Saturday, May 16, 2015
Silly headline. Is the FBI confirming that flight controls are part of the entertainment system? After repeated warnings? The airlines don't have a simple maintenance switch they can turn off after updating their systems? If the FBI cold prove any of this, wouldn't they arrest this guy?
Hacker told F.B.I. he made plane fly sideways after cracking entertainment system
A well-known U.S. hacker told F.B.I. agents he took momentary control of an airplane’s engines mid-flight by hacking into its inflight entertainment system, according to a document filed in U.S. federal court and obtained by APTN National News.
… Roberts has not yet been charged with any crime. The allegations contained in the search warrant application have not been proven in court.
… F.B.I. agents obtained the search warrant on April 17 to probe a number of electronic items seized from Roberts after he arrived in Syracuse, NY, from Chicago on April 15. Roberts had posted a joke tweet earlier in the day while on a United Airlines flight between Denver and Chicago. The tweet referred to hacking into the airplane’s in-flight entertainment and passenger oxygen mask system.
… Roberts also told the agents he hacked into airplane networks and was able “to monitor traffic from the cockpit system.”
According to the search warrant application, Roberts said he hacked into the systems by accessing the in-flight entertainment system using his laptop and an Ethernet cable. [What would he plug the Ethernet cable in to? Bob]
… F.B.I. agents let Roberts go after they seized his equipment and questioned him in Syracuse. The agents then tracked the Denver to Chicago airplane Roberts took before connecting to Syracuse. Roberts sat in seat A3 on the Chicago flight. The airplane was traced to Philadelphia and F.B.I. agents discovered the boxes in seats A2 and A3 showed evidence of tampering, according to the warrant application document.
The document stated the box under A2 was “damaged” with the outer cover “open approximately” half and inch and “one of the retaining screws was not seated and was exposed.”
… Shortly after the incident with Roberts, Wired reported that the TSA and the F.B.I. issued a bulletin to airlines to be on the lookout for passengers showing signs they may be trying to hack into an airplane’s Wi-Fi or inflight entertainment system. Wired also reported that the U.S. Government Accountability Office issued a report warning that electronic systems on some planes may be vulnerable to hacking.
Swire: A Historical Primer for This Week’s Judicial and Congressional Actions on Section 215 Bulk Collection
Peter Swire provides a summary of the history of Section 215 and how we got to where we are right now in this article on IAPP.
Local scofflaws. Sometimes government moves too slow. (Okay, usually government moves too slow)
NUNN, Colo. — As the sun peeks over the fields of organic grain in this grassy patch of the state, some mornings, a dark dot appears in the sky as well, and a loud buzz slices through the pastoral scene.
It is a drone, and its pilot is a farmer named Jean Hediger, one of a growing number of American agrarians who have taken to using unmanned aircraft — better known for their use in war-torn lands far from the wheat fields of eastern Colorado — to gather information about the health of their crops.
In doing so, these farmers are breaking the law. It is illegal to fly drones for commercial purposes without permission from federal authorities, and those who do so risk penalties in the thousands of dollars. But the technology holds such promise that many farmers are using it anyway, dotting the country’s rural skies with whirring devices saddled with tiny video cameras.
… “Our intent is pure,” she added. “Without being able to fly drones over our fields, they are asking us to remain in the dark ages.”
Humor every week.
Hack Education Weekly News
… “Bills that would decriminalize truancy are moving through the Texas legislature, with the state House recently passing HB 2632. The bill would eliminate criminal penalties and institute fines for students who chronically skip school,” reports Politico.
… The Colorado Commission on Higher Education says it will standardize how colleges in the state accept “prior learning” for credit.
… Virginia’s community college system is piloting an open textbook initiative, reports Campus Technology. “VCCS plans to model its open textbook initiative on Tidewater’s Z-Degree program. The pilot program will run at 15 of Virginia’s community colleges and is expected to save 50,000 students more than $5 million dollars in the first year.”
… Via The Atlantic: “Long-Range Iris Scanning Is Here. An engineering professor at Carnegie Mellon says he’s invented technology that can identify someone from across the room with the precision of a fingerprint.” What could possibly go wrong?
Very cool for my Android toting students. Convergence?
How To Dual Boot Your Android With Ubuntu
… We provided readers with the steps they need to install Ubuntu Touch on their Nexus handsets, but since 2013 additional devices have been added to the list of supported tablets and phones.
Friday, May 15, 2015
If your algorithm is really, really fast, you can make or lose lots of money. It is possible to 'trigger' trades if you know how the algorithm works. Connecting these guys to some particular trader is going to be difficult.
SEC Reviews Dubious Avon Bid
What appears to be a bogus filing with the Securities and Exchange Commission claimed that Avon Products Inc. was the target of a takeover bid, sending the embattled beauty-products company’s stock soaring on Thursday and leaving the agency looking for answers.
Avon’s shares shot up by more than 20% midday to nearly $8 after an entity calling itself PTG Capital Partners Ltd. said in a securities filing that it had lodged a bid of $18.75 a share to buy the company.
Avon said it hadn’t received such a bid and hadn’t even been able to confirm that PTG Capital existed. A person familiar with the matter said the company was treating the offer as a hoax.
… The apparent Avon hoax underscores a weakness in the SEC’s “Edgar” filing system. It is relatively easy to set up a fake account and make fraudulent filings directly to a legitimate firm’s cache of disclosures. To make filings, one only needs to provide Edgar with a street address and a document signed by a notary, according to an Edgar user’s manual published by the SEC.
… The PTG filing includes a number of instances of odd spacing and typos, including twice referring to the firm as TPG, a known private-equity firm that acquired an Avon business in Japan in 2010 and reportedly considered a bid for Avon earlier this year. The language used in the SEC filing about “PTG Capital” mimics the wording that TPG uses to describe itself.
… The purported offer bears a resemblance to one received in December 2012 by Rocky Mountain Chocolate Factory Inc., a small publicly traded confectioner. In that case, someone calling themselves PST Capital Group Ltd. claimed they offered $13.50 a share for Rocky Mountain.
You don't have to put everything on the same server or even the same network. You can log access to files, but then you would have to actually look at the logs!
Last fall, it came to light that Chinese hackers had roamed around unnoticed for months inside the network of USIS, the biggest commercial provider of background investigations to the federal US government. In fact, two of the company’s biggest customers are the Department of Homeland Security (DHS) and the Office of Personnel Management (OPM).
Onapsis Research Labs analysis finds that the breach most likely utilized an SAP attack vector that Onapsis has been tracking in the wild and warning enterprises about. It marks the first time an SAP attack against a national security service provider has been publicly uncovered.
Read more on InfoSecurity.
“We make it up as we go along” or “Because they supported the other candidate” are probably not part of the written guidelines.
Jenna Greene reports:
The Federal Trade Commission this week was sued for refusing to turn over information about how the agency decides to bring data security cases.
The Freedom of Information Act suit by Philip Reitinger, a former Department of Homeland Security official who is now president of a cybersecurity company, comes as the FTC defends its role as data security cop in two ongoing cases.
“The FTC’s data security activity has increased in recent years and is likely to continue to do so,” wrote Reitinger’s lawyers, Steptoe & Johnson LLP partners Michael Baratz and Stewart Baker, in the complaint.
The FTC’s response to their FOIA request will likely irritate a number of people. As Greene reports:
In refusing Reitinger’s request for internal documents about data security enforcement, the FTC claimed FOIA exemption 5, asserting that all the material is protected by the “deliberative-process privilege.” It also said that FOIA Exemption 7(E) applied, alleging that the documents are also law enforcement guidelines, and that their disclosure could “reasonably be expected to risk circumvention of the law.”
Well, if you want compliance, wouldn’t it make sense to to make the guidelines not only public, but loudly public, to foster greater compliance? [But if you want political power, being able to strike when and where you choose is the more attractive option. Bob]
Read more on Legal Times.
I might use this as the basis for an “incident response” project.
FTC – Recovering from identity theft is easier with a plan
by Sabrina I. Pacifici on May 14, 2015
“IdentityTheft.gov is the federal government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample letters to guide you through the recovery process.”
Do you have the right to confront the technology accusing you? Could I create a guilt-o-meter(TM) for prosecutors that would convince a jury but not be available for cross-examination?
Ellen Nakashima reports:
In a handful of criminal cases around the country, local police officers have testified in recent months that non-disclosure agreements with the FBI forbid them from acknowledging the use of secret cellphone-tracking devices. In some, prosecutors have settled cases rather than risk revealing, during court proceedings, sensitive details about the use of the devices.
The FBI, however, says such agreements do not prevent police from disclosing that they used such equipment, often called a StingRay. And only as a “last resort” would the FBI require state and local law enforcement agencies to drop criminal cases rather than sharing details of the devices’ use and “compromising the future use of the technique.”
Read more on The Washington Post.
Not just a “slippery slope,” this reminds me of the New Jersey basketball “cheer” following a bad call: “Elevator, elevator, we got the shaft!” Does this suggest that people entering Australia illegally phone ahead?
This is exactly what civil libertarians and privacy advocates in Australia tried to warn the public about.
Josh Taylor reports that less than two months after the government passed a hotly debated data retention law for ISPs, the Department of Immigration and Border Protection has been added to the list of agencies that can access Australians’ telecom data:
Under the mandatory data-retention legislation, only a select number of government agencies can access the stored call records, assigned IP addresses, location information, and other telecommunications data for the purposes of investigating breaches of the law.
When the Australian Labor Party announced that it would side with the government and pass mandatory data-retention legislation in March, the support came with a number of amendments to the legislation, designed to increase oversight and improve accountability over government access to the stored data.
Read more on ZDNet.
Should we all start learning Chinese?
Colter Hettich reports:
Chinese web search giant Baidu unveiled its latest technology Monday, saying it had taken the lead in the global race for true artificial intelligence.
Minwa, the company’s supercomputer, scanned more than 1 million images and taught itself to sort them into about 1,000 categories — and did so with 95.42% accuracy, the company claims, adding that no other computer has completed the task at that same level.
Google’s system scored a 95.2% and Microsoft’s, a 95.06%, Baidu said.
Read more on NY Daily News.
Interesting. Could this be why SurveyMonkey was able to predict the UK elections when everyone else failed?
The expansion of online polling in recent years could be a negative for 2016 candidates.
A study by Pew Research released Thursday found members of the public tend to be more willing to express a "very unfavorable" view of politicians when they are surveyed online, compared to questioned on the phone.
The share of people who view Hillary Clinton as "very unfavorable" increased 8 percentage points when polled online, compared to the phone. Sarah Palin's negatives increased 13 percent, Michelle Obama's increased 9 percent, George W. Bush's increased 9 percent, Harry Reid's increased 8 percent, and Mitch McConnell's increased 5 percent.
Pew found people are more likely to report increasingly negative views of politicians online if they are a member of the opposite party. For Clinton, 36 percent of Republicans gave her a "very unfavorable" rating when polled on the phone, but that number shot up to 53 percent online.
Resources for my spreadsheet students.
An Excel Template for Every Occasion
“Pop quiz today!” (Well, I find it amusing)
Breaking News from ClassTools.net
Breaking News is Russel Tarr's latest creation on ClassTools.net. Breaking News is a template for creating fake breaking news screens like those that you might see on CNN or BBC News. Russel sent me a Twitter message about Breaking News this morning and I quickly tried my hand at making a fake breaking news screen. Through the template you can add a news headline, a ticker, a location, and custom background image. After completing the template you can download your news screen as an image or host it online at Imgur.
Applications for Education
Russel Tarr has a bunch of examples of Breaking News screens created about historical events like the assassination of President Lincoln. You could also have students create Breaking News screens about major turning points in the plots of their favorite fiction works.
One of my students tipped me to this one. Also available for iPhones and Windows phones
Learn C++ is another FREE programming course by SoloLearn.
[Makes me wonder if any of these are useful: http://www.sololearn.com/
Dilbert explains how to crush the competition in the age of social media!
Thursday, May 14, 2015
Yeah, expensive breaches. Yeah, people are a problem. Now, how do you fix it?
Adam Levin reports:
For the first time, according to a recent study, criminal and state-sponsored hacks have surpassed human error as the leading cause of health care data breaches, and it could be costing the industry as much as $6 billion. With an average organization cost of $2.1 million per breach, the results of the study give rise to a question: How do you define human error?
[…]Wetware is a term of art used by hackers to describe a non-firmware, hardware or software approach to getting the information they want to pilfer. In other words, people. (The human body is more than 60% water.) Wetware intrusions happen when a hacker exploits employee trust, predictable behavior or the failure to follow security protocols. It can be a spearphishing email, a crooked employee on the take or a file found while Dumpster diving—and, of course, all stripe of things in between. Whatever it is, there’s a human being involved.
Read more on Forbes.
We missed the live stream, but Fordham was nice enough to record the sessions so we can watch them via LiveStream.
Fordham Law Center on Law and Information Policy (CLIP) Ninth Law and Information Society Symposium. Trends in the global processing of data, developments in new technologies, privacy enforcement actions and government surveillance put international privacy at the center of the global law and policy agenda. Government regulators, policymakers, legal experts, and industry players need to find solutions to cross-border conflicts and to the issues presented by innovative technologies. This conference seeks to create a robust, but informal dialog that will explore possible solutions to current questions arising from the international legal framework, infrastructure architecture and commercial practices. The conference will use a unique format. Each panel will start with a short presentation on the technological and business context to set the stage. The panel will be an informal, moderated roundtable discussion with a select group of experts followed by a question and answer session from the audience.
Government in action: Told that a national drone program was ineffective and inefficient, they now want to create 50 independent programs!
Joe Cadillic writes:
The Illinois State Police announced that the FAA has authorized what it calls its ‘Unmanned Aircraft System Program’.
It’s a F***ING surveillance drone program! My god, DHS/Police are trying to mask what it really is by calling it an ‘Unmanned Aircraft System Program’.
There’s even a UAS news website where you can follow all the latest surveillance drone news.
Read more on MassPrivateI.
It doesn't bother the kids. How do we change that?
This quote from an article in the Chicago Tribune seems to say it all:
“It’s a new crisis,” O’Shea said. “Girls all are sending nude photographs of themselves all over the place.”
So what should parents and schools do when attempts to educate kids about privacy do not appear to be sufficient? Enacting state laws on sexting and child pornography are likely ineffective in really preventing impulsive acts or helping a child resist any peer pressure to to do what others are doing.
So here’s a novel thought: you wouldn’t give the keys to your car to a 9-year-old, would you? Of course not, because they don’t have the skills or judgement to drive safely. The safety risks (apart from the legal jeopardy) are obvious.
So if your child doesn’t have the judgment to use a cellphone safely, why are you giving them one? Are you deluding yourself that your child – whose brain won’t be fully developed for a few more decades – has the maturity to resist impulses or peer pressure?
Are you even preventing them from downloading apps that facilitate impulsive and poor decisions?
Yes, kids need privacy and we don’t want our kids to be social outcasts because they don’t have all the cool toys their friends do. [Teach them to be leaders, not followers. Bob] But our first job as parents is to keep them safe. If you’re not prepared to do that, just hand them a phone, kid yourself that they’ll make good choices all the time, and while you’re at it, go ahead and hand them the keys to the car.
(Realted) Not sure what prompted this, but it is a reminder to the schools, not the students. (Presumably, not in the nude)
(13 May 2015) In response to the concern about the alleged unconsented uploading of video clips of secondary school students online, the Office of the Privacy Commissioner for Personal Data (“PCPD”) reminds the public of the privacy and legal issues associated with the collection and use of personal data, and calls for data users to respect the privacy rights of individuals.
We are particularly concerned about the incident as it involves youngsters and their rights to privacy in the cyber world. Any complaints made to the PCPD would be handled in accordance to established procedures. If there is a prima facie case of any contravention of the data protection principles or other provisions under the Personal Data (Privacy) Ordinance, the PCPD may initiate a formal investigation into the matters.
Based on the information in the media and other information gathered by the PCPD so far, the following data protection principles may be relevant to the incident:-
Data Protection Principle 1 (Data Collection Principle)
This Data Collection Principle requires the data user to collect personal data in a lawful and fair way, and for a purpose directly related to its function or activity. All practicable steps shall be taken on or before collecting the data to notify the data subjects of the purpose of data collection and the classes of persons to whom the data may be transferred.
An organisation may collect personal data directly related to its functions or activities. However, the collection should be in accordance with the above requirements.
Data Protection Principle 3 (Data Use Principle)
This Data Use Principle requires personal data to be used for the purpose for which the data is collected or a directly related purpose, unless voluntary and explicit consent is obtained from the data subject.
Hence, an organization, before using or publishing any personal data collected, needs to ascertain if such use or publication is for the purpose for which the data is collected or a directly related purpose, unless voluntary and explicit consent is obtained from the data subject.
Any improper use or sharing of personal data, online or otherwise, could be far reaching and long lasting, especially when the data is related to youngsters who are vulnerable to harassment and disparaging comments. Schools and parents need to educate youngsters about their privacy rights and responsibilities, when the latter dealt with threatening and harassing messages on the Internet. If youngsters suspect that their privacy rights relating to personal data are being abused, they should seek help from their parents or legal guardian, and make a complaint to the PCPD.
Cyber-bullying inflicts harm on the victims that can have devastating effects. People’s lives offline may also be adversely affected as a result. In October 2014, the PCPD published a leaflet entitled “Cyber-bullying – What you need to know”1 to remind the public of the privacy and legal issues associated with cyber-bullying, and called for internet users to respect the right to privacy in the cyber world.
The PCPD will continue to closely monitor the situation, and take follow up action as appropriate in light of further developments.
Doesn't the “without paying” bit have something to do with the firing?
Jamie Williams writes:
We’ve said it before and we’ll say it again: violating a computer use restriction is not a crime. That’s why today EFF filed an amicus brief urging the Oregon Supreme Court to review a troubling opinion by the Oregon Court of Appeals in State v. Nascimento, finding an employee committed a computer crime for violating her employer’s computer use restrictions.
Caryn Nascimento worked as a cashier at the deli counter of a convenience store. As part of her job, she was authorized to access a lottery terminal in the store to sell and validate lottery tickets for paying customers. Store policy prohibited employees from purchasing lottery tickets for themselves or validating their own lottery tickets while on duty. After a store manager noticed a discrepancy in the receipts from the lottery terminal, it was discovered that Nascimento had printed lottery tickets for herself without paying for them. She was ultimately convicted not only of first-degree theft, but also of computer crime on the ground that she accessed the lottery terminal “without authorization.”
Read more on EFF.
(Related) When is authorization not authorization? Are we authorizing access or actions?
Orin Kerr writes:
The Second Circuit held oral argument Tuesday in United States v. Valle, widely known as the “Cannibal Cop” case. There was a ton of media attention about this case at trial, including the trial judge’s decision to overturn the jury verdict for conspiracy to commit kidnapping on the ground that it was all a fantasy. HBO has already made a documentary about the case.
Amidst all this attention, the part of Valle that I care about — and that worries me — has flown under the radar. I’m referring to the defendant’s appeal from the one count on which Valle was convicted: A violation of the computer hacking statute, the Computer Fraud and Abuse Act.
Read more on The Volokh Conspiracy.
[From the article:
The fact that Valle had to enter in an identifying number and a PIN to access the government database doesn’t change the analysis, for reasons I explain in this draft on page 36-37. Valle was fully authorized to access his account, and violating the written restrictions on access doesn’t render his authorized access unauthorized any more than federal employees or people with the middle name “Ralph” are violating the CFAA when they visit the Volokh Conspiracy. His CFAA conviction should be overturned.
I confuse too easily to be a lawyer. So it's legal to collect metadata and it's not legal to collect metadata.
In the excitement over the Second Circuit’s ruling on the NSA’s bulk collection program, another very significant appellate decision that was issued last week has been largely overlooked: the Eleventh Circuit’s en banc decision in United States v. Davis. A majority of the eleven judge panel held that the government did not need a warrant to collect 67 days’ worth of cell site location information on Quartavious Davis, who was suspected of involvement in several armed robberies.
On first glance, the panel’s holding appears to answer in the negative the question that the Second Circuit punted: whether telephony metadata receives protection under the Fourth Amendment. On closer examination, however, the fractured ruling, with its many separate opinions, highlights a fundamental lack of consensus over the reach of the third party doctrine.
Writing for the court, Judge Hull concludes that the case is controlled by United States v. Miller (1976) and Smith v. Maryland (1979), which together stand for the proposition that a person has no reasonable expectation of privacy in information that he or she voluntarily conveys to a third party.
An indication that the world is coming together? Or does WalMart view Amazon as more of a competitor than Alibaba? (How do you say “merger” in Chinese?)
Wal-Mart to accept Alipay in a bid for growth in China
Wal-Mart Stores is teaming up with Alibaba to roll out the Alipay mobile payment service in China — its latest move to increase sales in a tough, but potentially lucrative international market.
Ant Financial, a financial affiliate of Alibaba, said on Wednesday that the partnership with the world’s biggest retailer would start with 25 stores in Shenzen, including one of its Sam’s Club locations, and be accepted at all 410 Wal-Mart stores in China by the end of the year.
So is that really the Loch Ness Monster? (Digest Item #4)
Wolfram Website Identifies Images
Stephen Wolfram, the genius behind Wolfram Alpha and other amazing technologies, has launched ImageIdentify, a new website which can automagically identify objects from images. You simply add an image of something you need to identify, and the Wolfram Language does the hard work.
Millions of images were used to train ImageIdentify, and while it still doesn’t get it right 100 percent of the time, it learns every time you use it. So, right now it’s more fun that useful, but in time it could become an essential tool for anyone seeking to identify anything or anyone in an image.
Might amuse my students while I enter their assignments... (Digest Item #5)
Type Drummer Turns Words Into Music
Type Drummer turns your words into music, quite literally. In this simple writing tool, each letter of the alphabet has been assigned a percussion sound. So, whatever you write creates a unique drum beat that repeats once you reach the end of your sentence.
It’s definitely fun for five minutes, but it could also be used to beat writer’s block by giving you a reason to write. You can also share beats with friends, so if you stumble across a particularly funky groove, you can save it for posterity.
Something my researching students might use?
To more than one pundit, last week’s election in the United Kingdom looked like it would be the closest in a generation. But at SurveyMonkey’s Palo Alto, California, headquarters, thousands of miles away, things looked very different: Respondents to an online poll conducted by the Internet survey company from April 30 to May 6 showed the Conservatives, led by Prime Minister David Cameron, as poised for an unexpectedly comprehensive electoral triumph.1
… Cohen had intended the most recent survey to serve as an internal experiment, not be released to the public.
… It was a potential coming-of-age moment at a time when many traditional pollsters think it’s inevitable that online polls will become the industry norm. SurveyMonkey’s decision to enter the fray of a heavily polled, high-profile election created a big test for its methods, unusual even by online pollsters’ standards. In this instance, those methods worked well. But what does that mean? That its kind of online polling is ready to compete with, and beat, more traditional methods? Or that this poll was just a fluke?
Interesting from many perspectives, not just for my Ethical Hacking students.
A group of conservative techies released an “app store” on Wednesday to help campaigns adopt tech tools.
Lincoln Labs, which launched in 2013, has published a list of tools that campaigns can use. The site covers areas like internal communication, email marketing, technical infrastructure, databases, analytics, fundraising and contact management.
All of the tools are publically available and range from those used by the average user — like Gmail — to more campaign-specific tools like advertising platform provider Targeted Victory.
Wednesday, May 13, 2015
For my Computer Security students. Remember, the government wants to gather all your health data in one probably not too secure database. What a target!
Erin McCann reports:
The IT infrastructure office at the Department of Health and Human Services has some serious security problems. This after the office received a less than satisfactory security report card from the Office of Inspector General this week.
After reviewing the security controls at HHS’ Office of Information Technology Infrastructure and Operations, or ITIO, OIG officials found significant security deficiencies in several areas that could impact data security at multiple divisions of HHS.
Read more on HealthcareITNews.
[From the article:
"We identified some vulnerabilities that, if exploited, could have led to unauthorized disclosure, modification or unavailability of critical data," OIG officials wrote in the report.
Due to security reasons, those vulnerabilities were not specifically identified.
Other failings identified included improper antivirus management, inadequate tracking of IT assets and poor configuration management and USB port control access.
After conducting a similar review on HRSA IT security controls, the Office of Inspector General found similar deficiencies, with one of them being substandard encryption and anti-virus practices. HRSA which currently has a database of some 22 million people to whom it currently provides healthcare services.
The better trained your employees are, the more secure you are. What is security worth? Worth reading the entire post.
Today, Intel Security released the findings of their phishing quiz which tested consumer knowledge of, and ability to detect, phishing emails. The quiz presented 10 emails compiled by Intel Security and asked respondents to identify which of the emails were phishing attempts designed to steal personal information and which were legitimate. Of the approximately 19,000 survey respondents from 144 countries, only 3% were able to identify every example correctly and 80% of all respondents misidentified at least one of the phishing emails, which is all it takes to fall victim to an attack.
Cyberscammers use phishing emails to get consumers to click on links to websites they’ve created solely for the purpose of information theft. They trick users into typing their names, addresses, login IDs, passwords, and/or credit card information into fields on sites that look like they belong to real companies. In some cases, just clicking the link provided in the email will automatically download malware onto the user’s device. Once the malware is installed, hackers can easily steal the victim’s information without their knowledge.
Globally, the 35-44 year old age group performed best, answering an average of 68% of questions accurately. On average, women under the age of 18 and over the age of 55 appeared to have the most difficulty differentiating between legitimate and phony emails, identifying six out of 10 messages correctly. On the whole, men gave slightly more correct answers than women, averaging a 67% accuracy rate versus a 63% rate for women.
… For more information, please visit:
- Gary Davis’ tips on how to protect yourself from phishing scams: https://blogs.mcafee.com/consumer/phishing-quiz-results
Another book on Privacy, on hold at my local library.
Randy Bean reports:
I recently attended a talk on the topic of intellectual privacy by Neil M. Richards, Professor of Law at Washington University in St. Louis, and author of the recently published book, Intellectual Privacy: Rethinking Civil Liberties in the Digital Age (Oxford University Press). The underlying message of his talk was bracing and cautionary. Privacy breaches, unethical hacking, and other invasions of data privacy so often lead to the establishment of guardrails and restrictions that limit our ability to experience greater convenience, enjoy more personalized consumer experiences, benefit from greater customer self-service, or learn from data that we now have access to. We don’t want to surrender our freedoms. We want the freedom to do with “our data” whatever we damn well please. Our intentions are good — upward and onward for the greater benefit of mankind, or for users of the next personalized mobile application.
Read more on Wall Street Journal.
In the post-Snowden era, it seems to be difficult to keep up all that Big Brother surveillance.
Russell Brandom reports:
On Monday, Washington state passed a new law requiring police to get a warrant before they use cell-site simulator tracking devices, known commonly as Stingrays. The devices have been widely deployed by law enforcement groups throughout the country but kept largely secret thanks to non-disclosure agreements and parallel construction techniques. The new Washington state law will be one of the most aggressive anti-tracking measures in the nation, although Virginia and Minnesota have adopted similar measures. It will also have an immediate effect on the Tacoma Police Department, which has been using a Stingray device in 2008.
Read more on The Verge.
[Parallel Construction defined:
(Related) Perhaps you should clear these more “innovative” ideas with the DA before you waste time and taint evidence? (Would it have been legal to put live police officers in place?)
David Kravets reports:
The Justice Department on Tuesday withdrew its appeal of a lower court’s December ruling that said it was illegal for police to attach a webcam to a utility pole and spy on a suspected drug dealer’s house in rural Washington state for six weeks.
The government did not comment on its decision to drop the appeal in a brief filing to the 9th US Circuit Court of Appeals.
Read more on Ars Technica.
[From the “illegal for police” article:
The Justice Department contended that the webcam, with pan-and-zoom capabilities that were operated from afar, was no different from a police officer's observation from the public right-of-way.
The government argued (PDF):
… US District Judge Edward Shea disagreed and ruled (PDF) that a warrant was necessary to spy on Leonel Vargas via a webcam controlled by local police.
… Strangely, the judge noted, when the authorities raided the house in May 2013, the camera was panned on nearby sagebrush and not the house.
Sort of like a 'fence' for stolen goods. In this case, the crammers trick users into clicking on a link then the ISPs launder the money for them. It's unclear if any of the crammers are refunding money.
Sprint, Verizon to pay $158 MILLION over bogus bill 'cramming' charges
… According to the FCC, the carriers looked the other way when dodgy companies signed customers up for services without warning them that would be billed recurring monthly charges.
Under the terms of the deal, Sprint will pay $68m in fines, while Verizon will cough $90m. Those figures will include $50m and $70m in consumer refunds, respectively.
The shady offerings – often advertised as offering horoscope readings or "life predictions" – hid the fact that they were subscription services that were billed as monthly recurring charges. A portion of the charges were kicked back to the telcos – 35 per cent in Sprint's case and 30 per cent for Verizon – which is why they are being held culpable.
A really interesting article.
What Is Strategy, Again?
This means my International students could use their smartphones to translate my lectures in real time!
Skype's amazing real-time Translator Preview now available to all
Your Star Trek-style universal communicator is ready for download.
Well, it's not exactly universal, but Microsoft's Skype Translator Preview is a step into the future. The company announced on Tuesday that the beta app is now available to all Windows 8.1 and Windows 10 Technical Preview users, no sign-up or wait list needed.
If you want to have a translated, spoken conversation with someone who speaks Italian, Mandarin, or Spanish, just download the free app from the Windows Store. Microsoft says Skype Translator works with almost any Skype client, meaning only you need to be the one with the Translator app enabled.
The app can also translate instant message conversations in more than 50 languages including the oh-so-geeky favorite: Klingon.
… During a Translator call, Microsoft advises you to use a headset with a microphone instead of a stand-alone mic. You should also use a wired connection rather than Wi-Fi. Translated calls also take longer to connect than a typical Skype call. You can find a complete list of Translator tips on Skype's site.
Clearly, I'm out of touch. I only recognize one name on this list.
How Much do the World’s Biggest YouTube Stars Make?
Who are the biggest money-makers on Google’s massive video service?
… Check out the infographic below for a fascinating breakdown of the dollars and cents. There’s also a fascinating look at the backstories of some of these YouTube superstars.
Check out the image and then hit the comments section below and let us know who are your favorite YouTube personalities out there right now!
For my non-geeky students. (The geeky one already know how)
Install Ubuntu On Your Computer Using a USB Flash Drive
Obtaining Ubuntu is super easy — all you have to do is download it from their website. But once you have the ISO file, what do you do with it? You could burn it to a DVD, or you can use a highly-reusable USB flash drive to get the job done.
Want to know more? Let me show you the entire process for every machine so you know exactly what you need to do to install Ubuntu properly on your computer with a USB flash drive.
Yeah, sure, I absolutely agree with Dilbert here.
Tuesday, May 12, 2015
For my Risk Management students. Backup your budget requests with facts (and a few 'worst case' articles)
According to InfoTechLead, Juniper Research’s figures put the global cost of data breaches at $2.1 trillion by 2019, and the average cost of a data breach at $150 million by 2020.
When is a boarder search not really a border search?
A federal court has ruled that the government’s search of a traveling businessman’s laptop at the California border was unreasonable and violated his privacy.
In an opinion posted Friday, U.S. District Court Judge Amy Berman Jackson suppressed evidence obtained from the computer of South Korean businessman Jae Shik Kim, undercutting the government’s case that he conspired to sell aircraft technology illegally to Iran. Jackson said that federal law enforcement improperly used Kim’s border crossing as an excuse to seize his computer and gather evidence it needed to prove suspected arms control violations.
Read more on PBS.
We can, therefore we must? I'm teaching my Data Management students that you never know what data can tell you if you don't gather it. I'm also teaching them to think about the privacy (and public relations) implications of the data they collect.
School Districts Embrace Business Model of Data Collection: “Anything that can be counted or measured will be.”
Motoko Rich reports:
MENOMONEE FALLS, Wis. — In this small suburb outside Milwaukee, no one in the Menomonee Falls School District escapes the rigorous demands of data.
Custodians monitor dirt under bathroom sinks, while the high school cafeteria supervisor tracks parent and student surveys of lunchroom food preferences. Administrators record monthly tallies of student disciplinary actions, and teachers post scatter plot diagrams of quiz scores on classroom walls. Even kindergartners use brightly colored dots on charts to show how many letters or short words they can recognize.
Read more on The New York Times.
[From the article:
… some school districts, taking a cue from the business world, are fully embracing metrics, recording and analyzing every scrap of information related to school operations. Their goal is to help improve everything from school bus routes and classroom cleanliness to reading comprehension and knowledge of algebraic equations.
… “We’ve been making most decisions up until now by anecdote or by hunch or who had the greatest sales pitch or what worked when I was in school,” said Aimee Rogstad Guidera, the president of the Data Quality Campaign, a nonprofit advocacy group. For many teachers, using data, she said, is “a cultural shift.”
...and speaking of collecting data... Will Virginia change their law? Do any other states have similar laws?
Kim Zetter reports:
In what appears to be a legal first, a Virginia man has sued the Fairfax County Police Department for collecting images of his license plate in a massive database.
Harrison Neal, a Fairfax resident, filed the suit after learning that his license plate had been scanned by an automatic license plate reader twice last year and stored in a police database, even though he was not a suspect in a criminal investigation. The American Civil Liberties Union of Virginia filed the lawsuit on Tuesday on behalf of Neal.
Read more on Wired.
[From the article:
The database, the complaint (.pdf) asserts, violates a Virginia statute—the Government Data Collection and Dissemination Practices Act—which prohibits government agencies from collecting, storing, or disseminating the personal information of individuals unnecessarily.
Why a 24 hour trace?
David Kravets reports:
A Southern California woman claims she was fired after uninstalling an app that her employer required her to run constantly on her mobile phone—an app that tracked her every move 24 hours a day, seven days a week.
Plaintiff Myrna Arias, a former Bakersfield sales executive for wire-transfer service Intermex, claims in a state court lawsuit that her boss, John Stubits, fired her shortly after she uninstalled the job-management Xora app that she and her colleagues were required to use. According to hersuit (PDF) in Kern County Superior Court:
Read more on Ars Technica.
[From the article:
The app had a "clock in/out" feature which did not stop GPS monitoring, that function remained on. This is the problem about which Ms. Arias complained. Management never made mention of mileage. They would tell her co-workers and her of their driving speed, roads taken, and time spent at customer locations. Her manager made it clear that he was using the program to continuously monitor her, during company as well as personal time.
Will this point to an individual or merely a general location? Perhaps it only tells you that I'm an old geezer living in Centennial Colorado? (Unless the government has been tapping my sewer)
Ellen Callaway reports:
Call it a ‘gut print’. The collective DNA of the microbes that colonize a human body can uniquely identify someone, researchers have found, raising privacy issues.
The finding1, published in Proceedings of the National Academy of Sciences on 11 May, suggests that it might be possible to identify a participant in an anonymous study of the body’s microbial denizens — its microbiome — and to reveal details about that person’s health, diet or ethnicity. A publicly available trove of microbiome DNA maintained by the US National Institutes of Health (NIH), meanwhile, already contains potentially identifiable human DNA, according to a study2 published in Genome Research on 29 April.
Read more in Nature.
And for a more down-to-earth explanation, read Your Poop Is the Latest Privacy Threat.
This is interesting. How long until the appeal?
Their press release, below. I wonder how the other ISPs served by Rightscorp responded to the subpoenas. Did they fight or just turn over their customers’ information?
Birch Communications (“Birch”) a leading nationwide provider of communications, network and cloud services to small, mid-sized, enterprise and wholesale businesses, announced today a favorable ruling by the U.S. District Court in which a copyright litigant sought to use Digital Millennium Copyright Act (DMCA) subpoenas to obtain information about its customers’ online activities.
Rightscorp, a firm that represents assorted copyright holders, had served its subpoena to gain access to Birch’s customer information in an effort to identify customers claimed to have infringed its clients’ copyrighted content. Rightscorp had served similar subpoenas on dozens of other Internet Service Providers.
Acting on its customers’ behalf, Birch argued that it was not legally required to divulge the information and the court agreed. The DMCA did not provide any basis to require an Internet Service Provider in Birch’s position to open its files to private litigants. Because Birch acts simply as a conduit to Internet content, the court found that the rights owners could not use the DMCA subpoenas to obtain subscriber information.
On Tuesday, May 5, the U.S. District Court for the Northern District of Georgia adopted the ruling and quashed Rightscorp’s subpoena.
“We safeguard our customer information and take privacy issues seriously,” said Birch President and Chief Executive Officer Vincent Oddo. “The U.S. District Court did the right thing by backing our view, and we’re very pleased to see that this case will serve to help protect our customers’ private information.”
“Our first order of business when anyone requests access to a customer’s private information is to refuse, absent a valid subpoena or court order, which we then scrutinize as we did with Rightscorp’s illegal subpoena in this matter,” said Christopher Bunce, Senior Vice President and General Counsel for Birch. “Rightscorp’s attempt to gain access to our customers’ data was in essence a piracy fishing expedition.”
SOURCE: Birch Communications
Good to know the value wasn't in those dial-up subscribers.
Verizon to Buy AOL for $4.4 Billion
… The acquisition would give Verizon, which has set its sights on entering the crowded online video marketplace, access to advanced technology AOL has developed for selling ads and delivering high-quality Web video.
… AOL also built a stable of content including online news sites such as Huffington Post, TechCrunch and Engadget. And it has even produced original Web series. It recently launched “Connected,” a documentary-style series in which the subjects film themselves.
In 2014, AOL generated revenue of $2.5 billion, about 9% higher than the previous year, and a profit of $126 million. The company has been successful in growing the part of its business that helps other companies sell ads, but lately has struggled to grow ad sales for its owned-and-operated properties.
Makes me seem smart!
Top Tools for Curating Knowledge & Publishing Shareable Content
The main reason people talk highly about content curation is that it’s a very effective way of sharing your insights and opinions, while also showing your followers the thought leaders you admire and pay attention to. It saves you from having to come up with all the ideas yourself, and stops you looking like you only ever share your own content. It also positions you as a thought leader yourself if you’re adding your own ideas to the mix.
For my Statistics students. Because it might help...
Learn Statistics for Free with These 6 Resources
For my students thinking of new gear. Interesting.
Can You Use a Tablet as a Laptop? The Essential Apps and Gear
For my students who write.
Freelance Writer Opportunity
Blogmutt serves businesses who have websites with blogs, and the people there just don't have the time or writing talent to fill up that blog themselves.
Our system is more straightforward than any of the content farms:
- You write posts for businesses.
- If they like and use those posts then you get paid.
The customers get their pick of posts, but they have an ongoing need for original content, so even if your post doesn't get used the first week, most posts eventually get picked. Our acceptance rate right now is at about 90 percent.
Strange but true. If you find a NYT article blocked, copy the headline and search for the article. The version you find is not blocked.
Access to the Times in exchange for reading a few ads is well worth it.
How To Read Hundreds Of New York Times Articles For Free With NYT Now App
The New York Times online business model is well publicized and generally considered to be a success. User's get free access to 10 articles per month, but to read more you need to pay a subscription fee - until now.
The updated NYT Now iOS app is now free to nonsubscribers and allows users to read unlimited New York Times articles each month. The caveat is that only 10 or so NYT articles will be available at any one time, but that's still hundreds per month.
The redesigned free NYT Now app is available for download as of Monday, May 11.
… the $7.99 per month fee proved a stumbling block. The paper admitted in October that the youth-focused app wasn't selling as expected and it recently received a slew of one-star reviews on iTunes.
The app is now going for free and instead relies on an ad-based business model.
… Unfortunately for Android fans, it doesn't look like the app will be expanding beyond iOS anytime soon.
… NYT Now seems like a pretty good deal as full digital subscriptions cost between $15 and $35 per month. The other alternative is to find a NYT story on social media, as even if you've already read your 10 free articles per month if you access a story from a link on Twitter or Facebook you'll still be able to read it.
Monday, May 11, 2015
Rather vague warning. Do we have any way to counter their propaganda? Will any nut case who does something stupid be branded a “propaganda influenced lone ranger terrorist?” Maybe only middle eastern nut cases?
US Security Chief Warns of 'New Phase' in Terror Threat
… "We're very definitely in a new environment, because of ISIL's (IS's) effective use of social media, the Internet, which has the ability to reach into the homeland and possibly inspire others," Johnson said.
"We're very definitely in a new phase in the global terrorist threat, where the so-called lone wolf could strike at any moment."
FBI Director James Comey last week said authorities were concerned about the IS group encouraging attacks on "the uniformed military and law enforcement" via online propaganda.
As a CISA, I'd like to see them change the name – or perhaps pay us a royalty? As a follower of government security breaches, I wonder how risky sharing this information will be. Has the government ever created a national database that worked?
Andrea Castillo writes:
This May, Congress is expected to come together on a bill to protect private entities that secretly share user data with federal agencies. Privacy advocates say the Cybersecurity Information Sharing Act (CISA) threatens Americans’ civil liberties by sanctioning yet another avenue for government surveillance. But there’s another big problem as well: CISA is unlikely to meaningfully prevent cyber-attacks as proponents claim, and could ultimately weaken cybersecurity.
The stated premise behind laws like CISA (and the defeated 2013 Cyber Intelligence Sharing and Protection Act) is that cyber-attacks can be prevented if private network operators are able to quickly report and disseminate information about new threats and vulnerabilities. Proponents envision a seamless, national cybersecurity-threat system to roust the hackers, coordinated by the federal government.
Read more on Reason.
Can you override the computer? Should you? What will your insurance carrier say? (I would assume that when the computer is in control, everything is being recorded.)
Four of the nearly 50 self-driving cars now rolling around California have gotten into accidents since September, when the state began issuing permits for companies to test them on public roads.
Two accidents happened while the cars were in control; in the other two, the person who still must be behind the wheel was driving, a person familiar with the accident reports told The Associated Press.
… Google and Delphi said their cars were not at fault in any accidents, which the companies said were minor.
… The fact that neither the companies nor the state have revealed the accidents troubles some who say the public should have information to monitor the rollout of technology that its own developers acknowledge is imperfect.
Another patent that can't possibly be valid. Can it? (Digest Item #3)
Amazon Wins Patent for Drone Deliveries
Amazon has been granted a patent for delivering products using drones, and the patent reveals new details about how Amazon Prime Air will work. Unfortunately for Amazon, being granted a patent is only half the battle, and the company still has to figure out how to persuade the Federal Aviation Authority (FAA) to let it fly drones across the country.
The patent reveals that Amazon will employ a range of different drones to carry packages of varying shapes and weights. These drones will communicate with each other about the weather and flying conditions, and use a range of cameras and sensors to both avoid crashing and to find suitable landing sites.
Customers will be able to direct the drones to various locales, including their home, their place of work, or even their boat. Because we all own boats, obviously.
Perspective. “Good enough” has different meanings for different (old? anti-tech? Lazy?) people.
2.1 million people in the US still use the Internet like it is 1995
In an age where the average US broadband speed is 11.4 Mbps, some 2.1 million people in the country are still using the decades old AOL dial-up to connect to the Internet.
AOL reported the mind puzzling number in its quarterly earnings last week. About 70 per cent of Americans use broadband that is 200 times faster than AOL's dial-up. However, it seems AOL loyalists prefer to experience the Web like it is 1995.
… Despite the turtle-pace, AOL customers are still paying $20/month on an average for the service, CNN Money reports. The service says that its 2.1 million dial-up customers include some subscribers who are paying reduced monthly fees, and some on free trials.
For our Linux students? Cheaper than a textbook!
CHIP: The $9 Computer
A new entry into the Ultra-Compact computer market squeezes a fully-capable Linux computer into your pocket for just pocket change. At $9, the CHIP from Next Thing Co. uses purchasing volume and lessons learned from the first generation of Ultra-Compact computers to reduce the cost of this newest addition to the ultra-compact computer landscape. The Kickstarter hit its goal quickly and is still skyrocketing as it sits over ten times that goal after just a few days. While no heavyweight, it can manage a surprising number of desktop tasks including HD video and 3D gaming.