Saturday, May 02, 2015

Unfortunately, your credit card information won't “stay in Vegas.”
A statement from the Hard Rock Hotel & Casino, linked from their home page:
The trust and loyalty of our customers is our highest priority, which is why, as a precautionary measure, we are writing to let you know of a security incident that may have affected your credit card information.
This incident may have allowed criminal hackers access to information about credit or debit cards used at certain Hard Rock Hotel & Casino Las Vegas retail and service locations. The information potentially affected includes names, card numbers, and CVV codes, but does not include PIN numbers or other sensitive customer information.
This criminal attack was limited to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant. The attack did not affect transactions at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon.
Read the full statement here.
So far, they do not appear to have disclosed the number of customers who may have been impacted over the seven-month period. Nor did they include the kind of “we have seen no evidence of misuse” type of reassurance that many notifications include.

There never seems to be enough information to answer all my questions.
Heather Hourigan reports that a Fulton High School student has been arrested after hacking into the school’s computer system. The attack, allegedly by Austin Singleton, caused the network to go down for several hours, although personal information was reportedly not affected.
Read more on ABC and KOMU.
While the news stories focus on the student’s arrest, there’s no mention of what his motivation might have been, nor how id was able to sit in a classroom and manage to take down the network. What is the district is doing in terms of its network security to prevent a recurrence?
[From the KOMU article:
Through an investigation, the district's IT department traced the hacking back to a computer in one of the classrooms, where a student was confirmed being logged in on that computer at the time. [Was he at the computer? Was he even in the room? Bob]
[From the ABC article:
Police said 17-year-old, Austin Singleton, maliciously hacked into the Fulton School District's network causing it to go down for several hours.
Fulton superintendent Jacque Cowherd told ABC 17 News this hack did hurt the internal system.
That means student personal information and things of that nature was not compromised. [I can't follow that logic. Bob]
… "We assume that it was malicious, because anytime you take down the system it's malicious and we called the police," said Cowherd.
It was around 6:30 a.m. [What time to they start school in Missouri? Bob] on Thursday when Fulton School officials realized something was wrong with their system.
It was down for about three hours until the IT department pinned who was responsible. [Sounds like it was down only to determine who did it, not for any other reason. Bob]
… However, it happened police said Singleton was found to be the last one on the computer where the hacked originated. [Suggesting he wasn't there when the problem was detected. Bob]

There are probably hundreds of “countdown clocks” in the software – time to next engine maintenance for example. Looks like one of them does more than turn on the “Check engine” light.
Boeing 787s have a software bug that could shut off the plane mid-air
Boeing's 787 Dreamliners have been found to have a software glitch in their systems that could suddenly shut down all electrical power to the plane mid-flight, causing catastrophic situations.
The Federal Aviation Administration (FAA) has issued a warning against the bug after lab tests revealed that the Dreamliners' electrical generators went into a failsafe mode every 248 days or roughly eight months, after which, all four of the plane's main generator control units start to fail simultaneously.
A report on The Verge notes that the temporary solution to the problem is to periodically shut down the power systems. Boeing's own records state that all jets in the fleet have been powered off and turned back on as part of a routine maintenance and therefore, there is no immediate concern of the plane losing power.

Interesting. Imagine your health insurer doing the same thing.
Sean Poulter reports:
Insurers were being probed by police last night over the illegal sale of customer data.
The scam involves brokers passing the personal details of car accident victims to claims management companies.
The ‘cash for crash’ firms then cold-call clients to tout an injury compensation service.
Read more on Daily Mail.

“If at first you don't succeed, try, try again.” I didn't know that was a legal axiom.
Headline: Programmer Convicted in Bizarre Goldman Sachs Case—Again
… Sergey Aleynikov was first convicted in 2011 on espionage and theft-of-trade-secrets charges, stemming from allegations that he stole propriety source code from Goldman Sachs before leaving the firm to take a new job.
The following year, however, a federal appeals court reversed the conviction and Aleynikov’s eight-year sentence after determining that the code he helped develop for the high-speed trading firm was not physical property and therefore he could not be charged under the federal theft statute prosecutors used. The appellate court also ruled that Aleynikov had been wrongly charged and convicted of espionage.
The case drew a lot of attention because, as Aleynikov’s defense attorney argued at the time, the improper use of code should have been handled as a civil matter involving a breach of contract instead of a criminal matter.
The subsequent reversal of his conviction was significant since it set an important precedent for how code was viewed by the courts.
… Shortly after his federal conviction was overturned, the district attorney’s office in Manhattan found state laws under which they could charge him for the “unlawful use of secret scientific material” and the “unlawful duplication of computer related material”.
Today Aleynikov was found guilty under the first charge but acquitted of the second.

A summer reading list for my Computer Security students. All should be available from your local library.
6 Books About Online Privacy & Security You Need to Read

For my researching students. I rely on them to tell me what they like.
5 Apps for Getting More out of Wikipedia
Wikipedia is one of the most popular sites on the planet, and with good reason: it’s the fastest way to get an overview of almost any topic. And while it’s not a site without controversy, it’s hard to imagine the web without it.
Today Cool Websites and Games gives you tools for getting more out of Wikipedia, from alternative interfaces to games that force you to explore articles and think creatively.

For me, because clearly not all my students are getting it.
Improve Your Communication Skills with These 7 Websites
… Known as a “soft skill,” good communication is a subtle force that will open doors professionally, improve your relationships and increase your personal happiness.
These 7 online resources will help you become better at this all-important skill.

I feel the laughs building...
Hack Education Weekly News
… “Education Groups Were The Biggest-Spending Lobbyists In New York Last Year,” reports Buzzfeed’s Molly Hensley-Clancy. The pro-charter school group Families for Excellent Schools, Inc. spent $9.6 million on lobbying in 2014, outspending the next four highest groups on the list combined. [Apparently there is lots of money in trying new things in education. Bob]
Edsurge reports that a school district in Texas is piloting Desmos during the 8th grade STAAR tests as an alternative to graphing calculators.
… The MOOC Research Initiative has released a report on MOOC research – “Preparing for the Digital University,” written by George Siemens, Dragan Gašević, and Shane Dawson. (PDF) Stephen Downes responds in the OLDaily. George Siemens responds on Twitter. Stephen Downes responds in a blog post. George Siemens responds in a blog post.
Via University World News: “The number of Russian universities will be cut by 40% by the end of 2016, according to Minister of Education and Science Dmitry Livanov. In addition, the number of university branches will be slashed by 80% in the same period.” [Strange. Very strange. Bob]

Someone's mother must be so proud... Just the thing for stuffing into Christmas stockings?
New wearable sniffs your farts to tell you what not to eat
… Currently on Kickstarter, the project has been able to garner only 2 per cent of its fundraising goal with just 20 days more to go.

There are so many organizations I'd like to send this to. (Why do I so often think like Dilbert?)

Friday, May 01, 2015

Golly gee willikers! Even the DoJ recognizes “Best Practices.” Does your organization?
Alston & Bird write:
On Wednesday, April 29, 2015, the Department of Justice Computer Crime and Intellectual Property Section (CCIPS) Cybersecurity Unit issued new, detailed guidance on data breach incident response best practices. The document was announced at an invitation-only round table hosted by DOJ and provides guidance on what DOJ regards as “best practices for victims and potential victims to address the risk of data breaches, before, during and after cyber-attacks and intrusions.” The document was prepared with input from federal prosecutors as well as private sector companies that experienced cybersecurity incidents.
So, can this guidance now become a standard to reference in data breach litigation? I know a guidance does not have the force of regulation or law, but like HIPAA, is this setting a best practices standard that plaintiffs can point to? [One can only hope. Bob]

All the news that's fit to digitize?”
Times Co. Reports a Loss, Tempered by Digital Growth
The New York Times Company posted a $14 million net loss for the first quarter of 2015, driven by a pension settlement charge and a drop in lucrative print advertising. But digital subscriptions continued to show solid growth, the company said on Thursday, and digital advertising grew at a double-digit pace.
Adjusted operating profit grew to about $59 million, from about $57 million in the same quarter last year. Cost reductions helped to offset a drop in revenue.
In its quarterly earnings, the Times Company said it added 47,000 new digital subscribers, for a total of about 957,000, a 20 percent increase from the first quarter of 2014. It was the strongest quarter for these subscriptions since the fourth quarter of 2012. Digital subscriptions were responsible for $46 million in revenue in the quarter, up 14 percent from the same quarter last year.

An interesting business opportunity. Free cameras for a two year subscription? Can we create some A.I. software that reviews the video in real time and flags “incidents” to dispatchers? No need to rely on the beat officer to turn on the camera. Faster backup and if supervisors can be in immediate contact, the opportunity to cool things off?
The Big Money in Police Body Cameras
… Taser has two body-camera-related products. The first is the body cameras themselves, video cameras that can be worn on the chest or head, which the company calls the Axon series. The second is essentially a Dropbox for body-camera footage—a digital storage service to which departments can subscribe—which the company calls
… In its embrace of, Taser shows all the proclivities of a modern tech company. The appeal of its business model is that money will come from selling an ongoing subscription service (like Netflix or Spotify) rather than one-time sales of technology made of plastic and glass (like any old Android phone).
Or, as the analyst Steve Dyer told the Washington Post in December: “The upfront cameras themselves are not that interesting. They are, or will be, fairly quickly commoditized. What investors will pay for is a recurring revenue stream.”

An infographic to teach my “older” students what the youngest technology users are doing.
How Has Being a Parent Changed in the Social Media Age?
The rise of social media and smartphones has greatly changed what being a parent is like. Now, parents don’t just need to worry about what kinds of dangers their kids might be facing in the outside world, but also how they are spending their time online. Parents need to take an active role in dealing with things like parental controls, staying up on the latest tech, and more in order to keep up with their kids.
Sounds daunting? Well, the infographic below from TeenSafe tells you everything you need to know about parenting in the age of social media. It’s a new world out there!

An update! For my computer using students (that's all of them).
Take it from Microsoft! 8 Best Free Ebooks from MSDN’s Huge Collection
We all like free stuff, right? Well, Microsoft just keeps giving. The Microsoft Developers Network (MSDN) maintains a massive amount of literature for developers, old or new, providing valuable information on all manner of Microsoft platforms: Windows 8, Office, Dynamics CRM, PowerShell functions, the Microsoft System Centre and much more.
They’ve seen it prudent to release almost 300 eBooks, free for our consumption.
… Aside from the handy Windows 7, 8, and 8.1 shortcut guides, there is a document titled Windows To Go. Windows To Go explores an enterprise operating system running from a USB drive, specifically tailored for use within educational facilities.
… There are a several good guides for Office users
… The BYOD Devices – A Deployment Guide was an interesting read. The eBook offers a practical guide to rolling out a BYOD strategy in educational facilities.

Another article for my Data Management class.
How PepsiCo Convinced You That Lays Were Cool Again
… Anyone who had a chip idea in mind could visit Lays’ Facebook page, enter some information about their flavor and be rewarded with a shareable image of “their” bag of chips. The company teamed up with Facebook to turn the “like” button into a vote of “I’d Eat That.” Lays’ Facebook cover photo became a rotating billboard, which featured a new submission every few minutes.
… “The days of focus groups — it’s over,” she said. “It’s really about observing behavior. Big data comes together with granular understanding of human behavior.”

Tasty Tuesday! For my starving students (and their pudgy professor?)
Taco Bell to Give Away Free Biscuit Tacos as Breakfast Battle Rages On
… On May 5 (a.k.a. Cinco de Mayo), the fast-food chain is giving away free Biscuit Tacos between 7 a.m. and 11 a.m. in honor of “Breakfast Defector Day.” The brand announced the giveaway today using Twitter’s live-streaming app Periscope -- a social media-savvy move from a brand dedicated to marketing to millennials.

Thursday, April 30, 2015

No one at Apple has a tattoo? Perhaps this was inevitable as computers and people “converge.”
Why The Apple Watch Doesn't Like Tattoos
The Apple Watch looks like no friend to fans of the body arts. The device lost some of its shine when several buyers reported problems using their new wearable on heavily tattooed arms.
Apparently, dark body ink seems to interfere with the gadget's sensors, producing inaccurate readings in some cases or completely stifling some features, like alerts, in others.
Anecdotal though they may be, evidence of the problems keeps mounting. Given the way the photoplethysmographic sensors work, and the fact that the watch relies on them for key functions, Apple should have foreseen some of these issues. Instead, it's trying to delve into it after the fact, investigating the problems. (Though it hasn't offered any official comment yet.) While we wait, here's some insight into the matter.

Perspective. Ah, so that's what's happening.
Facebook Is Eating the Internet
Facebook, it seems, is unstoppable. The social publishing site, just 11 years old, is now the dominant force in American media. It drives a quarter of all web traffic. In turn, Facebook sucks up a huge portion of ad revenue—the money that keeps news organizations running—and holds an enormous captive audience.
We already know, from a Pew poll last year, that nearly half of the adults who use the Internet report getting their news from Facebook alone. Now consider some of the latest numbers from Pew, in its annual State of the Media report, which came out on Wednesday:
As in previous years, just five companies generate the majority (61 percent) of digital ad revenue: Facebook, Google, Microsoft, Yahoo, and AOL.
• Facebook more than doubled digital ad revenue over the course of two years. It made $5 billion in ad money last year. That represents 10 percent of all digital ad revenue.
• Facebook is getting a quarter of all display ad revenue and more than a third (37 percent) of display ads on mobile.

(Related) Another view of the same report.
Pew: Mobile driving most news traffic
Most of the top news outlets are getting the majority of their web traffic from mobile devices such as smartphones or tablets, according to a Pew Research report released Wednesday.
Pew’s State of the New Media report found 39 of the top 50 news websites have a greater percentage of traffic coming from mobile devices than desktop computers.

Is this enough to make Windows phones more attractive?
Windows 'open' for Apple and Android
Microsoft is releasing software tools that make it easier to run popular Apple and Android apps on Windows mobile devices.
By changing a "few percent", Apple app makers should be able to run code on Windows 10 mobile devices, it said.
And many Android apps should run with no changes.
Experts said the move was an "imperfect solution" to Microsoft's problems persuading people to use Windows mobile.

For my gaming students. (Digest Item 4)
Embed Classic MS-DOS Games in Tweets
You can now embed classic MS-DOS games in Tweets, with anyone following you able to play the titles directly from within Twitter. To prove this works, I embedded The Oregon Trail in one of my own tweets, before promptly getting sidetracked actually playing it.
This is all possible thanks to the collection of classic MS-DOS games preserved for posterity by The Internet Archive. Titles offered up to play through an emulator include Prince of Persia, Wolfenstein 3D, SimCity, Street Fighter II, Bust-A-Move, and Where in the World is Carmen Sandiego.

An article for my Data Management and Business Intelligence students.
A Leader’s Guide to Data Analytics
In recent years, data science has become an essential business tool. With access to incredible amounts of data—thanks to advanced computing and the “Internet of things”—companies are now able to measure every aspect of their operations in granular detail. But many business leaders, overwhelmed by this constant blizzard of metrics, are hesitant to get involved in what they see as a technical process.
... Too often, Zettelmeyer says, managers collect data without knowing how they will use it. “You have to think about the generation of data as a strategic imperative,” he says. In other words, analytics is not a separate business practice; it has to be integrated into the business plan itself. Whatever a company chooses to measure, the results will only be useful if the data collection is done with purpose.

Wednesday, April 29, 2015

This sounds strange to my ears. 1) Isn't WiFi available on planes? 2) I planned my flight before I got in the plane. Are they claiming that no one noticed a problem until they were about to take off? Sounds like the airline recalled the planes to update the software (I doubt the pilots did it) which suggests some aircraft were flying with defective iPads. I'll have to see how many ways my Ethical Hacking students can come up with to make subtle changes to this software.
American Airlines Flights Delayed After App Issues in Cockpit
American Airlines said that a glitch with a third-party application used on pilots' iPads caused several flights to be delayed on Tuesday.
The airline said that some planes were forced to return back to flight gates so that pilots could access a WiFi connection and fix the app issues. It was not immediately clear how many flights were affected. The issue was with software containing mapping and flight-planning information, according to Re/code.

Another area for concern. If someone like my Ethical Harking students could pull information from a company before its scheduled release, they could make a fortune by buying or short-selling the stick. I expect we will hear more on this.
Twitter earnings leaked ... on Twitter. Stock tanks 20%
Twitter's latest quarterly results came out earlier than expected after someone on Twitter (naturally) leaked them.
… The numbers first appeared on the Twitter account of Selerity, a self-described financial intelligence platform, at 3:07 ET. Twitter was not due to release its results until after the market closed at 4 p.m.
After Twitter officially released earnings, Selerity tweeted that it got the numbers directly from Twitter's investor relations site.
"No leak. No hack," Selerity tweeted.
Twitter's investor relations team released a statement on Twitter.
"We asked [the New York Stock Exchange] to halt trading once we discovered our Q1 earnings numbers had leaked, and published our results as soon as possible," the company tweeted. "We are investigating the source of the leak."

I am becoming convinced that the Health Care industry is today's “low hanging fruit” when it comes to hacking (or simply walking off with) personal information.
In reading the substitute notice below, note that they do not say from where the laptop was stolen, nor how many were affected. And what kind of “commitment” to privacy is it to just password-protect a laptop with PHI – and to keep “former member and dependent” information on it? C’mon, folks. We can and must do better.
As part of its ongoing commitment to protecting the privacy of personal health information, Oregon’s Health CO-OP is notifying members of a security incident.
On April 3, 2015, a password protected laptop containing Oregon’s Health CO-OP member and dependent information was stolen.
… The information on the stolen laptop included current and former member and dependent names, addresses, health plan and identification numbers, dates of birth and social security numbers. No medical information was on the laptop. [Makes you wonder what the laptop user's job was... Bob] There is no indication this personal information has been accessed or inappropriately used by unauthorized individuals.
… Oregon’s Health CO-OP has established a confidential inquiry line, staffed with professionals trained in identity and credit protection and restoration who are familiar with this incident and the contents of this notice. [This must be some outside service. (Clearly not the health co-op) I don't recall seeing it before, but I bet they get lots of business. Bob]
SOURCE Oregon’s Health CO-OP

Just a few days ago, Sony asked the court to toss out some class actions because it had been a whole 5 months since their breach.
Brian Krebs reports that he received a tip about physicians’ data up for sale on a darknet marketplace called AlphaBay. One of the databases for sale was a large text file called, “Tenet Health Hilton Medical Center” that contained the name, address, Social Security number and other sensitive information on dozens of physicians across the country.
Did you ever hear about that breach? I never did – not under that name, but it turns out in September, 2014 I had reported the breach on in my report on PST, a McKesson subsidiary. I just didn’t know at that time that Tenet Health was another affected client as there was no entry for them on HHS’s public breach tool.
It’s interesting that some of the data are up for sale now. How many times have we heard entities say “We have no evidence of misuse?” InCompass Health was surprised to learn that the data were up for sale when Brian contacted them.
I wonder what they will do now. Will they send a second notification/update to say, “Hey, we just learned your data are up for sale” or will they figure they’ve already covered themselves in their first notification? [No legal obligation, right? Bob]
And how much more of the data may be up for sale? Keep in mind that data were reportedly exposed on the Internet between December 1, 2013 and April, 2014, when the breach was detected and the data were secured.
Trot on over to for more info on how healthcare entity breaches result in patient (and provider) information getting around.

This should be of great interest to my computer security students.
Calculating Cyber Security ROI for Enterprises
Communicating the value of security in dollars and cents to a board of directors can be a complicated endeavor.
To help with this conundrum, consultancy firm Booz Allen Hamilton has offered up its own methodology for determining an organization's return on investment (ROI) in cybersecurity.

Another example of a management group who never heard of Privacy?
The editors of the Deccan Chronicle in India address a breach noted earlier this week:
In an appalling act of recklessness, the Telecom Regulatory Authority of India has compromised the privacy of over a million Internet users of the country by publishing online all the responses of their consultation paper on Net neutrality. Either the bureaucrats running Trai are ignorant [Got it in one! Bob] of how the Internet works or they were simply getting back at the virtual unanimity in opposing the erosion of the equity of providing Internet service by telecom companies creating shortcuts for corporates. Not only are all the 11 lakh email IDs in the public domain but all the addresses and phone numbers of those who may have put such details in their mails as part of their emailing template.
Read more on Deccan Chronicle

What other organizations do this? If your favorite hotel chain did, would they tell you? Can you stay in a hotel without giving your name if you pay in advance in cash? (Is a name enough to identify the guest? They must provide all the information they have.)
Joe Cadillic sends along this very disturbing news story. After reading it, I decided that I will never stay at a Motel 6 again.
Patrick Anderson and Tracee M. Herbaugh report:
City police have arrested four people staying at the Motel 6 on Jefferson Boulevard as a result of the hotel chain’s agreement to provide police with a daily guest list, Mayor Scott Avedisian said Tuesday.
The names of Motel 6 guests, which police then check for outstanding warrants, is one of five steps Motel 6 corporate managers agreed to take in response to a string of high-profile incidents and concerns the establishment was becoming a haven for passing criminals.
… As of now, guests who check-in at Warwick’s Motel 6 will not be told their names are on a list that goes to the police station every night.
Alerting motel guests that local police know their whereabouts “is not a normal process of our check-in,” said Victor Glover, a vice president of safety and security for G6 Hospitality, the parent company for Motel 6. “I don’t know that we have any plans of instituting that as we move forward.”
Glover said that, generally, if a local police department wants a property’s guest list, Motel 6 makes it available. Glover would not say, however, if the Motel 6 brand has had similar problems at other locations, only that “there are times that issues come up.”
Read more on Providence Journal.

Why would you shut off communications that the public uses, but not the communications that a smart group of terrorists would use? (e.g. FireChat) It provides a clear indication that the DHS is on the scene but the only negative impacts are to the victims.
DHS Defends Government Secrecy in “Internet Kill Switch” Case
by Sabrina I. Pacifici on Apr 28, 2015
EPIC – “The Department of Homeland Security has filed a brief in response to EPIC’s petition for rehearing in the “Internet Kill Switch” case. EPIC is seeking the release of the public policy that allows the government to suspend cell phone service. The D.C. Circuit previously ruled that DHS may withhold the policy. EPIC pursued the shutdown policy after government officials disabled cell phone service during a peaceful protest in San Francisco. EPIC cited both free speech and public safety concerns and noted that the policy was never subject to public rule making. The Federal Communications Commission recently warned government agencies not to use “jammers,” devices that block cell phone signals, because of public safety risks.”

Is Google going to oppose patent trolls or become one? (Digest Item 2)
All Your Patents Are Belong To Google
Google wants your patents. All of them. Or at least those it feels have some value. In order to find these patents and buy them from their current owners, Google has created a new Patent Purchase Promotion. Which is essentially a marketplace designed to remove any friction from the process.
The marketplace will open on May 8 and stay open until May 22. Individuals and businesses are invited to put their patents up for sale during that window, and Google will then determine which patents it wants to purchase. Google hopes to have all sales tied up by the end of August.
The big idea here is for Google to buy up valuable patents before they fall into the hands of patent trolls out to make a fast buck. As noted by TechCrunch, the added bonus for Google is that it gets to see what patents are currently available, and pick and choose those which it thinks will pay off financially over the longterm.

Another interesting article. (Dem guys a Haaarvard must be really smart, or maybe I just agree with them?)
How Technology Has Affected Wages for the Last 200 Years
… are we really at an historical turning point? No. In fact, the present is not so different than the past. Throughout history, major new technologies were initially accompanied by stagnant wages and rising inequality, too. This was true during the Industrial Revolution in the early nineteenth century and also during the wave of electrification that began at the end of the nineteenth century. However, after decades these patterns reversed; large numbers of ordinary workers eventually saw robust wage growth thanks to new technology.

Curious. I'll have to run this by our librarians to see if it will handle some of the stuff I didn't purchase from Amazon. (No surprise, their video never mentions that possibility.)
Amazon Whispercast 3.0 Helps Your Teacher Stay Organized
Amazon today launched Whispercast 3.0 to make it easier for schools and businesses to manage their Amazon gadgets.
Whispercast, which debuted in 2012, lets schools and businesses easily discover and manage e-books, apps, and more for Amazon's lineup of Kindle devices. With Whispercast 3.0, Amazon is promising upgrades like tiered administration and group management, which provides more freedom to set up organizational hierarchies and delegate control. Users can also organize content by classes, grades, groups, or whatever structure makes most sense for them.
Digital Transition Services, meanwhile, will provide users with access to service representatives who can help with the setup process. But a step-by-step setup wizard is also intended to let users organize and distribute content on their own.
… also lets users access documents on Android and iOS handsets, Chromebooks, Macs, and PCs.

For my students, who will be involved as creators or users of digital information. (Free PDF)
Preparing the Workforce for Digital Curation
by Sabrina I. Pacifici on Apr 28, 2015
“The massive increase in digital information in the last decade has created new requirements for institutional and technological structures and workforce skills. Preparing the Workforce for Digital Curation focuses on education and training needs to meet the demands for access to and meaningful use of digital information, now and in the future. This study identifies the various practices and spectrum of skill sets that comprise digital curation, looking in particular at human versus automated tasks. Additionally, the report examines the possible career path demands and options for professionals working in digital curation activities, and analyzes the economic benefits and societal importance of digital curation for competitiveness, innovation, and scientific advancement. Preparing the Workforce for Digital Curation considers the evolving roles and models of digital curation functions in research organizations, and their effects on employment opportunities and requirements. The recommendations of this report will help to advance digital curation and meet the demand for a trained workforce.” Committee on Future Career Opportunities and Educational Requirements for Digital Curation; Board on Research Data and Information; Policy and Global Affairs; National Research Council.

For my Computer Security students. Make them pay well for your services.
Experts Warn on Critical Shortage of Cybercrime Specialists
Riyadh - Experts warned at a conference in Saudi Arabia on Tuesday of a critical shortage of global specialists trained to confront increasingly malicious cyber security threats.
"Some reports say that we have globally less than 1,000 people who are truly qualified, whereas we need over 30,000 to address the problem," said Mark Goodwin, of Virginia Tech university in the United States.

Another tool for creating lectures my students will ignore?
SoundCloud Is Making It Easier for Anyone to Publish a Podcast
SoundCloud is one of the audio recording tools that I have been recommending for years. I've always liked the ease with which you can record, save, and share audio through the service. The option to insert text comments into SoundCloud tracks has been an appeal of the service too. Today, SoundCloud added a new feature that will appeal to anyone that has wanted to try his or her hand at podcasting.
SoundCloud for Podcasting creates an RSS feed for the recordings that you make or upload to your SoundCloud account. This doesn't seem like a big deal until you realize that by having that RSS feed created for you, you can then easily publish your podcast across multiple podcasting services including iTunes. Compare Apple's directions for publishing to iTunes to SoundCloud's directions for the same and you'll see why SoundCloud makes it easier to distribute podcasts.
Applications for Education
SoundCloud for Podcasting could be a great service to try if you have wanted to try podcasting with your students, but have been overwhelmed or frustrated by the process of distributing the recordings your students have made. The free SoundCloud for Podcasting plan provides hosting for up to three hours of recordings.

Tuesday, April 28, 2015

What's the big attraction for hackers? Cosmetic surgery is rarely covered, so a new face seems out. Do you suppose it might be that hacking health care is easier?
Now that I know what I’m looking for, I’m finding more evidence of targeted email attacks affecting members of Ascension Health. For previous reports on this incident, read here and here.
On March 16, Sacred Heart Health System in Florida posted this notice on their site about a breach they reported to HHS as affecting 14,177 patients:
On February 2, 2015, we were notified by one of our third-party billing vendors that one of its employee’s e-mail user name and password had been compromised as a result of an e-mail hacking attack. The hacking attack was detected by our billing vendor on December 3, 2014 and the employee’s user name and password were shut down the same day. … After careful review, we were able to determine that the billing vendor’s employee e-mail account contained personal information for approximately 14,000 individuals.
The personal health information in the e-mail account included patient names, date of service, date of birth, diagnosis and procedure, billing account numbers, total charges, and physician name. Approximately 40 individuals’, social security numbers were also compromised. The hackers did not gain access to individual medical records or billing records.
If Sacred Heart Health System is our fourth entry for the list, then St. Mary’s Health in Indiana is the fifth. Their breach affected 3,952 patients. The notice on their web site reads, in part:
On December 3, 2014, St. Mary’s learned that several employees’ user names and passwords had been compromised as a result of an e-mail hacking attempt. It immediately shut down the user names and passwords and launched an investigation into the matter. After careful review, St. Mary’s learned on January 8, 2015, that employee e-mail accounts subject to the hacking attempt contained some personal information for approximately 4,400 individuals. [A month to find out what was in the email accounts of their employees? Shame. Bob]
The personal health information in the e-mail account included patient name, date of birth, gender, date of service, insurance information, limited health information and, in some cases, social security numbers. The hackers did not gain access to individual medical records or billing records.

Come on educators, it's not that hard to Google “password best practices." It's even easier than findong someone who knows what they are doing when it comes to security!
Melissa Stern reports:
A metro mom says some students have taken cyberbullying to a whole new level. Her daughter is the victim, and she says school-issued technology is to blame.
Amy Laughlin says school-issued iPads at Belton Middle School have become more problematic than useful. Her daughter in the seventh grade says she’s receiving bullying emails on her iPad from someone hacking into other students’ accounts.
Read more on The “hacking” was facilitated by the fact that a generic password had been issued to the students with the iPads, and many students hadn’t changed their passwords, it seems.
“One of the first things we`ve done is have our students set up a different username or password or both,” the Superintendent explained.
The superintendent also said they remind students to keep their passwords private. The district is working on character education in class, and tracking down students using the iPads inappropriately.
I hope they educate the students that posing as someone else could run them afoul of the law, even if they’re not posing as someone else to harass people.

(Related) Apparently, this is not limited to educators. Where is management?
Happy birthday! Now anyone can login to your Betfair account
I’m not often astounded by the woefulness of a security practice any more, but every now and then there’s a notable exception. Take this one, for example:
@BetfairHelpdesk Is it right that all one needs to change their password is their username and date of birth?
Yes, that’s exactly what it looks like and just for the sake of posterity should those Betfair responses be removed, Paul captured the discussion here. Now before we go on, do read that discussion in its entirety because context is important here.

For my Computer Security students. Note that it does not have to be your company that fails. How would you detect and reverse this?
Social Engineering: Attackers' Reliable Weapon
It begins with a baited hook.
It could be a link posted on social media that appears to lead to a subject of interest. It could be the sudden arrival of an emailed invoice. Whatever the ploy, social engineering is the opening salvo in targeted attacks against organizations all over the world. Sometimes, the social engineering begins with an email. Other times it may involve Facebook, and other times it may begin with a phone call.
That last scenario was found to be the case in the recent attack on Tesla Motors. A Tesla spokesperson told SecurityWeek that a hacker posed as a Tesla employee, called AT&T customer support and tricked them into forwarding calls to an illegitimate phone number. At that point, the impostor contacted the domain registrar company that hosts, Network Solutions, and using the forwarded number, added a bogus email address to the Tesla domain admin account.
According to the spokesperson, the impostor then reset the password of the domain admin account, routed most of the site's traffic to a spoofed website and temporarily gained access to the Twitter accounts of both the company and its CEO Elon Musk.

    1. Websense Employees Targeted With Fake Raytheon Acquisition Emails

US defense contractor Raytheon announced earlier this month that it’s prepared to acquire network security firm Websense in a $1.9 billion deal. Malicious actors have leveraged this announcement in an attempt to trick Websense employees into installing a piece of malware on their computers.
According to Websense, malicious emails with the subject line “Welcome to join Raytheon” started landing in employees’ inboxes on April 23, just three days after the announcement was made. The body of the emails read, “Welcome to join Raytheon. The password is 123qwe.”

An interesting question. Now videos stream in real time, can be sent to your lawyer's server as you record, and can be made by very small (not easily recognized) devices.
What to Say When the Police Tell You to Stop Filming Them
First of all, they shouldn’t ask.
“As a basic principle, we can’t tell you to stop recording,” says Delroy Burton, chairman of D.C.’s metropolitan police union and a 21-year veteran on the force. “If you’re standing across the street videotaping, and I’m in a public place, carrying out my public functions, [then] I’m subject to recording, and there’s nothing legally the police officer can do to stop you from recording.”
“What you don’t have a right to do is interfere,” he says. “Record from a distance, stay out of the scene, and the officer doesn’t have the right to come over and take your camera, confiscate it.”
Officers do have a right to tell you to stop interfering with their work, Burton told me, but they still aren’t allowed to destroy film.

Food for thought, students!
The Pros and Cons of Cloud Computing
… not everyone is on board with this idea. For every person extolling the benefits of cloud computing, there's an opponent with an equally powerful risk or disadvantage. With so many differing opinions, how can you possibly decide what to do? Let's take a look at the major pros and cons of cloud computing.

Philosophy for geeks? (Notice that he says “When,” not “If.”)
What happens when our computers get smarter than we are?
Artificial intelligence is getting smarter by leaps and bounds — within this century, research suggests, a computer AI could be as "smart" as a human being. And then, says Nick Bostrom, it will overtake us: "Machine intelligence is the last invention that humanity will ever need to make." A philosopher and technologist, Bostrom asks us to think hard about the world we're building right now, driven by thinking machines. Will our smart machines help to preserve humanity and our values — or will they have values of their own?

I'd say this was Baksheesh, but I can't spell Baksheesh.
Google aims to transform European newsrooms
Google will give €150 million (US$163 million) to European publishers and digital journalism startups in the next three years as part of a wider package that aims to support the news sector...
… Google’s fund is similar to a €60 million fund set up to settle a dispute with French publishers in 2013 over lost revenue, and to prevent a proposed “link tax” that would make Google pay to republish news snippets.

Perspective. I was guessing $0.99 per pound.
The Market for Lawyers Revisited
by Sabrina I. Pacifici on Apr 27, 2015
Spurr, Stephen J., The Market for Lawyers Revisited (January 10, 2015). Available for download at SSRN:
“This paper examines the changes in the market for lawyers in the United States over several decades. Reviewing data from 1981 through 2012, we find that the quality of entrants to this market, as measured by the rate of attrition from law schools and mean scores on the Multistate Bar Exam, is highly responsive to the demand for legal services. Analyzing earnings of lawyers, we find that females earn substantially less than males, Blacks earn less than those of other ethnic backgrounds, and the disparity increases over the life cycle. There is also evidence that because of the decline of entrants to the profession, the share of older lawyers has increased, reducing the premium paid for experience. Finally, we examine the trend in inequality in lawyers’ earnings, and find that it has increased substantially over the period of our data.”

Perspective. New terms, same strategy? BiModal? BYOT? Historically, IT has been very slow to acknowledge – let alone attempt to integrate – new technologies. (For years, PCs were “not real computers.”)
How to Keep BYOT out of Bimodal IT Strategy
According to Gartner, by 2017 75 percent of IT organizations will have gone bimodal in some way. This shift reflects the growing need for businesses to deploy a modern mobile platform that encourages business user participation in the development process, with the full support and oversight of the IT organization.
… With BYOT (Bring Your Own Tool) there is a risk that users from different parts of the business will download their own tools and develop their own apps without IT’s involvement. This "rogue IT" approach can result in risks to data security and other corporate governance issues and should be avoided. In addition, this fragmented approach results in a lack of consistency across the organization, with assets and skills that can’t be leveraged across the business.

Perspective. I'm still trying 40 years later.
Teenager Stuns Fellow Geeks By Solving Rubik's Cube In Record 5.25 Seconds

For my Math students.
… On the GeoGebra YouTube channel you will find more 200 video tutorials. If you're just starting out with GeoGebra on your desktop or tablet, the GeoGebra quickstart videos will be of use to you. The videos are silent, but the visuals are clear.

For my Statistics students. (There's nothing like a good argument before I pull out some facts.)
… When I found that upsets are much less common in the NCAA women’s tournament than in the men’s, my mind jumped to what seemed like a logical explanation: Perhaps the lack of upsets is caused by a lack of depth in the women’s game.
In particular, teams like the epically dominant University of Connecticut Huskies — newly minted winners of their third straight national title and the 10th of Coach Geno Auriemma’s reign — must be able to win so much because they get all the best players from a shallow talent pool. Even many who love and defend women’s basketball often judge it a little differently than men’s, on the presumption that it’s a less mature sport.
… And it would make sense if there were any truth to the notion that women’s basketball is less talented.
But it isn’t. As it turns out, not only is women’s college basketball as strong and deep in college-age talent as the men’s game, but for the rarest talent, it is significantly more so.

My students and I are trying to understand social networks and how to use them.
50 Companies That Get Twitter – and 50 That Don’t
Corporate tweeters need to know that they aren’t just promoting a brand or solving a problem: they are performing for an audience, supporting customers throughout their journey, and even, subtly, selling. The best, like American Airlines, make it feel natural. They have given their social media staff a clear mission and a great deal of autonomy; the account’s managers chat with customers, offer up front to solve problems, and empathize with frustrated travelers.
But the worst have exported their old tricks to new media. Entirely devoid of empathy, their accounts might as well be run by robots. Starbucks simply redirects queries to an email address—with a grating exclamation point to add insult to injury. At least that’s better than the 70% of companies that plainly ignore complaints on Twitter.
This matters. Social media isn’t merely a place for people to chat with each other and for brands to talk at their customers. For a new generation of consumers who get their news and form their views about the world primarily on social media, it is an essential proving ground. A witty comment or botched response on Twitter can travel to Facebook and even news websites in minutes (think of the Oreo tweet during the Superbowl blackout of 2013). But a single miscalculated remark can cascade into an avalanche of disapproval

Monday, April 27, 2015

For my Risk Management students: What does the loss of a global cash register network cost? Here is one estimate. Now figure how much you would spend to prevent errors like this.
Starbucks lost millions in sales because of a ‘system refresh’ computer problem
… The problem, caused by what Starbucks called a “failure during a daily system refresh,” occurred around 4 p.m. PST and forced baristas to hand out thousands of free drinks to surprised — and pleasantly happy — customers.
The faulty technology cost Starbucks at least a few millions of dollars. Here’s the breakdown:
On Thursday, the company reported $3.1 billion in revenue during the past three months for its “Americas” stores, which include the U.S., Canada, and Latin America.
… the outage happened at 4 p.m. on a Friday. On a given day, most of Starbucks’ business certainly comes during the morning hours. So, let’s say each store lost about 10 percent of its total daily revenue during the outage.
By our rough estimates — calculated by journalists, not accountants — that means Starbucks lost around $3 million on Friday because of computer problems.

This was not the, “Hey Hillary. What new at State?” This was the, “Hello Mr. President, My name is Billy. I am in the 2nd grade. Please tell me what Hillary is doing at State.”
Russian Hackers Perused President Obama’s Personal Emails During 2014 State Department Breach
It looks like a cyberattack that hit the White House last year by Russian hackers was a bit more serious than originally presented. [Not untypical Bob] The biggest takeaway is the fact that president Obama's personal emails were accessed, including both sent and received messages. That's the downside; the upside is that it appears absolutely no classified information had been accessed. [Huh. Hillary said the same thing. Bob]

I've never been an advocate for a ban on tracking. I like to know which of my activities can be tracked and I'd like to believe that my government(s) do it appropriately.
Rami Essaid of Distal Networks thinks we’re too focused on stopping tracking when we should be more focused on transparency about it:
… the world is engaged in the wrong conversation when it comes to Internet privacy. Tracking happens – get over it. The conversation we should be having isn’t about absolute privacy, as the European Union seems to believe, but about transparency.
The fight should be about bringing tracking out of the murky shadows and into the sunshine of full disclosure. The Internet public has a right to know the “Five W’s” of tracking at every site they visit: Who is tracking me, what are they doing with the information, where, when and why?
Read more on TechCrunch. Do you agree?

Because they have a drug problem? Not according to the Board.
Carroll County to start randomly drug testing students
… “It was done as more of a deterrent,” [More than what? Education? Bob] said Assistant Superintendent Terry Jones of the unanimous Board of Education decision.
The board has been studying this issue since last September. It will include students in grades nine through 12, or roughly around 4,000 students. [No it will not. More bad reporting? Bob]
Jones explained that it will be only for the kids who participate in athletics, any type of extracurricular non-athletic program and those who drive and park on campus.

Is it a (real or imaginary) thing? Then you can talk to it and listen to it. That's the Internet of Things! All of my students should read this.
What Is the Internet of Things?
by Sabrina I. Pacifici on Apr 26, 2015
What Is the Internet of Things?, Mike Loukides and Jon Bruner, O’Reilly Media: “The Internet of Things (IoT) is a blending of software and hardware, introducing intelligence and connectedness to objects and adding physical endpoints to software. Radical changes in the hardware development process have made the IoT—and its vast possibility—accessible to anyone. This report provides a high-level overview of the foundational changes that have enabled the IoT and examines how it’s revolutionizing not just consumer goods and gadgets, but manufacturing, design, engineering, medicine, government, business models, and the way we live our lives.”

Perspective. How important is China as a market?
It looks like iPhone sales in China are going to be bigger than in the US
Apple is set to announce its latest earnings today, and analysts are expecting that iPhone sales are going to be bigger in China than the US for the first time, Bloomberg reports.
Analysts from Creative Strategies are predicting Apple sold between 18 and 20 million iPhones in China, compared to between 14 and 15 million iPhones in the US.

(Related) Of course, that means China want to sell to China.
China Telecom Helps Fortify Alibaba's $590 Million Bet On Smartphone Vendor Meizu
Jack Ma thinks Alibaba can succeed as a vendor of smartphone hardware. In spite of Amazon's failed bid to make the Fire Phone gain mainstream success, Alibaba still dared to pay $590 million to get a minority stake at Meizu.
However, unlike Amazon's money-losing Fire Phone experiment, Alibaba has won the support of a major wireless carrier for its online shopping-centric smartphones. China Telecom will offer entry-level Alibaba smartphones to its subscribers.

Perspective. An Industry with significant 'barriers to entry.'
Department of Justice scuppers $30bn semiconductor merger
The proposed merger of Tokyo Electron and Applied Materials into a $30bn semiconductor equipment giant has collapsed due to competition concerns from the US Department of Justice.
… The number of players in semiconductor equipment, one of the world’s most technologically demanding industries, has been falling as research and development costs increase and the pool of customers shrinks.
Only a small number of chipmakers — such as Intel, TSMC and Samsung — now operate at the cutting edge of semiconductor technology, giving them significant power over equipment suppliers.
A merger of Applied Materials, the largest company in the sector, with Tokyo Electron would have had about 25 per cent of the total equipment market. But it would have had market shares closer to 50 per cent for some tools, such as silicon etching machines, forming a near-duopoly with Lam Research.

I have one student who admits reading romance novels. (That's 50% of my students who admit reading for pleasure.)
Why romance novelists are the rock stars of the literary world
… The amazing thing is that this historically derided genre is not only wildly successful (it regularly outsells both mystery and sci-fi; Romance Writers of America estimates the genre made $1.08 billion in sales in 2013) but also preternaturally friendly.
In an age where women are constantly encouraged to “lean in” at predominantly male workspaces, there exists this frequently ignored, yet massive and diverse, woman-steered industry where writers literally tutor their competition. As Bly says early on in Kahn’s film, the romance industry may be one of the last meritocracies left on the planet.

For my students. (I already have the book on hold at my local library.)
Socializing School Events With Social Media
Last week I received a copy of Guy Kawasaki and Peg Fitzpatrick's book The Art of Social Media. It's a quick read that is full of actionable items. One of the chapters of the book is about incorporating social media into physical events like conferences.
[Also check the resource links:

Who says your phone can't give you a virus?
    1. HTC Treats iOS Like an Illness

And finally, HTC thinks you may be suffering from a condition it calls, “Bi-Phonal Displeasure Disorder,” which takes the form of either “Samsung Affective Disorder (SAD)” or “Irritable Operating System (IOS)” depending on which phone you currently own.
You could tackle this horrible illness by taking a (completely made-up) drug called Cellami. However, according to the company there is only one real cure… the HTC One M9. Oh, it’s an ad. How disappointing. Still, as far as poking fun at your competitors goes, this is rather amusing.