Saturday, May 23, 2015

If I could see it was a bad deal, why didn't they?
Target and MasterCard just scrapped a $19 million deal to settle data breach claims
A $19 million deal between Target and MasterCard to settle lawsuits stemming from the retailer's massive pre-Christmas 2013 data breach has been scrapped, because it failed to get enough support from the affected banks and credit unions.
… Lawyers for banks that had sued Target over breach-related losses called the settlement an attempt by Target to "extinguish pending legal claims for pennies-on-the-dollar."
… Target shares rose 2 cents to $79.41 in afternoon trading, while MasterCard shares rose 8 cents to $92.98.




How do you tell vandals from terrorists? Wait for another attack? More likely, wait for someone to claim responsibility in the name of ISIS. I've never heard of an inflatable dam but apparently they have been around for at least 40 years.
Vandals damage dam, nearly 50 million gallons of water pours into Bay
The loss of 49 million gallons of water began sometime Thursday morning, when an inflatable dam on Alameda Creek was destroyed. Alameda County Water District, which maintains the dam, reported it to police at 11:30 a.m.
… Police said the felony vandalism was an intentional act, but as of Friday afternoon had no suspects and were not exactly sure how it was damaged.
Because of its age, the district was already working to replace the dam, officials said. It was built in 1971 and is one of two dams ACWD controls.




Let's hope this is not the last word.
DOJ releases privacy policy for US drones
The Justice Department on Friday released guidelines that would explicitly bar the agency from using drones solely to monitor activity protected by the First Amendment, like peaceful protests.
… The Justice Department said it would adhere to constitutional principles that requires law enforcement to obtain a warrant when conducting surveillance or other activity in which people have a "reasonable expectation of privacy." Law enforcement would also be barred from using drones to engage in discrimination. [Someone will have to explain how you can use a drone to discriminate. Bob]..
The guidance builds off a presidential memorandum released in February that outlined general privacy and civil rights principles related to drones, and required all federal agencies to adopt their own procedures on how to collect and use information collected from domestic drones.
… The agency would be forced to keep logs of the purpose and number of flights, including those in which other agencies like the Homeland Security Department conducted the flight.
… In a footnote, the Justice Department noted that the guidelines are not legally enforceable and are "intended only to improve the internal management" at the agency.




Is this really a big problem?
Eric L. Sussman, Daniel L. Schwartz, and James M. Leva of Day Pitney LLP writes:
On May 19, Gov. Dannel P. Malloy signed into law Public Act No. 15-6, titled “An Act Concerning Employee Online Privacy” (the act). The act applies to both employees and job applicants and prohibits employers from requiring or requesting employees or applicants to (1) provide the employer with a user name, password, or other means to access the employee’s or applicant’s personal online account (such as e-mail, social media and retail-based Internet websites); (2) authenticate or access a personal online account in the presence of the employer’s representative; or (3) invite, or accept an invitation from, the employer to join a group affiliated with any personal online account. The act is effective October 1.
Read more on Day Pitney LLP.


(Related) This is a real problem. Would the Connecticut law have protected this student? If there is a privacy violation and the school claims they own all the pictures, can the students sue the school?
Michael Archambault reports:
Imagine assembling a portfolio of over 4,000 photographs and then being forced to make it disappear or face life-altering consequences; that’s the situation sophomore Anthony Mazur is currently facing at Flower Mound High School in his Texas hometown. After discovering the love of sports photography, the Lewisville Independent School District is now claiming that Anthony’s photographs are theirs and that he has no right to use them.
And there’s not just a copyright issue, but a privacy issue in there, too.
Read more on PetaPixel.
[From the article:
The real question is whether or not Anthony Mazur has a case on his hands. In his support stands Title 17 of the United States Copyright Law, which denotes that the “Copyright in a work protected under this title vests initially in the author or authors of the work”; in the case of photography, the individual who presses the shutter is the ‘author’.
In addition, the District’s Board Policy Manual explicitly states “a student shall retain all rights to work created as part of the instruction or using District technology resources.”




Would it be worth Russia's while to block access to a few dissidents? Perhaps it's not a few?
Maria Tsvetkova and Eric Auchard report:
Russia’s media watchdog has written to Google, Twitter and Facebook warning them against violating Russian Internet laws and a spokesman said on Thursday they risk being blocked if they do not comply with the rules.
because of the encryption technology used by the three firms, Russia had no way of blocking specific websites and so could only bring down particular content it deemed in violation of law by blocking access to their whole services.
To comply with the law, the three firms must hand over data on Russian bloggers with more than 3,000 readers per day, and take down websites that Roskomnadzor sees as containing calls for “unsanctioned protests and unrest”, Ampelonsky said.
Read more on Reuters.




Interesting. I note they have still not convinced a jury and the article does not say what else they might have used for leverage to get a guilty plea. Why is this so hard?
Feds win first conviction in online prostitution case
… Prosecutors say the case marks the first time federal authorities have successfully convicted someone who ran a website for the purpose of facilitating prostitution.
Eric Omuro pleaded guilty in December to one count of using a facility of interstate commerce with the intent to connect prostitutes and johns. He was sentenced to 13 months in prison.
He admitted to operating myredbook.com, where prostitutes advertised and clients could search for services available in their area.
… How to combat the sex trade online has been a vexing question for law enforcement officials. Online classified ad sites have drawn particular attention.
Last October, two women who said they were victims of sex trafficking while juveniles sued classifieds site backpage.com and said that the site had permitted them to be advertised online as prostitutes.


(Related) Perhaps this is why prosecution is so hard?
And so it begins…
RT reports:
The men behind the screen names “Eaglesfan_6969” and “Verywilling2011” are looking for sex, and they’re doing it from government-provided email accounts, according to data pilfered from a hacked dating website.
A trove of personal information pertaining to paid account holders of AdultFriendFinder, a website that touts itself as letting users “Find a fuck buddy for online sex,” has surfaced, and its contents suggest employees of local and federal agencies, including law enforcement, the Navy and the Federal Aviation Administration have used their government-provided email addresses to search for partners.
Read more on RT.




A few questions arise: Could Hillary's people have erred the other way too? But then, she destroyed all the emails she didn't printout for the State Department, so we'll never know. (But then is a 4% error rate that significant?)
More than 1,200 Clinton emails deemed 'personal'
… The National Archives and Records Administration (NARA) classified 1,246 of those emails as personal communications, CNN reported Thursday.




For my Data Management students.
Data Professionals Not Going Away, at Least Not Soon
Software vendors continue to create data analysis tools for the average business user, eliminating some of the complex or tedious processes, but businesses shouldn’t expect technology to bring about game-changing insight, experts say.
"Does software make anyone a great musician?" asks Greta Roberts, CEO and co-founder of Talent Analytics, a company focused on an analytic approach to predicting pre-hire employee performance.
… Alex Langshur, co-founder and senior partner of Cardinal Path, which helps companies make the most of their digital assets by "instrumenting" their data from various sources such as point-of-sale, website, mobile apps, social, email and more, describes three roles among data professionals:
  • Data collection, a very technical and challenging task at which many organizations fail. "If you get it wrong, every other piece of the chain falls apart," he said.
  • Data management, which includes skills traditionally associated with database professionals. Chances are the person performing it is familiar with Hadoop or NoSQL and can assemble data sets to really extract value from them.
  • Data analysis: Data analysts are able to look at the data and understand what it means in order to derive insight from it. That takes a curious mind married to the ability to use a specific tool, along with some statistical experience and knowledge. An analyst uses tools like R or SAS and/or visualization tools like Tableau or Spotfire.
… Roberts, whose company researched the characteristics of data professionals, said preparing the data is where the bulk of time is spent. The research grouped data tasks into four roles: data preparation, programming, manager and generalist. The generalist role is disappearing as more people specialize, she said.
… While machines will ultimately take over some of the data analysis work that humans have traditionally done, human insight will remain critical to decision-making, said Jack Phillips, CEO of the International Institute for Analytics.




A tool for my Business Intelligence students.
Silk Offers Great Tools for Creating Data Visualizations
Silk is a free tool that I first tried a couple of years ago when it was primarily a digital portfolio and simple web page creation tool. Since then it has evolved to include some fantastic tools for creating and sharing data visualizations.
To create a visualization on Silk you can upload data in a spreadsheet, manually enter data, or use one of data sets that Silk provides in their gallery. Once you've uploaded data or selected it you can use it to create fourteen different visualizations. To create a different visualization of the same data set simply choose a different visualization style from the Silk menu.
Silk visualizations can be made public or kept private. If you keep your visualizations private you can still share them directly to other Silk members by inviting them to your project. Public visualizations can be embedded into blog posts as I have done below.




For my students' amusement.
Free Gift Cards, Games & Design Tools: 5 Sites with Great Giveaways




It's that time of the week!
Hack Education Weekly News
Bernie Sanders for President. “Sanders introduced legislation that calls for the federal government to dole out $47 billion per year to states that agree to eliminate undergraduate tuition and fees at their public colleges and universities,” reports Inside Higher Ed. “Bernie Sanders’s plan to have Wall Street pay for your college tuition, explained” via Vox’s Libby Nelson. (More from Nelson on Sanders here.)
Via the BBC: “Students at Oxford University are voting on whether or not they should continue being forced to wear special clothes to sit their exams. At the moment, students and examiners have to wear a gown over an outfit known as ‘sub fusc.’ The compulsory clothing includes a dark suit, black shoes, a plain white shirt or blouse with a bow tie, long tie or ribbon.”
The New York Times reports that “Hackers from China infiltrated the computer systems of Pennsylvania State University’s College of Engineering, gaining usernames and passwords in what investigators described as a sophisticated cyberattack that lasted more than two years.”


Friday, May 22, 2015

Lonely and breached.
An adult dating website got hacked and millions of people's sensitive details have been leaked
With 63 million global users, Adult FriendFinder is one of the largest dating and casual encounter networks online. (For reference, there were an estimated 50 million Tinder users in late 2014.) But 3.9 million users' accounts have allegedly been leaked online, and are circulating in spreadsheets on forums.
The details leaked include:
  • Sexual preferences
  • Email addresses
  • Sexual orientation
  • Dates of birth
  • Addresses
  • Usernames
  • Whether users are "seeking extramarital affairs"
… The leak is also highly embarrassing for Adult FriendFinder in another way. Channel 4 News analysed the data and found that almost no women actually use the adult social network. "Among the 26,939 users with a UK email address," technology producer Geoff White writes, "there are just 1,596 who identified as female: a ratio of one woman to every 16 men."




For my Computer Security students. Perhaps we should just aggregate our “Best Practices?”
Darren Pauli reports:
The Payment Card Industry Security Standards Council has created a taskforce charged with improving security among small businesses.
The prodigious task will be tackled by encouraging small businesses to adopt security best practice and simplified Payment Card Industry Data Security Standards (PCI DSS).
Barclaycard payment security manager and taskforce chair Phil Jones says the Small Merchant Taskforce will focus on the most vulnerable business vertical.
Read more on The Register.
The headline is somewhat insulting, isn’t it? Some of us have argued for years that the standards weren’t appropriate or helpful for SMBs and that they needed more help than what they have been given. If this new task force really understands what SMBs are dealing with in the way of resources and skills or lack thereof, perhaps it will make a positive impact.




For an organization so concerned with projecting a good image, stories like this are entirely too common.
FBI ignored privacy rules for years
The FBI took seven years to fulfill a legal obligation that it adopt additional privacy protections for searches under legal provisions of the Patriot Act currently up for debate in the Senate.
A Justice Department watchdog report released on Thursday claimed that the FBI’s 2013 implementation of “minimization procedures” for data collected under Section 215 of the Patriot Act was too long of a wait, given that Congress had demanded the measures in a 2006 reauthorization of the Patriot Act.
… Additionally, the inspector general’s report found that the FBI uses the provision to collect at least some records about people’s activity on the Internet, that it can yield gigabytes of information and that some of those searches also focused on people who were not direct subjects of their investigations.
Between 2007 and 2009, agents “did not identify any major case developments that resulted from use of the records obtained in response to Section 215 orders,” the watchdog added.
… “The FBI is using Section 215 to collect huge volumes of information, including metadata and electronic records, about innocent people,” American Civil Liberties Union attorney Jameel Jaffer wrote on Reddit. “And despite all of this collection, the FBI is unable to point to any case—not even one!—in which the information it obtained turned out to be crucial to an investigation.”




No doubt ideas like this will result in many new laws to regulate when the messages can be sent and to whom. We'll have to block anyone under 21. Perhaps no ads on Sunday. No ads within 50 feet of a school. Etc., etc., and so forth.
Liquor bottles now can talk to your cellphone
… This new use of tech means consumers can customize messages on the bottles they are drinking. Heck, they even can track its exact location. Distributors and bar owners can use the same technology to track purchases and get sales data. And global drinks company Diageo even is working on smart sensor-equipped bottles that communicate with consumers' devices and switch gears — recipes vs. sales promos — once the bottle is opened.
The idea is to give packaging a speaking role in an increasingly interactive marketplace.
… And bottle tech that can harness that isn't limited to the bottle. Currently available devices include wireless pour spouts such as Smart Spout, from Phoenix-based BarVision, which contains RFID technology and electronic tilt sensors to measure and report on every ounce of liquor poured.




Too “high touch” to make the transfer to “high tech?”




For my starving students?
The 3 Best Online Coupon Sites to Save You Money
Everyone loves saving money, and thankfully there are tons of ways to save some green online. From using lesser-known websites to price haggling, sometimes the most straightforward way to buy something isn’t the cheapest; a little digging can go a long way.
We’ve recently looked at tools that give you various ways to earn cash back, but today we’re going to flip the idea and look at ways to save before money ever leaves your wallet. If you’ve ever seen the boxes that allow you to enter a discount code and been puzzled, you’re in luck. Here are the best websites to check for some sweet discounts.


Thursday, May 21, 2015

At least they encrypted the passwords. Another wise practice: The article also suggests they brought in a third party to double check their security because the industry was being increasingly targeted. Good on ya, CareFirst!
From CareFirst BlueCross BlueShield:
On May 20, 2015, CareFirst BlueCross BlueShield (CareFirst) announced that the company has been the target of a sophisticated cyberattack.
The attackers gained limited, unauthorized access to a single CareFirst database. This was discovered as a part of the company’s ongoing Information Technology (IT) security efforts in the wake of recent cyberattacks on health insurers. CareFirst engaged Mandiant – one of the world’s leading cybersecurity firms – to conduct an end-to-end examination of its IT environment. This review included multiple, comprehensive scans of the CareFirst’s IT systems for any evidence of a cyberattack.
The review determined that in June 2014 cyberattackers gained access to a single database in which CareFirst stores data that members and other individuals enter to access CareFirst’s websites and online services. Mandiant completed its review and found no indication of any other prior or subsequent attack or evidence that other personal information was accessed.
Evidence suggests the attackers could have potentially acquired member-created user names created by individuals to access CareFirst’s website, as well as members’ names, birth dates, email addresses and subscriber identification number.
However, CareFirst user names must be used in conjunction with a member-created password to gain access to underlying member data through CareFirst’s website. The database in question did not include these passwords because they are fully encrypted and stored in a separate system as a safeguard against such attacks. The database accessed by attackers contained no member Social Security numbers, medical claims, employment, credit card, or financial information.
… Approximately 1.1 million current and former CareFirst members and individuals who do business with CareFirst online who registered to use CareFirst’s websites prior to June 20, 2014 are affected by this event. All affected members will receive a letter from CareFirst offering two free years of credit monitoring and identity theft protection. The letters will contain an activation code and you must have the letter to enroll in the offered protections. Out of an abundance of caution, CareFirst has blocked member access to these accounts and will request that members create new user names and passwords.
Note that CareFirst says they did detect the attack at the time, but did not fully appreciate its scope. In an FAQ on the incident, they write:
CareFirst did detect the initial attack and took immediate action to contain the attack. At the time CareFirst believed that we had contained the attack and prevented any actual access to member information. The evidence that data was accessed was found as part of a comprehensive assessment conducted as part of CareFirst’s ongoing information security efforts in the wake of cyberattacks on other health care companies.




Another downside of being clueless?
FTC looks 'favorably’ on firms that report data breach
The Federal Trade Commission advised companies Wednesday that it looks positively on cooperation when conducting investigations into data security breaches.
The agency said it would view a company that had reported a breach on its own and cooperated with law enforcement “more favorably” than one that had not.
… The warning was made in a blog post describing what private companies can expect when “the FTC comes to call” about an investigation, which could later lead to enforcement action.
… According to an FTC report released last year, the agency has brought about 50 data security cases in a little more than a decade. Last year alone, the FTC touted action against Snapchat, Fandango, Credit Karma, Verizon and others.




A “heads up!” for my students.
ATM Debit Card Theft Spikes to 20-Year High
… According to FICO (a credit-scoring and analytics company), from January to April 9, 2015, the number of attacks on debit cards used at ATMs reached the highest level for that period in at least 20 years. "We have periodically seen spikes in fraud but not at this level," said FICO's John Buzzard on FOX Business Network.
… Buzzard added that debit-card compromises at ATMs located on bank property were "pretty significant" jumping 174% from Jan. 1 to April 9, compared with the same period last year, while successful attacks at nonbank machines soared by 317%.




Nothing new?
Americans’ Attitudes About Privacy, Security and Surveillance
by Sabrina I. Pacifici on May 20, 2015
Two new Pew Research Center surveys explore [the issues of privacy and surveillance] and place them in the wider context of the tracking and profiling that occurs in commercial arenas. The surveys find that Americans feel privacy is important in their daily lives in a number of essential ways. Yet, they have a pervasive sense that they are under surveillance when in public and very few feel they have a great deal of control over the data that is collected about them and how it is used. Adding to earlier Pew Research reports that have documented low levels of trust in sectors that Americans associate with data collection and monitoring, the new findings show Americans also have exceedingly low levels of confidence in the privacy and security of the records that are maintained by a variety of institutions in the digital age. While some Americans have taken modest steps to stem the tide of data collection, few have adopted advanced privacy-enhancing measures. However, majorities of Americans expect that a wide array of organizations should have limits on the length of time that they can retain records of their activities and communications. At the same time, Americans continue to express the belief that there should be greater limits on government surveillance programs. Additionally, they say it is important to preserve the ability to be anonymous for certain online activities.”




More fine grained definition. How would you write a warrant for an unnamed file found in a private search?
Orin Kerr writes:
The Sixth Circuit handed down a new decision on computer search and seizure that may be the next computer search issue to make it to the Supreme Court. The issue: How does the private search reconstruction doctrine apply to computers? The new decision creates an apparent circuit split with the Fifth and Seventh Circuits.
Read more on The Volokh Conspiracy.
[From the article:
In 2012, the Seventh Circuit joined the Fifth Circuit by adopting the unit of the device. And last month, a cert petition was filed at the Supreme Court on this issue in Gunter v. United States. But I hadn’t thought there was a particularly clear split. At least until this morning.
This morning, the Sixth Circuit handed down a new case, United States v. Lichtenberger, that adopts the proper unit as data or a file instead of the physical device.




Perspective. Big drones carry Maverick missiles, perhaps these little buggers will carry firecrackers?
Cicada’ the Mini-Drone: Swarming to a Terrorist Near You
… The mini-drones can be launched as a swarm by aircraft or other aerial platform. The new model developed by the Naval Research Laboratory is called the Cicada (Close-In Covert Autonomous Disposable Aircraft). The program has been under exploratory development since 2006.
The Cicada is presently little more than a paper airplane glider with GPS. The silent killers can soar at 47 MPH. They have already been tested at 57,000 plus feet three years ago in Yuma, Ariz. But right now they are envisioned for non-lethal roles that might include lacing targets or target areas. According to the Navy, 18 of these vehicles can fit in a six inch cube.




Here's the problem with inflating your military capabilities: Even when we doubt you word we can't simply ignore the possibility.
U.S. doubts N Korea’s claim on nuke weapons
The United States on Wednesday cast doubt on Pyongyang’s claimed capacity to miniaturise and diversify its stockpiled nuclear weapons.
“Regarding that specific claim of miniaturisation, we do not think they have that capacity,” State Department spokesperson Marie Harf told reporters, Xinhua reported.
North Korea said earlier in the day that it has entered the phase of miniaturisation and diversification of its nuclear weapons for quite some time, with the successful test-firing of a strategic ballistic missile from a submarine on May 8.


(Related) ...and when we know you have the capability, things can get rather tense. How far can China push and how firm can our response be? Something bad will happen when the limits are exceeded – and they will be.
On Wednesday, the Chinese navy issued warnings eight times for a U.S. surveillance plane to leave an area near man-made islands that Beijing has built to establish influence in the South China Sea, reported CNN.
… "This is the Chinese navy [...] This is the Chinese navy [...] Please go away," said a voice through the radio of the aircraft
During that one mission, the Chinese navy ordered the P8 to go out of the airspace eight times, and every time, the P8 pilot would calmly tell the Chinese radio operator that the P8 is flying through international airspace.
At one point, in exasperation, the Chinese voice told the American pilot, "This is the Chinese navy [...] You go!"
… The source of the Chinese voice heard through the radio of the P8 is a Chinese-made island some 600 miles from the country's coastline. The Wednesday confrontation occurred over Fiery Cross Reef, an island complete with military barracks and a runway.
… In 2013, China started constructing the man-made islands, creating land at the sea surface by repurposing sand [Interesting phrase Bob] at the area's 300-foot-deep waters. Over the past two years, China has built 2,000 acres of artificial land in the disputed area, according to the International Business Times.
… If China does not stop at establishing their military presence in the area, former CIA deputy director Michael Morell warned that a war between China and the United States will occur.
… A freedom of navigation exercise is being planned by the United States in which more U.S. ships or aircraft would be hovering within 12 nautical miles of Beijing-claimed territory, reported The Australian. The plan to emphasize freedom of navigation and freedom of the air aims to make it known that the United States does not approve of Beijing's construction over the disputed waters.




Targeted advertising. (Digest Item #6)
How to Advertise Beer to Women
And finally, in an effort to persuade more women that beer is actually rather tasty, German brand Astra advertised directly to the female half of the population. For directly, read exclusively, as these automated billboards only started up when there was a woman in the vicinity.
A small camera attached to the billboard uses facial recognition software to detect gender and age. And if a female is walking past, one of 70 videos starring German comedian Uke Bosse starts playing. And if it’s a guy? He’s told to keep on walking past. Possibly to buy some beer.




An interesting article for my Data Management students. I don't agree with it, but it does raise a few points for discussion.
4 Business Models for the Data Age
Data is invading every nook and cranny of every sector, every company therein, every department, and every job. As it does, it’s flexing its strategic muscles, and four ways to compete with data are starting to emerge.
The first involves cost reduction through improved data quality.
Improved data quality also lies at the root of the second strategy, which I call “content is king.
“Building a better data mousetrap” — or data-driven innovation — is the third way to pursue competitive advantage through data.
Finally, the fourth strategy is to become increasingly data-driven, in everything one does.




My answer is that as population increases the numbers of people (not the percentage) at either end of the normal curve increase. Therefore we have more idiots, serial killers and useless politicians than ever before – with no change in the statistical probabilities.
Are We Getting Dumber? Or Is Stupidity Just More Visible Online?




Interesting. Gives you a mosaic of similar searches to help you cover all the angles.
Athenir - A Search Engine With Visualizations of Related Terms
This afternoon I had a nice Skype conversation with a Stanford student named Nick Hershey who has built a nice search tool called Athenir. Nick has lots of neat things planned to add to Athenir this summer, but for now it is a search tool. When you enter a search term on Athenir you will get results from Yahoo along with a graphic of related search terms. In that regard it reminded me of Google's, now defunct, Wonder Wheel tool.
Applications for Education
Athenir could be useful to students who are struggling to see connections between search terms and or are need of assistance in changing their search terms.




...and we thought Artificial Intelligence was the problem. Dilbert reveals a far darker future.


Wednesday, May 20, 2015

This sounds ominous. I would be looking for a few heads to roll.
David Ramli reports:
Australia’s leading cyber-spies have joined the hunt for hackers who broke into Telstra’s Asian subsidiary Pacnet in an attack affecting thousands of customers including The Australian Federal Police, Department of Foreign Affairs and Trade and other government agencies.
Telstra on Wednesday revealed that an unknown third-party had gained complete access to Pacnet’s corporate network including emails and other administrative systems in early April 2015.
Read more on The Canberra Times.
[From the Times:
Telstra bought Pacnet for $US697 million earlier this year and said the attack occurred two weeks before the deal was finalised. It added Telstra was not told until after the deal's completion on April 16, after which more action was taken to close the breach.
"We have not been able to tell from forensic information or system logs what has been taken from the network," Telstra chief information security officer Mike Burgess said, adding that Telstra's own network had not been compromised. "But it is clear they [the attackers] had complete access to the corporate network and that's why we're telling customers."
… Pacnet is one of the few Western telecommunications providers to have its own data centres in mainland China. But Mr Riley said there was no evidence that the attackers were Chinese or even backed by a government and said he remained positive about the acquisition.
"It would've been good to know about it a little earlier but Pacnet felt they were dealing with the incident," he said. "I don't think it changes the deal for us and I still think it's a very, very exciting acquisition that we've made."




Consumers probably forget in a few months. How long term is the impact with creditors, insurers, etc.?
PYMNTS reports:
Like Target, Home Depot knows all too well that the true cost of a payments data breach won’t be known until long after the dust from the cyberattack settles.
While Home Depot’s earnings are on the mend, as the retailer posted a better than expected first quarter earnings, the lingering expenses from the breach will likely be a sore spot for the retailer. In Q1 alone, Home Depot shelled out $7 million in breach-related expenses, the company said during a Tuesday (May 19) first- quarter earnings call. That figure, however, is just a sliver of the breach bucket figure so far, as Home Depot announced in the company’s fourth-quarter 2014 earnings that it had spent roughly $33 million for data breach costs. But that was just 2014 figures, and 2015 should bring more breach-related expenses as more suits get filed against the retailer.
Read more on PYMNTS.com




If you can send money from your credit card, my Ethical Hacking students can too! (Digest Item #5)
MasterCard Send Lets You Transfer Funds
MasterCard Send is a new service which allows customers to digitally transfer funds to other people quickly and securely. Senders need to hold a MasterCard, but recipients don’t need a card or even a bank account, as funds can be sent via wire services such as Western Union.
Send has already gone live in the U.S., and is likely to be rolled out to other territories soon. The company claims that, “By digitizing personal payments that are typically handled via cash or check, MasterCard is providing greater convenience, choice and security to both payment senders and receivers in developed and developing markets.”




Something for all my students. Add these to your computer security toolkit and impress your friends.
How To Test Your Home Network Security With Free Hacking Tools
… While you can never be 100 percent certain of preventing a robbery, some basic precautions can significantly reduce your chances, as would-be thieves move on to easier targets.
The same principles apply to home network security. Sadly, almost no systems are entirely “hack proof” – but browser security tests, server safety measures, and network safeguards can make your set-up much more robust.




Another resource for my Ethical Hacking students. (Note that when you are tweaking your blog, sometimes you lose articles. Thank God for Google's webcache.)
It’s ethical hacking with SQL injection on Pluralsight!
I’ve long been a proponent of “hacking yourself first”, that is the idea of building up some offensive skills such that you can actually take a good shot at ethically breaking apps for the betterment of society. Whether they’re you’re own apps that you’ve built or ones you’re testing part of a dev team doesn’t really matter, it’s the same skills and the same end result – you find bad stuff before bad people do.
What I can now share with everyone is that over the last few months, I’ve been working hard with the folks at Pluralsight and another fellow author to take this a step further and start building out an ethical hacking series.
You can go and watch the course on Pluralsight right now or read on. Let me share the background on this, what’s in the first course of this series on SQL injection and what you can expect to see come next.




There's stupid, then there's spectacularly stupid. This is a significant downside of tech convergence.
  1. Drivers are making video chats, taking selfies behind the wheel

It's a known fact that drivers shouldn't text while behind the wheel, but a new study suggests people are doing a whole lot more than sending messages.
New research conducted by AT&T and Braun Research suggests 70% of drivers engage in some sort of smartphone activity. While texting (63%) and emailing (33%) are the two biggest offenders, four in 10 people are checking social media sites — 27% of those users cite Facebook as their main distractor, followed by Twitter at 14%. Another 28% of drivers said they surf the web while the car is in motion.




Back in “Ye Olde Days” employees were given training before they were allowed to use the corporate telephones on their desks. I suspect there is even more need for that today, but even less training.
How to Use Your Smartphone Like a Professional
It’s a safe to assume that everyone in your office has a smartphone. Many jobs require employees to use a smartphone. For those that don’t, everyone probably has a personal device that they bring to work with them. What’s my point? Just because everyone uses a smartphone, it doesn’t mean they can’t remain professional.
Some of this might seem like common sense, but there are professional ways to use a smartphone. When in a place of business, you don’t want to use your phone the same way you would when out with your friends.




For my Data Management students.
JPMorgan’s global think-tank uses big data to read US economy
For decades policy makers and economists have sought data that would allow them to better understand how changes in financial behaviour affect the economy. Now they are getting a boost from a new and unexpected research partner — JPMorgan Chase.
The bank launched a global think-tank this week — the JPMorgan Chase Institute — aiming to combine the power of big-data analytics with information culled from 30m of its own customers to build a more granular snapshot of the US economy.


Tuesday, May 19, 2015

A more reasoned voice. One not selling consulting services? (Perhaps this explains why the FBI can't find enough evidence to arrest this guy.)
There has been much media coverage of Chris Robert’s alleged claims about controlling an airplane in-flight. I haven’t bothered to link to them as they generally just re-hash what is already known and not known. But Iain Thomson got a more detailed response from those who are skeptical about Roberts’ claims:
At last year’s DEFCON hacker’s meeting Dr Phil Polstra, professor of digital forensics at Bloomberg University (and a qualified commercial pilot and flight instructor), delivered a lecture on the feasibility of in-flight aircraft hacking. It turns out it’s a lot more difficult than you might think.
Aircraft IT systems are built around non-TCP/IP protocols called ARINC, or AFDX on Airbus equipment. One of the key differences with this protocol is that it allows unidirectional data and will lock out a non-standard sending signal.
With regards to Roberts’ claims, Dr Polstra said that they were interesting and that he looked forward to discussing them with the researcher at a future DEFCON conference “assuming he is not in jail.” But the method of hacking seems unlikely.
IFE systems do receive some information from the emergency information crew alert system (EICAS), chiefly the aircraft’s location and speed for those little progress maps, but this data comes through a unidirectional Network Extension Device (NED).
Read more on The Register.




Continuing the bad karma.
Kudos to Bob Sullivan for staying on the Starbucks story. Today, he writes:
Ryan Benharris had $200 stolen from his debit card after his Starbucks account was hijacked recently, but that’s not why he was furious at the firm. He was angry about what happened next.
“I had to beg and plead to get my money back,” he said. “They lied to me… I’m an attorney, and it took me four hours on the phone and six weeks to get a refund.”
As Benharris and a pile of other victims have contacted me with stories of frustration, it appears Starbucks has made a change to its website in light of disclosures last week that criminals were attacking customers and stealing money from their Starbucks-linked bank accounts. More on the change in a moment.
Read more on BobSullivan.net.




“Obfuscation by any other name would smell...” (with apologies to William Shakespeare) If the response to a discovery order was paper copies of the emails, would the court sanction the lawyers? Paper is both slower and more expensive to provide and to review. Lawyers, even Hillary, should know better.
State Department plans to release Hillary Clinton's emails in January 2016
The State Department is proposing a deadline of January 2016 to complete its review and public release of 55,000 pages of emails former Secretary of State Hillary Clinton exchanged on a private server and turned over to her former agency last December.
The proposal came Monday night in a document related to a Freedom of Information Act lawsuit Vice News filed in January seeking all of Clinton’s emails.
“The Department’s plan … would result in its review being completed by the end of the year. To factor in the holidays, however, the Department would ask the Court to adopt a proposed completion date of January 15, 2016,” State’s acting director of Information Programs and Services John Hackett said in a declaration filed in U.S. District Court in Washington.
… The controversy over Clinton’s private email account led to a turbulent start for her presidential campaign, which she announced last month. She has said she wants the emails public and is eager for State to release them as quickly as possible. Clinton said she turned over all work-related emails to State, but acknowledged that she had erased a roughly equal number of emails her lawyers deemed private.
… Hackett said 12 State staffers have been assigned full-time to reviewing the Clinton emails and that it took until sometime this month to scan in the records, which were provided on paper by Clinton in 12 “banker’s boxes” in December. He said the scanning process took five weeks and was “complicated” by some of the printouts of Clinton emails being double-sided.
… State officials have said at least some of the emails she provided are clearly personal. [No doubt in order to claim that she exceeded the minimum requirement. Bob]
… The Iowa caucuses are due to be held Feb. 1, 2016 — just two weeks after the proposed release of Clinton’s emails.




As long as we think this through and discuss it with parents and accept the liability. (Digest Item #1)
More Schools Should Ban Smartphones
Schools should ban smartphones from the classroom in order to help kids perform better in exams. This is the obvious conclusion to be drawn from a study conducted by the London School of Economics. It has been published at a time when, having previously banned smartphones, some schools are starting to lift restrictions.
Titled, Ill Communication: Technology, Distraction & Student Performance [PDF link], the study found that teenagers studying in schools which have banned smartphones perform better by an average of 6.4 percent. This is the equivalent of one hour extra spent in school every week, or, as the LSE put it, the “equivalent of adding five days to the school year.”
This study suggests we should actually be toughening bans on smartphones in schools, especially as students deemed as “low-achieving and low-income” actually saw the biggest improvement (of 14.23 percent) in tests. Thus countering the claims of New York mayor Bill de Blasio, who has suggested lifting restrictions on smartphones in schools would reduce inequality.
While this study was carried out in four English cities — London, Manchester, Birmingham, and Leicester — it stands to reason that the results would be replicated elsewhere in the world. Smartphones are obviously a hugely important innovation driving the modern world, but that doesn’t mean they belong in classrooms, where they’re likely to distract students from learning.




Interesting. I could work with the Intel legal department.
Best Legal Departments 2015
by Sabrina I. Pacifici on May 18, 2015
Corporate Counsel – “Two legal departments are fully immersed in the digital age, two maintain a solid presence in the world of bricks and mortar. What’s more, one of them is a nonprofit, which renders many of the concerns of the other three irelevant. Examined from another angle, two of them are resolutely, explicitly multinational; another is, too, just by its ubiquity. The last one is in flux. What could these diverse legal departments possibly share? We asked ourselves this question as we pored through dozens of nomination forms. And we came up with an answer that’s hard to define, but easy to see when you bump into it. They rise above what a group of lawyers is expected to do. They do it with innovation, a sense of community, even a bit of swagger. They’re confident in their abilities, but they also look to improve.”




For my Data Management students. Manage data no matter the source.
Obama joins Twitter: How the first day of @POTUS unfolded
U.S. President Barack Obama sent his first tweet from his very own account on Twitter on Monday, quickly amassing a million followers in five hours, the latest of many White House efforts to amplify his message with social media.


(Related) Just for perspective.
Most Influential Twitter List: Which World Leaders Made the Cut?




My students have already done this. I will use this article to try and talk my wife into cable cutting.
Considering Canceling Cable? The True Cost of Cutting the Cord
… In the USA there are four main options:
… This is worth repeating, because many people seem to have forgotten: the major networks are available to you free of charge. Get a high-quality antenna like the Mohu Leaf and you can watch some of the most popular shows on television without any monthly subscription costs at all.
The FCC reception map [Interresting Bob] can provide you with a list of TV channels you can get locally, right now, without paying a cable company.




Tools for my website developers.
WebRTC Explained: What Is This API, and How Is It Changing the Internet?
The Internet today is vastly different to what it was 10 years ago. Back then, if you wanted to do anything moderately ambitious like video conferencing, you had to work with plugins that simply didn’t work all that well. I am, of course, referring to Flash, which was notoriously slammed by Steve Jobs in 2010 for being insecure, slow, and ill-suited to a world of touch devices.
There’s something better now.
It’s called WebRTC, and it’s allowing developers to build real-time applications, such as MMORPGs (massively multiplayer online role-playing games) and video-conferencing tools, using open web technologies, like HTML5, JavaScript and CSS.
Here’s everything you need to know about WebRTC.




For my Data Management class. Perhaps I should be asking them for Vine videos?
What CEOs Have Learned About Social Media
When it comes to social media, today’s CEOs have made a remarkable transition over the past five years. A recent analysis by my firm, Weber Shandwick, found that 80% of the chief executive officers of the world’s largest 50 companies are engaged online and on social media. The results, published in “Socializing Your CEO: From Marginal to Mainstream,” show that CEO sociability has more than doubled since we began tracking the social activities of chief executives in 2010, when only 36% of CEOs were social.
… Companies don’t want to be left behind. For example, even in 2013, Scottish fashion brand Lyle & Scott put out a call for a new CEO on Twitter. They linked to a microsite so people could learn about the brand’s history, what it takes to be a leader, and how to apply.
The company also asked each candidate to produce a Vine video and Pinterest board for the brand. According to the executive recruiter leading the search, the owner of Lyle & Scott wanted “a modern, tech-aware retail CEO who is social media literate. By conducting the search using social media, we automatically select out the dinosaurs.”




A timely article for my Business Intelligence students.
Competitive Intelligence” Shouldn’t Just Be About Your Competitors




The second cartoon rebuts the most famous Internet cartoon ever.
Strategic Humor: Cartoons from the June 2015 Issue




Dilbert explains the difference between being social and being sociable.


Monday, May 18, 2015

With everything else they did wrong, why would anyone expect Sony to have their insurance ducks in a row?
What does your CGL policy mean by “publication in any manner?”
Jana Landon reports:
It was reported recently that the parties in the closely watched data breach case of Zurich American Insurance v. Sony Corp. of America (N.Y. Sup. Ct. Feb. 21, 2014) settled while Sony’s appeal of an unfavorable trial court opinion was pending. That opinion found that no coverage was available to Sony for a massive data breach under its commercial general liability (CGL) policy. This settlement leaves open questions regarding claims by insureds regarding data hacks in existing data breach cases, especially in light of recent changes to the CGL forms.
Read more on The Legal Intelligencer. [Registration required Bob]
[From the article:
A standard CGL policy usually contains a section titled "Coverage B—Personal and Advertising Liability Injury." The current Insurance Services Office Inc. (ISO) form for Coverage B typically provides coverage for "those sums that the insured becomes legally obligated to pay as damages because of 'personal and advertising injury' to which this insurance applies." "Personal and advertising injury" is defined as an "oral or written publication, in any matter, of material that violates a person's right of privacy."
After Sony's data breach, Zurich American Insurance denied Sony's coverage claim and filed suit in July 2011. The insurer argued that, under Coverage B, the language "publication in any manner" described only the type of disclosure, not the identity of the disclosing party. Zurich contended that coverage would only extend to the publication of information by Sony, not third parties such as hackers, even though there were no such limitations in the policy language. Therefore, it argued, the data breach did not fall under the CGL policy.




For my Computer Security students. I can not redundantly repeat this reiteration enough!
Wham, Bam, Thank You Spam! Don’t Click on the Link!
by Sabrina I. Pacifici on May 17, 2015
“It seems that just like in old times (in cyberspace that means last year) the existence of “snake-oil” salesmen on the Internet is getting worse, not better. Rather than selling something medicinal or at the very least useful, these snake-oil salesmen of today have one intent only: to steal your personal information or worse, to distribute malware to your computer. One recent report issued by Symantec in April 2015 literally details scores of scams all designed to steal information and potentially ruin your computer (and others’ as well) and steal your personal information. We detail them not out of morbid curiosity of the utter gall of the snake-oil salesmen, but to hopefully inform and prevent the inadvertent “click on the link” circumstances which you and your company would rather avoid. We also point to other recently issued reports noting that other scams like phishing and spear phishing continue to be a bothersome and dangerous component of company emails. At the end of the day, continuous employee training and awareness of these sorts of scams is truly a strong part of the Holy Grail of Cybersecurity, along with certain network hardware components that can help stop “bad” emails before they get to your employees’ desktops…”




Low(er) tax rates apparently gives Ireland lots of power when it comes to Privacy. So it must be worth it, right?
RTÉ reports:
The Office of the Data Protection Commissioner will today assume responsibility for ensuring the privacy and data of around 300 million people outside the US who use Twitter each month is adequately respected.
Last month the microblogging site told users that from 18 May, “Twitter International Company will be responsible for handling your account information under Irish privacy and data protection law.”
The move means all of the social network’s users outside of the US will come under the European Union’s Data Protection Directive.
Read more on RTÉ.
[From the article:
The changes could put extra pressure on the ODPC, which is already responsible for overseeing the data protection standards of a range of other large internet multinationals based in Ireland such as Google, Facebook and LinkedIn.




Sounded interesting enough to request from my local library. Economics for the Internet Age?
New on LLRX – Book Review – “The Age of Cryptocurrency”
by Sabrina I. Pacifici on May 17, 2015
Via LLRX.comBook Review – “The Age of Cryptocurrency” - Alan Rothman highlights the increasing impact of an online payment system that is immersed in finance and economics around the world – the expanding use of bitcoin and cryptocurrencies. With actionable links to expert professional topical sources on these subjects, Alan’s article will bring you up to speed on a bleeding edge cross border issue that impacts law, technology, e-commerce and the deep web.




The continuing education of our computer overlords? Perhaps we should also feed them some Marx Brothers movies? I wish I had know about the World of Watson exposition. (see below)
New on LLRX – IBM’s Watson is Now Data Mining TED Talks to Extract New Forms of Knowledge
by Sabrina I. Pacifici on May 17, 2015
Via LLRX.com – IBM’s Watson is Now Data Mining TED Talks to Extract New Forms of KnowledgeAlan Rothman’s commentary offers actionable information about a new technology from IBM called Watson that is a powerful tool for researchers whose work engages data mining, knowledge management and competitive intelligence. Rothman attended a recent presentation that demonstrated how Watson is deployed as a search and discovery tool whose object is the huge video archive of TED Talks content.




For my Business Intelligence students.
World of Watson
Watch the replay




For my students. I downloaded it and will let you know if I'm as impressed as this reviewer.
Nitro: Check Out Maxthon’s Super-Fast Web Browser Today
It’s the fastest browser I’ve ever used. That’s the kind of statement that doesn’t really mean much anymore in the browser world, mostly because the Big Four — Internet Explorer, Firefox, Chrome, and Opera — keep dethroning each other in cycles. But for the first time in a while, we actually have a clear, longshot winner.
… Want to give it a try? Download Maxthon Nitro.




For my international students.
Make International Phone Calls from your Mobile even without the Internet
… The app, known as Ringo, lets you make international calls from your mobile phone but “without” requiring the Internet. It does so by cleverly converting your request to dial an international number into a local number.
Let’s say you are trying to call someone in Singapore from India. When you make a call through Ringo, the app will internally dial a local number in India. At the other end in Singapore, it will again make a local call to the desired number and will connect these two calls using their own infrastructure. This process is transparent to the end users though it make few seconds extra to initiate the call.
… Also when open a contact inside Ringo, it will show their current local time and this little detail does help save a trip to Google.
Is Ringo a replacement for Skype or Google Hangouts? Well, yes and no. With Ringo, you do not need the Internet to make phone calls but you still need a local number. In the case of Skype, you do not need a local number but you have to be connected to the Internet. Also, Ringo is mobile only while Skype lets you call telephone numbers from Mac and Windows PCs as well.
Ringo is available for Android, iPhone and Windows Phone.




Tools & Techniques
Cometdocs - PDF to Word and Many Other Conversions
Cometdocs is a service for quickly converting documents and sharing them with others. Cometdocs will convert your documents to and from Word, PDF, and Excel. When you use Cometdocs to convert a document you can share directly with others via email. After converting your documents Cometdocs also gives you a public URL that you can post for others to use to download your document.
To use Cometdocs just upload a document, select the action that you want performed and enter your email address to share the document. Cometdocs has free and paid plans. The free plan limits you to five conversions per week.




Another Dilbert management technique I will adopt.