Saturday, July 18, 2015

Looks like another third party breach. Was the vendor held to CVS standards? (If so, all of CVS is vulnerable) goes dark in wake of breach: Should CVS customers worry?
CVS recently shut down its online photo services after discovering that a potential data breach may have compromised customer credit card information.
The drugstore chain did not say how many customers may have been affected, but said the breach was limited to transactions made through; those who have made transactions in-store and through CVS’s main site,, are safe.
… We are working closely with the vendor and our financial partners and will share updates as we know more.

“No evidence” translates to “We don't bother keeping logs” You would think that someone would “invent” better language for these press releases. Words that don't make your organization look totally incompetent,
UCLA Health announced today it was a victim of a criminal cyber attack. While the attackers accessed parts of the computer network that contain personal and medical information, UCLA Health has no evidence at this time [Are they expecting a miracle at some future time? Bob] that the cyber attacker actually accessed or acquired any individual’s personal or medical information.
UCLA Health estimates that data on as many as 4.5 million individuals potentially may have been involved in the attack, believed to be the work of criminal hackers. UCLA Health is working with investigators from the Federal Bureau of Investigation, and has hired private computer forensic experts to further secure information on network servers. [Because our current security sucks, Bob]
We have taken significant steps to further protect data and strengthen our network against another cyber attack.” [Our security sucks significantly! Bob]
… UCLA Health detected suspicious activity in its network in October 2014, and began an investigation with assistance from the FBI. At that time, it did not appear that the attackers had gained access to the parts of the network that contain personal and medical information. As part of that ongoing investigation, on May 5, 2015, UCLA Health determined that the attackers had accessed parts of the UCLA Health network that contain personal information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information. Based on the continuing investigation, it appears that the attackers may have had access to these parts of the network as early as September 2014. We continue to investigate this matter.

This too is infrastructure.
FCC Cracking Down on 911 Service Failures
For three hours last August, almost all T-Mobile US Inc. ’s about 50 million customers couldn’t reach 911.
The nationwide outage, disclosed on Friday, was at least the third major outage by a variety of telecom operators of the 911 call system in three years, raising concerns among federal regulators that the country’s emergency response system is becoming more vulnerable.
… In the past any outage was localized. Now it can affect millions of people in multiple states, whether they use cellphones or landlines.
Regulators slapped T-Mobile with a record $17.5 million fine for the malfunction that debilitated the part of carrier’s network that handles emergency calls.

Not real clear what this means. If DHS is scanning everything that comes into government sites (“incoming”) “amped up” can't mean increasing the volume of scans. So how do you scan more intensely? Broaden your “patterns?” Expand your definition of “malicious?” Then, if some bad actor invents a new way to hack into government systems, we will delete all the evidence because it did not appear to be a threat?
There’s A Plan to Immediately Purge Some Governmentwide Network Surveillance Data
After a series of stinging government hacks, the Department of Homeland Security said scans of incoming Internet traffic from the public would be amped up. It has been unclear how this monitoring might affect the privacy of citizens and employees.
Now, a little-noticed National Archives and Records Administration assessment offers some insight: Any surveillance data collected that does not trigger alarms will be erased pronto, according to a pending records disposal plan.
DHS’ National Cybersecurity Protection System, better known as EINSTEIN, collects streams of traffic containing, among other things, emails and Web-surfing habits, to flag patterns indicative of known malicious attacks.

Should be a great source of redactions.
On Thursday, a federal district court in New York issued its latest ruling in the ACLU’s long-running Freedom of Information Act (FOIA) litigation seeking the legal and factual bases of the 2011 drone strike that killed three Americans in Yemen. The 160-page opinion addresses hundreds of records withheld by the Justice Department’s Office of Legal Counsel (OLC), CIA, and Defense Department. The opinion itself is heavily redacted, a product of well over a month of classification review by the government, and a testament to the overbroad secrecy which has pervaded this litigation.
In 2013, the same court deferred to the government’s refusal to confirm or deny whether it possessed documents responsive to the ACLU’s FOIA request. But the Second Circuit conclusively rejected this argument, forcing the government to release a redacted version of a 41-page July 2010 OLC Memo, and ordering the agencies to submit indexes enumerating and describing the other withheld documents.

We remember privacy!
UK surveillance report affirms privacy concerns
by Sabrina I. Pacifici on Jul 17, 2015
The Guardian: “Privacy campaigners have secured significant concessions in a key report into surveillance by the British security agencies published on Tuesday. The 132-page report, A Democratic Licence To Operate, which Nick Clegg commissioned last year in the wake of revelations by the US whistleblower Edward Snowden, acknowledges the importance of privacy concerns. “Privacy is an essential prerequisite to the exercise of individual freedom, and its erosion weakens the constitutional foundations on which democracy and good governance have traditionally been based in this country,” the report says. It says that there are “inadequacies in both law and oversight that have helped create a credibility gap that has undermined public confidence”. The report proposes that the intelligence services retain the power to collect bulk communications data on the private lives of British citizens, but it also now concedes that privacy must be a consideration throughout the process. The report, written for the Royal United Services Institute (RUSI) by a panel that includes three former heads of UK intelligence agencies, also calls for an overhaul of existing legislation.”

Where have all the Spammers gone, long time passing
Where have all the Spammers gone, long time ago?
Where have all the Spammers gone?
Gone to Social Networks everyone.
Oh, when will they ever learn?
Oh, when will they ever learn?
Email Spam Rates Dip Below 50 Percent
… According to the latest Symantec Intelligence Report, the last time the security firm recorded a similarly low spam rate was in September 2003.

Years ago, you couldn't be a “good parent” without a copy of Dr Spock's “Baby and Child Care ” Now you need a global network?
Parents and Social Media
Social media networks have become vital channels for Americans’ daily interactions. Users rely on these platforms to keep in touch with family and friends, gather information and share what is important to them. This report explores how parents – 75% of whom use social media – turn to social media for parenting-related information and social support.
71% of all parents on social media try to respond if they know the answer to a question posed by someone in their online network.

Perspective. Some companies are worth more split apart. eg. Standard Oil
What’s Left of eBay After Shedding More Than Half of its Business
E-commerce giant eBay (EBAY) completed its PayPal spinoff on Friday, a plan that was announced in September of last year, after months of urging from activist investor Carl Icahn. Starting Monday, PayPal (PYPL) will be a separate publicly-traded company.
PayPal will be the bigger company post-split with analysts estimating that it will be valued at roughly $45 billion. eBay is expected to have a market cap of at least $30 billion.
… Now that the companies have split, here is what’s left of the eBay business:
eBay Marketplaces: This is the division that people associate with eBay.
eBay Classifieds: A competitor of Craigslist
StubHub: A platform for buying and selling tickets to concerts and events

(Related) Some do fine as they are.
Google market value surges $65 billion
Google Inc's shares surged over 16 per cent on Friday, adding about $65 billion to its market value, as strong growth in mobile ad revenue allayed concerns its YouTube business could be hurt by Facebook Inc's push into video.
The surge in the stock, which sent the Nasdaq composite index to a record high, came a day after Google reported better-than-expected revenue and profit for the first time in six quarters.
Google's Class A (with voting rights) shares surged 16.26 per cent to end at an all-time high of $699.62, a day after reporting strong ad revenue growth. It was Google's largest one-day percentage gain since April 2008.

(Related) And some just need a kind word.
Shares of Etsy, the e-commerce Web site for handmade and vintage items, jumped 31 percent on Friday — thanks to a positive brief mention by Google the day before.

I know a few innovative students...
Microsoft's new Office contest wants students to showcase their creativity
… The Microsoft PC Accessories team is hosting a contest where students write about how they use technology to be creative. Students will submit a Word document written with no more than 300 words to Contestants must also provide their name, the school name of where they attend, and an email address. The full rules for the contest are located here.

(Related) And this for people who don't have facility with words.
Letting Our Emojis Get in the Way
For some emoji enthusiasts, there’s always room for a new icon on the keyboard.
Taco Bell is helping lead the charge to add a taco. Several publications have suggested their own additions. And more than 15,000 supporters of the redheaded community are campaigning for representation on
Now, Jeremy Burge, emoji afficianado and founder of a website called Emojipedia, has created a social media campaign called World Emoji Day, which he set for July 17 based on the calendar shown on iPhones. (Because of differences in how services and operating systems interpret code, the calendar reads July 15 on Twitter or no date at all on Android.)
… Emojipedia keeps track of the additions, including the most recent wave that added 41 characters, including a unicorn and a “nerd face.” [No, it does not look like me! Bob]

Clever, clever.
Joel Schneider, CEO of Bud+Breakfast Opens 3rd Location
July 16th marks the official launch of Bud+Breakfast’s San Ayre, Colorado location. San Ayre represents Bud+Breakfast’s third location and they have now doubled in capacity. The first continental, cannabis friendly, breakfast took place this morning and happy hour kicks off at 4:20 every day. Bud+Breakfast is the premier cannabis-friendly lodging and hospitality company in the United States.

My Saturday sillies!
Hack Education Weekly News
ConnectHome: a new Obama Administration initiative to expand access to broadband to low-income families in order to address the “homework gap.”
… Students Matter, an advocacy group that sued California over its teacher tenure laws, is now suing 13 school districts in the state for not using test scores in teacher evaluations.
… The University of Michigan is going Nike with “a deal valued at $169 million that begins Aug. 1, 2016 and runs through 2027, with a school option to extend it to 2031. Nike will supply uniforms, footwear, apparel and equipment for all 31 varsity athletic teams. The financial terms total $122.3 million guaranteed, with Michigan receiving $12 million cash up front (due Thursday), $56.8 million in equipment and apparel and $53.5 million total in cash, paid annually.” [Better than Grants! Do you think they would sponsor our Math club? Bob]
… Software that UK schools are using to monitor students’ Internet use has a major security flaw: “a flaw in the company’s encryption protocols which could allow almost anyone to gain full access to computers running the Impero software, run software such as spyware on the systems, or access files and records stored on them.”
… According to a study from the Rennie Center for Education Research and Policy (as reported in The Atlantic), “dual-enrollment programs, where students take classes simultaneously in high school and at a local college, have proven especially successful at getting less-affluent and first-generation students into college – and through it.”

For our Business Communications students?
How to Get More Likes and Shares on Facebook, According to Researchers

For all my students.
Free Microsoft Word Resume Templates to Help You Land Your Dream Job

For the research toolkit.
Limit Your Google Search to Official US State Web Sites
by Sabrina I. Pacifici on Jul 16, 2015
Via ResearchBuzz who created this very useful app – “So I made a list of the fifty states, with these three domain types for each state, and dumped it into a custom Google search engine that’s available at Put in any keywords you want and your search results will be restricted to official state Web sites on.”

Set this next to our Windows 10 demo machine.
A Guide to the Windows 10 Start Menu

Dilbert perfectly illustrates our fascination with technology toys.

Friday, July 17, 2015

Incentive for my Ethical Hacking students?
United Airlines rewards hackers with millions of miles for spotting IT flaws
Two hackers scored one million air travel miles for uncovering security flaws in United Airlines' software systems and privately disclosing them to the company.
Through United's "bug bounty" program -- so called because it offers monetary incentives for revealing software defects -- the hackers will now be able to fly from the continental United States to Europe 33 times.

A very nice summary.
What Is the OPM Hack, and What Does it Mean For You?

(Related) To me, this reads like a carefully worded “Don't get your hopes up.”
Is There a Judicial Remedy for Victims of Federal Data Breaches?
by Sabrina I. Pacifici on Jul 16, 2015
“The scope of information believed to have been compromised by a series of cyber-intrusions at the Office of Personnel Management (OPM) continues to grow. OPM recently announced that further investigation of the initial breach affecting 4.2 million current and former federal employees has led officials to conclude that sensitive information on 21.5 million individuals had been stolen from separate OPM databases used in connection with background investigations. In addition to the potential effects on domestic and foreign policy that may result from these breaches, which are discussed here, two recently filed lawsuits raise questions regarding what redress, if any, is due to affected individuals beyond the free credit monitoring that has been offered by OPM. The two suits, filed separately by the American Federation of Government Employees (AFGE) and the National Treasury Employees Union (NTEU) allege a number of legal theories under which the plaintiffs believe recovery may be available, including claims citing the Privacy Act, the Federal Information Security Management Act (FISMA), common law negligence, and the Due Process clause of the Constitution. While, procedural obstacles to such suits, such as whether the plaintiffs have suffered a sufficiently concrete injury to have a right to sue, are important and may end up being dispositive, this post focuses instead on the extent to which selected sources of statutory, common, and constitutional law may provide a judicially enforceable remedy for current and former federal employees whose personal information may have been exposed during the breach of a federal information technology system.”

It would not surprise me if this was common practice everywhere. reports:
Dutch police now automatically intercept internet traffic when setting up a telephone tap, online magazine Computerworld reports on Thursday. The news was buried in the justice ministry’s annual report which was published in May and has only now been made public, the website states.

SC Magazine reports:
As part of its bid to increase transparency about the terms under which it operates in different countries, Vodaphone has published the overarching processes and policies in place regarding lawful interception of communications data required by domestic authorities on a country by country basis.
Read more on SC Magazine.

This is what happens when amateurs rely on the information they are given without considering how it got to them.
Tom Whitehead reports:
Innocent people were wrongly investigated as suspected paedophiles, including one who was arrested, because of snooping blunders by police and internet companies.
Five people had their homes searched and computers seized last year after errors in requests for email and phone records meant they were wrongly targeted, a watchdog has revealed.
Read more on The Telegraph.
[From the article:
Blunders in another case meant three genuine suspects escaped justice because their records had been deleted by the time the errors were discovered.
Information of dozens of other innocent people was also wrongfully disclosed to officers investigating child sex abuse or pornography because of error in requests.
The mistakes were revealed in Sir Anthony’s final report before stepping down and he found a total of 998 errors were made in communications data requests last year.
Police, councils and other public bodies made a total of 517,208 applications to spy on email, internet and phone records last year – the equivalent of one request every minute.

What's the worst that could happen? You get shamed for not eating your vegetables?
Jack Broom reports:
A group of privacy advocates is suing the city of Seattle, arguing that having garbage collectors look through people’s trash — to make sure food scraps aren’t going into the garbage — “violates privacy rights on a massive scale.”
“A person has a legitimate expectation that the contents of his or her garbage cans will remain private and free from government inspection,” argues the lawsuit filed Thursday in King County Superior Court by the Pacific Legal Foundation.
Since January, Seattle residents have been directed to place food scraps in the same bins as their yard waste, so that the material can be composted, instead of into garbage cans, where it would end up in a landfill.
Read more on The Seattle Times.

Worth reading. The Internet, the world wide web, Deepweb and Darkweb.
CRS Report – The Dark Web
by Sabrina I. Pacifici on Jul 16, 2015
Dark Web, Kristin Finklea, Specialist in Domestic Security. July 7, 2015:
“The layers of the Internet go far beyond the surface content that many can easily access in their daily searches. The other content is that of the Deep Web , content that has not been indexed by traditional search engines such as Google. The furthest corners of the Deep Web, segments known as the Dark Web, contain content that has been intentionally concealed. The Dark Web may be used for legitimate purposes as well as to conceal criminal or otherwise malicious activities. It is the exploitation of the Dark Web for illegal practices that has garnered the interest of officials and policy makers. Individuals can access the Dark Web by using special software such as Tor (short for The Onion Router). Tor relies upon a network of volunteer computers to route users’ web traffic through a series of other users’ computers such that the traffic cannot be traced to the original user. Some developers have created tools—such as Tor2web—that may allow individuals access to Tor-hosted content without downloading and installing the Tor software, though accessing the Dark Web through these means does not anonymize activity. Once on the Dark Web, users often navigate it through directories such as the “Hidden Wiki,” which organizes sites by category, similar to Wikipedia. Individuals can also search the Dark Web with search engines, which may be broad, searching across the Deep Web, or more specific, searching for contraband like illicit drugs, guns, or counterfeit money. While on the Dark Web, individuals may communicate through means such as secure email, web chats, or personal messaging hosted on Tor. Though tools such as Tor aim to anonymize content and activity, researchers and security experts are constantly developing means by which certain hidden services or individuals could be identified or “deanonymized.”

Just a thought, but are humans going to have trouble sharing the road with cars that always follow every traffic rule? (And have recordings they can show the judge to prove you were at fault!)
Google's self-driving cars crash 'surprisingly often,' but it's not their fault

This is how businesses are transforming. Why wouldn't it work for a government agency if they really wanted to change? (i.e. If they had managers rather than politicians running the agencies?)
Should The IRS Become a Consumer Agency Instead of a Tax Cop?
In her latest report to Congress, IRS Taxpayer Advocate Nina Olson made the provocative suggestion that her agency completely rethink its mission:
“It should transform itself as a tax agency from one that is designed around nabbing the small percentage of the population that actively evades tax to one that aims first and foremost to meet the needs of the overwhelming majority of taxpayers who are trying to comply with the tax laws.”
She made the suggestion even as she notes the agency may be headed the other way.
… Olson is absolutely right when she says that IRS staffers need to be accessible and knowledgeable enough to answer basic questions or resolve uncomplicated problems. Taxpayer disputes are often due to simple misunderstandings that could be easily and quickly addressed with the help of a human at the agency.
There also are political consequences to the enforcement-only image that worries Olson. The agency already is facing withering fire from Congress and getting little cover from the White House. It is hard to see why lawmakers would go to bat for an agency their constituents know only in the context of disputes and enforcement cases.

Interesting statistics, how should we interpret them?
In the era of super PACs and nonprofit political groups, the money presidential candidates raise for their own campaigns is often dwarfed by what outside groups raise and spend to support them. But the ability of candidates to raise money from individuals is still an important indication of how much support they have. And the nature of their donors tells us a great deal, too, about their political appeal. Are candidates raising money from many people of modest means, who make small donations, or from a smaller group of wealthier donors, who give the maximum allowed by law?

Eliminating the need for lawyers, one search at a time.
Google strengthens its patent search
Google announced Thursday it was strengthening its “Google Patents” search to help in determining whether a new patent application is valid.
The search giant announced it will now allow people to search in one place for both previously patented material and other "prior art" that may be relevant to a new patent application.

Something to get my Risk Management students thinking. Lloyd's says, “Cyber is an underinsured risk.”
Cyber Attack on Power Grid Could Top $1 Trillion in Damage: Report
Lloyd's and the Cambridge Centre for Risk Studies at University of Cambridge Judge Business School examined the implications of a fictional attack where adversaries damaged 50 generators supplying power to the electrical grid and caused a blackout across 15 states along the East Coast and Washington D.C. and affected 93 million people. Lloyd's produced the Business Blackout report to help insurance underwriters understand how cyberattacks impact insurance and risk.
Lloyd's identified six primary categories of insurance claims in its report. Power generation companies would likely file claims for property damage to generators, business interruptions as a result of not being able to sell electricity, and costs incurred from incident response and regulatory fines. Power companies may try to recover a proportion of the losses incurred by filing claims against partner companies' liability insurance policies. Businesses who lost power may file claims to recover losses stemming from property damage, such as perishable cold storage, business interruption, the inability to comply with existing regulations. Homeowners could also conceivably file claims for property damage under contents insurance.
Companies indirectly affected by the blackout can also be due for insurance payments, for business interruption or supply chain disruptions. Companies with inadequate contingency plans may generate claims under their directors' and officers' liability insurance, Lloyd's noted in the report. The final category covered specialty covers, such as event cancellations.

In some circumstances, this could also apply to student research.
Should Journalists Use or Ignore Social Media? Two Examples to Think About

For my students who program.
The Best Places to Learn Swift, Apple’s Programming Language
When Apple announced their brand new programming language Swift, the programming community rejoiced.
… And then Apple went ahead and announced that Swift would soon be open source, bringing in a new wave of support from developers all over the planet. It wouldn’t surprise me if Swift rose up and became the world’s most popular language within the next decade.
SoSoSwift (Free)
The best way to get started is to click on the Tutorials link and browse through the Collections. For example, Swift Tutorial: Introduction Series is great for an absolute beginner while iOS 8 Game Development is ideal for aspiring game developers.
SkipCasts (Free)
Swifty (Free)

There goes the neighborhood.
An Angry Birds Sequel Is Officially Happening

Thursday, July 16, 2015

Eventually, your “risk assessment” score will be passed to the “automated drone targeting” system and you could be the recipient of your very own Maverick missile! And no one knows how that decision is made. (Except Skynet)
This rant by frequent contributor Joe Cadillic contains some interesting statistics and links to other resources on the Automated Targeting System.
Yes, it is as bad as you suspect.
Read more on Joe’s blog, MassPrivateI.

(Related) If the government puts it in my car, is it still voluntary? (Don't get me started on the “unfairness” of electric cars not paying the gasoline tax.)
Joe Wolverton II, J.D. writes:
A new Oregon law allows the government to track drivers’ every move, and the United Nations and the federal government think that’s a great idea — for all of us.
So as to punish electric car drivers for not paying their fair share of transportation taxes associated with gas-powered vehicles, the state of Oregon is installing in every electric car a GPS device that will measure the number of miles traveled.
For now, however, the program is voluntary, but such invasions of privacy and surveillance schemes rarely stay that way.
Read more on New American.

The article makes it seem like security in the 21st Century is all new. It's not, just the same old Best Practices.
Stepping Up Security Risk Management Practices
… damages associated with breaches are motivating companies to transition from a check-box mentality to a pro-active, risk-based approach to security.
This approach requires that organizations take real-time information into account when running continuous monitoring and mitigation programs. Technology plays a central role in gathering all the necessary pieces that make up the security risk management puzzle. Many organizations have invested heavily in deploying a technology portfolio that can detect cyber-attacks before they can wrack havoc. This trend has been confirmed by Gartner (“Gartner Says Worldwide Information Security Spending Will Grow Almost…”, Gartner, August 2014), which predicts that worldwide spending on information security will reach $76.9 billion in 2015, an increase of 8.2 percent over 2014.

Not sure the law makes sense. Should be an amusing debate.
Rich Lord reports:
Facebook’s handling of your headshot is now the subject of class action lawsuits that pose the question: When someone turns your mug into data, are those digits theirs or yours?
Filed in April and May, the lawsuits claim that when Facebook started converting the geometry of your profile picture into what it calls “a unique number,” it broke a 2008 Illinois law giving residents certain rights when their biometric information is collected.
Facebook is disputing the claims, and fired its first legal salvos this month.
Read more on Pittsburgh Post-Gazette.

CloudFlare Releases Transparency Report for First Half of 2015
CloudFlare said it received 12 subpoenas between January 1, 2015 and June 30, 2015, the same number as in the second half of 2014. These subpoenas, ten of which have been answered, affect a total of 12 accounts and 139 domains.
While the number of subpoenas has remained the same, the number of court orders increased considerably. In the first half of 2015, the company was hit with 50 court orders, more than it received in the entire last year. The content delivery network responded to 49 of the court orders, which affect a total of 2,120 domains and 96 accounts.
The transparency report, which is published on a semiannual basis, shows that CloudFlare received three search warrants and one pen register/trap and trace order, and answered all of them. Records show that the company has not received any wiretap orders.

As if my IT Governance students did have enough to worry about... New term: “App Creep”
3 Ways to Control App Creep
With employees of enterprise companies using an average of 397 cloud apps, according to a Netskope Cloud Report, the phenomenon of "app creep" is real. And it doesn't show any signs of slowing.
App creep strikes organizations that continue to adopt new point solution apps without retiring old, duplicative, underused or ineffective technologies. For sales teams, this causes more than just a cluttered virtual workspace; it can lead to siloed information and disjointed customer interactions that can stymie growth and impact the bottom line.
Sales leaders are adopting new technologies at an ever-increasing rate in fear of falling behind.

Another IT Governance question: What is the proper response?
Concerned about the security of student information? If so, this should infuriate you:
A researcher who exposed security flaws in tools used to monitor the Internet usage of UK students has been hit with a copyright complaint. ‘Slipstream’ discovered flaws in Impero Education Pro which could reveal the personal details of thousands of pupils but in response Impero has sent in its legal team.

I would be interested to see who take the time to actually read (and understand) the code. Perhaps this will lead to a shared documentation website?
How to Find Open Source Software for Windows
Open source software is the name of the game these days, largely due to a surge in concerns over online privacy and awareness regarding data security. With proprietary software, you just never really know what the program is doing with your data.
The world is moving towards a greater acceptance of open source software, and in some circles, acceptance has turned into demands for viable open source alternatives to popular programs like Word and Photoshop.
… Near the end of 2014, Microsoft announced that they would be open sourcing their .NET Framework, a code platform and environment on which many modern Windows programs rely. More recently, they also decided to open source Windows Live Writer.
And then there’s Apple, who announced that they would soon open source their Swift programming language.
Open Source Windows is a curated list of the best open source programs available to Windows users.
Open Source Software Directory is a light resource for finding non-proprietary programs.
AlternativeTo so as far as comprehensive software coverage is concerned, there’s no better site out there.
… If you need a starting point for quality programs, check out our Best Windows Software list.

Is this just a bit of “bad mouthing” or will it really impact the bottom line? From the look of a few Tweets, I'd say the latter.
This chart shows just how badly HSBC got slayed on social media for being late on Apple Pay
But one bank that was supposed to come online this week, HSBC, was hit by delays, and new analysis from social media monitoring company Brandwatch shows the bank got absolutely killed on social media for the slip up.
The chart below shows that negative tweets about HSBC on Tuesday outnumbered positive ones 5 to 1:

(Related) Don't react, take control!
Your Company Should Be Helping Customers on Social
People under 35 spend almost four hours per day on social media, and more of that time is being spent engaging with brands. Our research has shown that the volume of tweets targeted at brands and their Twitter service handles, for example, has grown 2.5x in the past two years. Similarly, the percentage of people who have used Twitter for customer service leapt nearly 70%, from 22 to 37% from 2013-14. McKinsey’s analysis shows that 30% of social media users prefer social care to phoning customer service.

Perspective. Your news today will agree with your news yesterday. You will never be bothered with news that contradicts your opinion. How will you learn?
More Americans login to Facebook and Twitter to read news says Pew
Not surprisingly, a recent survey has found that more people in the United States get their daily news fix from social media sites, namely Facebook and Twitter.
… Two years ago, only 37 percent of Americans admitted that they read news/articles within Facebook. This year, according to Pew Research’s, 63 percent of Americans now use their Facebook accounts to get or read articles. On Twitter in 2013, only 52 percent of Americans read news articles and other content within the micro-blogging site’s backyard. And this year, 63 percent of Americans say they now follow the news using Twitter’s product and services (apps, desktop site).

Facebook Inc (FB) Does Not Provide A Choice When It Comes To Reading News

Perspective. Google becomes Amazon?
Google 'buy' buttons let users shop directly from ads
… Eager to get in the e-retail game, Google announced that it will begin to test “buy" that will appear on mobile advertisements. The move is meant to make online purchasing easier than ever by letting users buy products with just the click of a button using the payment information linked to their Google accounts.

(Related) Of course, Facebook wants some of that market too.
Soon, you may be able to shop on Facebook
… Facebook pages will soon host e-commerce shopping sites, according to media reports.
The digital storefronts will also have a "Buy" button to help you get items you have developed a fancy for.

(Related) And this didn't help Amazon keep the wolves at bay. (Digest Item #1)
The Problem With Amazon Prime Day
The first ever Amazon Prime Day may also be the last, judging by the overwhelmingly negative comments from customers hoping to pick up a bargain. The biggest problem was hype, as the first Amazon Prime Day, held yesterday (July 15) did not live up to expectations. Instead, the whole event has left a nasty taste in the mouth of many loyal Amazon Prime subscribers.
Amazon didn’t lie, as there were some incredible bargains on offer. Unfortunately, demand outstripped supply, meaning most people were left picking up the scraps left behind by the eager beavers sitting at their computers all day ready to click “Buy” at a moment’s notice. These scraps trended towards being old stock Amazon needed to clear out of its warehouses.
This may well have been “bigger than Black Friday” in terms of the number of items on offer, but we all know quality is much more important than quantity. Amazon probably made a small fortune yesterday, but judging by the reactions on social networking sites, the online retailer has eroded the faith shown by longtime Amazon Prime subscribers thinking they were being rewarded for their loyalty.
If there is to be an Amazon Prime Day 2016, Amazon needs to up its game in every department. A better user interface, better deals with more stock available at the lower price, and more common sense right across the board. As The Next Web pithily notes, this first Amazon Prime Day could have been called the Amazon Garage Sale.

For my students, especially the vets, who should be using these people more!
New EFF Tool Makes Emailing Congress Just a Few Clicks Away
by Sabrina I. Pacifici on Jul 15, 2015
“The Electronic Frontier Foundation (EFF) has created a new tool that makes emailing your congressional lawmakers a quick and easy process. simplifies and streamlines the current fractured system for contacting lawmakers, allowing you to message your two senators and your representative from a single website. “Democracy thrives when the voices of Internet users are heard in Washington. The easier it is for you to reach your member of Congress, the better,” said EFF Activism Director Rainey Reitman. “With, you can send one message to both your senators and your representative right away, instead of tracking down three different forms on three different websites. We are proud to open this tool to the public and increase lawmakers’ awareness of how their constituents really feel.” At, you enter your home address, and a quick look-up provides the names of your three congressional lawmakers. You then can choose any or all of those lawmakers, and send them whatever message you’d like. follows best practices for protecting the privacy of users, and all of the code is licensed under the AGPL, which means people can create new versions with different features. EFF does not control or influence the messages sent through”

For the website developer's toolkit.
Ultimate Free Tools for Cross-Browser Testing

As long as I don't have to win, I can do this!
Chipotle Is Giving Away Free Burritos to Any Customer Who Plays This Online Game
… From July 21 until the end of August, Chipotle is giving out buy one, get one free coupons for a free entrĂ©e. All customers have to do is go to Chipotle's "Friend or Faux?" website and play an interactive game.

Do you think we could require politicians to wear these when campaigning?

Wednesday, July 15, 2015

If this relates to the January 2015 breach, what does it say about their confidence in their security going forward? Probably not much difference in the cost for the 80 million breached and all 106 million “members” given that many will not bother to opt in. (But if you leave, we'll toss you to the wolves!)
John George reports:
Independence Blue Cross, the Philadelphia region’s largest health insurer, said Tuesday it will offer identity protection services — at no charge to eligible members and their dependents — starting Jan. 1, 2016.
The action was part of the national Blue Cross Blue Shield Association’s announcement that Blue plans across the country will make such services available to their 106 million members throughout the United States.
The Association’s press release follows:
… The new offering will be made available on an opt-in basis to all eligible* members for as long as they have a Blue Cross and Blue Shield health insurance policy in effect.

A law to “force” management to do its job?
Neil Ford explains:
Germany has passed a new IT security law requiring critical infrastructure institutions to implement minimum information security practices or face fines of up to €100.000.
The new law, which was drafted last August, was passed by the Bundestag last month and has now been passed by Germany’s upper house, the Bundesrat.
It gives more than 2,000 essential service providers two years to comply with the new requirements, which include achieving certification to cyber security standards and obtaining clearance from the Federal Office for Information Security (BSI). The BSI itself will be expanded to cover new obligations, which include evaluating reports of possible cyber attacks on critical infrastructure.
Read more on IT Governance.

Making you a “Thing” on the Internet of Things?
Eddystone beacons let Google pinpoint exactly where you stand
… Dubbed Eddystone (apparently after a U.K. lighthouse), the project is a cross-platform answer to Apple's iBeacon technology that arrived in 2013. It allows small beacon devices to detect when a phone, smartwatch, or other Bluetooth-enabled device comes within close range, in turn triggering a specific action. [The assumption is that a real person carries these devices. Bob]
Google offers a few examples of how this might be useful: When you arrive at a bus stop, you might get a notification informing you of any delays, and when you sit down on your couch, your phone might instantly display what's on TV. A beacon-equipped cat collar could deliver the owner's contact information, and a restaurant could show you its menu as you walk by. Bluetooth beacons allow for much greater accuracy than Wi-Fi and GPS alone, locating devices that are as close as a few centimeters away.

Is this true for Universities as well? I think it might be.
Infographic: Transforming the Digital Enterprise
Findings from a new 2015 global report on digital business, by MIT Sloan Management Review and Deloitte, indicate that strategy, not technology, is driving digital transformation. The report, “Strategy, Not Technology, Drives Digital Transformation,” is based on a survey of more than 4,800 business executives, managers and analysts from organizations around the world.

“It's easy to make money once you get rid of all those pesky lawyers!” And you wouldn't need the lawyers if you had done a better job of managing your business.
Bank of America profit more than doubles as legal costs drop
Bank of America Corp (BAC.N), the second-largest U.S. bank by assets, reported its biggest quarterly profit in nearly four years on Wednesday as its legal costs dropped sharply, driving expenses down to their lowest since 2008.
… The bank's profit in the year-earlier quarter was dragged down by $4 billion of legal expenses linked to mortgage disputes stemming from the financial crisis. Litigation expenses fell to $175 million in the latest quarter.

Big Data: If the Library of Congress can't handle a mere 500,000,000,000 Tweets their IT Department is in much worse shape than I thought. What else are they missing? (Where else are they failing?)
Twitter archive project at LC deemed a failure
by Sabrina I. Pacifici on Jul 14, 2015
Politico: “In the spring of 2010, the Library of Congress announced it was taking a big stride toward preserving the nation’s increasingly digital heritage — by acquiring Twitter’s entire archive of tweets and planning to make it all available to “How Tweet It Is!” the library said in an exuberant blog post, which generated fanfare from tech sites, the mainstream media, librarian blogs and, of course, Twitter. For the two-century-old library, it was evidence that even an institution that traces its heritage to John Adams and Thomas Jefferson can break new ground in social media. But more than five years later, the project is in limbo. The library is still grappling with how to manage an archive that amounts to something like half a trillion tweets. And the researchers are still waiting. [Note – I respectfully declined to participate in this program when contacted – I have over 35,000 postings on with exponentially more links therein – extrapolate on the breath of the LC project and the number of blogs that simply go silent – I am not one of course. When I stop you will know I have departed this earth, and not for another planet!]

Like all “Free” software...
This Is How Microsoft Can Monetize Windows 10

Perspective. Once upon a time, you picked up the phone and called your friend at the local paper. Now you can target hundreds of journalist with a single Ad. Call it e-Politics?
Rand Paul's campaign targeting reporters with Twitter ads
Sen. Rand Paul’s (R-Ky.) 2016 presidential campaign uses Twitter’s advertising tools to directly target messages at certain journalists, an aide said Tuesday.
“If something’s breaking and we really need to get it out there, we’ve created a list that we’ve uploaded into Twitter’s ad platform of journalists,” Chief Digital Strategist Vincent Harris said at an event put on by Twitter for political advertisers and operatives.
… Twitter has a relatively small reach, with just over 300 million active users compared with more than 1.4 billion at Facebook. But its popularity in political circles has made it a potent tool for campaigns to reach out to individuals they view as disproportionately influential.
“We have even created lists of journalists in early primary states, working with the communications team,” Harris said. “And it’s a really good cheap, effective, targeted way to get a piece of content out there in front of people that you want to see it — journalists who are going to help with their megaphone push a piece of content out further.”

For psychology students, when they get off their smartphones.
Extreme Digital Addiction Is Destroying Kids’ Lives Around the Globe
According to The Conversation, it was back in 2006 that the American Journal of Psychiatry pushed for digital addiction to be more formally recognized. Since then, plenty of research on the topic of effects, recognition, and treatment of digital addiction, has been conducted by specialists in various fields.

I try to teach my Excel students to avoid these. Really try.
Your Excel Skills Suck
… If you picked up your Excel skills on the fly, the last thing you want to do is advertise your lack of knowledge.
We'll show you five typical Excel behaviors that tell the world your Excel skills suck. And because we're not heartless, we'll show you how to avoid them.

Apps for Office. I have selected a few we should be showing our students.
App Awards Winners 2015
Powerful solution to embed legally binding signatures into documents with a few clicks, then share. Apps for Outlook, Word, SharePoint and Office 365. Drag & drop interface, robust web back end.
Highly interactive and engaging handwriting-based mathematics app designed for teachers and students. Enables users to easily create, solve, and graph math and physics formulas on their touch-screen device.
Highlights variances and exceptions in Microsoft Project Online and Project Server environments. Interactive dashboard allows project managers to better identify problem areas and resource bottlenecks.

Global warming! Global warming! Won't Al Gore be pissed?
A 'mini ice age' is coming in the next 15 years

(Related) Then again, maybe not.
No, Earth is not heading toward a ‘mini ice age’

Tuesday, July 14, 2015

Security breach damage keeps on occurring long after the incident.
Dominic Patten reports:
Thousands of dollars in unauthorized credit card charges, attempts to open accounts under their names, and personal data showing up all over the Internet are just a few of the claims that Michael Corona, Christina Mathis and others are making in court documents filed last week. The former Sony Pictures staff members are saying that some of the things they were most afraid of happening as a result of the massive hack that savaged the company late last year have already happened. The lawsuit comes less than a month after Sony failed in its attempt to get the consolidated case tossed.
Read more on Deadline Hollywood.

For my wino/geek friends.
Sarah Stierch has some additional stats on the Missing Link Network eCellar breach that affected so many wineries:
According to the California Department of Justice and Napa Valley Register, over 70 Napa Valley, Sonoma County and Santa Cruz County wineries were victims of an April cybercrime attack. The attack was recognized in late May.
Mysterious hackers acquired credit card information for upwards of 250,000 customers through eCellar, a customer management program used by wineries throughout the region.
They stole credit card information, names and birth dates of customers.
Read more on Sonoma Valley Sun.

Things (from the Internet of Things) win their court case. Would this extend to Apps?
Dan Churney reports:
The installation of smart electric meters by a city-owned utility does not amount to a violation of a homeowner’s constitutional rights against warrantless search, no matter how much data the meters might collect or transmit about a homeowner’s electrical use, a federal judge has ruled.
In federal court in Chicago, U.S. District Judge John Z. Lee rejected the argument brought by a grassroots group opposed to the installation of smart electrical meters in west suburban Naperville that the meters pose risks to privacy and health.
Read more on Cook County Record.

(Related) They are called “Hydra Apps.” Cut off the head and two more grow back.
If you’ve tried Google Photos and didn’t like it, you probably deleted the app. But you may not realize that, if you use Android, it’s potentially still collecting and storing all of your photographs. Here’s how to stop it.
David A. Arnott noticed this was the case when hundreds of his images appeared on Google Photos even though he’d deleted the app. The software, you see, uses the central Google Settings menu to dictate whether photographs are backed up to Google’s cloud—so if you don’t change those settings, the uploads will continue to occur.

Would you expect anything less?
Hacking Team Preparing to Launch New Surveillance Solution
As many of the company’s tools and methods have become public knowledge, Hacking Team is preparing to release a completely new surveillance system.
Hackers leaked last week 400GB of emails, documents, software, source code, and exploits stolen from the systems of Italy-based surveillance software maker Hacking Team. In a statement published shortly after the incident came to light, the company stated that the leaked source code allows anyone to deploy its software, including terrorists and extortionists.
Some parts of the company’s flagship product, Remote Control System, have been leaked, forcing the company to instruct customers to suspend the use of its solutions. However, Hacking Team says the attackers have not gained access to “important elements” of its source code.
Furthermore, Vincenzetti has pointed out that the exposed systems are “obsolete” by now “because of universal ability to detect these system elements.”
Hacking Team says it has isolated its internal systems to prevent additional data exfiltration. [Strange they didn't think of that before the hack. Bob]

You are respectable at home, everywhere else in the world you're a scumbag – just ask Google.
Niemela v. Malamas, 2015 BCSC 2014
Roberto Ghignone writes:
The issue in this case was whether Google Inc. was required to remove links to defamatory posts from worldwide search results, rather than just Canadian search results.
The Plaintiff, Glenn Niemela, is lawyer based in the Vancouver area who has been the victim of online harassment and bullying. He alleges that the posts originate from one of his former clients who may be in biker gang. In the posts, Mr. Niemela is described as a scam artist and as dishonest. The posts first appeared in 2012 on various internet sites, including and Mr. Niemela reported this to the police who spoke with a suspect. Subsequently, no further posts appeared.
Read more on Carswell The Law of Privacy in Canada.

(Related) Was it an accident?
Interesting data leak.
Sylvia Tippman and Julia Powles report:
Less than 5% of nearly 220,000 individual requests made to Google to selectively remove links to online information concern criminals, politicians and high-profile public figures, the Guardian has learned, with more than 95% of requests coming from everyday members of the public.
The Guardian has discovered new data hidden in source code on Google’s own transparency report that indicates the scale and flavour of the types of requests being dealt with by Google – information it has always refused to make public. The data covers more than three-quarters of all requests to date.
Read more on The Guardian.

For my Computer Security and Ethical Hacking students. A “How to” guide for the other guys.
How to tell if the person you're talking to on a dating app is trying to steal your money
… Dating sites are, thankfully, getting better at spotting who is using their service to send thousands of spam messages. It's pretty easy to tell: They send the same message over and over, often with the same link.
But there's a type of dating site scam that's far trickier to spot, and the people who operate it claim to be making thousands of dollars every month fooling vulnerable men.
Business Insider obtained a PDF guide that details how scammers operate fake dating site profiles in order to con men out of money. The guide isn't available for free, in fact, it was being sold for Bitcoins on a deep web marketplace.
… The document, titled Adhrann's Updated Dating Scam 2014, lays out a method for creating fake dating site profiles, ensnaring men in conversation, and then pressuring them to send money. The author claims that someone who operates the scam can earn up to $15,000 (£9,700) every month if they operate the dating scam full-time.

Interesting. If the folks who make the common add-ons can't secure their software, the browser developers will! (“Planning to fix” translates to “It's still broken”)
Mozilla blocks Flash by default on Firefox browser
Adobe's Flash software is now blocked by default on all versions of the Firefox web browser.
Mozilla, which develops Firefox, imposed the block because recently unearthed bugs in Flash were being actively used by cyber-thieves.
The bugs were detailed in a cache of documents stolen from security firm Hacking Team that was hit by attackers last week.
Adobe said it took Flash's security "seriously" and was planning bug fixes.

For the Ethical Hacking toolbox.
How to Get the Password of WiFi Network You Are Connected To

Let the conspiracy theories begin! Also, watch for dozens of clever amateurs to reverse engineer this technology without talking about it on the Internet. It's far too valuable to fade away.
Launch of $200 device to access Wi-Fi anonymously mysteriously stopped in its tracks
… At the beginning of this month, security researcher Benjamin Caudill from Rhino Security Labs unveiled Proxyham, a device small enough to be slotted into a book and squirrelled away in a separate location from the user in order to confuse Internet traffic tracking systems.
Proxyham is a $200 device made up of a Raspberry Pi PC and antennas. The product uses low-frequency radio channels to connect to public Wi-Fi hotspots up to 2.5 miles away, and if a user's signature is traced, the only IP address which appears is from the Proxyham box which can be planted far away from the user.
Through Twitter, Rhino Labs said "Effective immediately, we are halting further dev on Proxyham and will not be releasing any further details or source for the device."
However, it's not just development by the security firm which has been stopped. Defcon attendees will no doubt be disappointed, but units originally intended for distribution at the security event will now no longer be available:
… In addition, Caudill will no longer be hosting a talk at Defcon on the device, whistleblowers and the challenge of being anonymous online.
… A link retweeted by Rhino Labs points to a CSO article picking apart the situation for clues. As noted by the publication, FFC licenses for the use of radio waves are not an issue, neither are patent disputes at the heart of the matter.
As Proxyham has not been sold on, another possibility is that of a National Security Letter. When asked whether an NSL had been issued, Caudill only said "no comment." [Translation: “Absolutely, positively, and without a doubt.” Bob]

Be careful who you harass? Not everyone is looking for bad things to write about you. Just don't delete all the emails like the IRS did.
Filmmaker Laura Poitras suing to shine light on travel detainment
by Sabrina I. Pacifici on Jul 13, 2015
Via The Intercept: “Over six years, filmmaker Laura Poitras was searched, interrogated and detained more than 50 times at U.S. and foreign airports. When she asked why, U.S. agencies wouldn’t say. Now, after receiving no response to her Freedom of Information Act requests for documents pertaining to her systemic targeting, Poitras is suing the U.S. government. In a complaint filed on Monday afternoon, Poitras demanded that the Department of Justice, the Department of Homeland Security, and the Office of the Director of National Security release any and all documentation pertaining to her tracking, targeting and questioning while traveling between 2006 and 2012. “I’m filing this lawsuit because the government uses the U.S. border to bypass the rule of law,” Poitras said in a statement. Poitras co-founded The Intercept with Glenn Greenwald and Jeremy Scahill.”

Are prices like this enough to kick start municipal fiber networks?
Comcast’s 2Gbps Fiber Service Costs Gut-Wrenching $300 Per Month, Adds $1K In Startup Fees

Most is already available using an antenna and individual subscriptions. Perhaps Comcast want to keep the “bundle” going?
Comcast reveals Stream, a $15 online TV package for Internet-only subscribers

Data for my students to play with...
Cities leverage open data to share wealth of info with citizens
by Sabrina I. Pacifici on Jul 13, 2015
Bianca Spinosa, July 10, 2015: “Government agencies have no shortage of shareable data., the open-data clearinghouse that launched in May 2009, had more than 147,331 datasets as of mid-July, and state and local governments are joining federal agencies in releasing ever-broader arrays of information. The challenge, however, remains making all that data usable. Obama administration officials like to talk about how the government’s weather data supports forecasting and analysis that support businesses and help Americans every day. But relatively few datasets do more than just sit there, and fewer still are truly accessible for the average person. At the federal level, that’s often because agency missions do not directly affect citizens the way that local governments do. Nevertheless, every agency has customers and communities of interest, and there are lessons feds can learn from how cities are sharing their data with the public. One such model is Citygram. The app links to a city’s open-data platform and sends subscribers a weekly text or email message about selected activities in their neighborhoods. Charlotte officials worked closely with Code for America fellows to develop the software, and the app launched in December 2014 in that city and in Lexington, Ky. Three other cities – New York, Seattle, and San Francisco – have since joined, and Orlando, Fla.; Honolulu; the Research Triangle area of North Carolina; and Montgomery County, Md., are considering doing so…”

I could use it to control the computers we project or feed to large screen TVs. The question is, could my students grab control when my back is turned?
How to Turn Your Android Phone or Tablet Into a Mouse and Keyboard for Windows
If you own an Android phone and a Windows PC with an Intel chipset, you can now control one with the other using Intel’s Remote Keyboard app.
… In fact, this is a great way to repurpose an old phone into a nifty trackpad for your PC! [Can we buy a bunch of old Android phones cheap? Bob]

Please don't tell my wife, the Power Shopper.
Christmas in July: Walmart, Amazon Throw Down in Epic Discount Battle
Walmart just crashed Amazon’s 20th birthday party.
Last Week, Amazon announced Prime Day, a massive, Black Friday-like sale to coincide with the company’s 20th anniversary. This Wednesday, new deals for Prime members are slated to appear on the site as often as every ten minutes, Amazon said, across dozens of shopping categories.
But the world’s largest retailer is now seeking to amp up its digital presence with an online sale of its own. Beginning this Thursday, the day after Prime Day, Walmart is rolling out “thousands of special deals” and “some special atomic deals,” as well as adjusting its free shipping minimum from $50 to $35 -- which is the same rate as Amazon.
As opposed to Amazon’s one-day event, Walmart’s sale will last for 90 days, according to USA Today.

(Related) and just because.
On Its 20th Birthday, 20 Fascinating Facts About Amazon That You Didn't Already Know

Coming this fall to a computer near you! Some neat new stuff in Excel!
A Microsoft Office 2016 Preview: Smart & Subtle Changes
… Office 2016 has been built from the ground-up with mobile and cloud users in mind, slotting in with the ever expanding fleet of Microsoft productivity applications. Office is, in general, a different set of tools from days gone by. We aren’t confined to the five-or-so core products, and we can expand the functionality of the Office ecosystem using a massive range of add-ins and templates.
Microsoft has somehow boosted Excel even further into the data analytics stratosphere with a raft of new features:
  • Inbuilt Business Intelligence: Microsoft hasn’t quite brought it all under one roof, but there are more export options to PowerBI. Power Query, an Office 2013 add-in, has made it into Office 2016 as standard. Power Query used a built-in JSON parser, which has also made its way into Excel to help build visualizations.
  • Power Pivot: Essential data analysis tool Power Pivot has received a power boost and is now able to calculate and analyze millions upon millions of rows of data. Automating data grouping will provide a deeper analysis experience, along with updates for PivotTable and PivotChart.
  • One-Click Forecasting: Excel automatically scans your worksheets, searching for data trends, and extrapolating into charts and tables.
  • New Charts: Microsoft has moved a number of add-in charts to the standard build, including TreeMap, Sunburst, Waterfall, Histogram, and Pareto. Expect to see more charts appear as add-ins following the fall release.