospitals will provide free identity monitoring and protection services for patients who had their personal information leaked in a phishing attack targeting employee emails:
Approximately 39,000 patients received letters about the breach in which hackers accessed protected patient information, including demographic information, medical record numbers, insurance information and Social Security numbers. Seton was notified of the breach on Feb. 26.
Well, that last statement is not quite accurate, as I’ll explain below, but you can read the rest of his report on KXAN.
In looking into this incident, I became suspicious when I noted that Seton is part of Ascension Health. This past week, another Ascension member, St. Vincent Medical Group in Indiana, also reported a phishing attack but they learned of theirs on December 3, not in February. So I started digging more, wondering if Ascension hospitals are being targeted just as we saw both Baylor facilities and Franciscan Health/Catholic Health Initiatives facilities being targeted by phishing attacks. And sure enough, I found a notice on Seton’s site that reports that they actually became aware of the phishing attack on December 4 – the day after St. Vincent’s learned of their breach. Seton’s notification is basically the same as St. Vincent’s notification after adjusting for date of discovery and number affected. Here’s the main part of Seton’s notice:
The privacy and security of patient information is of utmost importance to Seton Family of Hospitals, a division of Seton Healthcare Family (“Seton”), and Seton has implemented significant security measures to protect such information. Regrettably, despite the efforts to safeguard patient information, an email phishing attack has affected Seton’s patients.
Seton experienced an email phishing attack on December 4, 2014, which targeted the user names and passwords of Seton employees. Upon the determination that an email account had been compromised, the user name and password was immediately shut down. Seton launched an investigation into the matter, and the investigation has required electronic and manual review of affected e-mails to determine the scope of the incident. Seton engaged computer forensics experts to assist with the investigation. Through the ongoing investigation of this matter, we determined on February 26, 2015, that the employee e-mail accounts subject to the phishing attempt contained some personal health information for approximately 39,000 patients.
The personal health information in the e-mail accounts included demographic information (i.e., name, address, gender, date of birth, etc.), medical record numbers, insurance information, limited clinical information and, in some cases, Social Security numbers. The hackers did not gain access to individual medical records or billing records.
I wonder whether we’ll learn that other Ascension Health members have been similarly targeted. Ascension Health describes itself as the largest non-profit health system in the U.S., with 131 hospitals. As their site also indicates, Ascension Information Services (“AIS”) was formed as a nonprofit corporation in 2005, and AIS provides information technology infrastructure and software application support services to all member entities of Ascension. But who provides the training to employees how to not fall for phishing attempts?

Wow! Five whole months!
Josh Dickey reports:
No one has been the victim of identity theft in the five months since the cyber attack on Sony Pictures Entertainment exposed reams of sensitive data, so a class-action lawsuit should be dismissed, the studio argues in court documents acquired Friday by Mashable.
Read more on Mashable.

No one has noticed for 25 years? I wonder if the “new” password procedure came before or after the article on their password? I'm guessing very soon after.
Earlier today, asked Verifone for a comment or response to the report about an unnamed firm using the same default password for 25 years, as it was pretty easy to figure out from a Google search that an unnamed vendor was them.
Gene Cyranski, Vice President of Zeno Group kindly sent this statement in response:
The Verifone default password is Z66831 and is loaded on all Verifone devices in the field. The purpose of this default password is to simply initiate terminal installation, and it is not intended to serve as a strong security control. The default password made its way over the years into the public domain and can be found on the Internet, along with instructions on programming terminals. The important fact to point out is that even knowing this password, sensitive payment information or PII cannot be captured. To date, Verifone has not witnessed any attacks on the security of its terminals based on default passwords. What the password allows someone to do is to configure some settings on the terminal; all executables have to be file signed, and it is not possible to enter malware just by knowing passwords. While Verifone has not changed the passwords, clients/partners/merchants are always strongly advised to change the “default” password upon terminal installation and set-up. New Verifone products come with a “pre-expired” password, which will require merchants to change the password during installation and set-up.

Still very little on offensive thinking? I can recommend plenty of offensive students.
Department of Defense Unveils New Cyber Strategy
The U.S. Department of Defense (DoD) on Thursday unveiled its latest cyber strategy, described as a way to guide the development of DoD's cyber forces and strengthen its cyber defense and cyber deterrence posture.
… “There may be times when the President or the Secretary of Defense may determine that it would be appropriate for the U.S. military to conduct cyber operations to disrupt an adversary’s military related networks or infrastructure so that the U.S. military can protect U.S. interests in an area of operations," the strategy says. "For example, the United States military might use cyber operations to terminate an ongoing conflict on U.S. terms, or to disrupt an adversary’s military systems to prevent the use of force against U.S. interests. United States Cyber Command (USCYBERCOM) may also be directed to conduct cyber operations, in coordination with other U.S. government agencies as appropriate, to deter or defeat strategic threats in other domains."
"In contrast, the 2011 DOD Strategy for Operating in Cyberspace made little reference to the Pentagon’s operational or offensive cyber capabilities, although U.S. officials have spoken about the issue, and there are leaked classified documents that outlined U.S. policy and planning for offensive cyber operations," noted Denise E. Zheng, Deputy Director and Senior Fellow at the Center for Strategic and International Studies.
The full transcript of Carter's speech is available online.

As any good accountant would say, “What do you want the cost to be?”
Robert Hackett reports:
A single stolen customer record costs probably somewhere between $0.58 and $201. What’s the best model?
A few weeks ago Fortune visited a law firm where one partner lamented the quality of cost estimates for big companies suffering data breaches—a vital consideration for businesses seeking to manage their risk and score reasonably priced insurance policies. (Who and where are unimportant for the purposes of the story.) Prompted by a recent analysis of 10-k filings which concluded that the impact of breaches to corporate bottom lines is trivial, the conversation stirred the lawyer’s excitement—and vexation. There are no good estimates, the lawyer rued.
Read more on Fortune.

How do you start your search? Do you Google “gang” or do you Google “black kids?” Has anyone published guidelines?
Rose Hackman reports:
Critics say the NYPD’s trawling of social media for gang activity – affecting children as young as 10 – is disproportionate and may amount to racial profiling.
Read more on Raw Story.

When you have no control, everything becomes more complicated.
Court reminds State to produce Clinton emails in ‘shortest’ time possible
An appeals court gently warned the State Department on Friday to release relevant public documents quickly from among the large batch of emails Hillary Clinton turned over to the agency from her private server.
The U.S. Appeals Court for the District of Columbia ruled the best way to handle a Freedom of Information Act case involving the emails would be to send it back to the district court, which will determine the “most efficient way to proceed under FOIA.”
… The agency is sorting through the emails for potential redactions in process it says could take months. [State can't rely on the claim that there was “nothing classified” discussed on any of the emails. Bob]
In the meantime, outside groups have argued their previous Freedom of Information Act requests to the State Department were incomplete because they lacked Clinton’s emails.

Something for my students?
5 GIF Search Engines & Tools You Haven’t Heard Of Yet
GIFs are the language of the web, but some people are better at speaking it than others. If you’ve got a friend who always amazes you with her ability to find the perfect reaction GIFs, you need to find better tools.
Today, Cool Websites and Apps points out five websites for finding, and creating, GIFs – all of which we’ve yet to mention as a site. We’ve shown you obvious things, like the GIF search engine Giphy, but as GIFs (continue!) to grow in popularity more sites pop up.
Even major media corporations are getting in on it.

Eventually, I'd like my Data Management students to understand this kind of analysis as well as purely internal number crunching. (Also for my statistics students)
You may have doubts, as some readers did, about whether Google searches are a reliable way to predict that an NHL expansion team would struggle in Las Vegas. But it’s actually a pretty good way to forecast this kind of thing, and there’s another way to prove it:
It turns out that there’s a strong relationship between Google searches and an NHL team’s bottom line. How often fans are Googling the term “NHL” in a metro area reliably predicts how much they’re spending on hockey tickets.
In the chart below, I’ve estimated how much fans spent on tickets at each NHL arena during the past regular season. The process is simple: I just took total home attendance and multiplied it by the average ticket price.1 Then I compared ticket spending against the estimated number of NHL fans in each market based on Google search traffic.2

For my student twits?
How to Cite a Tweet in MLA, APA, and Chicago Style
As social media has evolved it has crept into academic work. I've even given research assignments in which I've asked my students to seek out and cite quotes from people on Twitter. More and more I'm asked, "how do I cite a Tweet?" In fact, I was asked this in an email last night. If you're citing for a blog post, you can just embed the Tweet. If you're citing for a more formal work you will want to follow guidelines of MLA, APA, or Chicago Style.
Guidelines and examples for citing a Tweet in MLA style can be found here.
Guidelines and examples for citing Tweets in APA are available here.
If you need guidelines and examples of citing a Tweet in Chicago Style, click here.
Those who use tools like EasyBib or RefMe should note that the Tweet citations generated by those tools don't exactly match the guidelines set by APA, MLA, or Chicago Style. I tried both tools for citing Tweets and found that I had to slightly modify the formatting produced by those tools.

Friday, April 24, 2015

“We have to buy new stuff and we don't have money in the budget. We need people with special skills and we can't find anyone who will work for a state salary. We're not sure who should be responsible and we can't stop arguing about that long enough to actually do anything.” Typical government. What would happen if the data center stopped doing any other work until they had security under control?
Hillary Borrud reports:
Three years after state auditors identified security weaknesses at Oregon’s main data center in Salem, the state has yet to fix some of the problems.
The vulnerabilities were outlined in a secret March 2012 letter to Michael Jordan, who, at the time, was director of the Department of Administrative Services, which manages the data warehouse. The facility stores data for multiple state agencies.
Read more on Portland Tribune
[From the article:
Hackers recently accessed data at the center, Gov. Kate Brown revealed last month, but Shelby said that breach was unrelated to the security problems auditors identified. [Even more security vulnerabilities? Bob] However, Shelby said one of the suggestions auditors laid out in the letter would have helped IT staff to more quickly assess which types of data attackers accessed.

I thought this sounded a bit cheap...
Reuters reports:
A group of small banks and credit unions suing Target Corp over its massive data breach in 2013 are moving to block the retailer’s proposed $19 million settlement with MasterCard Inc, calling it a “sweetheart deal” aimed at undercutting their own claims for losses.
Lawyers for plaintiffs in the lawsuit, which seeks class-action status, filed an emergency motion late Tuesday asking a federal judge in St. Paul, Minnesota, for a preliminary injunction that would prevent the settlement announced on March 19 from going through.
Read more on Reuters.
[From the article:
“The agreement between Target and MasterCard is nothing more than an attempt by Target to avoid fully reimbursing financial institutions for losses they suffered due to one of the largest data breaches in U.S. history," said a statement on Wednesday from Charles Zimmerman of Zimmerman Reed PLLP and Karl Cambronne of Chestnut Cambronne PA, co-lead plaintiffs' attorneys in the lawsuit.
"It provides paltry restitution for the substantial losses suffered," the statement added.

Why bother with such a trivial “message?”
Russian Hackers Infiltrated Pentagon Network: US
Russian hackers were able to access an unclassified Pentagon computer network earlier this year, US Secretary of Defense Ashton Carter said Thursday.
"We quickly identified the compromise and had a team of incident responders hunting down the intruders within 24 hours," Carter said during a speech on technology and cybersecurity at Stanford University in California.
The Pentagon analyzed the "network activity, associated it with Russia, and then quickly kicked them off the network," he said.
National Security Agency chief Michael Rogers said in March that Russia was pushing for a show of force in the realm cybersecurity as it flexed its muscles in Crimea and eastern Ukraine. [So why waste time on something that is clearly no big deal? Bob]

Like the 470 tolls here in Colorado, I assume there is a discount for allowing this surveillance. Said another way, try to avoid surveillance, pay more to use the bridge. (Also of interest to my Data Analysis students)
From the NYCLU:
April 22, 2015 — The New York Civil Liberties Union this morning released a trove of government records that reveal that both city and state transportation agencies have set up E-ZPass readers in locations far from toll plazas. The records are part of the NYCLU’s new webpage that hosts records on how government agencies collect information on innocent New Yorkers, which includes recently released documents on Stingray surveillance equipment.
“New Yorkers have a right to know if our government is collecting information about us, what they’re doing with it and how long they’re keeping it for,” said NYCLU Executive Director Donna Lieberman. “One piece of information rarely says much about you, but bits and pieces collected over time can paint a detailed portrait of person – their political beliefs, religious affiliations, medical issues and even personal relationships. The documents the NYCLU is releasing provide a glimpse into some of the information the government is collecting on us every day.”
… Through its FOIL requests, the NYCLU learned that both city and state transportation agencies have set up E-ZPass readers around the state, including in 149 locations around New York City, as part of traffic studies.
View and download the E-ZPass documents

An example of security/privacy on the Internet of Things?
13 Things You Didn’t Know You Could Do With a Nest Thermostat

There's an App for that, but this one may make you look like a terrorist. (Or am I being paranoid?)
How Your Android Device Can Help You Find Your Next Home
Homesnap tries to be fun by letting you pull up the details of a house just by taking a picture.
It then pulls up detailed information, including things such as property lines and estimated values.

It's no longer Youtube's market. All the big players are trying to do everything at once. Can they all succeed?
The Onion and Vice Are Now Making Ads With Facebook
People watch videos on Facebook—a lot of videos. During its earnings call yesterday, CEO Mark Zuckerberg said that the number of videos watched on Facebook now totals more than 4 billion per day—triple what was being watched on the social network last summer.
With all those eyeballs trained on its moving pictures, the company is now moving quickly to make them pay. Today Facebook announced that it is teaming up with seven popular media companies, including The Onion, Disney and Vice Media, to produce video ads for brands hoping to capture the attention of the social network’s 1.44 billion users.

The future? Hungry? There's an App for that! (If you order it, they will come?) If anyone makes money by delivering, everyone will want to do it.
Chipotle delivers burritos to your door
The fast-casual burrito chain is now offering delivery of online and mobile orders in 67 cities using an app called PostMates.
PostMates, a San Francisco-based startup, works with local businesses to deliver everything from household goods and school supplies to food and beverages.

Another cut to phone companies. Will they die the “death of 1000 cuts” or will they not last that long?
WhatsApp Voice Call: Everything You Need to Know
Popular instant messaging app WhatsApp has finally launched a new voice calling service, enabling users to make phone calls over the Internet. This is the first time WhatsApp is offering this, which puts it head-to-head against the likes of Skype, Viber, and others.
WhatsApp Call is now available for Android and iOS.
… WhatsApp Call only allows for voice calls, not video chat. You’ll still need to use other apps to make video calls to Facebook friends. WhatsApp Call is just like dialing a number, putting your phone to your ear and speaking—except instead of dialing a number, you will be dialing a WhatsApp contact only.
You can call any Android or iOS user with WhatsApp installed. You cannot call users on other platforms yet.
Calling someone in another country will cost the same as calling someone in your own country—all you need to pay for is the data charge, which is roughly the same regardless of where your call is going.
Download: WhatsApp for Android (Free)
Download: WhatsApp for iOS (Free)

For my Data Management students. Infographic
Pinterest is More Important to Your Business Than You Think
Pinterest seems to be the social network that not enough people take seriously. Lots of people ignore it as a place to just find recipes or projects, and not enough people are using it correctly. It’s actually one of the biggest traffic drivers across social media, and anyone (business or individual) who isn’t using it is actually missing out.
The infographic below from the folks over at MainStreetHost provides all kinds of interesting facts and statistics on just how powerful Pinterest actually is. If you do any kind of marketing on social media, the numbers below just might change your perception of Pinterest.

(Related) Pinterest plus two others.
Using Social Networks to Find Amazing Products

I'm tossing this in just because I like the article.
The Basic Principles of Strategy Haven’t Changed in 30 Years

Another week, another chance to be amused.
Hack Education Weekly News
… “A California judge has denied a request for state intervention at six California high schools where students said they had been assigned to multiple contentless classes, were told to go home, or sit idly in classrooms or perform menial administrative tasks.” More on the Cruz v California lawsuit here.
Via Buzzfeed: “Texas Sends Poor Teens To Adult Jail For Skipping School.” [“That'll larn 'em!” Bob]
… The Online Learning Consortium and MERLOT are merging their scholarly journals. The new journal’s name: Online Learning.

Thursday, April 23, 2015

Stonewalling is not a security technique. It does suggest that the problem is greater than we know. When this occurred, I suggested that the information the hacker obtained could help someone place agents in secure positions. Is that what they are hiding?
Elise Viebeck reports:
The number of individuals victimized in a cyberattack on a major background investigation service is higher than previously reported, the House Oversight Committee’s top Democrat said Wednesday.
Rep. Elijah Cummings (D-Md.) reported that the initial estimate of 27,000 federal employees compromised in the breach of government contractor USIS is now believed to be a “floor, not a ceiling.”
Read more on The Hill.
Why are companies still allowed to get away with not being more transparent?
“Unfortunately, investigating the USIS data breach has been particularly challenging because neither USIS nor its parent company, Altegrity, have fully complied with this committee’s requests for answers,” Cummings said.

I agree. Now, how do we educate judges (because clearly the plaintiff’s lawyers didn't)
Giora Engel of LightCyber writes:
The legal argument behind the $10 million Class Action lawsuit and subsequent settlement is a gross misrepresentation of how attackers operate.
Central to the recent Target data breach lawsuit settlement was the idea that cyber attacks are mechanistic and follow a prescribed course or chain of events. The judge hearing the case ruled that Target is liable for not mounting an adequate defense against the 2013 cyber attack that exposed some 40 million customer debit and credit card accounts. Unfortunately, the ruling also may have serious repercussions for many of us in the security profession.
In my opinion, Judge Paul A. Magnuson’s ruling is dangerously flawed and a gross misrepresentation of how attackers operate; it ignores the fact that the breach was conducted by actual people. Preventing one event in a supposed chain will not stop a breach. Attackers will simply find another way to achieve their goal. The challenge is to identify that a targeted attack is under way and then rip the attackers out of the network.
Read more on Dark Reading.

For my IT students. Do you know what software you use? All of it?
Compliance and Server 2003
For many organizations, compliance might be the most compelling reason to move from Windows Server 2003 to Windows Server 2012 R2.
In a nutshell, depending on the jurisdiction that your organization falls under, there is likely to be one or more bits of legislation that dictate that you must be running a supported operating system on certain systems. Depending on the legislation, it could be just computers that host financial data, or in some jurisdictions it could be every computer that is used in the process of conducting business.
The key is that the wording of the legislation usually says that the OS or the application needs to be supported. This is why the name End of Extended Support is quite important. It’s not just a technical term, it has legal meaning.

Social media as an asset of the company.
Martha Neil reports:
Jeremy Alcede personally maintained the Facebook and Twitter accounts for his former Texas gun store and shooting range.
He thought of them as his own, and didn’t hesitate to inject his political views as he publicized Tactical Firearms in Katy.
But a federal bankruptcy judge disagreed, and ordered Alcede to turn over the passwords to the new operator of the gun store, finding the social media accounts to be business assets even though Alcede has removed the Tactical Firearms moniker and substituted his own, according to the Houston Chronicle.
Read more on ABA Journal.

For my Ethical Hacking students.
Apple iOS 8 Has Serious Bug, Makes Public WiFi Dangerous
iOS 8 has had a tough time. Despite Apple’s relentless release schedule that has seen no less than 8 updates in just 6 months, concerns over major bugs has resulted in the slowest adoption rate in iOS history. And now here’s another big one…
As reported by The Register, professional hackers at SkyCure have unearthed a major WiFi vulnerability in iOS 8 which makes iPads, iPhones and iPod touches crash repeatedly and there’s almost nothing you can do about it.
The Science
Dubbed ‘No iOS Zone’ it allows a malicious WiFi hotspot to launch a DDoS (Distributed Denial-of-Service) attack which renders devices unusable. It works by exploiting a flaw in the SSL security certificate of iOS 8 which leaves the device wide open:
“This is not a denial-of-service where you can’t use your Wi-Fi – this is a denial-of-service so you can’t use your device even in offline mode,” explained SkyCure CEO Adi Sharabani in an address to the RSA security conference in San Francisco.

Beyond Oops! (The name of my next blog?)
Marisa Kendall reports:
In a suit filed Monday against Intuit Inc., plaintiffs lawyers claim lax security protections in the company’s TurboTax software are to blame for a recent spike in fraudulent tax returns.
Intuit didn’t take adequate steps to stop criminals from using TurboTax to steal customers’ personal information, file false returns on their behalf and cash in their refunds, according to the complaint. The suit, filed less than a week after this year’s tax filing deadline, comes after an uptick in fraudulent state returns briefly shut down TurboTax’s service and reportedly prompted an FBI investigation.
Read more on The Recorder.
With two former employees filing whistleblower statements with the SEC, Intuit may have its work cut out for it defending against this suit. Although it may be difficult to prove that Intuit was the cause of the tax refund fraud the two named plaintiffs experienced, I think there’s enough alleged to make any motion to dismiss for lack of standing a real uphill battle – particularly when there have been so many cases of tax refund fraud that states have linked to Intuit.

(Related) I wanted to know about those whistle blowers...
TurboTax’s Anti-Fraud Efforts Under Scrutiny
Robert Lee, a security business partner at Intuit’s consumer tax group until his departure from the company in July 2014, said he and his team at Intuit developed sophisticated fraud models to help Intuit quickly identify and close accounts that were being used by crooks to commit massive amounts of SIRF fraud.
But Lee said he was mystified when Intuit repeatedly refused to adopt some basic policies that would make it more costly and complicated for fraudsters to abuse the company’s service for tax refund fraud, such as blocking the re-use of the same Social Security number across a certain number of TurboTax accounts, or preventing the same account from filing more than a small number of tax returns.
… “We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts.”

I think this was inevitable. Still, only someone with real Internet clout (Google, Apple, Facebook) could start the ball rolling.
Google Is About to Make Your Wireless Carrier a Lot Less Relevant
Google’s new wireless phone service, Project Fi, offers a long list of modern day perks. It automatically moves phones between traditional cellular networks and the WiFi wireless networks inside homes and businesses. Once on WiFi, you can still make calls and send texts. And you can pay for all this in small, flat, monthly fees—avoiding the sort of inflated, strings-attached pricing that so often accompanies our cell services.
… “The unique thing is that you’re no longer tied to a network. You can go from a Sprint tower to a T-Mobile tower and back to a Sprint tower. That’s groundbreaking.
… At the moment, Google’s service is only available on the Nexus 6, the company’s flagship Android phone. But it points to a new world where the big wireless carriers—Sprint, T-Mobile, Verizon, AT&T, and the rest—are pushed even further into the background of our daily lives.

(Related) Convergence: Your phone and one of the most intrusive surveillance systems on the planet.
Facebook’s quest to conquer your phone continues with Hello, a new dialer app that replaces the one that comes natively installed on your Android phone.
… But the new Facebook dialer app introduces something you won’t get from any other: Even if you don’t have a number saved on your phone, Facebook can go look at its databases and see if its got a number match. If it does, it’ll tell you who is calling and show you their photo, even if you’re not friends. It also makes blocking numbers as easy as a tap.

For my Data Management students.
This Free Tool Can Determine Your Most Valuable Followers on Instagram and Twitter
Brands that focus exclusively on amassing huge social followings may be overlooking the intrinsic value of their existing audiences, according to social media analytics firm SocialRank.
The company, which launched early last year, began as a free web app for Twitter, enabling users to determine their “most valuable” followers (the accounts with the most reach and importance); their “most engaged” followers (based on retweets, favorites and mentions); their “best” followers (a mix of reach and engagement); and their most followed followers.
A brainchild of entrepreneurs Alexander Taub and Michael Schonfeld, SocialRank also allows users to filter their Twitter followings based on keyword, location, interests, activity and verification.
Now, the company is launching a comparable tool for Instagram. Available today for free, the product lets users sort their followers based on engagement, bio keywords, location, follower count and even hashtag use, according to SocialRank.

Something to amuse my geeky students.
Lawmakers ask programmers: Hack for Congress
Sen. John Thune (R-S.D.), Rep. Jared Polis (D-Colo.) and other congressional offices have submitted challenges to an upcoming “hackathon” encouraging talented programmers to put their talents to good use.
… Thune, for instance, would love to see someone come up with a better way to share photos, charts and slides with the world during a congressional hearing. While members can easily pass out printed copies of those materials to hand out to reporters at a hearing, it can be difficult to quickly distribute them digitally.
… Polis, meanwhile, wanted to see an online approval system to streamline the process of co-sponsoring a bill. He also challenged computer wizards to come up with a way to more easily build a list to distribute information to people depending on which issues they are interested in, such as the environment.

An interesting question. The majority of my IT students are female. The majority of my Computer Science and Computer Security students are male.
When Women Code
Code builds things: websites, games, this story you're reading. But what code hasn't built, as the tech industry proves again and again, is gender parity among the coders themselves.
That's the central issue in CODE: Debugging the Gender Gap, a documentary that premiered this week at the Tribeca Film Festival. The film dives into why deep-seated cultural stereotypes have permeated an industry that's supposed to think different, to move fast and break things.
[Also see the resources listed at:

Perspective. Yes, I remember the days (nights really) when all we had were shadow puppets. (Good collection of viral videos)
YouTube is 10 years old today, let’s celebrate by… watching some videos
… In celebration of the billions of hours the world has wasted on YouTube in the past 10 years, here are some of‘s favourite viral vids.

Wednesday, April 22, 2015

For my Computer Security students. Unchecked checks and unbalanced balances? This case came from a whistle blower who did a better analysis of the data than the regulators did? How does one small trader have this kind of impact? If it takes five years to figure out he was responsible, will they be able to convince a jury?
Mystery Trader Armed With Algorithms Rewrites Flash Crash
… Navinder Singh Sarao was as anonymous as they come -- little more than a day trader by the standards of the Street.
But on that spring day five years ago, U.S. authorities now say, Sarao helped send the Dow Jones Industrial Average on the wild, 1,000-point ride that the world came to know as the flash crash. By regulators’ account, he was responsible for a stunning one out of five sell orders during the frenzy. On Tuesday, he was arrested by Scotland Yard and charged in the U.S. with 22 criminal counts, including fraud and market manipulation.
… That picture, according to U.S. authorities, belies a years-long history of lightning-quick computer trading that netted Sarao $40 million in illicit profits.
… Regulators initially concluded that a mutual fund company -- said to be Waddell & Reed Financial Inc. of Overland Park, Kansas -- played a leading role. Many in the industry countered that a confluence of several forces, including high-frequency trading, was probably behind the crash.
By all accounts, the flash crash was more than a mere technical glitch. It raised fundamental questions about how vulnerable today’s complex financial markets are to the high-speed, computer-driven trading that has come to dominate the marketplace.
Little is known about Sarao and his trades, beyond what is contained in a complaint filed by the U.S. Department of Justice. A related civil suit filed by the U.S. Commodity Futures Trading Commission provides a few additional glimpses into his supposed activities. The case stemmed from a whistle-blower who brought “powerful, original analysis” to the CFTC’s attention, said Shayne Stevenson, a Seattle lawyer representing the whistle-blower.

Think Computer Security is “by the numbers” in the military? Think again. This can happen to anyone.
Patty Ryan reports:
The internal theft of five laptop computers from U.S. Central Command at MacDill Air Force Base went undetected until a supplier noticed four of them advertised on eBay, according to federal court records.
A CentCom official ordered an inventory, putting it in the hands of a Riverview man who now admits to being the thief.
Read more on Tampa Bay Times.

For my Computer Security students. Add this to your toolkit, then charge to tweek your friend's account. (Then send me 10%)
Twitter Now Allows Total Strangers To DM You: How Can You Stop It?
As users continue to whine about Twitter's newest software tweak that lets anyone in the Twitterverse directly message anyone else, more than a few others are asking just one simple thing. How can a user opt out of this new messaging free-for-all that Twitter created with supposedly good intentions?
Thankfully, the answer is pretty simple.

I can point you to a few students who flunked the Cryptology class, perhaps they can make you a really crappy encryption tool. But who are you going to get to use it? They are asking for a system that uses: a Public key, a Private key and a Government key.
Joseph Menn reports:
The Obama administration hopes Silicon Valley technologists can think of a system with strong encryption that could be pierced legally by one party without opening the door to others, a White House official said on Tuesday.
White House cybersecurity policy coordinator Michael Daniel said at the annual RSA Conference on security that he is trying to set starting principles for a broad public discussion on the issue, which has been a major source of tension with technology companies and other cyber experts.
Yeah, you’ll sometimes encounter unexpected pushback when you keep asking for the impossible. Ask for a unicorn instead, maybe?
Read more on Reuters.

Not as popular as the Oscars. (Fewer celebrities on the red carpet.
NextGov reports:
Organized by advocacy nonprofit Digitalcourage, the 15th annual BBAs were announced Friday night in Bielefeld, Germany, a northwestern city of about 330,000. The tech prize was awarded to Hello Barbie, a “smart” version of the toymaker Mattel’s iconic doll, that records everything its owner says and allows parents to review the sound clips.
… three Big Brother Awards awards went to the German federal government:
  • to the Bundesnachrichtendienst (Federal Intelligence Service) for its collaboration with the NSA and its monitoring of German citizens’ online activities
  • to the current and former Interior Ministers for “systematic and fundamental sabotage” of the European Union’s General Data Protection Regulation, which includes the right to be forgotten
  • and to the Ministry of Health, for the eHealth program, which BBA said puts doctor-patient confidentiality at risk.
Read more of the award “winners” on NextGov.

Convergence. Internet companies are becoming phone companies. I guess it's easier that phone companies taking over the Internet. Time to sell my phone stocks?
Google may launch US wireless service powered by T-Mobile and Sprint as early as this week
ZDNet's Liam Tung posted the news that Google was planning to get into the mobile data business back in January. According to a Wall Street Journal report Google's wireless service may launch as early as this week in the US.
The service will reportedly be powered by T-Mobile and Sprint, the third and fourth largest US wireless carriers. Unlike traditional carrier plans, it's likely that Google will only bill customers for the data they actually use each month.
The Wall Street Journal reports that the service will initially only work on Google's Nexus 6 smartphone. The phone will reportedly switch between the two networks to find the optimal signal. WiFi will also be used for phone calls to help keep your bill low.
… There are plenty of other options for consumers, such as Republic Wireless, that give consumers full control over their monthly wireless service with no contract obligation.
We are seeing more and more consumers making the move to such providers so the timing of this Google service may be perfect.

(Related) Another Internet/phone thingie...
Facebook’s WhatsApp Will Be How the World Makes Phone Calls
WhatsApp is the world’s most popular smartphone messaging app, letting more than 800 million people send and receive texts on the cheap. But it’s evolving into something more.
On Tuesday, the company, which is owned by Facebook, released a new version of the app that allows people with iPhones to not only text people, but actually talk to them. This built on a similar move the company made at the end of March, when it quietly released an Android update that did the same thing.
… the company is intent on keeping it free (or nearly free). Though it has little traction here in the US, WhatsApp is enormously popular in parts of Europe and the developing world—areas where there’s a hunger for cheap communication. The result is an app that could bring inexpensive Internet calls to an audience of unprecedented size.
… After rolling out voice calling, he says, it may venture into video calling. The app already lets you send files, including videos, and other messaging apps, such as SnapChat, already have ventured into video calls.
None of these tools—video calls, voice calls, file sharing—are new technologies. But not everyone has them. WhatsApp has the leverage to change that.

God knows some of my students could use a bit of help.
7 Apps to Help Anyone Improve Their English Grammar
In a world of spellcheck and texting abbreviations, few people want to take the time to learn about subjects, objects, and dangling modifiers. Besides, computers can fix our sentences for us.
However, as anyone who’s suffered an autocorrect embarrassment knows, computers don’t always get it right.
Language is a human tool and requires the insight of human minds. Plus, employers still care about this stuff. From emails to reports, business involves plenty of written communication. Businesses want to hire employees with strong writing skills who will represent their company well to clients.
So what’s the best way to improve your grammar skills?

Perspective. I suspect that formats have not changed to take full advantage of new viewing habits.
Accenture – The World’s Love Affair with the TV May Be Coming to an End
by Sabrina I. Pacifici on Apr 21, 2015
News release: “The television’s popularity as the go-to entertainment device may be ending, according to “Digital Video and the Connected Consumer,” a new research report from Accenture. The television was the only product category to see uniform, double-digit usage declines across different types of media worldwide among viewers of nearly all ages. It is rapidly being replaced as consumers turn to a combination of laptops, desktops, tablets and smartphones to view video content. The report, developed for communications, media and technology companies, found that video consumption – anytime, anywhere – has become mainstream, accelerating the decline of traditional TV viewing. Viewership for long form video content, such as movies and television on a TV screen, has declined by 13 percent globally over the past year and by 11 percent in the United States. Similarly, the report found sports viewership on TV screens declined by 10 percent globally and nine percent in the United States. Nearly all age brackets reported double-digit declines in TV viewing globally, with 14- to 17-year-olds abandoning the TV screen at the rate of 33 percent for movies and television shows and 26 percent for sporting events. This decline continues for 18- to 34-year-olds at 14 percent for movies and television shows and 12 percent for sporting events, and for 35- to 54-year-olds, at 11 and nine percent, respectively. It does, however, flatten among the 55 and older crowd, at six percent and one percent respectively.”

I used to marvel that individuals in England could become fanatical experts on very narrow areas (teapots made between 1506 and 1515) Today you would think the information is much more readily available. Apparently not.
When Talking Points Memo, The Wall Street Journal and The Washington Post needed data on how often police officers are charged with on-duty killings, they all turned to the same guy: Bowling Green State University criminologist Philip M. Stinson.
Stinson, 50, has become an indispensable source for researchers and reporters looking into alleged crimes and acts of violence by police officers because he has built a database tracking thousands of incidents in which officers were arrested since 2005.
… The whole data-collecting operation is powered by 48 Google Alerts that Stinson set up in 2005, along with individual Google Alerts for each of nearly 6,000 arrests of officers. He has set up 10 Gmail addresses to collect all the alert emails, which feed articles into a database that also contains court records and videos.
… I was taking an ethics class. Somebody in the class — it was a bunch of cops in class, mid-career — somebody made a comment that cops don’t get in trouble much. I said, “That’s just absurd.” I started looking into it and realized there are no government statistics, and no government agency tracking it well.
… I had two and a half years, three years of data in my dissertation, covering 2005 to 2007, with 109 quantitative variables.
And then over time at Bowling Green, we now track 270 or so quantitative variables. Everything is automated now. Because data collection is real-time — you can’t use Lexis Nexis, NewsBank, all these other archival news databases, because lots of stuff has disappeared from the Internet — so because of that it’s very slow and time-consuming. It takes forever to do.

This could be fun for my Excel students. Convert all this paper to a more modern tool.
Are You Looking to Buy a Home?
by Sabrina I. Pacifici on Apr 21, 2015
Buying a home is one of the most exciting yet one of the most difficult financial decisions you will make. Understanding the costs of real estate settlement services, defining what affordable means to you, and finding the best mortgage are among the many aspects you’ll need to consider. This new toolkit (PDF) from the Consumer Financial Protection Bureau (CFPB), offers a step-by-step guide that includes checklists, conversation starters for discussions between buyers and lenders, and research tips to find more information.”

I like tidbits like this, even if you do have to really search for them. I try to tell my statistics students that improbable things do happen.
Khmerican Food
… The connection between Cambodia and American pastry entrepreneurship is most pronounced in California, where, by one recent count, 90 percent of all independent doughnut shops are owned by Cambodians.

Tuesday, April 21, 2015

For my Ethical Hacking students. Think of this as “evidence.”
Google Now Lets You Download Your Entire Search History
Google will now let you download and export your entire search history.
The search giant already allowed users to view their history, but now they can download their entire history in just a few simple steps.
As first noticed by the unofficial Google Operating System blog and pointed out by VentureBeat, users just need to go to their Google Account history and then hit the gear icon in the upper right corner and hit "download."
A user's search history will only appear for the time that they have enabled the Web history setting.
Once a user opts to download their history, a window appears warning the user not to download the archive on a public computer.

Computer security for all my students.
Protect your Google Accounts with a USB Security Key
Most big-name web services like Gmail, Microsoft, Evernote, WordPress and Dropbox now support 2-step authentication to improve the security of your online accounts. Once you enable two-factor authentication, a malicious person will not be able to log into your online account even if they know the password – they’ll need access to your mobile phone as well to get in.
The verification codes required for logging into a 2-step enabled account can be generated either using a mobile app – like Authy or Google Authenticator – or you can have them sent to your mobile phone via a text message or a voice call. The latter option however will not work if the mobile phone associated with your account is outside the coverage area (like when you are in a foreign country).
There’s another option that makes the process of logging into a 2-factor enabled account Google less cumbersome. Instead of generating the verification codes on a mobile phone, you can use a hardware based authenticator that can be inserted into a USB port on your computer and you’ll be signed-in automatically without having to hand-type the digits.
The option works for both Google and Google Apps accounts and you don’t even need the mobile phone – watch video demo.
I am using the least-expensive Yubico key though there are more options to choose from. The first stop is to associate the USB security key with your Google Account.

No surprise. Just aggregating all existing resources and simplifying the interface.
Frequent contributor Joe Cadillic has more on surveillance in St. Louis – a story first reported by the St. Louis Post-Dispatch that was noted last week on this site.
Joe writes:
What police are telling you is, Motorola’s ‘Real Time Crime Center’ is spying on you through numerous platforms:
Real-Time Intelligence Client brings together streaming video with analytics, resource tracking, social media, voice, Computer Aided Dispatch (CAD) and records information onto a single, intuitive interface with geospatial mapping.
And it gets worse:
The Real-Time Intelligence Client lets analysts prepare and distribute live tactical video, recorded video clips, documents, photos and key information to your officers in the field, and to other agencies for multi-jurisdictional response. Push-a-Link and Push-a Snapshot make it easy to distribute video and photos to dispatched units. Real-time analytics monitor video streams and detect user-defined events of interest – to improve response times by alerting RIC operators to crowd formations, dropped bags and other suspicious behavior as it occurs.
Read more on MassPrivateI.
[Real Time Crime Center brochure:

Also for my Ethical Hacking students. Some tools for your toolkit.
Mobile app privacy insanity – we’re still failing massively at this
… For the uninitiated, what I’m going to show in this post amounts to nothing more than looking at the requests that mobile apps are making over the web to back end services and inspecting the responses that are returned. It’s the mobile equivalent of looking at the network tab in the developer tools of your favourite browser. In this case though, I’m simply proxying my iPhone traffic through Fiddler which you can set up in about a minute. The particular patterns I’m looking for are discussed at length in my Pluralsight course titled Hack Your API First so if you want to understand the process in detail, go and check that out.

Shouldn't this be obvious? You could cut any utility (water, gas, electric) and then pose as a repairman.
David Kravets reports the latest development in a case previously noted on this site:
A federal judge issued a stern rebuke Friday to the Federal Bureau of Investigation’s method for breaking up an illegal online betting ring. The Las Vegas court frowned on the FBI’s ruse of disconnecting Internet access to $25,000-per-night villas at Caesar’s Palace Hotel and Casino. FBI agents posed as the cable guy and secretly searched the premises.
The government claimed the search was legal because the suspects invited the agents into the room to fix the Internet. US District Judge Andrew P. Gordon wasn’t buying it. He ruled that if the government could get away with such tactics like those they used to nab gambling kingpin Paul Phua and some of his associates, then the government would have carte blanche power to search just about any property.

You knew that, right? Nothing new, but a fair summary.
Your Lawyer Is Vulnerable to Cyberattacks
Lawyers help their clients as they negotiate confidential business transactions, hold intellectual property, manage funds and litigate disputes, among many other business activities. In the ordinary course of business, lawyers also maintain numerous confidential documents and data of and about their clients.
As a result, lawyers have a big bull's-eye drawn on their backs, visible to cybercriminals. The worst part is that most lawyers do not realize how vulnerable they are, since few lawyers understand IT security and cyber-risks. As a result, many do not properly protect that confidential information.
… "If you're a major law firm, it's safe to say that you've either already been a victim, currently are a victim, or will be a victim. ... The question is, what are you doing to mitigate it?" asked Chad Pinson, a managing director at Stroz Friedberg, according to a Bloomberg report.
At least 80 of the 100 biggest firms in the country, by revenue, have been hacked since 2011, according to Mandiant, the same Bloomberg report noted.
… The ABA established a Cybersecurity Task Force, which published an "ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms and Business Professionals."

The next “We can, therefore we must?” May be a tad premature.
Should Your Voice Determine Whether You Get Hired?
Technology is changing every facet of work, including how companies profile and select their employees. The development of different apps, software, and algorithms has produced many novel methodologies for screening job candidates and evaluating their potential fit for a role or organization.
The latest of such methods is voice profiling, the use of computer-based algorithms to predict job fit based on an analysis of a candidate’s voice.
… Although the idea that each voice is unique makes intuitive sense, some voice profiling tools, such as Jobaline, are based on a rather unconventional premise: Instead of trying to decode a candidate’s personality, intelligence, or mood state, they aim to predict “the emotion that that voice is going to generate on the listener.” In other words, the algorithm functions as a mechanical judge in a voice-based beauty contest. Desirable voices are invited to the next round, where they are judged by humans, while undesirable voices are eliminated from the contest.

Perspective. In Japan, the trains do run on time.
Japan maglev train breaks world speed record
A Japanese magnetically levitated train has broken its own world speed record for the second time in five days.
The maglev broke the 600 kilometres per hour (372.82mph) barrier for the first time on Tuesday and hit a top speed of 603 kph (374.69mph) on a test track in Yamanashi Prefecture, west of Tokyo.
Operated by Central Japan Railway, the manned test run surpassed the 590 kph (372.82mph) that it recorded on the same track on Thursday.
… Plans are in place for Japanese firms to build a maglev system in the United States, where it would link Washington DC and Baltimore in a mere 15 minutes.

How does this fit into the EU's claim of monopolistic practices? (Also, some design tips for my website students)
Big Google algorithm change this week will usher in a new mobile era
New changes to Google’s search algorithms, taking effect this week, have a chance to cause some major headaches for businesses without mobile-ready websites. The company is slated to implement new tweaks to its search ranking tomorrow to prioritize sites that feature “mobile-friendly” designs.
The change has been a long time coming – Google first announced it back in November – but starting Tuesday, companies that haven’t made the switch will start feeling the hit in Google’s search results. The changes will favor sites that avoid technologies like Flash that don’t work on phones, have layouts that automatically scale so that users don’t have to scroll side-to-side or zoom, and have links placed far enough apart that they can be easily tapped with a finger.
… The algorithm change signifies a bigger shift by Google towards separating its mobile and desktop search results, Meyers said, because tomorrow’s change will only affect searches run from mobile devices including smartphones and tablets.

Would you cut off a large share of your market?
Google is known for its not great support. If you have a problem with a Google account or associated service, good luck trying to talk to someone at Google about it. It’s a very hands-off way of dealing with products, and it looks as though that also extends to support for older devices being able to use those services.
This week Google has retired its Data API v2 for YouTube, which means that a long list of smart devices manufactured in 2012 or earlier will no longer have functioning YouTube apps.
… It’s not as though Google hasn’t given fair warning about this change. The retirement of Data API v2 was announced in March 2014, and a migration guide for developers was made available in September last year. That’s plenty of time for upgrades to happen. However, there’s still a range of devices that will lose functionality, including 2nd-generation Apple TV, Google TV version 3 or 4, Sony and Panasonic smart TVs and Blu-ray players manufactured pre-2013, any device running iOS 6 or earlier, and any game consoles that don’t support Flash or HTML5.

They proved it can be done. Was it worth the expense? Where else could we use this technology?
Chevy Runs Digital Video Ads in Print (Yes, You Read That Right)
Here's something you don't see every day: Chevrolet bought print ads to show off its digital videos.
The ad, which promotes Chevy's Colorado truck, appears in the May issue of certain subscriber issues of Esquire and Popular Mechanics. And it allows readers to watch one of three short videos, which were created by Chevy's creative agency Commonwealth//McCann.
Some 10,000 subscribers each to Esquire and Popular Mechanics -- those considered likely Colorado buyers -- received copies with a video player embedded inside the print page.

Perspective. Interesting that Warton has jumped in this so quickly.
Live and lucrative? Why video streaming supremacy matters
Two hot new apps will let couch potatoes everywhere live vicariously through other people’s experiences — as they are happening.
Meerkat and Periscope are the latest in socially connected apps that let users broadcast live video. While similar apps such as Ustream have been around for years, Meerkat and Periscope have gained users quickly through the attraction of a minimalist interface, a sense of immediacy, and the ability for viewers to send messages and even bestow their approval of live streams in real time.

If nothing else, Kim Dotcom is a never ending source of amusement.
Kim Dotcom may get kicked out of New Zealand—but not because of copyright
… An extradition trial, delayed many times, is currently scheduled for June.
Now it's come to light that Kim Dotcom may get kicked out of New Zealand sooner than that, but it has nothing to do with copyright. The New Zealand Herald reports that the country's Immigration Minister has launched an inquiry to decide whether to deport Dotcom because of an unreported driving violation, in which he pled guilty to driving 149 kilometers per hour in a 50 kilometer per hour zone. (That's 93 mph in a 31 mph zone.)
Dotcom pled guilty to the offense in 2009, but when he filed his New Zealand residency application in 2010, it asked if he'd ever been convicted of an offense involving "dangerous driving." He answered "No."
… The inquiry was opened after the Herald revealed the conviction in an earlier article. [Apparently newspapers have better access to government records than the government. Bob]
If Dotcom was deported over the driving matter, it would be to Finland or Germany, not the US, where he would have to stand trial. However, it would clearly complicate his legal case, and it isn't clear how such a move would affect his chances of finally ending up in the US.

For my Data Management students. How would you predict an increase in demand for Ice Cream cones?
Twitter Could Predict Emergency Room Rush Hours
… Research that will be published in the IEEE Journal of Biomedical and Health Informatics combines Twitter posts and air quality and hospital data to form a model that researchers believe can predict emergency room trends more effectively and immediately than existing disease surveillance models, such as that published by the U.S. Centers for Disease Control and Prevention. While health and data tools such as Google Flu Tracker have used social media and search engines to monitor the spread of contagions, this new model is the first to look at chronic illnesses such as asthma, the researchers say.
… To find a connection between tweets about asthma and asthma-related emergency room visits, they combed through Twitter streams for 19 keywords, such as “asthma attack” and “inhaler.” After filtering out the tweets that contained the keywords but did not reflect “asthma affliction,” they compared the Twitter post trends to air quality data from the Environmental Protection Agency. Finally, they compared that information to numbers from the Children’s Medical Center of Dallas. They found a correlation between tweets about asthma, changes in air quality and asthma-related emergency room visits.
… The global Twitter data set available to the researchers consisted of nearly half a billion tweets, about 1.3 million of which contained asthma-related keywords. They narrowed that pool down to those that had location coordinates (35,152), and from there selected only those from the Dallas area (4,660). They did away with non-English tweets [Strange choice in Texas, especially with online translation tools. Bob] and any “that mentioned asthma in an irrelevant context,” the paper says.

Believe it or not, this is for my Statistics students. (We already discuss the statistics behind the movie “MoneyBall”)
Even the messiah can strike out three times on his first day in the majors. Last Friday, Kris Bryant, the Cubs’ anointed savior, was called up from the minors after weeks of debate about whether he should’ve just started the season in the majors. There is an aura of myth to Bryant’s arrival, as though the stars have aligned to offer the Cubs a chance to fulfill a prophecy. Yet Bryant is still an untested prospect, and, as Cubs fans know too well, even the best prospects can fail to live up to expectations.
But Bryant really is special — he’s the rare prospect that has both scouts and stats in complete agreement. Because of the unique intersection of scouting know-how and minor league data, Bryant is likely to match the hype.

I assure you I did not play these games. I grew up in New Jersey. We played Cops & Robbers (with real cops)
Remember Those Computer Games from School? Play Them Now for Free
… Since most of these titles are at least 20 years old, they’ve become publicly available. Some are clones of the originals, but there’s something here for everyone who enjoyed an educational game during free periods of computer class.

For my students. If they like it, I might actually get a smartphone! (Okay, probably not.)
Take Back Your Smartphone with FreedomPop’s Free Phone Plan
… FreedomPop is now offering a truly accessible phone plan with 100% free service, and they’ll even throw in a certified pre-owned Samsung Galaxy SIII for you!
… Using our limited-time deal, you’ll get a Galaxy SIII and a free month-long trial of the Unlimited plan – which includes all the talk, text, and data you can use – for just $99.99! After your trial month is up, you can choose to continue using the Everything plan for $19.99/month or try out the absolutely free plan. With 200 minutes of talk, 500 texts, and 500 MB of data for free each month, you’ll have all your smartphone needs to thrive.
This plan is 100% free every month and will last for life; all you have to do is act now!
… If you’re sick of getting played by US mobile phone carriers, it’s time to act. Use this link to join FreedomPop and get started with an awesome free plan. The free plan is perfect for students and those who don’t use their phones often, but if you need unlimited resources, why pay T-Mobile or AT&T hundreds of dollars when FreedomPop lets you have them for $20?