Saturday, June 06, 2015

Because the government keeps data longer than the Internet (which keeps it forever)?
Andrea Shalal and Matt Spetalnick report:
Data stolen from U.S. government computers by suspected Chinese hackers included security clearance information and background checks dating back three decades, U.S. officials said on Friday, underlining the scope of one of the largest known cyber attacks on federal networks.
Of the four million federal employees whose data were caught up in the breach, 2.1 million are reportedly current government employees, and the fear is that their information could be used for spear-phishing and to obtain even more sensitive information.
Read more on Reuters.
Ellen Nakashima of the Washington Post reports that according to unnamed agency officials, the information obtained in the hack included employees’ Social Security numbers, job assignments, performance ratings and training information but
OPM officials declined to comment on whether payroll data was exposed other than to say that no direct-deposit information was compromised. They could not say for certain what data was taken, only what the hackers gained access to.
And of course, the finger-pointing has begun. As the New York Times reports, an audit of the government’s computer security had as recently as November pointed out the serious security shortcomings.
But watch out for those who attempt to use this hack to support irrelevant or harmful legislation. Any legislation proposed should seriously consider the opinions of actual infosecurity and technology experts. So far, the government’s ridiculous claims that we can have strong encryption but the government should be able to break it makes many of us wonder what color the sky is in Washington these days.

Michael A Riley and John Walcott report:
The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies.
Forensic evidence indicates that the group of hackers responsible for the U.S. government breach announced Thursday likely carried out attacks on health-insurance providers Anthem Inc. and Premera Blue Cross that were reported earlier this year, said John Hultquist of iSight Partners Inc., a cyber-intelligence company that works with federal investigators.
Read more on Bloomberg.

State sponsored hacking, without actually hacking. (Apple and Microsoft have already greased this slope.) Probably simpler to use Chinese software in China and keep the domestic software secret.|editorspicks|&par=google&google_editors_picks=true
China may try to force US tech firms to give up code
While U.S. officials investigate whether Chinese hackers breached data for millions of federal employees, Beijing is working on a series of rules to protect itself from foreign cyber incursions—or maybe to get its hands on American tech secrets, or maybe both.
Beijing wants foreign technology firms to give up their source code in exchange for Chinese business, and new rules are set to make that happen, focusing first on the banking sector, and then moving to other important markets.
The first set of rules, from earlier this year, mandated that domestic banks move to "safe and controllable" technology—meaning any tech firm interested in doing business with most Chinese financial institutions would need to hand over its relevant source code and encryption keys. [Would you trust a bank that did that? Bob]

We could use this!
Ann Bednarz reports:
Payday didn’t go as planned on January 2, 2014, for some Boston University employees. On that day, about a dozen faculty members discovered their paychecks hadn’t been deposited into their bank accounts. Thieves had changed the victims’ direct deposit information and rerouted their pay. BU’s IT security team traced the attack to a phishing email sent to 160 people at the university. The email – which prompted BU faculty to click on a link and confirm their log-in details – led to the compromise of 33 accounts. Thirteen faculty members had their paychecks stolen.
After BU warned faculty and staff of the paycheck heist, the attackers send another phishing attempt that played off BU’s warning and directed recipients to another bogus site. “The folks who sent the original message were actively watching us,” Shamblin said. “They coopted my authority for a second attack on my people.”
Meanwhile, 1,200 miles away, University of Iowa experienced similar attacks.
Read more on Network World if you have an Insider account. I refuse to sign up because they require that you enable third-party cookies and javascript.

For my Computer Security students.
A Look at Some of the Worst Computer Viruses in History
When you get a virus on your computer, the results can be devastating to you, personally. Some viruses, however, take the destruction and devastation far beyond a few people. Some computer viruses have caused million in damages the world over.
Which computer viruses have been the most destructive throughout history? Check out the infographic below for an extremely detailed look and prepare to be surprised, because some of the damage caused by these viruses is truly hard to comprehend.

Like those devices that monitor your “safe driving,” insurance companies will likely be all over these devices. Perhaps this is the one where they switch from “discounts for users” to “penalties for non-users.” Or governments could require them on all new cars.
Feds And Carmakers Unveil Systems To Disable Your Car If You've Been Drinking
… The National Highway Traffic Safety Administration unveiled a prototype vehicle with an advanced alcohol detection system that could ultimately prevent vehicles from being operated by a drunken driver.
The Driver Alcohol Detection System for Safety — known as “DADSS” — is a noninvasive system aimed at detecting when a driver is above the legal alcohol limit by instantly measuring the driver’s breath or skin. If your blood alcohol level is above 0.08 percent — the legal limit in all 50 states — the car will be disabled.

If increased revenue is greater than legal fees, then: Give the users what they want and let the lawyers figure it out?
As Facebook Video Swells, YouTube Creators Cry Foul Over Copyright Infringement
As Facebook has briskly emerged as YouTube’s first forbidding challenger in online video, racking up 4 billion views per day, the social network may have a mounting copyright issue on its hands -- one that smacks of a similar conflict YouTube faced in its early days.
Increasingly, YouTube creators are alleging that their popular videos are being pilfered from the platform and uploaded to Facebook. A new term has even been coined for this practice: ‘freebooting.’
Because Facebook doesn’t offer adequate copyright protection or give creators the ability to monetize their videos just yet, argues George Strompolos, CEO of leading YouTube network Fullscreen, freebooting is detracting from ever-valuable YouTube views.

From a culture that honors age (and success) this makes perfect sense. Still, Warren isn't likely to buy them.
Chinese online gaming company wins Buffett lunch for $2.3M

Time to start planning.
Microsoft Office 2016 Updated With Collaborative Real Time Presence, Contextual Insights
Microsoft is planning to release a new version of its Office productivity suite, Office 2016, sometime later this year. In the meantime, Microsoft has made available an Office 2016 Public Preview, which is also available for Mac users, and there are a few new features that were just added.

Plan for this too since it's the path to Skye's real time translation service.
You Can Now Use Skype For Web (Beta) If You're In The U.S. Or UK
Skype's web-based client is now available to all U.S. and UK users in open beta, no longer requiring any invites.

For my Business Intelligence students.
The Internet of Things Is Changing How We Manage Customer Relationships
… But now that Big Data and the Internet of Things have come along, we can go beyond the transaction to every little detail of the customer’s actual experience. You can know when customers enter your store, how long they are there, what products they look at, and for how long. When they buy something, you can know how long that item had been on the shelf and whether that shelf is in an area of things that usually sell fast or slowly. And then you can view that data by shoppers’ age, gender, average spend, brand loyalty, and so on.

Data Collection From Consumers Continues Without Transparency
by Sabrina I. Pacifici on Jun 5, 2015
National Journal – “Don’t be fooled: Congress may have finally passed the bill reining in the National Security Agency’s bulk-surveillance programs [USA Freedom Act of 2015], but your data is still being collected on the Internet. Lost in the debate over the NSA is the fact that companies like Google and Facebook continue to vacuum up vast troves of consumer data and use it for marketing. The private-sector tech companies that run the social networks and email services Americans use every day are relatively opaque when it comes to their data-collection and retention policies, which are engineered not to preserve national security but to bolster the companies’ bottom lines. Critics say the consumer data that private companies collect can paint as detailed a picture of an individual as the metadata that got caught up in the NSA’s dragnets. Companies like Google and Facebook comb through customers’ usage statistics in order to precisely tailor marketing to their users, a valuable service that advertisers pay the companies dearly to access. “What both types of information collection show is that metadata—data about data—can in many cases be more revelatory than content,” said Gabe Rottman, legislative counsel at the American Civil Liberties Union. “You see that given the granularity with which private data collection can discern very intimate details about your life… For their part, various tech companies are paying attention to the trend. Google on Monday unveiled a frequently asked questions page to address users’ privacy concerns, answering questions like “Does Google sell my personal information?” and “How does Google keep my information safe?” It also revamped its account settings page, offering privacy and security “checkups” to walk users through steps to keep their data safe. On the same day, Facebook announced it will offer the option to send sensitive information, like password reset links, in encrypted emails. (“New Facebook feature shows actual respect for your privacy,” read a Wired headline on an article about the announcement.) Facebook already encrypts traffic to and from its site, and offers privacy fanatics—or those who fear government retribution for their actions on the social network—access to its services via the Tor browser, widely regarded as the most secure and private way to access the Internet.”

I've been thinking about re-writing my handouts. “Captain Math!” “SecurityMan”
The Best Apps for Reading Comics on Your iPad

Dilbert has some ideas for responding to my students!

Friday, June 05, 2015

You wouldn't want the US to be a second rate CyberWar power would you? (How do they stage these just when they need them?)
Chinese hackers breach federal government’s personnel office
Hackers working for the Chinese state breached the computer system of the Office of Personnel Management in December, U.S. officials said Thursday, and the agency will notify some 4 million current and former federal employees that their personal data may have been compromised.
The hack was the second major intrusion of the same agency by China in less than a year and the second significant foreign breach into U.S. government networks in recent months. Russia last year compromised White House and State Department e-mail systems in a campaign of cyber espionage.
OPM, using new tools, discovered the breach in April, according to officials at the agency who declined to discuss who was behind the hack.
Other U.S. officials, who spoke on condition of anonymity citing the ongoing investigation, identified the hackers as being state-sponsored.

(Related) “Patterns” would suggest anything originating in North Korea and many IP addresses in China.
Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border
Without public notice or debate, the Obama administration has expanded the National Security Agency‘s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified N.S.A. documents.
In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad — including traffic that flows to suspicious Internet addresses or contains malware, the documents show.
The Justice Department allowed the agency to monitor only addresses and “cybersignatures” — patterns associated with computer intrusions — that it could tie to foreign governments.

I wonder why no law school has created a “New Technologies and the Law” center to explain how new technologies might impact the law. Wouldn't the companies who create the technology be willing to fund it? (And pot holes should be regulated under the marijuana laws because... Pot!)
From the see-why-judges-need-to-understand-technology dept.:
Sean Whaley reports:
The Nevada Supreme Court said Thursday that the state’s wiretap law permits the interception of cellphone calls and text messages even though it has not been updated since 1973.
But a three-justice panel of the court said Nevada’s law regarding “wire communications” includes cellphones. The court said that “wireless” cellphone communications do involve the use of a wire when the communication reaches a cellular tower and is then transmitted by wire through a switching station to another transmitting tower.
Read more on Las Vegas Review-Journal.

(Related) Perhaps the Computer Security industry would help fund such a center...
IoT Poses Security Challenge to Enterprise Networks
There are many things in the Internet of Things (IoT); so many that enterprises are often finding themselves challenged to keep up and secure them all.
In a new study from OpenDNS entitled 'The 2015 Internet of Things in the Enterprise Report', researchers found that IoT devices are common in highly-regulated industries, even though the infrastructure supporting those devices has its share of cracks in it.
"The traditional approach of designing a strong perimeter and controlling everything inside of that perimeter just isn’t possible anymore," said Mark Nunnikhoven, senior research scientist on the OpenDNS Security Labs team.

Can you really Opt-Out?
Orin Kerr writes:
The federal Wiretap Act is the major privacy law that protects privacy in communications.
In this post, I want to focus on a particularly tricky and important application of the problem that is raised in a case now pending in the Third Circuit: How does the Wiretap Act apply to surveillance of websurfing? Say a person is surfing the web, and a surveillance device is monitoring the URLs that a person is visiting. When, if at all, can that violate the Wiretap Act? Are the URLs contents or metadata, and if URLs are contents, who are the parties to that communication that can consent?
Read more on The Volokh Conspiracy.
[From the Third Circuit article:
Google and a couple of other Internet companies that use third-party cookies to track the online behavior of people who use browsers that are specifically designed and advertised as barring that kind of tracking are the only defendants in the case, "but this is how systems across the entire Internet work and whatever ruling this court issues is going to affect broad swaths of companies and how they interact," said Michael Rubin, the Wilson Sonsini Goodrich & Rosati lawyer who represented Google in front of the Third Circuit.

This is a significant change. I can see why many tech companies would love it.
Emma Woolacott reports:
Under the draft provisions of the latest trade deal to be leaked by Wikileaks, countries could be barred from trying to control where their citizens’ personal data is held or whether it’s accessible from outside the country.
Wikileaks has released 17 documents relating to the Trade in Services Agreement (TISA), currently under negotiation between the US, the European Union and 23 other nations. These negotiating texts are supposed to remain secret for five years after TISA is finalized and brought into force.
Read more on Forbes.

Perhaps we should take a look at this?
Chris DiMarco reports:
The National Institute of Standards and Technology is probably best known for the cybersecurity guidelines it released in late 2013, but the organization frequently authors reports on critical issues in the technology space. The NIST recently released a draft of one such report designed to aid federal organizations in processing private citizen information. Now entering a public commenting period that will remain open until July 13, the report, “Privacy Risk Management for Federal Information Systems,” seeks to create a universal vocabulary for discussing the challenges of private data processing, while providing modes of thinking that can be applied as information processing continues to evolve.
[…]For more on the “Privacy Risk Management for Federal Information Systems Framework” draft and to submit comments, visit
Read more on LegalTech News (sub. req.)

Perhaps you should not use social networking without thinking about the possible downside. This is about as far from a “Like” as you can get.
General: Social media post led to strike against ISIS
A general suggested at an event that the Air Force was able to target an attack on a building used by the Islamic State in Iraq and Syria (ISIS) based on a single social media post, according to an account published by Defense Tech.
“It was a post on social media to bombs on target in less than 24 hours,” Gen. Hawk Carlisle said during an Air Force Association event. “Incredible work when you think about.”
“The guys that were working down out of Hurlburt, they’re combing through social media and they see some moron standing at this command. And in some social media, open forum, bragging about the command and control capabilities for Daesh, ISIL. And these guys go: ‘We got an in.’ So they do some work, long story short, about 22 hours later” the building had been destroyed by a strike, he said.
… Social media platforms have moved to suspend users associated with the group, but the authors of the Brookings paper found those were not successful on a broad scale.
“Account suspensions do have concrete effects in limiting the reach and scope of ISIS activities on social media,” they wrote. “They do not, at the current level of implementation, eliminate those activities, and cannot be expected to do this.” [Think of this a permanent suspension. Bob]

Interesting. How long does it take to review 200 man-years of code?
Microsoft is going to let governments look at its source code in a special office to prove spies can't use it
Microsoft has opened a special office in Brussels that will allow European governments to dig through its source code in search of any backdoors that could allow foreign spy agencies to intercept information.
Microsoft posted on its blog that it's launching the special office to support a "high level of openness and cooperation" with European governments, who are deeeply suspicious of the online surveillance conducted by the US's NSA.
It already has one transparency center in Washington, but this is the first of its kind to be opened in Europe.
… Apple did something similar in China when it allowed the government to inspect its products in search of NSA backdoors, amid fears that Apple products could be used by the US government to spy on Chinese citizens. CEO Tim Cook reportedly agreed in December 2014 that Apple would comply with Chinese "security audits"

A clear indication that China is becoming a regional problem.
Manila "gravely concerned" over reported Chinese warning shot at sea
The Philippines on Friday expressed concern over reports a Chinese warship has fired a warning shot on a Filipino fishing boat near a reclaimed reef in the disputed South China Sea, Manila's defence minister said.
China has been rapidly expanding its occupied reefs in the Spratly archipelago, alarming other claimants, and drawing sharp criticism from the United States, Japan and European States.
"If indeed this happened, it is a cause of grave concern." Defence Minister Voltaire Gazmin told journalists in a text message from Tokyo, where he joined a four-day state visit by Philippine President Benigno Aquino.
China claims most of the South China Sea, through which $5 trillion in ship-borne trade passes every year. The Philippines, Brunei, Malaysia, Taiwan and Vietnam also have overlapping claims.

Japan to Provide Patrol Vessels to Philippines
The Japanese government is providing more maritime equipment to its neighbors, as part of moves by U.S. regional allies to forge closer security ties in response to China’s aggressive behavior in the Western Pacific.
On Thursday, Philippine President Benigno Aquino III, who is on a state visit to Japan this week, signed a deal with a Japanese shipbuilder to buy a fleet of 10 patrol vessels. Tokyo will provide a low-interest loan worth ¥19 billion ($150 million) to pay for the ships, marking a significant shift in Japan’s foreign aid program focused until now on infrastructure projects.

Math stuff for my Math (and Excel) students.
Thoughts this week
Excel is my favourite Microsoft program both for its use in Mathematics teaching and for data analysis. In 2013 at the TSM Conference I was very fortunate to meet and be trained by Mike Hadden. I had already discovered and often used Mike’s Excel files for my teaching; in 2013 thanks to Mike I discovered the joys of Excel macros which save me a serious number of hours in my job!
Mike now has a blog where you can find out more about his Excel files for teaching (scroll down) and also learn more about macroshave a look at the Macro Recorder Demo.

For the Toolkit
The Mega Guide to Media File Conversion Tools in Windows

We don't teach our students how to use technology to communicate properly.
10 Simple Tips to Elevate Your Small Business Emails

Thursday, June 04, 2015

A noble or at least notable effort.
WSJ – Level 3 Tries to Waylay Hackers
by Sabrina I. Pacifici on Jun 3, 2015
Drew Fitzgerald – – “Earlier this month, Brett Wentworth took Level 3 Communications Inc. into territory that most rivals have been reluctant to enter. The director of global security at the largest carrier of Internet traffic cut off data from reaching a group of servers in China that his company believed was involved in an active hacking attack. The decision was reached after a broad internal review. The Broomfield, Colo., company is taking an aggressive—and some say risky approach—to battling criminal activity. Risky because hackers often hijack legitimate machines to do their dirty work, raising the risk of collateral damage by sidelining a business using the same group of servers. Such tactics also run against a widely held belief that large carriers should be facilitating traffic, not halting it. And carriers are reluctant to create the expectation that they will police the Internet. Yet with attacks on the rise, Level 3 three years ago decided it is worth the risks. At a rate of about once every few weeks, the carrier is shutting down questionable traffic that doesn’t involve any of its clients. When the source of the trouble is hard to pinpoint, it often casts a wide net and intercepts traffic from large blocks of Internet addresses. Recently, that meant stopping traffic from a powerful network of computer servers controlled by a group of hackers that security researchers dubbed SSHPsychos. The group used rented machines in a data center to hack other computers that could bring down target websites by flooding them with junk traffic. Level 3 blocked a broad swath of the Hong Kong-registered data center’s IP addresses from the Internet.”

It can't be because management is doing such a fine job of controlling their organizations. Perhaps it is because politicians don't like to be second guessed? More likely because they don't know how to use the IG to their advantage.
Watchdogs Needed: Top Government Investigator Positions Left Unfilled for Years
by Sabrina I. Pacifici on Jun 3, 2015
“At their best, Offices of Inspector General (OIG) are essential to a well-functioning federal government. IG offices recover billions of dollars in wasted taxpayer funds and make improvements to federal programs that keep us healthy, safe, and secure. IGs wear two hats, reporting to their agency heads and to Congress. As a result of this dual-reporting structure, IGs are uniquely positioned to serve as your eyes and ears within the executive branch, giving you the information you need to conduct effective oversight and pass meaningful legislation. POGO has worked for years to study and improve the IG system, and we have supported legislation to make IGs more independent and accountable. As such, we are deeply troubled to find that many senior IG officials are allegedly currying favor with the very agency leaders they’re supposed to oversee, and taking other inappropriate actions that would cause any reasonable person to question the IG’s independence. Among the most pervasive threats to IG independence and effectiveness are the long-standing vacancies that have languished at IG offices throughout the federal government. POGO believes it is no coincidence that so many long-time acting IGs have found their independence called into question on front pages of newspapers across the country—especially when those acting officials make it known they are auditioning for the role of permanent IG. At the same time, it is important to keep in mind that the opening of an IG vacancy can occur for a perfectly appropriate reason—such as removing a permanent IG who fails to uphold her office’s mission.”

Are they worried that they might embarrass politicians?
Twitter abruptly shuts down tool tracking lawmakers' deleted tweets
The Sunlight Foundation’s tool to track lawmakers’ deleted tweets appears crippled after a three-year run.
Twitter said Wednesday it will no longer allow the Sunlight Foundation to have access to the company's API, which allows the foundation’s Politwoops to automatically track deleted tweets.
Twitter said it pulled the plug because it violated the company’s developer agreement related to privacy.
… Politwoop’s most recently tracked deleted tweet is from May 15.

Perhaps we should invite Tim to speak at The Privacy Foundation?
Apple’s Tim Cook Delivers Blistering Speech On Encryption, Privacy
Yesterday evening, Apple CEO Tim Cook was honored for ‘corporate leadership’ during EPIC’s Champions of Freedom event in Washington. Cook spoke remotely to the assembled audience on guarding customer privacy, ensuring security and protecting their right to encryption.
… Cook was characteristically passionate about all three topics. A theme that has persisted following his appearance on Charlie Rose late last year to define how Apple handled encryption, his public letter on Apple’s new security page in the wake of the celebrity nude hacking incidents and his speech earlier this year at President Obama’s Summit on Cybersecurity at Stanford — an event which was notably not attended by other Silicon Valley CEOs like Facebook’s Mark Zuckerberg, Yahoo’s Marissa Mayer and Google’s Larry Page and Eric Schmidt.

This happens when you think of your customers as “sources of revenue” rather than people. I'm thinking of starting an “Advertising Advisory Service.” I'll load my social networking pages will all kinds of “interests” and charge anyone who “opts in” to my service (by sending me an ad) a very reasonable $100 per review. I figure I can review about 200 ads per day, as soon as I get the program written.
PayPal Changes User Agreement To Send Ads On Numbers You Didn’t Provide
Today, PayPal announced a few upcoming changes to its user agreement, which will affect a lot of users so read the fine print once you’re agreeing to the soon-to-be-updated terms. The main clause discovered in the agreement gives the company rights to contact you via text or call to your personal number which you didn’t provide to the service in the first place.
According to the Washington Post, an updated clause in the agreement allows the company to send "autodialed or prerecorded calls and text messages," on phone numbers; which if you didn’t provide yourself, the company has "otherwise obtained" from other sources.
While the new clause may seem as a dire violation of your privacy, under the previous agreement, PayPal already had the authority to scour various sources in order to keep a repository of phone numbers belonging to its clients.

(Related) Soon, everyone will do this.
Instagram is going to start showing you ads based on information in your Facebook profile
Instagram ads are about to get a lot more personal.
But soon advertisers will know if you're a 20-something living in Brooklyn who likes cats. How? Your Facebook profile.

Another method of ensuring “Open Government?” What happened to the wisdom behind “Double Secret Probation?”
WikiLeaks offers $100,000 bounty for Asian trade pact pushed by Obama
Whistleblower website WikiLeaks offered a $100,000 bounty for copies of a Pacific trade pact that is a central plank of President Barack Obama's diplomatic pivot to Asia on Tuesday.
WikiLeaks, which has published leaked chapters of the Trans-Pacific Partnership (TPP) negotiating text before, started a drive to crowdsource money for the reward, just as U.S. unions launched a new push to make the text public.
… Nine hours after the campaign was launched, WikiLeaks' website was showing $25,835 pledged by more than 100 people.

(Related) Who really runs the government when your PAC contributors know more that congressmen in your own party?
Dem: Tech knows more about trade deal than Congress does

...and here I was thinking that we had already reached ubiquity.
Ericsson: Smartphones Nearly Ubiquitous In Five Years
Ericsson’s latest mobility report is out this morning, and it finds, perhaps unsurprisingly, that we’ll be swamped in smartphones by 2020. Even taking into account the company’s obvious interest in this finding, it’s still a shock to realize that the recently acquired cultural posture of bending over a small shiny object while swiping away at the glass will become nearly universal in just five more years.
The company predicts that the world’s population will support 6.1 billion smartphone subscriptions in 2020. Accepting a population estimate from Population Pyramids of the World of 7.7 billion yields a proportion of 79%. In its report, Ericsson gives a figure of 70%.
… Including all phones, the report says, not just smart ones, phone penetration will reach 90% of the world’s population by 2020.

Darn, I was going to try this. But if it's legal, why was he suspended? Can he sue?
A science teacher was suspended without pay for using a signal jammer to block his students' phones
A teacher in Florida has been suspended without pay for five days after he used a signal jammer to stop his students' phones from working, Ars Technica reports.
Science teacher Dean Liptak affixed a jammer to a cell tower located on campus, which enabled him to jam mobile phones in order to stop students from getting distracted during lessons.
Liptak said that he had an override button for the device in case of emergencies, and also claimed that he checked with a local police officer who told him that using a jammer was legal.

Alarmist or realistic? Clearly US “happy news” does not cover this. Not as important as National Donut Day.
Ukraine's Poroshenko warns of 'full-scale' Russia invasion
President Petro Poroshenko has told MPs the military must prepare to defend against a possible "full-scale invasion" from Russia, amid a surge of violence in eastern Ukraine.
Russia has denied that its military is involved in Ukraine, but Mr Poroshenko said 9,000 of its troops were deployed.
Clashes involving tanks took place in two areas west of Donetsk on Wednesday.

(Related) Of course we have plans, but have we updated them since the Berlin wall came down? Yeah, probably but are we ready to implement it?
Start of WW3? Putin could force the West to use NUCLEAR WEAPONS against Russia, warns NATO
Europe and the United States are "embarrassingly" unprepared for Russian aggression, claimed General Petr Pavel.
… Czech general Pavel, next chairman of the NATO Military Committee, issued a warning to Western leaders expressing his concern they are not ready for military action by Putin.
He said: "Russia could seize the Baltic countries in two days.
"NATO wouldn't be able to react to the situation in that time."
The Alliance would be forced to "weigh its positions regarding whether it would start a war - maybe even a nuclear war - against Russia for the Baltic states," he said.

I bet this will cost much more than they estimate.
Truckmakers Ordered by U.S. to Add Anti-Rollover Technology
Makers of heavy-duty trucks in two years must add electronic stability-control systems to new vehicles, an effort by the U.S. government to prevent rollover crashes that kill about 300 drivers a year and injure 3,000 others.
The technology uses engine torque and computer-controlled braking to help truckers maintain control in emergencies by keeping the wheels on the ground and the trailers from swinging. The regulatory requirement, proposed in 2012, is estimated to cost $585 per truck

Once again we see that the world does not work as the MPAA would like it to.
New Zealand court: Megaupload founder can hold on to property
A judge in New Zealand has said that Kim Dotcom, the founder of now-defunct file-sharing service Megaupload, who is facing federal charges, does not have to forfeit his property, despite the order of a U.S. judge.
It’s a blow to federal prosecutors, who were hoping to force Dotcom to comply with the order of a federal judge in Virginia, Ars Technica reported on Wednesday.
The Virginia judge ruled in March that Dotcom had lost the case over forfeiting his property by default. But a judge on the High Court of New Zealand, Auckland Registry, found the legal theory being used by American authorities was not recognized in New Zealand.

Teaching in the 21st Century should be even easier than learning.
Teaching Mathematics With a Surface Pro Tablet
For the last 6 years I have done all of my teaching on a tablet Windows PC. I have really liked using the tool for these reasons. I can have a digital copy of all of my lessons sync to all of my computers and be instantly searchable. Since my lesson was already digital I could easily upload it to my website. I could use any computer program (graphing utilities, geometric or algebraic drawing utilities, Excel, and more) in my lesson seamlessly.
But up until last year there was a drawback. I could never leave my podium for a couple of reasons. First, the computer did not have a way to wirelessly stream the video output to the projector. Also, the computer was not small enough to just pick up and walk around with using only one hand.
One of the best things about technology is how the tools we use are constantly changing. Last year I updated my school computer to a Surface Pro 2. The portability of this computer is incredible! I was inspired to look into ways of untethering myself from my podium. I originally used the software program AirParrot to send the video to my Apple TV. And while that solution was good, it was rather processor intensive and would drain the battery pretty quickly. Just recently I started using a Microsoft Wireless Display Adapter, which Windows 8 natively supports (the streaming stick uses the Miracast wireless streaming protocol). This setup has a much smaller drain on my battery which means more time away from my podium!

For my Statistics students. Is this greater than random? What data do you need to answer this question?
Shootings are on the rise this year in New York City, and the trends are raising questions about whether Mayor Bill de Blasio’s decision to cut down on stop-and-frisk tactics has made it easier to carry guns in New York.
… In 2012, the NYPD made more than 532,000 stops, each of which could progress to a frisk or to a full search. The police found guns only 715 times.1 In other words, guns were found during 0.1 percent of stops.
… The NYCLU data set shows that 23 percent of all stops and searches were prompted by concerns about a possible weapon.2 The police did find guns more often in these cases (36 of every 10,000 weapon-related stops compared with seven of every 10,000 non-weapon-related stops). However, this still seems like a low success rate, and it may be skewed. Police officers write up their reasons for a stop afterward and can retroactively claim gun-related causes after finding the weapon, even if they weren’t the true reason for the stop.

A paper my Data Management students might find interesting. (Yes, that is what I call a “hint.”)
Navigating a World of Digital Disruption
by Sabrina I. Pacifici on Jun 3, 2015
Navigating a World of Digital Disruption by Philip Evans & Patrick Forth: “Digital disruption is not a new phenomenon. But the opportunities and risks it presents shift over time. Competitive advantage flows to the businesses that see and act on those shifts first. We are entering the third, and most consequential, wave of digital disruption. It has profound implications not only for strategy but also for the structures of companies and industries. Business leaders need a new map to guide them. This article explains the factors underlying these disruptive waves, outlines the new strategic issues they raise, and describes a portfolio of new strategic moves that business leaders need to master.”

Wednesday, June 03, 2015

I doubt this will change anything for my Ethical Hacking students. We still have to build and use the tools and we never sell them to the black hats.
Feds' Photobucket Strategy Could Hobble White Hats
There's a new twist in the way feds are seeking to penalize bad actors for making and distributing software used in crimes, suggest recent arrests by Justice Department and FBI officials.
"There's a more concerted campaign to go after go after those folks who are distributing in the underground," said Tom Kellermann, chief cybersecurity officer at Trend Micro.
… The case in question involves two men charged with creating an app to steal credentials and content from online photo and video community Photobucket.
DoJ and FBI agents last month arrested Brandon Bourret, 39, of Colorado Springs, Colorado, and Athanasios Andrianakis, 26, of Sunnyvale, California, and charged them with conspiracy to commit computer fraud and abuse, access device fraud, identification document fraud and wire fraud.
… In addition to trafficking in stolen credentials and content, the pair developed, marketed and sold a malicious tool that allowed others to steal content from Photobucket that was private and password-protected, the indictment notes.
… Bourret and Andrianakis both face one count of conspiracy, which carries a penalty of up to five years in federal prison US$250,000 in possible fines; one count of computer fraud, aid and abet, which also carries the same possible penalties; and two counts of access device fraud, which carries a penalty of up to 10 years in prison, and the possibility of a $250,000 fine for each count.
Unforeseen Consequences
However, the new focus on the tools employed could have some unforeseen consequences for white hat researchers.
"So far, no one has been arrested for creating a tool. It was more the using of the tool that has been the issue," noted Johannes B. Ullrich, chief research officer at the SANS Institute.
"This does more than affect the underground. This affects thousands of [penetration] testers who make a living testing the defenses of companies with their permission," Ullrich told TechNewsWorld.
"If creating and distributing a tool is considered a crime," he continued, "then many of them are out of a job."

Interesting, but I can't believe this has gone unnoticed. Look at the “8 letter message” and tell me this isn't regularly encountered?
A simple 8-letter message is permanently breaking people's Skype apps
It's similar to another bug currently at large on iPhones. Receiving a certain string of unicode characters on iOS can cause Messages and other apps to crash, and even force the device to reboot entirely.
The bug is caused by a failure to render the unicode characters properly.
Now, a similar bug has been discovered on messaging app Skype, and it's even more disruptive. While the iOS bug can be fixed, the Skype one can crash the recipient's app permanently.
Here's the offending message: http://:

Perspective. Are we moving to a “free shipping for everything” world? (Perhaps I can get a paperback book shipped free? Could be useful!)
Amazon just announced a new shipping program that could steal more business from your local convenience store
… This week, the company banished its $35 minimum on free shipping. Instead people can opt for free, four-to-eight-day delivery on thousands of small, light products, such as phone cases, ear plugs, and toothbrushes.
Amazon calls it its "small and light" program, because it applies only to products that weigh less than 8 ounces, are smaller than 9x6x2 inches, and cost under $10.

At JPMorgan, Voicemail Deemed Obsolescent
The Wall Street bank is eliminating voicemail for thousands of employees who do not take calls from customers, at a savings of $10 a month per person, Gordon Smith, chief executive of the company's consumer banking operations, said at an investor conference on Tuesday.
… "We realise that hardly anyone uses voicemail anymore," Smith said. "We are all carrying something in our pockets that is going to get texts or email or a phone call," he said. "We started to cut those off."

Perspective. Big Data does not require big hardware. Very “James Bond,” “Q” will be amsused.
SanDisk Squeezes 128GB of Storage Into a Dime-Sized Drive

Tools for my Website development students.
Build It: 11 Brilliant Chrome Extensions For Web Developers
SanDisk has found a way to squeeze 128GB of flash storage into an external drive that’s smaller than our smallest coin. Forget the thumb drive; this is a thumbnail drive.
The SanDisk Ultra Fit isn’t a new form factor; it debuted last fall in 16GB, 32GB, and 64GB varieties. But 128GB in a pebble-sized drive represents a significant capacity-to-size breakthrough. That is, after all, the same amount of storage you’ll find in a baseline MacBook Air (or, for that matter, top-end iPhone). It’s enough space to fit up to 16 hours of full HD video

Even games could help my Math students. God knows some of them really need help.
6 Cool Math Games for Android

Could be useful...
For the first time ever, the creators of the SAT have given Khan Academy exclusive access and advice to build a personalized practice program for anyone, anywhere.
These tools are free and available now for every student to take ownership of their learning and their future.

For my starving students.
Friday Is National Doughnut Day. Here's Where to Get Deals.
Dunkin' Donuts: If you buy a beverage at Dunkin' this Friday, feel free to also grab a free doughnut.
Krispy Kreme: Krispy Kreme is serving up free doughnuts – one per guest

Tuesday, June 02, 2015

Strange timing. We've been calling TSA “security theater” since it's inception. Why are we suddenly pointing out how poorly they are doing the job they claim protects everyone?
EXCLUSIVE: Undercover DHS Tests Find Security Failures at US Airports
An internal investigation of the Transportation Security Administration revealed security failures at dozens of the nation’s busiest airports, where undercover investigators were able to smuggle mock explosives or banned weapons through checkpoints in 95 percent of trials, ABC News has learned.
… Homeland Security Secretary Jeh Johnson was apparently so frustrated by the findings he sought a detailed briefing on them last week at TSA headquarters in Arlington, Virginia, according to sources. U.S. officials insisted changes have already been made at airports to address vulnerabilities identified by the latest tests.
… More recently, the DHS inspector general’s office concluded a series of undercover tests targeting checked baggage screening at airports across the country.
That review found “vulnerabilities” throughout the system, attributing them to human error and technological failures, according to a three-paragraph summary of the review released in September.
In addition, the review determined that despite spending $540 million for checked baggage screening equipment and another $11 million for training since a previous review in 2009, the TSA failed to make any noticeable improvements in that time.

(Related) Not fired (not sure what you would have to do to get fired from a government agency) but the rhetoric will make it sound that way.
Head Of TSA Reassigned, After Tests Reveal Security Failures
After covert tests revealed major security failures, the acting director of the Transportation Security Administration has been reassigned.
In a statement, Jeh Johnson, secretary of homeland security, said Melvin Carraway will now work at the department's Office of State and Local Law Enforcement.

Well, this explains a lot. Interesting how management sets priorities.
IRS Using 13-Yr. Old Microsoft Software
IRS computers are still running the 13-year old Microsoft Windows XP operating software which Microsoft stopped supporting a year ago with security updates. Even the agency’s fraud-catching software is two decades old.
… IRS Commissioner John Koskinen has said budget cuts have kept the service from upgrading, telling Congressional members that “we still have applications that were running when John F. Kennedy was president.”
The news comes as cold comfort to the tens of thousands of Americans who have had their identity stolen as a result of filing their taxes. And, the breaches can be no surprise to the IRS itself which has been warned repeatedly by the Government Accountability Office over limited security controls. In the most recent report, the GAO found 69 potential problems, including weak employee passwords.

Flag this resource, eventually you will need it. (Probably 90% of victims can not do step 1)
New One-Stop Resource for Identity Theft Victims
by Sabrina I. Pacifici on Jun 1, 2015
News about data breaches at banks, stores, and agencies is an everyday occurrence now. But if your private information has been compromised, it doesn’t feel commonplace to you. The sooner you find out, and begin damage control, the better off you’ll be., a new website, offers step-by-step checklists of what to do right away, and what to do next, depending on the information that’s been stolen or exposed. It lists warning signs indicating your identity was stolen, and gives websites and phone numbers for organizations you’ll need to reach. And, it has sample letters for disputing fraudulent charges, correcting information in your credit reports, and getting business records relating to the theft. Check out, bookmark it, and print out the checklists, as your first line of defense against identity theft.”

A win for Facebook users or just for Phil Zimmerman?
Facebook Wants To Send You Encrypted Emails
Looks like Facebook is as wary of Big Brother as the rest of us. Facebook is testing an experimental encryption feature as a safeguard against surveillance.
You’ll be able to share a public encryption key in your profile, and set up encrypted notifications so that all the emails you receive from Facebook will be protected with encryption.
Facebook’s encryption work with OpenPGP, and it uses GNU Privacy Guard (GPG), a popular free implementation of PGP technology. If this all sounds confusing, Lifehacker has a great guide to setting up email encryption if you haven’t done so yet,
… as much as Facebook needs people to keep posting personal information, it also needs people to feel secure doing so.

Take a few seconds and check! (Digest Item #2)
Check Your Google Privacy Settings
Google has rolled out a new My Account page to help individual users control their privacy settings and understand the options available to them. The simplest way to check everything is as it should be is to take the Privacy Checkup and Security Checkup, step-by-step guides to the most important settings.
Once you’re satisfied with those, you can “manage the information that can be used from Search, Maps, YouTube and other products to enhance your experience on Google,” “Use the Ads Settings tool to control ads based on your interests and the searches you’ve done,” and “Control which apps and sites are connected to your account”.
All of which should help ensure you’re only sharing what you want to share with Google and others trapped within its extensive ecosystem. Alternatively, you could go into full tinfoil hat conspiracy theory mode and try to break away from Google completely.

Perspective. Are we in the 'consolidation phase' of the chip industry, or is this a move of desperation?
RPT-Intel's purchase of Altera defends its datacenter dominance
Intel Corp's $17 billion purchase of programmable chip maker Altera Corp is a costly defensive move to ward off rivals in the prized datacenter business it dominates, analysts said on Monday.
… "This whole deal is defensive for the datacenter," said Bernstein analyst Stacy Rasgon, who saw it as an admission by Intel that it was getting harder to drive performance gains.
He questioned Intel's projections for the programmable chip market, which is built on datacenter use and growing adoption of Intel chips in everyday objects connected to the Internet. "I think their growth goals are ludicrous," he said. "They think it's going to grow 7 percent a year, but Altera shrunk 2 percent a year in the last three years."
… Intel, which analysts estimate has more than 90 percent of the datacenter market, already has an agreement to use Altera chips. Its move comes as companies such as Qualcomm Inc, using ARM Holdings -designed chips and the soon-to-be merged Avago Technologies and Broadcom Corp , also target the datacenter market.
By buying Altera, Intel avoids the risk of being dropped as the smaller company's manufacturing partner, which had been the subject of some speculation, said Gartner analyst Mark Hung.
The purchase means Intel is hedging against the likelihood that the rise of FPGA chips will reduce the need for central processing unit (CPU) chips running servers, where Intel currently dominates.

(Related) Does this explain “merger mania?”
Why Mega-Mergers Are Back in Vogue for Internet Companies

Perspective. Are news organizations analyzing social networking sites enough to understand the new politics?
How Millennials’ political news habits differ from those of Gen Xers and Baby Boomers
It’s been well documented that younger adults differ from their elders in their news habits, both in the platforms they use and the sources they rely on. A Pew Research Center report released today looks specifically at the political news habits of Millennials, and how they vary from the two generations before them. Here are five key takeaways from the report:
1 Millennials rely on Facebook for their news far more than any other source.
2 Compared with the previous two generations, Millennials are less familiar with many news sources we asked about in the survey.
3 Millennials are no less trusting than Gen Xers and Baby Boomers of news sources they know.
4 Millennial Facebook users are exposed to more political content on the social media site than are Gen Xers or Boomers.
5 Millennials are less interested in politics than older generations.

We now spend more than eight hours a day consuming media
If you weren’t reading this article, you would probably be scanning something else on the internet, watching TV, or maybe—just maybe—reading a newspaper or magazine. In short, you would be consuming media.
On average, people spend more than 490 minutes of their day with some sort of media, according to a new report by ZenithOptimedia. Television remains dominant, accounting for three hours of daily consumption—an hour more than the internet, in second place.

Scholars' Labs” I like it. Sounds like we're growing students in a Petri dish.
The Evolving, Expanding Service Landscape Across Academic Libraries
by Sabrina I. Pacifici on Jun 1, 2015
Brian Mathews – Chronicle of Higher Education – The New Service Layer – “…During this same time — while reference transactions were declining — other service points migrated into our environments. Writing Centers, Communication Studios, Multimedia Studios, IT Help Desks, and Adaptive/Assistive Technologies Support Spaces are all common today. Other niche areas have emerged including data visualization rooms, GIS Labs, markerspaces, Digital Humanities Centers, Scholars’ Labs, language labs, and gaming labs. Libraries are as robust as ever. We may be answering fewer traditional questions, but collectively we are involved across many more components of the academic enterprise.”