Saturday, August 01, 2015

Make up your mind! You refuse to “officially” blame China, but you're going to retaliate? That's true doublethink Big Brother.
U.S. Decides to Retaliate Against China’s Hacking
The Obama administration has determined that it must retaliate against China for the theft of the personal information of more than 20 million Americans from the databases of the Office of Personnel Management, but it is still struggling to decide what it can do without prompting an escalating cyberconflict.
The decision came after the administration concluded that the hacking attack was so vast in scope and ambition that the usual practices for dealing with traditional espionage cases did not apply.
But in a series of classified meetings, officials have struggled to choose among options that range from largely symbolic responses — for example, diplomatic protests or the ouster of known Chinese agents in the United States — to more significant actions that some officials fear could lead to an escalation of the hacking conflict between the two countries.
… In public, Mr. Obama has said almost nothing, and officials are under strict instructions to avoid naming China as the source of the attack. While James R. Clapper Jr., the director of national intelligence, said last month that “you have to kind of salute the Chinese for what they did,” he avoided repeating that accusation when pressed again in public last week.
… For Mr. Obama, responding to the theft at the Office of Personnel Management is complicated because it was not destructive, nor did it involve stealing intellectual property. Instead, the goal was espionage, on a scale that no one imagined before. [My Ethincal Hacking students did. Bob]
“This is one of those cases where you have to ask, ‘Does the size of the operation change the nature of it?’ ” one senior intelligence official said. “Clearly, it does.”

(Related) Can we blame China or is that not politically correct?
The University is responding to a criminal cyberintrusion through which hackers apparently originating in China gained access to servers at UConn’s School of Engineering. UConn has implemented a combination of measures intended to further protect the University from cyberattack, and to assist individuals and research partners whose data may have been exposed.
UConn IT security professionals, working with outside specialists, have no direct evidence that any data was removed from the School of Engineering’s servers. However the University is proceeding from an abundance of caution by notifying roughly 200 research sponsors in government and private industry, as well as working to determine how many individuals need to be notified about a potential compromise of personal information.
… The security breach was first detected by IT staffers at the School of Engineering on March 9, 2015, when they found malicious software, or “malware,” on a number of servers that are part of the school’s technical infrastructure.
… Related: From their FAQ on Incident:
What did the investigation reveal?
Based on analysis done both internally by the University and by Dell SecureWorks, it was determined that the first penetration of a server on the School of Engineering network occurred on Sept. 24, 2013, with further penetration of the system occurring after that date.

Of course they do. Hackers never pass up a golden opportunity and Microsoft confused users about which Windows 10 would be free, so many stopped paying attention.
Windows 10 rollout gets hijacked by scammers with malicious upgrade email
With millions of people expecting to upgrade to Windows 10 this week, fraudsters have taken advantage of an opportunity to scam some money. Many people have not received an official notification to upgrade, so when an email purporting to be from Microsoft tells them to run an attached file for the upgrade, some people are eager to do it.
To the unsuspecting eye, the email looks quite convincing; it uses the Microsoft color scheme, comes from an address, has a disclaimer message and even includes a message saying that the email was scanned for viruses and passed.
But the email is of course fake and the attached file is a CTB-Locker, which is ransomeware or a variant of malware.

Worth reading the whole article...
4th Amendment Lives: Court Tells US Government Get A Warrant If It Wants Mobile Phone Location Info
A potentially big ruling came out of the courtroom of Judge Lucy Koh yesterday, in which she affirmed a magistrate judge's decision to tell the government to get a warrant if it wants to obtain historical location info about certain "target" mobile phones (officially known as "Cell Site Location Info" -- or CSLI). The government sought to use a provision of the Stored Communications Act (a part of ECPA, the Electronic Communications Privacy Act) to demand this info without a warrant -- using a much lower standard: "specific and articulable facts" rather than the all important "probable cause." Judge Koh says that's doesn't pass 4th Amendment muster, relying heavily on the important Supreme Court rulings in the Jones case, involving attaching a GPS device to a car, and the Riley case about searching mobile phones.
… Judge Koh points to some survey data from Pew (sent in by EFF) noting that many, many people consider their location information to be "sensitive information" and, on top of that, the fact that CSLI is generated even if someone turns off the GPS or "location data" features on their phone -- meaning they can't even opt out of generating such information to try to keep it private.

Nathan Freed Wessler of the ACLU writes:
A petition submitted to the Supreme Court could settle a key question about the extent of our privacy rights in the digital age.
The ACLU, working with attorneys in Florida, has asked the court to take up Davis v. United States, a case involving warrantless government access to a large volume of cell phone location information. At stake is the continuing vitality of the Fourth Amendment.
Read more on ACLU.

(Related) For one or two cards, I agree. Hundreds of cards looks like probable cause to me.
Orin Kerr writes:
In United States v. Bah, decided July 24th, the U.S. Court of Appeals for the Sixth Circuit handed down the first circuit ruling on whether skimming a credit card — swiping the card through a magnetic reader to find out the number and name stored inside — is a Fourth Amendment search. The court ruled that the answer is “no.” I think that’s wrong, and that the answer should be “yes.”
Continue reading on The Volokh Conspiracy.

It's not really new. It shows no details. But look! It's a map! (Wop-de-do)
Exclusive: Secret NSA Map Shows China Cyber Attacks on U.S. Targets
A secret NSA map obtained exclusively by NBC News shows the Chinese government's massive cyber assault on all sectors of the U.S economy, including major firms like Google and Lockheed Martin, as well as the U.S. government and military.
The map uses red dots to mark more than 600 corporate, private or government "Victims of Chinese Cyber Espionage" that were attacked over a five-year period, with clusters in America's industrial centers.
… Each dot represents a successful Chinese attempt to steal corporate and military secrets and data about America's critical infrastructure, particularly the electrical power and telecommunications and internet backbone.
… The map was part of an NSA briefing prepared by the NSA Threat Operations Center (NTOC) in February 2014, an intelligence source told NBC News.

Did they just figure this out? More likely they want to be able to point out that “We told you so!”
Homeland Security warns drones could be used in attacks
CBS News has learned that the Department of Homeland Security has sent an intelligence assessment to police agencies across the country about drones being used as weapons in an attack.
The bulletin went out Friday and warned that unmanned aircraft systems or drones could be used in the U.S. to advance terrorist and criminal activities.
… the release of a bulletin dedicated to the threat from UAS is unusual. The bulletin does not mention any specific upcoming events authorities are concerned about but points to the overall security challenges drones present.

If one parent wants a camera, but the others do not, who wins?
Eva-Marie Ayala reports:
Texas special education advocates say a new law requiring video cameras in some classrooms will protect those students most at risk of being abused.
The law says school districts must install cameras in special education classrooms if parents, teachers or school staffers request them. The law also requires that parents be allowed to view the videos.
The new law limits the list of those allowed to watch a video. That includes a parent or school employee who is involved in an incident, police officers, nurses, staff trained in de-escalation and restraint techniques, and state authorities who could be investigating.
The thrust of the article is concern over costs pitted against concerns about protecting vulnerable students. There’s no specific mention of FERPA in this article, but the reference to federal student privacy laws suggests that there may be a FERPA issue brewing here. Can parents view videos of other people’s children if those children are caught on camera during an incident involving their child? It sounds likely that they could. What privacy rights does the other student and their parents have?
Are classroom videos “education records” under FERPA? If so, how do you allow parents to access their child’s records but protect other children’s? This could get messy and even more costly quickly. Not that it’s not a good idea to protect the most vulnerable children who often can’t tell us what’s happened to them, but I do see some student privacy concerns here.

More government disconnect? Still hiring like it's 1955?
Federal Bureau of Investigation understaffed to tackle cyber threats
The U.S. Department of Justice released a report underlining the FBI’s difficulty in attracting and keeping computer scientists for its cybersecurity program, mainly due to low wages, Reuters reported yesterday (July 30).
The DOJ Inspector General called on the FBI to measure timeliness of the information sharing, work harder to hire computer scientists, continue developing new strategies for recruiting, hiring and retaining cyber professionals and ensure changes to the Cyber Division are strongly communicated.
The Bureau spent $314 million on the program in 2014, which included 1,333 full-time workers, but only 52 computer specialists had been hired by the end of January, 2015.
The average salary offered to a cybersecurity expert by FBI is significantly lower than that offered to candidates in the private sector, according to the Office of the Inspector General.

(Related) Gismondo was more blunt.
FBI Struggling With Cybersecurity Because Of Shit Pay And Drug Tests

(Related?) Is Dilbert suggesting a way for the FBI to learn about technology?

Reading these articles is kinds like going to law school, but cheaper.
Kate Groetzinger reports:
…. Unfortunately for [Sandra Bland] —and for anyone else who is pulled over and asked to step out of their car—her rights are murky. Even though the Fourth Amendment guarantees citizens will not be subjected to unreasonable searches and seizures, it hasn’t been able to protect drivers from this particular invasion of privacy since 1977.
Two major Supreme Court decisions in the past half-century have eroded the Fourth Amendment’s power in an effort to protect police in the line of duty.
Read more on Quartz, where Groetzinger describes the impact of the Terry and Mimms rulings.

Privacy Laws in Asia – free download available
by Sabrina I. Pacifici on Jul 31, 2015
Bloomberg BNA – “With its critical impact on the world economy and global trade, privacy legislation in Asia has been extremely active in the last several years. A recently released report, Privacy Laws in Asia, written by Cynthia Rich of Morrison & Foerster LLP for Bloomberg BNA, analyzes commonalities and differences in the privacy and data security requirements in countries including Australia, India, Hong Kong and more. This report gives you at-a-glance access to:
  • A side-by-side chart comparing four key compliance areas, including registration requirements, cross-border data transfer limitations, and data breach notification, and data protection officer requirements.
  • A country-by-country review of the differences and special characteristics in the law, as well as a look at privacy legislation in development.
  • Explanations of the common elements of the laws in 11 jurisdictions with comprehensive privacy laws with regards to Notice, Opt-In and Consent issues, Data Retention, and more.”

And again, ditto.
Last Thursday, France’s constitutional court—le Conseil constitutionnel—issued a ruling upholding most of that country’s controversial new surveillance law, enacted in the wake of the Charlie Hebdo terrorist attacks. Francophones can read the untranslated decision here.
The legislation grants the French government sweeping new powers to monitor suspected terrorists. Among other things, the law authorizes warrantless wiretaps; officials need not obtain a court order before conducting electronic surveillance but rather must receive permission from a special administrative body. The law also requires telecommunications carriers and internet service providers to install “black boxes” on their networks, which the government can use to collect and analyze users’ communications metadata. The court’s largely favorable ruling means the law will now go into effect.

We don't have a Law School but we have a few Big Data wonks, so perhaps we could partner with one to do some innovative legal research?
Univ of Toronto virtual legal research database uses IBM Watson
by Sabrina I. Pacifici on Jul 31, 2015
“The University of Toronto team that built a virtual legal research database [video demonstration is embedded in this article] for the IBM Watson Cognitive Computing Competition made it to the final round of the top three before finishing the competition in second place… The contest began when International Business Machines Corp. (IBM) asked 10 elite schools, including Stanford, Carnegie Mellon and U of T, to put together teams at each university using its famous Jeopardy-playing super-computer, named Watson. U of T was the only Canadian institution invited to participate; its computer science department was recently ranked among the top 10 computer science departments worldwide in the prestigious Shanghai Jiao Tong University’s Academic Ranking of World Universities. (Read more about the decision to bring Watson to U of T.)

Still no hint of an alternative system for delivering classified information to the Secretary of State. This would go away if State could point to a secure delivery method that was always in place. I suspect there was no other system.
John Solomon and S. A. Miller report:
The U.S. intelligence community is bracing for the possibility that former Secretary of State Hillary Rodham Clinton’s private email account contains hundreds of revelations of classified information from spy agencies and is taking steps to contain any damage to national security, according to documents and interviews Thursday.
The top lawmakers on the House and Senate intelligence committee have been notified in recent days that the extent of classified information on Mrs. Clinton’s private email server was likely far more extensive than the four emails publicly acknowledged last week as containing some sensitive spy agency secrets.
Read more on Washington Times.

(Related) Another amusing factoid.
Hillary Clinton Emails: 1,300 Messages From Private Account Released
… Ironically, one email posted today shows Clinton in 2009 asking her chief of staff to borrow a book on email etiquette called "SEND: Why People Email So Badly and How to Do It Better," by David Shipley.

Perspective. You can't tell the winners without a scorecard!
Uber Speeds Past Facebook as Quickest to $50 Billion Value Level
Uber just closed a new round of funding that will value the company at more than $50 billion, according to The Wall Street Journal.
The newspaper says that Uber raised close to $1 billion in the round, which brings the total amount of equity financing the company has raised to more than $5 billion.
Previously, Facebook had been the only venture-backed private company to sport a $50 billion valuation. But it took Facebook a good deal longer to hit that level: eight years, compared with Uber's five.
Facebook, which subsequently went public, is now worth just over $260 billion.

Interesting choice for stalkers and pedophiles?
Things You’ll Wish You Knew Before Your Kids Started Using Kik
Kik is a free texting app, with a user-base of around 50 million (so really small, compared to WhatsApp). iTunes gives it a rating of 17+, but despite that, people much younger (as young as 13) use it on a regular basis. But for some strange reason, Google Android rates it 12+. Not sure what is going on there.
Where Kik sharply differs from WhatsApp however, is that WhatsApp works with the user’s mobile phone number, as the “username”. Kik, on the other hand, requires no phone number — just an invented username. Therefore, as well as smartphones, you can also install Kik on iPod Touch and iPads (which have no phone capabilities and are therefore commonly given to tweens).

For our Business Intelligence students. We teach them to use the Intelligence they generate.
Companies Collect Competitive Intelligence, but Don’t Use It

Free is good!
Free eBook: ‘The Path to Value in the Cloud’
Today, we have an awesome free eBook called “The Path to Value in the Cloud” that will show you key things you need to know to make the Cloud an important part of your business. It’s short enough that you’ll be able to read through it in one sitting, but it’s packed with valuable information that you’ll most definitely want to use for your business.

I like to make sure my students know of the free options.
Which Office Suite Is Best for You?

Friday, July 31, 2015

It might be interesting to explore some of the reasons the FBI can't get to these guys before the deadline. Not in the US shouldn't be a major stumbling block. Are they being protected?
FBI says hackers shake down big banks, threaten to shut sites if they don’t pay up
… More than 100 companies, including targets from big banks to brokerages in the financial sector, have received distributed denial of service threats since about April, says Richard Jacobs, assistant special agency in charge of the cyber branch at the FBI’s New York office. With these types of attacks, known as DDoS, criminals jam websites by flooding them with useless traffic.
The ransom requests typically run in the tens of thousands of dollars and in some cases, the companies have paid up, Jacobs said. If firms have already traced the ultimatums to identify likely culprits, they can determine whether those criminals have historically followed through with threats or backed off if a target doesn’t pay up. In some cases, when companies fork over cash, they end up facing further attacks because they proved they’re willing to engage.
… A distributed denial of service outage could mean losses of more than $100,000 an hour for financial companies, according to Neustar, a Sterling, Va.-based information services and analytics company.
Banks faced an onslaught of DDoS attacks in 2012 and 2013. Last year, the Federal Financial Institutions Examination Council, which includes five U.S. banking regulators, issued a six-step requirement that institutions must follow to fight these cyberattacks, including monitoring Internet traffic to detect assaults and building incident-response plans to communicate with the sector, Internet providers and customers.

Why is it taking so long?
United Airlines Hack Highlights Need for Improved Information Sharing
The same cyber-attackers who breached the Office of Personnel Management and healthcare giant Anthem appear to have also stolen flight manifests containing passenger information from United Airlines earlier this year, according to reports.
Sharing details of the breach would help other organizations identify if they have also been targeted by this group, security experts said.
"It would be naive to think that we have found the only three compromised," Paul Kurtz, former cybersecurity advisor to the White House and current CEO of TruSTAR Technology, told SecurityWeek.
The airline detected the attack in May or early June, but there are signs the attackers were in the networks as far back as April 2014, Bloomberg reported Wednesday, citing unnamed sources familiar with the investigation. The system outages which grounded flights for two hours in early July were not related to this attack, according to the report.
United Airlines has yet to confirm the breach, and says the report is based on speculation.

This will be a blast to hack! Change “No Parking Any Time” to “Free Parking Today,” then change it back. He He He.
World's first solar-powered E Ink traffic signs deployed in Australia
In some respects, E Ink displays are a bit of a marvel, with their low power consumption, easy readability, and minimal glare making them both sustainable and practical. No wonder, then, that the Australian Road and Maritime Services (RMS) has decided to try out the technology in a new domain: the world of signage.

Perspective. Not what I would have thought.
Overnight Tech: GAO probes facial recognition technology
Google and Facebook are the only two major social media, retail or casino companies that the Government Accountability Office could identify as using facial recognition technology in a new report.
… Both companies, which were not explicitly named in the report released Thursday, told GAO investigators that neither had any plans to share their facial recognition data with a third-party without user consent.
… Six other unnamed social media companies said they do not employ the technology. The five largest retail stores and the four largest casinos did not mention facial recognition in their privacy policies either. But the GAO said that does not necessarily mean the companies do not employ the technology. The National Retail Federation told investigators that its members' privacy policies are "written broadly enough" to address the technology.
No federal laws explicitly govern the use of facial recognition technology, but the GAO found that the Federal Trade Commission might have some limited power if the technology violated a privacy policy or caused consumers substantial injury. The report also highlighted some laws that could cover the sharing and distribution of data collected.

Good news and bad news for Microsoft?
Microsoft announces 14 million Windows 10 installs since launch

(Related) Is there no one at Microsoft to whom this sounds familiar?
Firefox cubs HATE Microsoft and Windows 10 -- déjà vu!
Firefox head honcho castigates Microsoft chief: Chris Beard, the Mozilla CEO is lambasting his opposite number at Microsoft for Windows 10's inability to remember browser choice settings.
His complaint centers around the user experience upgrading to the new OS. It appears that Satya's crew decided -- in their infinite wisdom -- that all users should have the new Edge browser as their default.

I would not have been surprised if the US had paid France for these carriers. Will China still buy them if their economy is in the tank?
Russia says it's getting a refund for the warships France won't hand over to them
Russia's order of two Mistral helicopter carrier ships has been a constant headache for the French government.
The sale of the ships was agreed in 2010, then put on hold in 2014 when Russian military forces annexed Crimea, which had until then been a part of Ukraine.
… Now Vladimir Kozhin, one of Putin's aides, says that Russia and France have agreed a refund for the ships, according to AP.
Nothing's yet come from the French side to suggest that a refund is coming yet, and no figure has been released.
Hollande confirmed in April that if the ships weren't supplied, there would be some sort of refund.
A month later a report suggested that France could sell the warships to China instead.

At last! Someone needs to tell the French they are not a global power.
Google to defy French 'right to be forgotten' ruling
Last month, the French privacy watchdog, CNIL, ordered the firm to extend people's right to have posts removed from its websites worldwide, including
Google said it "respectfully" disagreed with CNIL's authority to make such an order.
... Google is believed to have processed more than one million requests to remove data since the ruling came into effect. It reviews all requests and refuses those it judges have no merit.
However, those that are deleted are removed on its European websites such as or They are not removed from
The company points out that more than 95% of searches in Europe are made on the firm's local websites.

Google is launching balloons in Sri Lanka, Facebook will have drones. Big ones, from the pictures.
Behind the scenes with Facebook's new solar-powered Internet drone and laser technology

Interesting article. If it works in emerging nations, why is it ignored here?
How Innovation Is Helping Emerging Multinationals to Race Ahead
… Increasingly, companies from developing countries such as Brazil, India, China and Mexico are becoming global leaders and eclipsing familiar brands in the developed world. Take Alibaba, the e-commerce giant from China. It has a market value greater than Yahoo, Netflix, eBay, Yelp, LinkedIn, Twitter and Groupon put together. Alibaba’s cloud service Aliyun is giving Amazon Web Services a run for its money. South Korea’s Samsung is the world’s largest consumer electronics firm, outselling Sony, Panasonic and Philips. Bimbo of Mexico is the largest bakery company; in 2010, Bimbo purchased Sara Lee’s North American bakery business. And on this year’s Forbes Global 2000 list, although the U.S. still claims the maximum spots, the top four are occupied by Chinese banking firms.

Perspective. The “gig economy” seems to pay off.
Uber to plough $1bn into India investment drive
Uber is set to plough $1bn into a major expansion in India, placing its investment in the country on a par with China and signalling an escalation of its rivalry with domestic ride-sharing Ola.
… In June, it was revealed that Uber planned to spend $1bn in China in 2015 to catch up with Didi Kuaidi, the market leader backed by internet groups Alibaba and Tencent. At the time, Uber's Chinese drivers were making close to 1m daily trips, a far higher level than most analysts expected.

Tools for my student researchers.
The Powerful Benefits of Web Annotations for Research & Recall
Taking notes has long been a widely embraced way of improving your retention of information — it’s one of the reasons why we take notes during class and meetings. Not only does the act of taking notes better embed the information in your brain, but reviewing those annotations later can be helpful in a number of ways.

Find something useful here...
Best of the Web - Summer 2015 Update
On Wednesday morning in Mooresville, North Carolina I presented an updated version of my popular best of the web slides. Those slides are embedded below. I try to provide something for everyone in the slides.

I can use this one right now.
Vibby - Break YouTube Videos Into Segments With Commentary
Vibby is a new service for breaking YouTube videos into segments and inserting comments into those segments. To segment a YouTube video on Vibby simply grab the URL for the video and paste into the Vibby editor. Once inserted into Vibby you can highlight a segment on the video timeline. Vibby then play only the sections you've highlighted. Click on a highlighted section to add a comment to it. Videos edited through Vibby can be shared via email, social media, or embedded into a blog or website.
Vibby could be a good tool to use when you want to share with your students just a few pieces of a larger video. Using the comments in highlighted sections could be a good way to call attention to important parts of a video or to add further explanation to a section.

Thursday, July 30, 2015

What is the FBI really telling us? Should we assume they have all the other social networks covered? They need more money for Social Network Analysts? People who make good analysts would rather work for Twitter?
Exclusive: FBI Says Twitter Needs to Do More to Combat Terrorism
Twitter isn’t doing enough to stop ISIS and other terrorists, FBI officials in Washington, D.C. tell FOX Business. Twitter “needs to do more in setting up teams to troll, monitor and review all terrorist-related tweets and content. It needs to build up its budget for these teams and let these teams grow even bigger,” an FBI official tells FBN.
... “Authorities can request the info” on terrorist activity a Twitter spokesman tells FBN, but adds, “Like all of our technology industry peers, we do not proactively monitor content."
Yesterday, Democrat presidential hopeful Hillary Clinton said ISIS should be banned from Twitter and the Internet. "We have got to shut down their internet presence, which is posing the principal threat to us," the former U.S. secretary of state said.
… FBI Director James Comey testified before Senate Intelligence on July 8 that social media concerns do voluntarily report to law enforcement when they catch terrorist activity. "I do find in practice they are pretty good about telling us what they see," the director had said. But there is a sentiment inside the FBI that Twitter could do more.

(Related) Perspective. (Digest Item #1)
Facebook Is Still Growing
Facebook is continuing to grow at an astonishing rate, with 1.49 billion people now using the site on a monthly basis. This figure, correct up to June 30th, represents a 13 percent year-on-year increase in the number of users during the second quarter of 2015.
As BBC News points out, with around 3 billion people estimated to be online, Facebook is used by half of the whole population of the Internet. Which is no mean feat. More impressive still is that fact that almost 1 billion of those people use Facebook every single day.
There have been several times when it seemed an implosion was imminent at Facebook, with people angry at changes being made and searching for a viable alternative. But no such alternative has ever arrived. Sure, Google+ has its fans, but Ello utterly failed to impress.
The result is that Facebook continues to go from strength to strength, adding users and growing revenues. At this point in time I’m not sure the Facebook juggernaut can be stopped, so perhaps the 1.5 billion holdouts should just succumb to its lure.

Legally right, tactically very very wrong.
Peter Howe reports:
Embattled New England Patriots quarterback Tom Brady has undoubtedly created a public relations disaster for himself with new reports that he had the smartphone he was using during the “Deflategate” saga destroyed, apparently hours before he was called before Deflategate investigator Ted Wells.
But as a member of a powerful labor union using a personal phone, not one issued by his employer, Brady appeared to be on solid ground legally tossing the “broken Samsung.”
Read more on NECN.

For all my students!
How to Encrypt and Set a SIM Card Lock on Any Mobile Device
Encrypting your data is (in most cases) so simple that not bothering is more or less an open invitation to thieves and scammers to steal your data and profit from it.

For my Ethical Hacking students.
Learn ethical hacking and session hijacking on Pluralsight

Does Colorado's “Make my day” law apply? (Can I use my heat seeking missile armed “Interceptor” drone?)
Cyrus Farivar reports:
The way William Merideth sees it, it’s pretty clear-cut: a drone flying over his backyard was a well-defined invasion of privacy, analogous to a physical trespassing.
Not knowing who owned it, the Kentucky man took out his shotgun and fired three blasts of Number 8 birdshot to take the drone out.
The Kentuckian was arrested Sunday evening in Hillview, Kentucky, just south of Louisville and charged with criminal mischief and wanton endangerment.
Read more on Ars Technica.

The geography of the Internet.
Yesterday, I had the pleasure of attending a luncheon honoring winners for best of the 2014-2015 Call for Papers by the Southeastern Association of Law Schools (SEALS) at its annual conference. It featured Just Security‘s own Jen Daskal for her excellent paper, The Un-Territoriality of Data, which is forthcoming in the Yale Law Journal.
… A link to Jen’s article can be found here.

Perspective. Health is expensive. This system may be cheap, late and ultimately useless.
Pentagon Awards $4.3 Billion Contract to Modernize Health Records
The Pentagon on Wednesday awarded a $4.3 billion contract to modernize its health-records system to a team led by Leidos Holdings Inc. and Cerner Corp. the biggest federal information-technology project since the troubled rollout of the insurance exchange in 2013.
The highly coveted project is expected to take seven years to transfer records of 9.6 million military personnel from a fragmented patchwork that still includes paper files to a single electronic system.
The contract has attracted controversy because of the … Pentagon’s reliance on a proprietary supplier of health records to private hospitals rather than an Internet-based system that can be upgraded more regularly.
… “This is really not an IT project, it’s a business transformation project,” Dave Bowen, chief information officer for the Pentagon’s Military Health System said in an interview earlier this year.
… Health care accounts for around 10% of the Pentagon’s total budget compared with 6% in 2000, and costs have more than doubled over that period, according to the Congressional Budget Office.
… “The business rationale that the Pentagon is using probably will produce sub-standard results,” said Loren Thompson at the Lexington Institute, a think tank part-funded by big defense companies.

Perspective. Will this spread to other industries?
Lufthansa CFO believes other airlines will follow with GDS charge
Lufthansa believes other airlines will follow its strategy of imposing a fee on bookings made via third-party sites, part of plans to try to direct more customers to its own website and offer them tailor-made tickets, it said on Thursday.
Lufthansa will impose a 16 euro surcharge on bookings made using global distribution systems (GDS) from Sept 1. It is seen as a risky move, given that the German airline sells around 70 percent of its tickets via third party channels using GDSs from providers such as Amadeus, Travelport and Sabre.

You might want one of these (kept in the original package) for your grandchildren. I suspect they will be replaced very quickly by a generic version that knows where you are by talking to things on the Internet of Things, and replacing this hardware with software. But first, you might see them come in the package like a prize in Cracker Jack.
Amazon starts selling quick-buy Dash Buttons for $5 each
Amazon's Dash Buttons, interesting little devices that allows you to easily order household items by simply pressing a button, are now available to Amazon Prime members for just $4.99 each.
When Amazon first announced the Dash Buttons on March 31 this year, many suspected the strange product was an April Fools' Day gag. However that's clearly not the case, with Dash Buttons expected to reach the doorsteps of Prime Members who buy them by July 31st.
There are currently 18 Dash Buttons available, most of which cover cleaning product brands such as Tide, Glad, Cottonelle and Bounty, although you can get Buttons that quickly send you more Kraft Macaroni and Cheese, Gatorade, or Gillette razors.

Trust your politicians?
Here's Our Tally of Donald Trump's Wealth
… The celebrity presidential candidate says he’s worth more than $10 billion.
… Last month, Trump released a summary of his net worth as of June 30, 2014, which calculated his fortune at $8.7 billion, including $3.3 billion for the value of his name.
… Based on an analysis that included the candidate's 92-page personal financial disclosure form, his wealth is closer to $2.9 billion.

(Related) Should you trust the local sports team?
No, every person on Earth did not read about the 2014 Redskins training camp
… With the help of third-party media monitoring services Meltwater and TVEyes, the team put out a fancy 13-page report on its findings. That report determined, among other things, that there were “7,845,460,401 unique visitors of print/online coverage of the 2014 Bon Secours Washington Redskins Training Camp from July 24-Aug. 12.”
That’s a big number. To put it in perspective, that’s considerably more than the population of Earth, which the Census Bureau estimates at 7.26 billion.

For my Computer Science students. Note that neither the CIA nor the NSA are mentioned. Why is the FBI separate from DHS?
Obama's New Executive Order Says the US Must Build an Exascale Supercomputer
President Obama has established a new initiative across multiple government agencies that will focus entirely on creating the fastest supercomputers ever devised. The National Strategic Computing Initiative will attempt to build the first ever exascale computer, which would be more than 30 times faster than today's fastest supercomputer, according to an executive order issued Wednesday.
The initiative will primarily be a partnership between the Department of Energy, Department of Defense, and National Science Foundation, which will be designing supercomputers primarily for use by NASA, the FBI, the National Institutes of Health, the Department of Homeland Security, and NOAA. Each of those agencies will be allowed to provide input during the early stages of the development of these new computers.

For my International students (and me)
See the world in your language with Google Translate
by Sabrina I. Pacifici on Jul 29, 2015
Google Blog: “The Google Translate app already lets you instantly visually translate printed text in seven languages. Just open the app, click on the camera, and point it at the text you need to translate—a street sign, ingredient list, instruction manual, dials on a washing machine. [Class assignments Bob] You’ll see the text transform live on your screen into the other language. No Internet connection or cell phone data needed. Today, we’re updating the Google Translate app again—expanding instant visual translation to 20 more languages (for a total of 27!), and making real-time voice translations a lot faster and smoother—so even more people can experience the world in their language.”

Because I missed the live versions.
Three Webinar Recordings - Blogger, Google Drive, and YouTube
Last week I presented three webinars on behalf of Simple K12. If you couldn't attend the live sessions, you can now access the recordings through Simple K12.
Click the links below to access the webinar recordings and hand-outs.

Short notice. Sorry. I think this is free.
VACCINE Webinar Focuses on Decision-Making and Counter Terrorism
“The most significant aspect of terrorism that we’ll see evolve in the coming years is ideological based terrorism … Once you identify the ideology, you can then identify the causes, the roots, the underpinnings of that ideology – and that is going to determine the counter terrorism measures to utilize,” stated Dr. James Hess, Faculty Director & Associate Professor of Intelligence & Terrorism Studies at American Military University (AMU).
Dr. Hess is co-presenting the upcoming VACCINE Center series of counter terrorism-based webinars, co-sponsored by Purdue University and AMU.
Established in July 2009 in partnership with Purdue University, VACCINE is the Department of Homeland Security’s (DHS) Center of Excellence in Visual and Data Analytics. Its mission focuses on creating methods, tools, and applications to analyze and manage vast amounts of information for all mission-critical areas of homeland security in the most efficient manner.
The first webinar, “Decision-Making and Counter Terrorism: How the Visual Analytics of Data Can Help Save Lives” is scheduled for July 31, 2015.
Anyone interested in registering for the first seminar, may still do so by clicking here.

You were warned!
Angry Birds 2 Now Available for Android and iOS

Wednesday, July 29, 2015

For my Computer Security students. Know the enemy!
Symantec has released a paper on a Chinese cyberespionage group that they call “Black Vine.” I’m not sure how the Chinese would feel about that name, but in any event, Symantec writes:
In early 2014, Anthem was a victim of an attack that exposed 80 million patient records. The breach, which came to light in February 2015, is believed to be the work of a well- resourced cyberespionage group which Symantec calls Black Vine.
Anthem wasn’t Black Vine’s only target. Black Vine has been actively conducting its campaigns since 2012 and has been targeting several industries, including aerospace, energy, and healthcare. The group has access to zero-day exploits distributed through the Elderwood framework and has used these exploits as the same time that other advanced attack groups have, such as Hidden Lynx.
Black Vine typically conducts watering-hole attacks against websites that are relevant to its targets’ interests and uses zero-day exploits to compromise computers. If the exploits succeed, then they drop variants of Black Vine’s custom-developed malware: Hurix and Sakurel (both detected as Trojan.Sakurel), and Mivast (detected as Backdoor.Mivast). These threats open a back door on the compromised computers and allow the attackers to steal valuable information.
Based on our own analysis of the campaigns, along with support from open-source data, Symantec believes that some actors of Black Vine may be associated with an IT security organization based in Beijing called Topsec.
You can read their full report here (pdf).

(Related) Remember, we're officially pretending that China did not hack OPM. Be sure to keep our stories straight or Big Brother will be angry.
Michael Riley and Jordan Robertson report:
The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time — United Airlines.
United, the world’s second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists — including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem Inc.
Read more on Bloomberg.

Russians can hack too. This is quite clever.
Jeremy Kirk reports:
A group of suspected Russian hackers are using Twitter in a clever way to mask their data-stealing malware, according to computer security firm FireEye.
Hackers have long used social networking services for relaying commands to their malware. But FireEye says this group — which it calls APT 29 — has taken it to a new level that makes it very hard for companies to figure out if they’ve been hacked.
FireEye analysts found the malware, nicknamed Hammertoss, on one of its client’s networks earlier this year. APT 29 has taken several steps to try to mask its communication with Hammertoss to avoid detection, according to a new report.
Read more on PC Advisor.
[From the article:
Hammertoss has an algorithm that generates new Twitter handles every day. If APT 29's hackers want to communicate with Hammertoss, they register the Twitter account that the malware will try to contact that day.
The hackers are effectively using Twitter as a command-and-control server. Many companies are unlikely to block outbound connections to Twitter, and successful connections are unlikely to be viewed as malicious.
"When they see Twitter traffic, it's less suspicious," said Steve Ledzian, systems engineering director for FireEye in Asia.
The hackers post instructions for Hammertoss in a tweet. The tweet contains a URL and a hashtag. The URL leads to an image on another server that contains encrypted data using stenography, a method for concealing hidden data in an image or file.

This could be a significant breach, but the victim can't tell how significant.
Alex Boutilier reports:
Canadian government and law enforcement officials are scrambling to figure out how Anonymous got their hands on what the hacker collective calls cabinet-level secrets.
On Monday, individuals associated with (sic) released to the media the first in what they call a series of sensitive government documents.
They will continue to release documents until the RCMP officers who shot dead an Anonymous protester in Dawson’s Creek, B.C., are arrested, they said in a video.
Read more on The Toronto Star.

Now you can be whoever you want to be.
Facebook loses battle over users' fake names in Germany
Facebook has been prevented from stopping users in Germany creating accounts under false names.
The Hamburg data protection authority said the social network could not change people's chosen usernames or ask them to provide any official ID.
The ruling came after Facebook blocked an account set up by a woman using a pseudonym and changed it to her name.
Facebook said it was disappointed with the ruling, which German courts had previously said met European law.
"The use of authentic names on Facebook protects people's privacy and safety by ensuring people know who they're sharing and connecting with," the company said.
The company's real-name policy has been the subject of recent protests outside its headquarters in California from demonstrators, including drag queens, Native Americans and domestic violence victims who believe anonymity is crucial to their personal safety.

Here is how “We gotta do something!” could get you in trouble. Are you assuming responsibility for identifying potential violence by monitoring ALL social media used by your students? Do you know what social media your students prefer? Do you know which students post anonymously? Do you know what you are letting yourself in for?
we need to be able to know if it is credible” I agree. Good luck with that. Better have a few trained forensic psychologists on staff.
Oh, FFS. Seriously.
Amanda Ober reports:
Controversy surrounds the school district’s decision to monitor students’ and teachers’ social media posts.
Orange County Public Schools has started monitoring students’ and teachers’ social media posts with a new software program called “Snaptrends.” It allows the school district to search thousands of posts on sites like Twitter and Instagram to hunt for keywords that might indicate trouble. School officials said the goal is to flag potential dangers, including cyberbullying, suicide and crime.
“If they are sitting in a classroom and they are tweeting because they are mad at their teacher or their girlfriend for whatever reason, and there are some threatening words there, we need to be able to know if it is credible,” said Joie Cadle of the Orange County School Board.
Why are they even tweeting in school? And what rights do they have in the privacy of their own home if they want to vent about a teacher? I hope the kids are smart enough to mark their posts private and not public or protect their Twitter accounts and only allow people they know to follow them.
And how do the employees feel about having their social media posts made from home monitored by their employee?
[The software they use:
[Their Social Media Content Privacy Policy:

Things that your lawyer probably advised you not to do (wink wink) When they have you in the cross-hairs, don't do anything to convince them they are right.
Goodell rips Brady for destroying cellphone, beats Pats star to federal court
NFL Commissioner Roger Goodell escalated his war with league golden boy Tom Brady by taking the fight straight to federal court after upholding the 
Patriots quarterback’s four-game “Deflategate” suspension in a bombshell decision.
Goodell, in his 20-page ruling, also slammed this year’s Super Bowl MVP with new allegations of destroying his cellphone and erasing thousands of text messages.
Brady had been expected to appeal any penalties upheld by the NFL, but Goodell beat him to the punch, asking a New York federal court to back his decision.
… In confirming Brady’s four-game ban, Goodell revealed that the quarterback destroyed his cellphone — and the nearly 10,000 text messages it contained — on or about March 6, the same day he met with Ted Wells, the NFL-hired investigator. Brady’s representatives sent a letter to the league after his appeal hearing stating that his cellphone carrier [clearly Patriot fans Bob] told them “the text messages sent from or received from the destroyed 
cellphone could no longer be 
Brady testified that it is “his practice” to destroy his cellphone and SIM cards when he gets a new one. But Goodell questioned why Brady chose to do it despite knowing 
NFL investigators were looking for that information.

Shucks, that's just out of shotgun range. Maybe armed drones?
Amazon Proposes Drone Highway As It Readies For Flying Package Delivery
… During a conference at NASA’s Ames Research Center in Mountain View, Calif., Gur Kimchi, vice president of Amazon Prime Air, laid out the online retailer’s vision for how unmanned aerial vehicles (UAVs) would be able to fly while avoiding planes, buildings and other obstacles. Kimchi’s first public address as head of Amazon’s drone program introduced a broad operating framework for the developing drone industry, which he compared to the early days of the internet in an interview with FORBES before his speech.
… Because of this, Amazon suggested certain standards, centered on the segregation of airspace below 500 feet where drones would follow set rules for flying. In this space, drones would be connected to online networks and would directly communicate with each other, allowing for the automated control of flights in real time.
… In its proposal, Amazon suggested that drones fly between the ground and 400 feet, with the airspace between 400 and 500 feet of altitude and around airports designated as no-fly zones. Areas below 200 feet would be reserved for so-called “low speed localized traffic” where UAVs could be used to map agriculture fields, scan bridges or shoot videos. Potentially, that could also be the airspace where drones would be completing the final stages of their deliveries, landing near homes to drop off packages.
The areas between 200 and 400 feet would be reserved for a sort of drone highway. UAVs in this 200-foot range would likely be traveling autonomously at high-speeds and out of the line-of-sight of any operator.

For my Smartphone toting students (that's most of them) Some of these are free!
18 Best App Makers
Want to build an app for your business? Creating an app doesn't have to be rocket science. These days, anyone can make a professionally designed, fully functioning app — no tech skills necessary. Hiring an experienced app developer can set you back tens or even hundreds of thousands of dollars, an expense that simply isn't justifiable or feasible for most small companies. Instead, here are some of the best and most cost-effective DIY app makers for small business.

I prefer composing an old fashioned email. If I could tell (some of) my students what I think of their work without some time to cool off, I'd never make teacher of the year.
Google Now allows dictating messages on WhatsApp, Viber, WeChat
… The Google Now will be able to send messages using WhatsApp, Viber, WeChat, Telegram and NextPlus in English at launch, though Google plans to add more support for apps and languages in the future.
The users have to specify which app to use by saying 'OK, Google, send a WhatsApp message to ABC' and it will make and send the message through the proper service.

Why it's right good to write good.
Improve Your Writing to Improve Your Credibility

For all my students. Defend yourself. No one else seems to want to.
In reading news yesterday morning, I stumbled across a question posted on StackExchange:
I found my user details on already old, leaked account information list
I came across an old (>3 years) accounts information list which has been leaked to the web. The list included thousands (>10.000) of account details from a service or services. Apparently the event was a small-scale news item back in the days, so there’s not too much to do now, even if the one page I found would be removed from the web right now.
The query continues, but my immediate reaction was:
Why wasn’t this individual notified of the leak by the entity whose data were leaked?
Yes, we know that there are many leaks like this on a daily basis, and this refers to an incident a while back, it seems, but how many people may still be at risk over old leaks because they were never notified that their email addresses and weakly protected passwords were hacked and dumped? How many of us no longer even remember where we had accounts and where we may have used or re-used certain passwords?
At the very least, people should change their passwords on all current accounts to use stronger passwords or passphrases that are not re-used across sites. Now you, as a savvy reader of this site, know that already, but what about the general public?
And we really need stronger data breach notification laws. Even though we should be diligent in trying to protect ourselves, those who collect and store our information should be obliged to notify us when they have suffered a security failure that exposes our information. It really is as simple as that, and don’t let the business lobby spin it or try to convince you that breach notification fatigue will set in. Yes, maybe people will get tired of getting breach notification letters, but I think we need to let people decide whether to act on a notification or not, and not deprive them of the opportunity to make that decision for themselves.

It's free and probably worth it!