Saturday, July 25, 2015

The National Cybersecurity Center of Excellence (NCCoE) is taking a stab at Best Practices.
NIST – Securing Electronic Health Records on Mobile Devices
by Sabrina I. Pacifici on Jul 24, 2015
“Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment or incorrect prescriptions. Yet, the use of mobile devices to store, access, and transmit electronic health care records is outpacing the privacy and security protections on those devices.”
The NCCoE has released a draft of its first cybersecurity practice guide, “Securing Electronic Health Records on Mobile Devices,” and invites you to download the draft and provide feedback. For ease of use, the draft guide is available to download in sections:
Or you can get a .zip file of all volumes, plus manifest and template files referred to in SP 1800-1c (4.82 MB).”

Has anyone collected Best Practices here?
I wish every local community had the kind of detailed reporting on student privacy issues that Melinda J. Overstreet provides in her coverage of a change in Glasgow Independent Schools’ policies. From the newly drafted policies:
“In the school environment, a search is permissible where a school official has reasonable grounds, a ‘suspicion,’ based upon the totality of the circumstances, for suspecting that the search will reveal evidence that the student has violated either the law, district policy, or rules of the school. Reasonable suspicion must be based on ‘individualized suspicion of wrongdoing,’” the policy says.
The revised policy also covers canine searches:
“School premises may be randomly monitored with a trained canine for contraband, including but not limited to weapons, firearms, alcohol, drugs and drug paraphernalia. Canine monitoring does not constitute a search.”
The policy cites a federal case immediately after that statement.
Read more on Glasgow Daily Times. The revised policies seems pretty consistent with what we’ve seen in other districts. What the reporting doesn’t mention, though, and I don’t know if it’s handled in the existing policies, is the search of electronic devices or demands that students turn over their passwords for a search. I don’t see the student conduct handbook on the district’s web site (maybe I missed it?), so I don’t know if the district’s policy is that it can and will search student electronics if they suspect cyberbullying or any other undesirable behavior committed from the student’s home on their own time.

Is there an assumption that social media contains what amounts to a confession before the event? If so, can we be far from “pre-crime” arrests as in the movie “Minority Report?”
Oklahoma police search social media to find motive behind 5 deadly stabbings

The US is beginning to notice that we have an old and poorly maintained infrastructure. OR do we face a bunch of want-to-be terrorists cutting power lines or committing other less-than-catastrophic acts that are getting lost in the failures due to neglect? OR is that my professional paranoia showing through?
NJ Transit Apologizes After Power Woes Cause 3 Days of Suspensions, Delays

Flight Cancellations Follow Power Outage at New York City’s La Guardia Airport

You know (and Hillary should have known) that this is going to be “discussed” throughout the campaign. What seems to have been lost is that no one has identified a secure communications channel that was used to keep classified information out of these emails. (I'd also mention that failure to mark an email as classified does not make that email unclassified.)
Criminal Inquiry Sought in Hillary Clinton’s Use of Email
Two inspectors general have asked the Justice Department to open a criminal investigation into whether sensitive government information was mishandled in connection with the personal email account Hillary Rodham Clinton used as secretary of state, senior government officials said Thursday.
… It is not clear if any of the information in the emails was marked as classified by the State Department when Mrs. Clinton sent or received them.

Perspective. Apparently, we would rather watch a “How to” video than read a book.
Video based search makes YouTube second largest search engine
by Sabrina I. Pacifici on Jul 24, 2015
Search Engine Land: “YouTube is arguably the second largest search engine on the Web. It is the third most visited site on the Web, according to Alexa and SimilarWeb. Recent information released by Google has shown that more and more users are using YouTube as a search engine. Searches related to “how to” on YouTube are growing 70% year over year. It is also no secret that video content is more engaging than a page of text and can be much more informative. YouTube’s popularity and reach are also expanded by its inclusion in both Google Web and Video search.”

For my students. (I'm please to find that I'm not doing everything wrong.)
The Essential Guide to Crafting a Work Email

I'll past this article next to the library scanner.
What’s The Best Free OCR or ICR Program For Manuscript Transcription?

For all my students.
The Best Alternatives to Google News That Help You Stay Current
Mainstream: Bing News
Personalized: Flipboard
Tech: Techmeme
Politics: Memeorandum
Alternative: Digg

The Saturday funnies.
Hack Education Weekly News
… Oregon Governor Kate Brown has signed legislation creating a free community college program in the state. (Related: Who’s against tuition-free education?)
NSA summer camps: “More hacking than hiking.”

Friday, July 24, 2015

What information would you provide in order to enter a lottery? Name, address, email or phone. Probably not credit card or bank data. 23 billion won is about $20 million so roughly a buck a record.
South Korea has had some major breaches involving consumer information that I’ve reported on over the past years.
Here’s a report from Yonhap News that mentions a breach I seem to have missed, though:
In February, Homeplus Co., the South Korean unit of British retail giant Tesco PLC, was also indicted on charges of illegally selling the personal data of 24 million customers to insurance firms for a total of 23 billion won.
Most of the information was collected under the guise of conducting a lottery for free gifts.
Homeplus chief Do Sung-hwan, five other former and current company executives and employees as well as two officials from the insurance companies have also been indicted over their involvement in the case.
This may actually fall more under privacy breach than data breach, but I thought I would mention it here.

These are not my hackers. Perhaps they mean teenagers caught hacking into the school computer to change grades. Real hackers can afford better lawyers.
Ed Pilkington reports:
The underground world of computer hackers has been so thoroughly infiltrated in the US by the FBI and secret service that it is now riddled with paranoia and mistrust, with an estimated one in four hackers secretly informing on their peers, a Guardian investigation has established.
Cyber policing units have had such success in forcing online criminals to co-operate with their investigations through the threat of long prison sentences that they have managed to create an army of informants deep inside the hacking community.
Lulz Security shares qualities with the hacktivist group Anonymous that has launched attacks against companies including Visa and MasterCard as a protest against their decision to block donations to WikiLeaks. While Lulz Security is so recent a phenomenon that the FBI has yet to get a handle on it, Anonymous is already under pressure from the agency. There were raids on 40 addresses in the US and five in the UK in January, and a grand jury has been hearing evidence against the group in California at the start of a possible federal prosecution.
Read more on The Guardian.

As you might suppose, there are significant differences. We're not getting the word out people! Worth reading the paper.
White Paper – Comparing Expert and Non-Expert Security Practices
by Sabrina I. Pacifici on Jul 23, 2015
Google Online Security Blog: “Today, you can find more online security tips in a few seconds than you could use in a lifetime. While this collection of best practices is rich, it’s not always useful; it can be difficult to know which ones to prioritize, and why. Questions like ‘Why do people make some security choices (and not others)?’ and ‘How effectively does the security community communicate its best practices?’ are at the heart of a new paper called, “no one can hack my mind”: Comparing Expert and Non-Expert Security Practices that we’ll present this week at the Symposium on Usable Privacy and Security. This paper outlines the results of two surveys—one with 231 security experts, and another with 294 web-users who aren’t security experts—in which we asked both groups what they do to stay safe online. We wanted to compare and contrast responses from the two groups, and better understand differences and why they may exist.”

Mining Big Data for the “old people” gene? I assume they will find correlations in the geography, probable diet, mobility (healthy people migrate, the unhealthy do not) and who knows what else.
Google bio tech firm will mine data for longevity gene
by Sabrina I. Pacifici on Jul 23, 2015
Via Calico: ” AncestryDNA, an industry leader in consumer genetics, and Calico, a company focused on longevity research and therapeutics, today announced an effort to investigate human heredity of lifespan. Together, they will evaluate anonymized data from millions of public family trees and a growing database of over one million genetic samples. Financial terms have not been disclose AncestryDNA and Calico will work together to analyze and investigate the role of genetics and its influences in families experiencing unusual longevity using Ancestry’s proprietary databases, tools and algorithms. Calico will then focus its efforts to develop and commercialize any potential therapeutics that emerge from the analysis. “On the heels of our AncestryHealth launch and our one million genotyped customers milestone for AncestryDNA, we’re excited to announce this collaboration with Calico to research and develop life changing solutions,” said Ken Chahine, Executive Vice President and Head of DNA and Health. “We have laid the groundwork for this effort through the combination of an unmatched family history database, one of the fastest growing genetic databases, and a strong and talented team of computer scientists and professional genealogists.” AncestryDNA can provide access to a unique combination of resources that will enable Calico to develop potentially groundbreaking therapeutic solutions. The extensive research period will identify common patterns in longevity and human heredity through pedigree data.”

Perspective. The Intelligence game is changing. Nothing new there. Consider too that as information leaks, disinformation can be pushed along the same channels.
The following post is a preview of a new paper from New America’s Cybersecurity Initiative, where the author is a fellow.
The nature of secrets is changing. The “half-life of secrets” is declining sharply for many intelligence activities as secrets that in the past may have been kept successfully for 25 years or more, are now exposed well before.

(Related) Flush out them thar secrets!
Ten standards for oversight and transparency of national intelligence services: custodiet ipsos custodes
On July 23rd 2015, legal scholars from the Institute for Information Law of the University of Amsterdam — Sarah Eskens, Ot van Daalen and Nico van Eijk — published a report (.pdf, in English) entitled “Ten standards for oversight and transparency of national intelligence services”. The proposed standards are substantiated by, among others, analysis of CJEU jurisprudence.

For my entrepreneurial students with “Big Data” aspirations. (1000 gigabytes to the terabyte, 1 million gigabytes to the petabyte, so at $0.01 per gigabyte 100 petabytes of storage would cost: $0.01 times 100 million = $1,000,000 per month)
Google Cloud Storage Nearline Now Available to All, Offers 100PB Free Storage
Google's Cloud Storage Nearline is now available to the general public. The company has announced that the service, which offers low-cost premium archiving and backing up of data, has moved out of beta. In order to entice users, Google is offering storage of 100PB of space for free.
Released as a beta in March, Cloud Storage Nearline is aimed at data-heavy businesses that need fast retrieval of data. The service competes with Dropbox, Amazon's Glacier, Box, and OneDrive among others. Unlike its competitors that take hours for handling such voluminous data, Google says that Nearline could do it in seconds and minutes.
Discussing Nearline's other features, Google promises 99 percent uptime, on demand I/O operations, and lifecycle management - consisting of features such as automated archival and scheduled deletions. And, of course, there is the 100PB free of storage for up to six months. Afterwards, users will have to pay $0.01 per GB every month.
… To help users jump the boat, Nearline's Cloud Storage Transfer feature allows one to import large amount of data from HTTP/HTTPS services such as Amazon S3. Speaking of Amazon, Google is also offering a total cost of ownership calculator to let users know how much they will be saving by switching from Amazon Web Services.

Something to motivate my students. (Remember to cut your old professor in for 1%)
Amazon Has Surpassed Walmart in Market Cap After Stock Rally
Amazon (AMZN) just surpassed Walmart in market capitalization. Wall Street loved Amazon's surprise profit so much that they bought up the stock after hours, sending it to an a gain of 18%. The stock rally puts Amazon's value at $262 billion, more than the $233 billion of Walmart. Amazon CEO Jeff Bezos became $7 billion dollars richer in less than an hour of extended trading. While Amazon has surpassed Walmart in terms of the value of the company in the eyes of investors, its annual sales still fall far short of those of Walmart. Amazon revenue in the past 12 months is $95.8 billion, which is a 5th of Walmart's $485 billion. But the 21 year old Amazon is growing and that is what what investors are buying and paying up for. One big contributor to Amazon's profit was web services, the cloud computing division whose numbers were broken out for the first time. Amazon stock is up 25% in the past 3 months.

YouTube just launched a redesigned app and shared even more growth stats
YouTube just released a big update to its mobile app that adds video editing tools and makes it easier to keep track of channels you subscribe to.
YouTube was the star of Google's blockbuster earnings last week too. The company cited YouTube revenue growth as a factor behind the strong quarter and revealed that the average YouTube viewing session on mobile now lasts a stunning 40 minutes.

We're going to make a series of short videos on a variety of IT topics. This could be interesting.
Frequently Overlooked Useful YouTube Features - A PDF Handout
One of the webinars that I did yesterday for Simple K12 was about useful YouTube features for teachers and students. If you couldn't attend the webinar you can still get the handout that I shared during the webinar. 8 Overlooked Useful YouTube Tools is embedded below as a PDF. You can also click here to grab it from

Towards a Star Trek tricorder.
A Search Engine, but Not on the Internet
An Israeli company wants to build molecular spectroscopy into a smartphone so people can count calories, identify pills, and find out more about objects than can be seen by the human eye.
… The SCIO, the handheld spectrometer that Consumer Physics has produced, first showed up in a Kickstarter video last year, where its creators promised a machine that could tell you “which watermelon is sweeter, when is that avocado going to ripen, how many calories, carbs or proteins are in that shake, how your plants are doing” and more. “Imagine if there was a way to know the chemical makeup of everything you come in contact with,” the narrator says. “The applications are endless.”
The public apparently agreed. The company reached its $200,000 goal within 24 hours. By the end of the month, the campaign raised more than $2.75 million.

Teaching tools
Collect Names on Image-based Riddle Quizzes
Riddle is a nice quiz creation service that launched back in May of this year. Since its launch the developers have steadily added new features. The latest update introduced the option to collect the names and email addresses of people who complete one of your Riddle quizzes.
Riddle quizzes and surveys can be image-based or simply text-based. You can add links to your Riddle quizzes and surveys. Those links could be to sources of information, to videos, or to an online audio recording like those you can find on SoundCloud. In the video embedded below I provide a demonstration of how to use Riddle to create a quiz.

Thursday, July 23, 2015

Not sure of these statistics, or why they need to be in this article. This kind of article panics CEO's to no purpose.
Humans: A Data Security Strategy's Worst Enemy
Sixty percent of hackers can breach an organization's system defenses within minutes. Risks and security incidents used to be managed on a case-by-case basis, but that's no longer a viable option. The number of security incidents increased by 48 percent from 2013 to 2014, and notable companies including Adobe, eBay, Target, and The Home Depot were among the victims.
… Training your employees to create strong passwords and to securely share information is critical. Small business owners must address any weaknesses among their employees. But the question remains; how can you hold your employees accountable for information security if you haven’t defined their responsibilities? The answer is simple; you can't.

(Related) and a follow-up.
Iain Thomson reports:
Iowa state lottery’s IT security boss hacked his employer’s computer system, and rigged the lottery so he could buy a winning ticket in a subsequent draw.
On Tuesday, at the Polk County Courthouse in Des Moines, Iowa, the disgraced director of information security was found guilty of fraud.
Eddie Tipton, 52, installed a hidden rootkit on a computer system run by the Multi-State Lottery Association so he could secretly alter the lottery’s random number generator, the court heard. This allowed him to calculate the numbers that would be drawn in the state’s Hot Lotto games, and therefore buy a winning ticket beforehand.
Read more on The Register.

Difficult job.
The Secret Agents Who Stake Out the Ugliest Corners of the Internet
When President Obama launched his Twitter account in May, people noticed his rapid accumulation of followers, a silly back-and-forth with President Clinton, but also something more serious: the number of hostile and threatening messages directed at the president.
… Context is crucial for evaluating the seriousness of threats—both digital and analog—but online threats offer a slightly different set of contextual clues than their offline counterparts. And while much of the hate-filled commentary on the Internet is routinely written off as hyperbole and ranting, threats directed at the president are not so easily dismissed. So, every day, the Secret Service Internet Threat Desk is faced with the unenviable task of taking seriously some of the most extreme online rhetoric and trying to identify potential assassins or terrorists in the deluge of venomous messages directed at the president and his family.

Just a reminder to my lawyer friends: There's this new thing called encryption, it's available free and you could avoid all this notifying and apologizing stuff. (I'm betting this was a partner because underlings would not risk their job by failing to secure the data.)
The California law firm of Atkinson, Andelson, Loya, Ruud & Romo is notifying clients after a personal laptop belonging to a member of the firm was stolen while the attorney was on the MTS Trolley in downtown San Diego on April 23.
Since that time, the firm has been working with law enforcement but, to date, they have been unable to locate or recover the stolen laptop computer.
According to the notification letter signed by James H. Palmer, their General Counsel:
Working with outside computer forensic experts, we have confirmed that the laptop may have contained confidential information. We believe based on that investigation that the laptop contained personally identifiable information, including names, addresses, telephone numbers and social security numbers. The laptop did not contain driver’s license numbers but may have contained certain financial information and/or medical records of individuals. We have no reason to believe that the laptop was stolen for the information it contained. We also have no information indicating that this information has been accessed or used in any way.
Those being notified are offered free credit monitoring and protection services with ID Experts service, MyIDCare.

Completely unrelated to the article above. Honest!
Helen Lewis has a lengthy, and thought-provoking piece on Nieman Reports that asks,
Journalists have been accused of invading privacy, threatening national security, and breaching copyright by publishing such stories, and their sources might lose their jobs, their freedom, or even their lives. So how should reporters and editors decide whether to publish and how much to redact? And what technical know-how do they need to protect whistleblowers?
It’s an issue I grapple with every week, if not every day, and while I’ve established a general “policy” for my sites based on my ethical standards and understanding of journalistic ethics, I understand that others in the same position may reach very different conclusions about what to do in any one situation.
Read more on Nieman Reports.

To offer a worthwhile opinion of this article, you'd need an expert in both Privacy and Anti-trust. Fortunately, there is such an expert just down the road at the Sturm College of Law and I can probably get Professor Soma to explain all this over lunch. (And I'm always ready for a good lunch)
By Maureen K. Ohlhausen and Alexander Okuliar
in Antitrust Law Journal No. 1 (2015)
Many people view Samuel Warren and Louis Brandeis’s 1890 work, The Right to Privacy, as the starting point for the consumer privacy laws in the United States. Warren and Brandeis’s concerns about the ability of technology to invade the private sphere continue to resonate today, 125 years later. The technology encroaching on privacy now is, of course, the Internet – or, to be more precise, the technologies that permit the tracking and aggregation of individual consumers’ online behavior and that support the many services that financially sustain the broader Internet ecosystem. As was the case in Warren and Brandeis’s day, numerous proposals have surfaced for how to defend expectations of personal privacy while still realizing the benefits of commercialized technology. Those defending free market principles argue that the best solution is little-to-no government intervention – consumer demand for privacy will create a market for privacy protections. Other commentators propose increased governmental scrutiny of the collection and use of consumer data online, and some even advocate unifying the competition and consumer protection laws to examine privacy through a competition lens. We focus this paper on evaluating this last proposal.
This article proceeds in three main parts. We begin with the historical development of privacy protections in the United States and the tension between privacy concerns and the growing value of consumer data in the digital arena. Next, we explore how the agencies and courts have applied the FTC Act and antitrust law in this area over the years and the reasoning behind the bifurcation of the FTC Act into separate spheres of competition and consumer protection law. This explains the historical separation of privacy as a consumer expectation from commercialized privacy and data. Third, we synthesize analytical factors from the historical approaches to privacy and offer them as guidance for distinguishing between competition and consumer protection issues at the intersection of competition law, consumer protection law, and privacy
Download the full article from FTC’s site.

For my Ethical Hacking students: Write an App that causes the bad guy's phone to dial the law enforcement agency of your choice. Hard to believe this comes up very often
Kevin Koeninger reports:
A person who “pocket-dials” a third party during a conversation does not have a reasonable expectation of privacy, the Sixth Circuit ruled.
A panel determined that widespread knowledge of accidental calling and the availability of preventative measures mean that an individual on the receiving end of such a call does not violate privacy laws by recording the conversation. [Translation: If you screw up your security, don't ask the court for retroactive protection. Bob]
Read more about Huff v. Spaw on Courthouse News.

India (the government anyway) says any Right to Privacy is not intentional.
The Tribune of India reports:
The central government told the Supreme Court on Wednesday that the right to privacy was not a fundamental right under the Constitution.
Central government’s arguments came when a Bench headed by Justice J Chelameswar and also composed of Justices SA Bobde and C Nagappan was hearing several petitions challenging the decision of some states to make Aadhaar cards compulsory for a several benefits such as salary, PF disbursements and marriage and property registration.
“Right to privacy is not a fundamental right under our Constitution. It flows from one right to another right. Constitution makers did not intend to make Right to Privacy a fundamental right. There is no fundamental right to privacy so these petitions under Article 32 should be dismissed,” Attorney General Mukul Rohatgi argued, adding that the Right to Privacy could be invoked to scrap the Aadhar scheme.
Read more on The Tribune (India)

Some courts (Ninth Circuit) are headed that way.
On July 8, in noting NTEU’s lawsuit over the OPM hack, I had questioned the suit’s claim that the government breach constituted a violation of their “constitutional right to informational privacy.”
Jennifer E. Canfield of Montgomery McCracken Walker & Rhoads LLP also picked up on that point and discusses the issue on Montgomery McCracken Data Privacy Alert.

Any restriction has to be rational.
Jared Owens reports:
The NSW Court of Criminal Appeal has unanimously overturned a controversial decision that confined police use of surveillance devices to prosecuting the most serious offences, such as murder, terrorism and organised crime.
The judgment, handed down early this month, clears the way for listening devices to be used to obtain admissions from suspects for any indictable offence, even if they have asserted their right to silence.
Read more on The Australian.

Might make an interesting demonstration for my Computer Forensics students. All my students actually.
Google – Download your past searches
by Sabrina I. Pacifici on Jul 22, 2015
Google: “You can download all of your past searches. This gives you access to your data when and where you want.
Download a copy of your past searches
  1. Visit your Web & App Activity page.
  2. In the top right corner of the page, touch Menu >  Download searches.
  3. Choose Create Archive.
  4. When the download is complete, you’ll get an email confirmation with a link to the data.
Note: Downloading your past searches does not delete it from your Web & App Activity page. Learn how to delete your searches and browsing activity.
Where your downloaded data goes
When you download your past searches, a copy of your activity will be saved securely to the Takeout folder in Google Drive. You can download the files to your computer if you want a copy on your computer. Depending on the amount of data you’re downloading, you may be have more than one file in your Takeout folder with your activity in it.”

I would not have thought first of Sony as a drone company. Is “autopilot” legal in the US?
Sony to Swoop Into Drone Market for Business Customers
Sony Corp. is starting a drone subsidiary to serve business customers, a foray into a frontier already crowded with upstarts and technology giants.
Sony said on Wednesday it plans to create a drone company called Aerosense through a joint venture with Tokyo-based startup ZMP Inc., which specializes in autopilot technology. Aerosense will offer services such as inspecting aged infrastructure and surveying land that is difficult to access.

Confusing. At what point does an encounter turn into an “arrest?” Is a traffic stop not recordable? What if you happen to be talking to your attorney? (Not while driving of course.)
Did Sandra Bland have a right to record her police confrontation? Maybe not.
… "Get off the phone!" the officer, Brian Encinia, told Bland after she got out of the car.
"I'm not on the phone. I have a right to record, this is my property," Bland responded.
"Put your phone down, right now!" Encinia ordered.
But did Bland actually have a right to record the encounter? Maybe not.
"There are narrow circumstances in which police can interfere with your right to record, and the fact that they are arresting you is one of them," said Jay Stanley, a senior policy analyst with the American Civil Liberties Union. "Without commenting on the specifics of this case, if a police officer is in the course of arresting a person it's legitimate for them to order the person to put down a device. But it's not legitimate for the police officer to ask you to put down a phone just for the purpose of prohibiting photography."

...or maybe we could gang a bunch of Smartphones together and build our own Watson?
Your Smartphone Will Power Stephen Hawking's Massive Extraterrestrial Search
A $100 million alien life form search backed by famed scientist Professor Stephen Hawking and web billionaire Yuri Milner simply would not work without the public’s computer processing power – and you have the opportunity to participate with your PC, Mac, tablet or even your phone.
Leaders of the massive Breakthrough Listen search have rightly put crowdsourced processing – and open source computing – front and center in their 10 year search for extra terrestrial life.
… The project will use the BOINC (Berkeley Open Infrastructure for Network Computing) collaborative processing platform which is available to a number of astrophysics, medical and mathematical endeavours. The free BOINC app is available for Android phones (alas, not iPhones) and the computer download is here. The cellphone app relies on Wifi and promises not to eat up phone data.

I like the cars, can I afford the stock? Will investing in cars you want to drive, rather than driverless cars, still be a good idea when the states start forcing them off the road?
Ferrari files for NYSE IPO

Might be useful for students or teachers.
50+ Google Tools Tutorial Videos
Earlier today I conducted three webinars about various Google tools for teachers. Each of those webinars was only thirty minutes long so there wasn't a lot of time for individual questions. Since the webinars ended I've had a bunch of emails from folks looking for more instruction. My playlist of Google tools tutorials currently has more than 50 videos covering topics like Google Sites, Blogger, YouTube tricks, Google Calendar settings, and Google Drive features. The playlist can be found here

Should make for some interesting student “research.”
AP Video Archive available on YouTube
by Sabrina I. Pacifici on Jul 22, 2015
The rise of video is undeniable – search has progressively moved from words and concepts to images – and the AP Archive is yet another example a shift from reading to watching. Via YouTube – “The AP Archive is the film and video archive of The Associated Press — the world’s largest and oldest news agency. The entire AP Archive collection [170,000 video clips] is now viewable on YouTube. New material is added every day.” Google owns YouTube.

“He manages best who manages least?” OR “Go away, Bob!”

Wednesday, July 22, 2015

China called this exactly right. We make a fuss, call China a bunch of evil hackers, then balk at any official action for dubious political reasons. If there are benefits and no consequences, why would China stop the behavior?
Ellen Nakashima reports:
Months after the discovery of a massive breach of U.S. government personnel records, the Obama administration has decided against publicly blaming China for the intrusion in part out of reluctance to reveal the evidence that American investigators have assembled, U.S. officials said.
The administration also appears to have refrained from any direct retaliation against China or attempt to use cyber-measures to corrupt or destroy the stockpile of sensitive data stolen from the Office of Personnel Management.
Read more on Washington Post.

Remember, the Internet is global. If you annoy my Ethical Hacking students, they will turn you car into a driverless adventure ride, no matter where in the world you are. Imagine a future where an entrepreneur creates a game that grabs a car at random for gamers to control. What fun!
Hackers take over a Jeep from 10 miles away
… In a Wired exclusive published Tuesday, two hackers (who have been showing for years that cars are vulnerable to attacks) took control of a reporter’s Jeep Cherokee using a laptop 10 miles away, and killed its transmission, as well as messed with its windshield wipers, radio and air conditioning. They say Fiat Chrysler cars, which include the Jeep brand, feature an Internet-connected computer called Uconnect are vulnerable to remote attackers.
Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced a bill Tuesday directing federal regulators to set security standards for vehicles, after Markey’s office published a report earlier this year finding that nearly all cars could be vulnerable to hacking.

This is a real (and guaranteed) cost of almost all security breaches. Even getting this tossed out of court will take time and treasure. Is that built into your Risk Management analysis?
So of course UCLA Health System has been sued over their recently disclosed breach, even though they’ve said they don’t have any evidence that patient information was even accessed. All they know/were able to confirm so far is that the hackers had access to the part of the system that housed patient information.
Law360 has more on Allen v. UCLA Health Systems Auxiliary et al, filed in the Central District of California.

My IT Governance students can create a better plan. (Their grade depends on it!)
Jana Winter reports:
Last month, in the wake of a series of massive breaches at the federal Office of Personnel Management, the Army issued a bulletin warning that some victims were being hit by hackers a second time, this time with an email phishing campaign asking them to input personal information into a third-party website to receive credit monitoring.
Except it turns out the email in question was completely legitimate. It was sent en masse by the OPM contractor providing notification and credit-monitoring services to the agency’s hacking victims.
Read more on The Intercept.

The court said judges can protect your rights under the constitution. Can they identify a bogus technological assertion?
Patrick G. Lee reports that it was a bad day for user privacy in a New York state appeals court:
Facebook Inc. lost a bid to block the biggest set of search warrants the company said it ever received in a case that might affect the amount of information social-media sites turn over to law enforcement.
Manhattan District Attorney Cyrus Vance Jr. obtained 381 warrants in 2013 as part of a Social Security fraud investigation. Facebook postings and other content — such as photos of suspects riding jet skis and performing mixed martial arts — provided Vance with evidence that helped bring charges last year against people accused of cheating the government by lying about their disabilities.
Of the 381 Facebook users that Vance targeted with the search warrants, 319 weren’t indicted, according to the ruling. Others were indicted without reliance on the Facebook warrants.
Even though Facebook had already complied with the search warrants, its appeal was allowed to continue in a case that has drawn the attention of Google Inc. and Twitter Inc., as well as the American Civil Liberties Union.
A New York state appeals court in Manhattan unanimously ruled on Tuesday that Facebook had no right to challenge Vance’s search warrants before they were executed.
Read more on Bloomberg.
[From the article:
The judge serves as a “constitutional gatekeeper” who “protects citizens from the actions of an overzealous government,” the court said.
… The case is In re 381 Search Warrants Directed to Facebook Inc., 30207-13, New York State Supreme Court, Appellate Division, First Department.

I don't see how politicians can use this in their Presidential campaigning, but then most of what they say is meaningless, isn't it?
This drone is packing heat, but it isn't breaking any laws
A gun-toting drone, tested and video taped by an 18-year-old Connecticut man apparently did not violate any existing laws, although the FAA is looking into it, according to ABC News and other reports.
In a video posted to YouTube July 10, the drone is seen hovering about five feet in the air, firing a front-mounted semi-automatic gun.
… an FAA spokesman told CNET that the agency is looking into whether the test flight, which did not break any state laws, violated any of its own regulations.
The video went viral just days after California authorities said the presence of five drones delayed firefighter response to the big North Fire near Los Angeles as well as the first FAA-approved drone delivery of medical supplies to a remote Virginia clinic.

(Related) Shouldn't a regulatory agency be more familiar with its regulations?
FAA Goes Into Full Panic Mode After Video Shows Drone Firing Semi-Automatic Handgun
… “The FAA will investigate the operation of an unmanned aircraft system in a Connecticut park to determine if any Federal Aviation Regulations were violated,” said FAA spokesman Jim Peters when the video first surfaced earlier this month. “The FAA will also work with its law enforcement partners to determine if there were any violations of criminal statutes.”

This rather surprises me. I wonder what the rates are in Washington? (What will organized crime bid for a copy of the user database?)
One in five Ottawans is registered on Ashley Madison
… One in five Ottawa residents allegedly subscribed to adulterers’ website Ashley Madison, making one of the world’s coldest capitals among the hottest for extra-marital hookups – and the most vulnerable to a breach of privacy after hackers targeted the site.
… The hackers, who referred to customers as “cheating dirtbags who deserve no discretion,” appear uninterested in blackmailing individual clients, unlike an organized crime outfit.

About time.
Feds go after LifeLock, alleging poor data security
Federal regulators are going after identity fraud protection firm LifeLock for allegedly deceiving customers about how secure their data is.
The Federal Trade Commission (FTC) on Tuesday accused LifeLock, which has over 3 million subscribers, of violating a $12 million 2010 settlement with the agency and 35 state attorneys general.

I thought this had been resolved when the government tried (and failed) to stop Phil Zimmerman from selling his encryption software (PGP) by classifying it as a “munition.” What are they worried about? Do they think China will buy these tools and thus be able to hack the Office of Personnel management?
Google: New export rules could be 'disastrous'
Google is warning that the Commerce Department’s attempt to control the export of hacking tools will “hamper our ability to defend ourselves, our users, and make the web safer.”
“It would be a disastrous outcome if an export regulation intended to make people more secure resulted in billions of users across the globe becoming persistently less secure,” the company said late Monday in a blog post.
Google’s remarks align the search engine giant with the cybersecurity community, which has been raising red flags for months about a Commerce Department proposal that would require companies to obtain licenses when exporting technology behind “intrusion software.”

I watch surveillance technology. But not as comprehensively as you are being watched. Here is one example. All of this in addition to knowing everything you have ever searched for...
Google Maps Timeline tracks your location and shows you where you've been
Google is introducing a new feature to its Maps application that allows users to see where they have been on any given day, month or year.
Google Now provides notifications when there are traffic incidents along your commute, or reminds you where you parked your car.
… People who use Google Photos, Google's new app that assigns tags to objects in photos and automatically arranges them into albums, can also see all the photos they took in a specific place or on a specific day on their Timeline.

Rethinking customization. Giving users control results in a site that is out of control.
Better Get Used to Twitter’s New Blandness
… This week, Twitter pulled the option of customizing background images on its website. It also replaced user’s chosen images with a single color, putting that same blue-gray on everyone’s page. It’s utterly plain and totally inoffensive, completely devoid of customization. Twitter users hate it.
… you can expect to see more of this. Twitter long has been going the way of Facebook, dropping user customization in favor of platform uniformity. Twitter would rather you focus on all the interesting things happening on the network, not on what you made your little part of it look like.
… There were many problems with MySpace, but one of the most obvious was the site’s total loss of control over what it looked like, and the unnavigable mess many users made of it. Good luck trying to find the message button on a white page with yellow text overrun with twirling Lisa Frank stickers. I mean, look at this mess. Or this one. Or this one.

Big Data and Analytics. This has implications in other industries.
The Other ‘Moneyball': Using Analytics to Sell Season Tickets
… Among the main things Horton and Hurwitz were looking for were indications of loyalty, which they determined was a key factor in those who would renew season ticket or multi-game plans. In that context, they said, it is one thing to buy a ticket, but another to use it. For that reason, they mine data from the ticket scanners each major league club uses when fans enter the stadium to attend a game.

Something to integrate into my classes. “Collaboration is the new Black!”
Google Drive Plugin for Microsoft Office Launched for Easier Syncing
Google has made it easier for users to open any Office files stored on Google Drive directly in Office apps, edit them, and save them back to Google Drive. The feature comes with the release of a new plugin by Google for Microsoft Office on Windows, making syncing changes to files stored on Drive easier.
Using the Google Drive plugin, any local files can also be saved on the Google's cloud storage platform directly from the Office apps. The feature however, might be more useful when sharing files with teams or for file access from different devices. To download the plugin, users would have to visit the Google Tools page, simply click on the 'Download' option below, and click on 'Accept and install' the binary file of 910KB.

(Related) We need to teach collaboration techniques.
How Collaboration and Crowdsourcing are Changing Legal Research
by Sabrina I. Pacifici on Jul 21, 2015
ThomsonReuters/Susan Martin: “Bob Ambrogi, lawyer, consultant and blogger at Law Sites, spoke at a well-attended session this morning at the American Association of Law Libraries (AALL) Annual Meeting. Titled “Playing Well With Others: How Collaboration and Crowdsourcing are Changing Legal Research,” Ambrogi’s presentation began with a light-hearted scolding of lawyers and legal professionals who simply “aren’t very good at sharing.” “Crowdsourcing requires sharing and lawyers tend to be very possessive, so that makes it difficult,” said Ambrogi. He cited the giants like Thomson Reuters, Lexis, and Bloomberg, who take raw legal information and have an army of editors who annotate it, organize it and comment on it. “But we don’t have all those paid people to do this for us when it comes to legal research on the internet. That is where crowdsourcing comes in,” he stated. Ambrogi… shared some examples of crowdsourcing gone wrong, where sites were built and abandoned or simply not updated enough to be effective… He then went on to showcase three examples of great crowdsourced sites:

For my Website students.
Get Your Site Mobile-Ready With 6 Free Emulators

I have to admit, most of my students invent uncommon errors. Some useful resources here.
A Quick Guide to Avoiding Common Writing Errors

Might be worth looking at a few...
Free Windows 10 Ebooks & Information Material to Prepare for the Upgrade

I want to read this more carefully since it seems to be something my students do instinctively.
Information Avoidance
by Sabrina I. Pacifici on Jul 21, 2015
Golman, Russell and Hagmann, David and Loewenstein, George, Information Avoidance (July 17, 2015). Available for download at SSRN:
“We commonly think of information as a means to an end. However, a growing theoretical and experimental literature suggests that information may directly enter the agent’s utility function. This can create an incentive to avoid information, even when it is useful, free, and independent of strategic considerations. We review manifestations of information avoidance as well as theoretical and empirical research on reasons for why people avoid information, drawing from economics, psychology, and other disciplines. The review concludes with a discussion of some of the diverse (and costly) individual and societal consequences of information avoidance.”

I had an interesting call from “The IRS” yesterday. Apparently I was in deep but unspecified dodo and unless I called them back immediately they would be confiscating my car, my house and my yacht.
Just for grins a went to the IRS Phishing page to report the incident, but chose not to bother when they wanted me to create an incident number to uniquely identify the tip and leave them my name, address, email, phone number(s) and whatever.
Perhaps they are not really interested in catching (or at least shutting down) these guys. Anyway, I took it as, “Don't bother us unless it's really important.”

Tuesday, July 21, 2015

I do like the “You've done something incredibly stupid, now pay me to erase the evidence” strategy.
Hacked infidelity site Ashley Madison offers free profile deletion
Extramarital dating site Ashley Madison has apologised to its users a second time for allowing its database to be comprehensively stolen, and is temporarily offering users the ability to fully delete their account from the site free of charge.
The “paid delete” ability, which typically costs £15 in the UK and $19 in the US per account, was cited by Ashley Madison’s pseudonymous attacker, The Impact Team, as a main reason for the hack in the first place. The group alleged that the site did not in fact fully delete all information about a user, even after they had paid the fee.
… It is not clear whether the move is intended to assuage some of the hackers demands or simply an attempt to lock the stable door after the horse has bolted.
… Tod Beardsley, security engineering manager at cybersecurity firm Rapid7, says the hack is likely to be extremely damaging once more data is made public, as users will not want to admit they have suffered a breach.
… Ashley Madison’s chief executive and founder, Noel Biderman, said on Sunday that the firm believes the hack was an inside job, from someone who already had access to its systems. “I’ve got their profile right in front of me, all their work credentials,” he told the security journalist Brian Krebs. “It was definitely a person here that was not an employee but certainly had touched our technical services.” [What outsider would have the ability to copy their entire (unencrypted) database? Bob]

(Related) Hactivism continues.
Of course, the big news today was the hack of and the potential embarrassment it may cause to those using its services to have affairs. Not to be deterred from his mission, however, @ElSurveillance continued attacking escort-related sites, posting the same message on their home page that he’s posted in the past:
Dear Admin and the clients
What such a great example you have given to the world
On how we can teach and raise our next generations
So they can live a much better life, Server and save our
Planet instead of just wasting their money and help
Spread the viruses just like every single stupid
Government in every single country do these days
Since you came all the way to here, They’re two things
That you can do while still viewing this page
1 – Turn on your volume and listen to the Qur’an & Just
Listening to your feelings instead of listening to the
Media and the stupid ISIS
2 – Have a look at your Logs which includes your IP
Today’s batch of escort-related services defaced/hacked by @ElSurveillance, with links to their mirrors on
Note: @ElSurveillance does not appear to be dumping any personal data on users, other than their IP addresses and browser info that shows up in the sites’ logs. But the hacks are are yet another reminder that if you don’t want your details and activity on a site showing up in a data dump, are you using a throwaway account and a proxy (unless, of course, you have to give your credit card details to get services or have your account deleted, in which case you better hope for strong encryption and no pissed-off employees who want to screw their employer!)
Alternatively, you could not visit/use those sites, which seems to be what @ElSurveillance is hoping you’ll choose to do.
Update: @ElSurveillance informs that he has acquired user data from sites but hasn’t dumped it – yet.

Interesting change in thinking?
Margaret Cronin Fisk reports:
Neiman Marcus Group LLC must face a proposed class action in which the high-end retailer is accused of failing to protect customers from computer hackers who stole credit and debit card information, an appeals court ruled, saying a judge decided too soon that the victims didn’t have a case.
The decision reverses a September ruling by a Chicago federal judge who found the customers didn’t show they suffered concrete harm. The consumers sued Neiman Marcus for negligence, breach of contract and deceptive business practices.
Read more on Bloomberg.
[From the article:
U.S. District Judge James B. Zagel, in rejecting the lawsuit last year, said customers weren’t claiming they hadn’t been reimbursed for fraudulent billings. He said he wasn’t convinced that there were concrete injuries if the card-owners weren’t responsible for the bills.
Unreimbursed payments weren’t the only possible harm, the appeals court found, citing the cost of credit monitoring and the hackers’ ability to use the fraudulent data for years.
    1. Hack’s Purpose

Presumably, the purpose of the hack is, sooner or later, to make fraudulent charges or assume those consumers’ identities,” the panel said.

For my Ethical Hacking students. Never trust the default settings!
Configuration Issue Exposes 30,000 MongoDB Instances: Researcher
Nearly 30,000 MongoDB instances are accessible over the Internet without any authorization enabled, an expert has warned.
With more than 10 million downloads, 2,000 customers and 1,000 partners, MongoDB is the most popular NoSQL database system. MongoDB is used by organizations such as eBay, LinkedIn, SAP and Sourceforge.
According to John Matherly, founder of the computer search engine Shodan, roughly 30,000 MongoDB instances containing nearly 600TB of data are exposed on the Internet.
The expert said he was surprised by the results of the Shodan search considering that the “mongodb.conf” configuration file available on GitHub since 2013 specified that MongoDB listens on localhost by default.
The issue was reported in early 2012 by Roman Shtylman (SERVER-4216), but it took MongoDB developers more than two years to actually address it.
Matherly says MongoDB 2.4.14, a maintenance release from April 28, 2015, is the last version that still listens to by default, which means listening is enabled on all interfaces. The expert believes early versions of MongoDB 2.6 might also lack binding to localhost.
This isn’t the first time researchers report finding MongoDB databases exposed on the Web. In February, students from the Saarland University in Germany revealed finding nearly 40,000 exposed instances.

For my Computer Security students (and paranoids everywhere).
Rook Security Unveils Hacking Team Breach Detection Tool
IT security firm Rook Security has released a free software tool designed to help organizations determine if they have been impacted by malware developed by Italian surveillance software maker Hacking Team.
The tool, dubbed the “Milano utility” by Rook, scans systems for the presence of files associated with the recent Hacking Team breach.
According to the Indianapolis, Indiana-based security firm, the tool can perform a basic scan for files by filename, or a more comprehensive deep scan that checks all files (using their computed hash) against all md5s from Hacking-Team-associated files leaked in the breach.
A beta release of the Milano Hacking Team Malware Detection Utility, along with a list of the indicators of compromise (IOCs) for the Hacking Team breach are available online.

Anything the operating system does could be exploited. Hackers only need one entry point. Microsoft has to defend them all.
Windows vulnerability lets hackers take control of computers, Microsoft issues fix for PCs
… A vulnerability in the way that computers running the software handle fonts could be exploited by to seize control of a computer, Microsoft said. The company has already issued a fix for the problem, which it recommends that users download and install as soon as they can.
Users can patch up their computer by running Windows Update, which can be accessed through the Start button.
… An attacker using the vulnerability could “install programs; view, change, or delete data; or create new accounts with full user rights”, Microsoft said.

One of the worst things a manager can say: “Hey! You know what we could have done?” Yet it seems proper procedures become obvious only after the breach.
Dara Bradley reports:
New guidelines for supervising students conducting research at University Hospital Galway (UHG) were put in place following the discovery of a serious breach of data protection of female patients at the hospital.
The guidelines were put in place in response to one of a number of data protection breaches, including release of sensitive information about patients and minors, within the health service in Galway in the past year.
All bar one of the incidents were reported to the Data Protection Commissioner, according to Health Service Executive internal documents released under the Freedom of Information Act.
Read more on Connacht Tribune for a recap of the types of breaches that had occurred.
[From the article:
One of the local breaches included a research student at University Hospital Galway being given the names and addresses of women patients – the student contacted the patients at their homes.
The breach deviated from ethics approval guidelines.
Following an investigation, the HSE said “steps have been put in place to ensure adequate supervision of students conducting research”. [Translation: “We didn't bother to supervise the students.” Bob]

Professor Soma at the Sturm College of Law was teaching Computer Law before there was a World Wode Web. (That's like a million Internet years ago!) Nice that the DoJ is starting to catch up!
DoJ: Firms Should Hire Cyber-Savvy Lawyers
… The U.S. government -- itself a cybervictim -- provides the guidance we have been waiting for. The Cybersecurity Unit, part of the Computer Crime & Intellectual Property Section (CCIPS) within the Department of Justice Criminal Division, earlier this year issued its Best Practices for Victim Response and Reporting of Cyber Incidents.

(Related) Constant change.
What Is a ‘Computer’ Anymore?
People used to be computers. That is, for hundreds of years, computing was the work of humans, and very often women. Then, in the mid-20th century, machines began to take on the bulk of computing work, and the definition of “computer” changed.
… “Because we’re making an architectural change, not just a technology change. The new kinds of capabilities—it won’t be a linear scale—this will be a major leap.”
The architectural change he’s talking about has to do with efforts to build a computer that can act—and, crucially, learn—the way a human brain does.

I thought we had clearly labeled this a “Worst Practice” year ago. Yet we make the exact same stupid mistakes over and over again.
Users' data compromised after technical glitch at Home Office contractor
… VFS Global, which acts for around 45 governments, released online application forms this week that used sequential reference numbers, allowing users to access other people’s private information by mistake.
Users could see the personal information of other applicants, including their date of birth, passport details and addresses, if they mistakenly [or deliberately Bob] input the ID number of another person when logging into the system.

Here in the US, the government wants to control all health information. We wouldn't even notice if this happened here.
Gerri Peev and Jack Doyle report:
A Downing Street official has demanded confidential details of millions of GP appointments.
Sparking yet another NHS privacy row, she has ordered the firm in charge of bookings [Not the doctors, nor the patients. Bob] at most English surgeries to hand over the sensitive data urgently.
The information includes the date, time and duration of appointments as well as the reason for the consultation.
Most of the postcode of the patient is also asked for, as well as their date of birth, according to a letter seen by the Daily Mail.
The information is intended to gauge demand for the Government’s planned seven-day NHS. But privacy campaigners say it is incredible that neither patients nor their GPs have been consulted about the move.
Read more on The Daily Mail.

Because eventually all these students will become criminals!
sosadmin writes:
The Department of Justice’s National Institute for Justice funds law enforcement research to the tune of tens of millions of dollars each year.
One of those projects is a City of Chicago Board of Education program called “Connect and Redirect to Respect (CRR),” which aims “to use social media monitoring to identify and connect youth to behavioral interventions.” In other words, the DOJ is giving $2.1 million dollars to the Chicago public schools to conduct research on how spying on student social media can impact school discipline. In New York, police spying on youth social media has resulted in the criminalization of speech.
Read more on PrivacySOS.

I find this type of story amusing, trashy but funny.
Daniel DeMay reports:
The city of Seattle says its process for making sure residents comply with a compost ordinance is legal and doesn’t violate privacy, despite arguments made in a lawsuit filed last week.
The City Attorney’s Office issued a statement Monday saying that, after reviewing the lawsuit, it believes the ordinance “fully complies with the law, including the enhanced privacy protections afforded by the Washington Constitution.”
Read more on Seattle PI.

Now every fast food joint has an App for your smartphone. What we need is an App that reminds us how healthy all that junk really is.
Online food delivery ordering is about to overtake phone ordering in the US
Getting your dinner to your door is now easier than ever, and thanks to the internet, almost no human interaction is required. [Attention Ethical Hacking students! Bob]
While phone orders dominated delivery only five years ago, the balance between meal orders placed over the phone versus those placed online have nearly switched, with internet orders on track to surpass phone orders any minute now.
… Services like UberEATS, Caviar, Postmates, and DoorDash are providing delivery services for restaurants that don’t have their own, upgrading customers’ dinner choices from the typical pizza, sushi and Chinese food to include more artisanal, freshly prepared, and lovingly packed meal options. These companies handled orders totaling $400 million in 2014, says Cowen and Company, and that’s expected to jump to $1.6 billion in 2016.

Sports can make you healthy and quite rich.
NFL teams each earn $226.4M from national revenue sharing
… The Packers set records in total revenue and local revenue last year; their local revenue was $149.3 million, up 9.4 percent, mostly because of their newly expanded pro shop at Lambeau Field. The 21,500-square-foot store is the largest team store in the NFL.
Packers CEO Mark Murphy said the team was 18th in the league in average ticket prices. But with 7,000 more seats added in the past couple of years, the team has the second-biggest stadium in the league. That allowed the NFL's smallest host city to maintain its spot in the top 10 in league revenue (ninth).
The Packers are required to announce earnings because they are technically a public entity, although the franchise's 360,760 shareholders hold stock that they paid for that has no value and cannot be traded.

For my students in the “Outdoor Adventure Club?” (Digest Item#2)
Earn Money Shooting GoPro Videos
Action camera manufacturer GoPro has launched a content licensing portal designed to pair creators with advertisers. The biggest and best GoPro videos will be featured on GoPro Licensing, with brands and marketers able to purchase the footage for use in advertising campaigns.
For content creators, GoPro Licensing means an opportunity to make serious money from shooting video, with prices starting at $1,000 per clip. For marketers, GoPro Licensing means an opportunity to use ready-made footage likely to attract serious attention, and without the need to pay for production.
GoPro has already struck deals with multiple amateur and professional videographers, meaning there are 600 videos available at launch. According to AdWeek, the number of clips will continuously expand, with GoPro hoping to be to video “what Getty Images and Shutterstock are to still images”.

Teaching my students to write more carefully?
Using Social Media Without Jeopardizing Your Career

Boy, has Sears changed! I recently visited the Sears website, so naturally they send me Ads for things on the pages I browsed. I must have missed something, because “One of these things is not like the others!” (The Ad did get my attention!)