Saturday, August 08, 2015

Indistinguishable from the FBI's backdoor, except they claim to have a fix for this one.
According to the researchers at security firm Check Point, “Hundreds of millions of Android smartphones may be at risk from a security flaw that allows hackers to hijack a handset without a victim’s knowledge. Devices made by Samsung, HTC, LG and ZTE, including those running the latest version of Android, are potentially vulnerable. Check point has dubbed the flaw “Certifi-gate.”
The company said that software installed on smartphones by the manufacturers, which cannot be disabled by users, could be exploited by malicious apps, giving them privileged access to the device.
This means hackers could steal contact information and other personal data, track a user’s location, and remotely activate the smartphone’s microphone without the user’s knowledge. Gabi Reish, Check Point’s vice president of product management stated that “it would make it a remote spying device.”
Read more on Patently Apple.

An update to one my IT Governance students analyzed.
Investopedia reports:
Warehouse membership club Costco says it needs more time to secure its photo processing website.
Third-party photo service provider PNI Digital Media was hacked last month, causing retailers Costco, CVS Health, and Wal-Mart to take down their respective photo processing websites and post cautionary notes in their place.
Costco had notified its customers at the time that it was “diligently working to determine when we can reenable the site, but in all likelihood, that will not occur until early August.” It updated that notice the other day to essentially say, on second thought, give us another week or so.
Read more on Investopedia.

Might be a memorable (or horrible) way to introduce privacy issues and the reference to the Streisand Effect.
Lenny Kravitz, meet Barbra Streisand.
Uproxx reports:
Hope everyone got a good look, because Lenny Kravitz has had just about enough of your gawking.
When the rocker’s “axe” first surfaced on the internet after its surprise cameo at a festival in Stockholm, Sweden, it was all laughs. Even Lenny himself took a lighthearted approach to the potentially embarrassing situation, taking to Twitter and posting a screenshot of a conversation between himself and Steven Tyler of Aerosmith. He even coined the event #PenisGate. But those mirthful laughs and giggles at a potentially humiliating moment are over. The “Where Are We Running” singer is considering legal action about having the dick pics taken down off the internet.
According to Metro (via NME), Lenny’s legal representatives are now threatening publishers with lawsuits, saying the photos breach their “clients’ copyright, human rights, right-of-publicity and performer’s rights.”
Read more on Uproxx.

When you unpack new things you often need to remove the cosmoline.
Windows 10 defaults to keylogging, harvesting browser history, purchases, and covert listening
By default, Microsoft gets to see your location, keystrokes and browser history -- and listen to your microphone, and some of that stuff is shared with "trusted [by Microsoft, not by you] partners."
You can turn this all off, of course, by digging through screen after screen of "privacy" dashboards

“I Don’t Want to Belong to Any Club That Will Accept Me as a Member” Groucho Marx Even if it helps you get a loan?
Facebook patents technology to help lenders discriminate against borrowers based on social connections
Facebook has been granted an updated patent from the U.S. Patent office on a technology that can help lenders discriminate against certain borrowers based on the borrower’s social network connections.
… Here’s the last use case Facebook describes in the patent:
In a fourth embodiment of the invention, the service provider is a lender. When an individual applies for a loan, the lender examines the credit ratings of members of the individual’s social network who are connected to the individual through authorized nodes. If the average credit rating of these members is at least a minimum credit score, the lender continues to process the loan application. Otherwise, the loan application is rejected.

Soon, everyone will have these embedded at birth. Another benefit of Windows 10?
All NFL Players Are Getting RFID Chips This Season
… Last year, the NFL tested out Zebra Technologies MotionWorks RFID system in 18 stadiums to track vector data: A player’s speed, distance, and direction traveled during each game in real-time. This season, that wireless tracking technology will be embedded in every NFL player’s shoulder pads, and viewers at home can see all that data come to life in the redesigned NFL 2015 app for Xbox One and Windows 10.
Within the app, there’s a feature called Next Gen Stats that turns each player into an digital avatar for a “Next Gen Replay.” In coordination with a highlight clip posted shortly after it occurs live on the field, Next Gen Replay displays every player’s speed at each moment of a play, lets you toggle between players, and keeps track of the actual yardage a running back has run in a play or in a game.
… The new app will be available in late August, just in time for week three of the preseason. The NFL app and the Next Gen Stats features are free to everyone.

Curious. (Digest Item #2)
iTunes Is Illegal In the UK
Using iTunes is now illegal in the UK, with the current copyright laws turning almost everyone into a criminal. Copying copyrighted content for personal use was actually illegal in the UK until 2014, when the government legalized an activity already undertaken by most people.
Unfortunately, several organizations looking after the welfare of musicians — including the Musicians’ Union and UK Music — weren’t happy with the change in the law, and applied for a judicial review. They got it, and the changes to the law have now been overturned.
This means that copying the music from a CD you have bought onto an MP3 player is now illegal. Which is a feature built into iTunes, Windows Media Player, and countless other pieces of software. All of which are now, by the letter of the law, assisting people in criminal behavior.
A government spokesperson told TorrentFreak, “It is now unlawful to make private copies of copyright works you own, without permission from the copyright holder – this includes format shifting from one medium to another.” So perhaps we should bombard music labels with such requests until they join us in the 21st century.

Really confusing. Isn't any link to your site a desirable thing? How does any of this stuff work? Runs Into Turbulence With Retailers
Dozens of the nation’s largest retailers including Macy’s Inc., Inc., and Home Depot Inc. have quickly moved to disassociate themselves from new discount retail website
The retailers complained to Jet after discovering it had placed links to their sites without permission, promising its own members cash back for making purchases after clicking the links. [I have no idea how that would work. Bob]
… Companies with multiple brands whose links have been withdrawn from Jet include heavyweights Wal-Mart Stores Inc., Gap Inc., Walgreens, Williams-Sonoma Inc. and L’Oréal SA. “If someone is using our brand without our permission, there are a multitude of concerns, and we’re not going to allow it,” said a Home Depot spokesman, who added that Jet was cooperative in removing his company’s logo after being asked to do so.
Liza Landsman, Jet’s chief customer officer, said some of the merchants requesting their brands be removed were unhappy because they view Jet as a competitor, while others insisted Jet negotiate a deal with them first. Another group of merchants was unaware but was happy for Jet to direct traffic to them, she said.
… For example, Jet promises 30% cash back to its members when they buy products on Nike Inc.’s site after clicking its affiliate link, an offer that would cover the cost of Jet’s $50 a year membership if consumers bought one high-price pair of shoes.

I'm addicted.
Hack Education Weekly News
… The ACLU has filed a lawsuit in Kentucky, highlighting the use of restraints in school and releasing a video of an 8 year old boy crying as a school police office handcuffs his arms behind his back. The ACLU claims that the schools’ practice of shackling students (this boy and a girl, age 9) violated the ADA. More via The Guardian and the AP. [And we wonder why students hate school? Bob]
Via CBS Detroit: “A teenager who was locked up for nearly 40 days in a dispute over a snowball has filed a lawsuit against the Detroit school district after a judge dismissed the criminal case.”
… “One day before a district court ruling was to go into effect that would force the NCAA to allow colleges to pay student-athletes $5,000 per year, the 9th U.S. Circuit Court of Appeals has placed a stay on that order,” says NPR.
… Two school districts are adopting bodycams, THE Journal reports.
… A study of 10,000 by TNTP “found that professional development – the teacher workshops and training that cost taxpayers billions of dollars each year – is largely a waste.”

For my students who don't read?
Add a Text to Speech Function to Your Browser
Announcify is a free text to speech application that is available as a Chrome browser extension. With Announcify installed in your browser any time you're viewing a webpage you can simply click on the Announcify icon in your browser and have the text of the page read to you. A bonus aspect of using Announcify is that in order to make a webpage easier to read it enlarges the text of the webpage and removes all sidebar content. In the video embedded below I provide a short demonstration of Announcify in action.

Not something I'll share at student orientation.

Friday, August 07, 2015

Very “Mission: Impossible.” Let them tell everyone there is nothing to worry about. The cost of failing to keep control of your data.
CBC News reports:
Eastern Health says it’s found the missing USB flash drive containing thousands of employees’ personal information — it was in a file folder in the Human Resources department the whole time.
The health authority reported a privacy breach June 19 when a drive containing sensitive information of 9,000 employees went missing.
Read more on CBC News.
Look what it cost them, though, until they found it.
[From the article:
According to Eastern Health, an employee found the drive while she was doing some office tidying.
… Molloy said they are not really sure how the drive got into that location and that they are still investigating employees' actions.
… Eastern Health president David Diamond said they spent several days tearing apart their offices looking for the missing USB stick, which contained social insurance numbers, names, and employee numbers.
Eastern Health tasked 30 workers full-time to notify all the impacted employees of the breach. The extra labour, among other expenses, cost Eastern Health more than $100,000.
… As a result of the incident, Diamond said that Eastern Health is strengthening its regulations around employee privacy. Social insurance numbers won't be used as an employee identifier, and any employee requesting information will first have to answer a number of security questions.
Eastern Health said it is developing a more strict USB and portable media devices policy, and has plans to upgrade its anti-virus platform so that USB drives will be automatically encrypted.

ABC? (Anyone but China?) Now it has some aspects of “sophisticated.”
Report: Russia Responsible For Massive Cyberattack On Pentagon’s Joint Staff Email System
It looks as though the U.S. Government just can’t catch a break when it comes to cybersecurity issues. If it isn’t China that’s breaching the Office of Personal Management (OPM), accessing the personnel files of 21.5 million people, then the U.S. has to keep an eye for hackers originating from Russia.
The latter is pegged as the source for the recent cyberattack on the Pentagon’s Joint Staff email system. If there’s any silver lining to today’s news, it’s that the email system contained “unclassified” information. The cyberattack, which occurred on July 25, affected around 4,000 military personnel that work for the Chairman of the Joint Chiefs. The email system has been offline since the breach was first detected, but is expected to come back online by Friday of this week.
NBC News is reporting that the "sophisticated cyber intrusion” relied on an “automated system that rapidly gathered massive amounts of data and within a minute distributed all the information to thousands of accounts on the Internet” and that Russian hackers staged their attack through “encrypted accounts on social media.” [I think that's new... Bob]
Government officials familiar with the breach added that "It was clearly the work of a state actor.” At this time, it is unclear whether hackers operating within Russia took it upon themselves to attack the unclassified email system or if the Russian government had a part in putting its fingers in the Pentagon’s back pocket.

Right out of the “Guide for Hacking Professionals” – the one I'm going to write. You have to pull everything until you can find the “indicators of value” then you know which files are valuable and which are just filler. Reducing the volume you take reduces the chance someone will notice.
Emissary Panda Hackers Get Selective in Data Heists
Previously, the group, known as Emissary Panda as well as Threat Group 3390, used to exfiltrate all the information found on a compromised network. Recently, the group has moved away from the smash-and-grab tactics and adopted a strategy where it compiles a list of all the files and components stored on the network and then picks and chooses which ones to grab, Andrew White, senior security researcher at Dell SecureWorks told SecurityWeek.
The fact that there is some kind of a selection process going on indicates the group is not just out for financial gain.

Another OPM update. Sorta.
OPM Wins Pwnie for Most Epic Fail at Black Hat Awards Show
... One of the many categories at the Pwnie Awards is for the Most Epic Fail, with this year's nominees including the Ashley Madison and U.S. Office of Personnel Management (OPM) hacks. OPM came away with this year's Most Epic Fail award, as the hack of its systems resulted in 25.7 million Americans being at risk. OPM first admitted it was hacked on June 4, and over the course of the following weeks the true extent of the breach, and OPM's mismanagement, became known.

Only seven?
7 Reasons Why The Internet of Things Should Scare You
It was only a couple of years ago that we – the public- started to understand the term Internet of Things (IoT). Until then, we’d never entertained the idea that our bathroom tap might want to have a chat with the dishwasher.
Our naiveté in these matters promised us many great things. It’s also promising many great dangers.
… It won’t be long until your trousers are horrified by your weight gain. In turn, they’ll conspire against you. They’ll have the TV showing contextual ads about new fad diets. The touch-screen on the fridge will be selling you low-fat yogurt. Your watch will be telling you to pay for a new fitness app. Google could even have your NEST thermostat, with its many uses, telling you the weight-loss benefits of having the heat turned up.

The government is “asking,” but what are they “offering?” Those of us who teach Computer Security would love to swap information and ideas with the front line techies – what we get is bureaucrats.
Homeland official asks Black Hat crowd to build trust
… Alejandro Mayorkas, deputy secretary of the Department of Homeland Security, says he recognizes that a trust deficit exists between the government and those who deal with data security, but says that needs to change.
… But several people in the crowd of hackers and information security professionals expressed concern that any information about cyber threats shared with the government could be used against them.

Gosh, now there will be a tremendous demand for a law professor with a PhD in Economics. I only know of one. Does this mean he can demand a fantastic consulting fee?
A new paper, available on SSRN, from Ryan Calo:
Calo, Ryan, Privacy and Markets: A Love Story (August 6, 2015). Available at SSRN:
Law and economics tends to be skeptical of privacy, finding privacy overrated, inefficient, and perhaps even immoral. Law should not protect privacy because privacy inhibits the market by allowing people to hide useful information.
Privacy law scholars tend to be skeptical of markets. Markets “unravel” privacy by penalizing consumers who prefer it, degrade privacy by treating it as just another commodity to be traded, and otherwise interfere with the values or processes that privacy exists to preserve.
This mutual and longstanding hostility obscures the significant degree to which privacy and markets assume and reply upon one another in order to achieve their respective ends.
For example, in a world without privacy, traditional market criteria such as price and quality can be overwhelmed by salient but extraneous information such as personal belief. Meanwhile, imagine how much a government must know about its citizens to reject markets and distribute resources according to the maxim “from each according to his ability, to each according to his need.”
Conceiving of privacy and markets as sympathetic helps justify or explain certain legal puzzles, such as why the Federal Trade Commission—an agency devoted to free and open markets and replete with economists—has emerged as the de facto privacy authority in the United States. The account also helps build a normative case for political and other laws that enforce a separation between market and other information.

'cause the Internet is so friendly...
Pew Report – Teens, Technology and Friendships
by Sabrina I. Pacifici on Aug 6, 2015
Teens, Technology and Friendships – Video games, social media and mobile phones play an integral role in how teens meet and interact with friends: “For American teens, making friends isn’t just confined to the school yard, playing field or neighborhood – many are making new friends online. Fully 57% of teens ages 13 to 17 have made a new friend online, with 29% of teens indicating that they have made more than five new friends in online venues. Most of these friendships stay in the digital space; only 20% of all teens have met an online friend in person.”

Worth trying?
Privacy Badger 1.0 Blocks the Sneakiest Kinds of Online Tracking
The Electronic Frontier Foundation (EFF) today released Privacy Badger 1.0, a browser extension that blocks some of the sneakiest trackers that try to spy on your Web browsing habits.
… The new Privacy Badger 1.0 includes blocking of certain kinds of super-cookies and browser fingerprinting—the latest ways that some parts of the online tracking industry try to follow Internet users from site to site.
… Privacy Badger 1.0 works in tandem with the new Do Not Track (DNT) policy, announced earlier this week by EFF and a coalition of Internet companies. Users can set the DNT flag—in their browser settings or by installing Privacy Badger—to signal that they want to opt-out of online tracking. Privacy Badger won’t block third-party services that promise to honor all DNT requests.
… To download Privacy Badger 1.0:

Who needs this App? Are there Martians among us?
Use Your Smartphone to Identify Anything With CamFind
How would you like to walk up to any object at all — no matter how foreign or unusual — snap a picture of it, and have your phone tell you what that object is? Well, there’s now an app for iOS and Android that lets you do that, and it’s called CamFind.

Perspective. Not much I can say without punning.
Pornhub launches an all-you-can-watch subscription service for $9.99 a month
On Thursday Pornhub launched “Pornhub Premium,” which will supply unlimited viewing of select adult titles in high definition and without ads for $9.99 a month. The business model echoes Netflix's, and Corey Price, Pornhub's vice president, said in the company's press release that the brand wants to become the “Netflix of Porn.”

Perspective. A measure of the economy or a measure of greed?
How much for a Super Bowl spot in 2016? Maybe $5M

This could be useful – and the contest might be amusing. I might video my student's short presentation, then annotate it to help them improve. “Here is where you start talking gibberish!”
Highlight Debates or Analyze Presentations Through Vibby
One of last week's most popular posts was about a new video highlighting tool called Vibby. Vibby allows you to highlight and comment on sections of YouTube videos. You can even break the videos to play only the sections that you highlight in the video's timeline. An email that I received today from Vibby gave me a good idea about how to use the service to help students analyze debates and presentations.
Vibby is running a contest called Highlight the GOP Debate. In the contest they're asking people to highlight outrageous moments, exaggerated truths, and fluffy or meaningless statements. The contest is open to anyone who is a registered Vibby user.
Applications for Education
Reading about Vibby's Highlight the GOP Debate contest made me think about using Vibby to help students identify and understand key points in debates and presentations. You could ask students to watch videos and identify people who make consistent eye contact, who pace their presentations well, or any other characteristic that you want them to emulate when they deliver their own presentations. You could also have students use Vibby to identify and highlight examples of people using logical fallacies in debates, identify forms of advertising and manipulation, or highlight the best arguments made in a presentation.

A background article for my IT Governance students.
Things You Should Know About Redundancy and Backups
What if a software error corrupts a vital file on your computer? What if your office catches fire, taking your servers with it?
What if you suffer a catastrophic hardware failure and lose all your data? What if your ISP has technical issues, and you lose Internet access for a few days?
It’s safe to say that these are all uncommon, extremely undesirable outcomes. But it’s important to prepare for any possible eventuality, no matter how unlikely, so that service doesn’t get disrupted.
The way we do that is with something called ‘redundancy’.

Freebies for me and my students.
Attention students and teachers: Check if you can get Office 365 for free now
… Now, any qualified student or faculty member can get a free Office 365 Education plan, which gives you unfettered access to Word, Excel and Powerpoint

Thursday, August 06, 2015

I can't find any details that confirm this as “sophisticated,” but every computer security manager would like to believe they did not fall victim to a well known and easily countered threat. If this was a simple spearfishing attack, the real effort might be to find everyone who clicked on the malware link and clean their computers to keep from re-infecting.
On July 28, CNN reported:
The unclassified email network used by Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, and hundreds of military and civilian personnel was taken offline over the weekend after suspicious activity was detected, the Pentagon confirmed to CNN on Tuesday.
Yesterday, The Daily Beast reported that the attack was much worse than we might have thought from initial reports:
The hacking of the Joint Chiefs of Staff email network on July 27 marked the “most sophisticated” cyberbreach in U.S. military history, Department of Defense officials concede. Various government officials are working to revamp parts of their network in response. In the meantime, officials have spent the last 10 days scrubbing the system and creating mock hacking scenarios before giving military personnel access to it again.
The attack on the Joint Staff network involved “new and unseen approaches into the network,” one of the defense officials told The Daily Beast. After scrubbing it, putting in new protections and red teaming potential attacks, “we are sharing the lessons learned with the rest of government.” According to a second defense official, the attack was a spear phishing attack targeting the personal information of scores of users. The attack was so sophisticated officials are investigating whether a “state entity” was involved, the official said.
So… is there any connection between the disclosed attack and a recently claimed Department of Defense hack by “Remember EMAD,” a group that has been described as a “joint Lebanese and Iranian effort – high likely state-backed” (Network Security Report). Since August 1, when Remember EMAD said they would be dumping data, they’ve not posted anything that I’ve found so far, but I’m wondering whether the types of files they describe would be found on the unclassified Joint Chiefs of Staff network:
– deals with contractors
– products being discussed to send overseas to various geos
– id and social security of the dod personnel involved
Just a coincidence? Maybe (probably?), but if anyone has additional details, please contact

(Related) Maybe not so sophisticated.
Pentagon shuts down Joint Chiefs' email network
… The Pentagon refused to release many details about the attack, even what the "suspicious activity" was; instead downplaying the hack as a run-of-the-mill cyber attack that caused minimal damage.

On those rare occasions when I venture into a Target will they find the fact that I do not have a smartphone threatening? Will they ask security to keep an eye on me, because their automated systems can't?
Target Rolls Out New Pilot Program To Track Customers In Stores
The company is testing a network of beacons in 50 of its stores that will be able to tell where customers are in the store and use that information to send targeted deals to their smartphones.
… Following successes at SXSW and NBA games, and with companies like Apple and Facebook pushing the technology, beacons seem poised to become the next big thing in location technology. Retailers have been especially interested in them. Corporations’ longstanding dreams of Starbucks having your Frappuccino ready as soon as you’re in the door or the Gap sending you a coupon as you walk by the storefront are finally being made real. Or that’s what retailers are hoping, at least.
Beacons can provide much more accurate location information than GPS or Wi-Fi. Using GPS, a phone can tell where you are on a street. Using Bluetooth, a phone can tell where you are in a room — close to a stereo that’s on sale, for example.
… It also likely means targeting customers based on their previous shopping habits. It’s not surprising that Target is an early adopter of beacons. It has already been so adept at mining customer data that it could, notoriously, predict when a customer was pregnant in order to mail them coupons. Target is attempting to bring that kind of data to its physical spaces and use this burgeoning technology to optimize the shopping experience to save its customers money and time. And of course, it’s going to learn a lot about them in the process.

Read and consider.
Dream of Free and Open Internet Dying, Lawyer Says
… The annual Black Hat computer security conference in Las Vegas kicked off Wednesday with a keynote address from Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society. Granick said that while the Internet needs to be reasonably safe in order to be functional, it's no longer the revolutionary place it was 20 years ago.
No one is murdering the dream of an open Internet, she said, but it's withering away because no one is prioritizing its protection. On top of that, new Internet users are coming from countries whose citizens aren't protected by a Bill of Rights or a First Amendment.
"Should we be worrying about another terrorist attack in New York, or about journalists and human rights advocates being able to do their jobs?" she asked.
Granick also railed against the federal Computer Fraud and Abuse Act, which carries sentences of up to 10 years in prison for a first-time offense. It does nothing to prosecute countries like China that launch state-sponsored attacks against the U.S. government and major companies, along with other dangerous hackers based overseas, she said. But, she added, it often hits small-time American hackers with unfairly harsh prison sentences.

I'm so confused. Different and differing rulings every day.
Court: Cops need warrants for cellphone location data
A federal court ruled on Wednesday that the government cannot obtain information about a cellphone's location without a warrant.
The split decision from the 4th Circuit Court of Appeals concluded that warrantless searches of cellphone data are unconstitutional, a victory for privacy advocates who have sought new protections for people’s information.
“We conclude that the government’s warrantless procurement of the [cell site location information] was an unreasonable search in violation of appellants’ Fourth Amendment rights,” Judge Andre Davis wrote on behalf of the majority of the three-judge panel.
“Examination of a person’s historical [cell site location information] can enable the government to trace the movements of the cellphone and its user across public and private spaces and thereby discover the private activities and personal habits of the user,” he added. “Cellphone users have an objectively reasonable expectation of privacy in this information."

For my Forensics students.
Obstructions Vanish From Images Treated With New Software From MIT, Google
In a mesmerizing video, a researcher explains the math behind what seems like magic — photographs in which the view is obscured by things like chain-link fences and reflections become free of clutter with just a few clicks.
Researchers at MIT and Google have created an algorithm that uses multiple images taken from different angles to separate foreground obstacles from the subject that's in the background — anything from your favorite view or a sign in a window on a bright day.

Europay, MasterCard, and Visa developed the standard, and apparently used it to shift liability.
Many small businesses not ready for EMV chip cards - Wells Fargo
In the quarterly small business survey, less than half (49 percent) of small business owners who accept point-of-sale card payments today report being aware of the October 1 liability shift, the date when a card issuer or merchant that does not support EMV chip card technology will assume liability for any fraudulent point-of-sale card transactions.

Tools & Techniques.
What is Periscope and How Do I Use It?
Periscope, the live streaming video mobile app purchased by Twitter in February of 2015, has been the talk of the town since its official launch on March 26.
… Simply put, Periscope enables you to “go live” via your mobile device anytime and anywhere. The app enables you to become your own “on the go” broadcasting station, streaming video and audio to any viewers who join your broadcast.
… Once a broadcast is over, others can watch a replay, and even provide feedback, within Periscope for up to 24 hours. After that, the broadcast is removed from the app.
Never fear however, each of your broadcasts can be saved to your mobile device and, once you’ve got it there, it can be published and shared online just like any other video.

Could be useful.
Microsoft launches Sway out of preview along with new Windows 10 app, revamps for sharing Office files
Microsoft today announced its content aggregation and presentation application Sway has hit general availability. That means the digital storytelling tool is launching out of preview for consumers and releasing to all eligible Office 365 for business and education customers worldwide. Microsoft is also introducing a Sway app for Windows 10 and revamping for sharing not only Sway files, but all Office documents.
… Sway launched as a preview in October 2014, becoming the first new app to join the Office product family in years. The premise is simple: Let users create presentations for the Web using text, pictures, and videos, regardless of what device they’re using (phones, tablets, laptops, PCs, and so on).

Students might use this to create Study Groups! Naah.
Tinder’s First Non-Dating Feature Is Speed Networking For Forbes’ 30 Under 30
Forbes is building a social networking app exclusively for these millennial leaders, which will launch at its 30 Under 30 Summit in Philadelphia on October 4. The goal is to stoke this community into somewhat of an alumni network that attracts more powerful youngsters to the Forbes empire. It will offer a directory of members, a feed where they can post social media stories or polls, and the option to message each other.
But to break the ice, Forbes worked with Tinder and its co-founder Sean Rad who made the 30 list in 2014 to build a speed-networking feature. Members can swipe through profiles of fellow prodigies of both sexes, see their industry and description, and if both people swipe right, they’ll be invited to chat.

Think supplemental if your school isn't using these.
Open Textbook Library

Community College Consortium for Open Educational Resources

My IT Governance students are giving presentations on Saturday, I've got to remember this one! Thanks Dilbert.

Wednesday, August 05, 2015

Drive by (actually fly by) hacking? One of the fundamentals of military strategy today is to disrupt command and control at the source. Drones are merely a technology that lets us reach beyond the trenches. Much cheaper than dropping in special operations teams or having SEALS swim up rivers.
Jacob Bogage reports:
Drone have been used to drop bombs, spy on foreign countries and monitor how farmers work their fields. Now they could help hack into personal computers.
According to e-mails posted by WikiLeaks, military contractors may want to do just that. Boeing and Hacking Team — a Milan-based company criticized for selling surveillance software to repressive governments — were in talks earlier this year to plant malware on drones to perform such activities, according to the e-mails, which were stolen from Hacking Team in July.
Read more on Washington Post.

Closer to home...
Anna C. Watterson and Sean B. Hoar write:
Higher education institutions are treasure troves for hackers. Colleges and universities are huge repositories of research data, sensitive information for large populations of applicants and enrolled students (personal, academic, financial and health data), as well as sensitive personal and tax information for all faculty and staff. Higher education information systems are particularly valuable targets for cyberattacks.
In the wake of a series of cyberattacks on several prominent colleges and universities, higher education institutions would be well-advised to review their current security posture, breach preparedness, and cyber insurance coverage.
Read more on DavisWrightTremaine Privacy & Security Law Blog.
And just imagine what might happen if the U.S. Education Department and/or the FTC actually did any enforcement on data security and privacy?

Searching for the next OPM? Just read the audit reports to find the low-hanging fruit.
Sean Higgins reports:
The Labor Department has several gaps in its cybersecurity protections that could be exploited by hackers, according to a report publicly released Tuesday by its inspector general’s office. Several of the gaps were identified three years ago, the report noted, but the department has done very little to prevent potential data theft.
Read more on Washington Examiner.

“Any sufficiently significant outage is indistinguishable from terrorism” (With apologies to Arthur C, Clark) It must be investigated and documented for security follow-up, with the idea that if someone can do this by accident, someone can do it deliberately. Note that all of these companies go through the same vulnerable choke point.
Cell service out for thousands across the American Southeast
Cellular service appears to be down across every major provider throughout Tennessee, Alabama and Kentucky with Nashville, Chattanooga, and Knoxville being the hardest hit. According to the website Down Detector, more than 10,000 AT&T, 1,000 Verizon, 7,000 T-Mobile and 300 Sprint customers are without internet or phone access. None of the affected companies have disclosed the specific reason for the outage yet, though they all have already issued vague statements about how they're working on the issue.
[Sprint said:
… This appears to be an issue caused by a local exchange provider and our network team is working with the provider to restore service to impacted customers as quickly as possible.

You wouldn't drive a car without insurance. Why face the risks of using the Internet without it? (The term “capital holds” is new to me.)
Smoke and Mirrors: Cyber Security Insurance
Data breaches have become a daily occurrence. However, their cost to organizations goes far beyond reputational damage in the media. Boards and businesses are subject to regulatory mandates that carry fines and capital holds, and increasingly face litigation from class-action suits. Cyber security insurance has emerged as a stop-gap to protect stakeholders from the shortcomings of siloed risk management processes. However, insurance policies are not a replacement for improving a company’s cyber security posture. So what do you need to know when it comes to the effectiveness of cyber security insurance?
Not surprisingly, the U.S. cyber security insurance market is growing approximately 30 percent per year. Some surveys even suggest that 30 percent of large enterprises in the U.S. have some type of cyber security insurance coverage. These numbers include both first-party and third-party cyber security insurance policies. First-party policies typically cover losses incurred from business interruption, destruction of data and property, and reputational harm. Third-party policies, in contrast, cover losses incurred by a company’s customers and others, such as damages resulting from the exposure of personally identifiable information (PII) through a data breach.

More theater than threat?
China to tighten grip over country’s internet users
China has tightened its grip over the country’s 650m internet users by announcing moves to station police officers inside large internet companies to try to heighten censorship and prevent subversion, according to a senior security official.
The move follows a spate of recent efforts to tighten the screws on social media users, as well as a draft cyber security law that will grant authorities broad new powers to control the internet in the country and force web companies to share more data with the government.
Chen Zhimin, the deputy minister of public security, revealed a plan to set up “network security offices” in major internet companies — such as Tencent and Alibaba — “in order to be able to find out about illegal internet activity more quickly”, although he did not specify how the initiative would work.

Meanwhile, the US is loosening it's grip.
ICANN reveals plan for ending America's control of the internet
Though it's called the "world wide web," the US Commerce Department has held the keys to the internet since its inception in the '90s. Last year, it agreed to hand them over to worldwide bodies and asked ICANN, the group that manages internet addresses, to come up with a plan. ICANN unveiled the much anticipated report yesterday, and has given the public until September 8th to comment on it. The gist of the 100-page document? Internet control functions will be given to ICANN and an oversight body made up of "interested parties" that has no connection to any world governments.

Perhaps we need a video watermarking technology?
This may be the biggest threat to Facebook right now
Facebook’s engineers completely retooled the site’s interface to make videos as easy as possible to watch and share. All you have to do is scroll through your News Feed and you’ll be introduced to countless videos that start to play as they pop up on your screen.
Because of this unprecedented ease in discovering and watching video content, Facebook is giving Google-owned YouTube a run for its money. Literally.
As Fortune’s Erin Griffith reports:
Facebook drives nearly a quarter of all web traffic. The company’s recent video improvements will likely push those numbers even higher.
… But Facebook’s video efforts are drawing controversy lately. Some observers say the social network is littered in video content lifted from its original source, meaning the content creators aren’t seeing a dime for their work. And while YouTube has built-in mechanism for content creators to report such theft, Facebook has no such solution.
YouTube star Hank Green wrote a blog post about this issue, known as “freebooting,” entitled “Theft, Lies, and Facebook Video.” In it, he outlines why he believes Facebook’s video practices are unethical. Green cites a report from ad agency Ogilvy and Tubular that found over 70% of Facebook’s top performing posts came from other sources like YouTube.
If those users had embedded the YouTube videos on Facebook, this wouldn’t be an issue. Instead, these are videos that have been taken from other sites and uploaded to Facebook’s native player, giving that Facebook page the credit rather than the rightful copyright holder. Facebook’s algorithm favors videos that are uploaded natively, a setup that Green says encourages intellectual property theft.

(Related) I'm sure this only looks like extortion. Just a confused representative, Facebook would never really do that, right?
Facebook kills proposed user data policy after game and app publishers panicked
… They said that Facebook representatives had told them verbally that they could get back the data that they had lost, if they participated in Facebook programs where the mobile publisher had to share data about their users with the social network — including users who came to the publisher without seeing a Facebook ad. The publishers were upset about this alternative, which they felt gave them no choice in the matter, because it forced them to disclose proprietary information to Facebook. On top of that, the publishers said it would amount to a privacy violation, since they had never asked their users if they could hand over their data to Facebook.

“Things” are getting interesting.”
G.E. Plans App Store for Gears of Industry
… G.E. is announcing on Wednesday a push into computer-based services, connecting sensors that are on machines to distant computing centers where data will be scanned for insights around things like performance, maintenance and supplies. The company plans to spend about $500 million annually building the business, according to the executive in charge.
… The move highlights how important the so-called Internet of Things, a term for matching sensors with cloud-computing systems, has become for some of the world’s biggest companies. G.E. expects revenue of $6 billion from software in 2015, a 50 percent increase in one year. Much of this is from a pattern-finding system called Predix.

How quickly can the FBI “clear” Hillary? Too quickly and there will be cries of “coverup.” Too slow and Joe Biden will enter the race.
FBI looking into the security of Hillary Clinton’s private e-mail setup
The FBI has begun looking into the security of Hillary Rodham Clinton’s private e-mail setup, contacting in the past week a Denver-based technology firm that helped manage the unusual system, according to two government officials.
Also last week, the FBI contacted Clinton’s lawyer, David Kendall, with questions about the security of a thumb drive in his possession that contains copies of work e-mails Clinton sent during her time as secretary of state.
The FBI’s interest in Clinton’s e-mail system comes after the intelligence community’s inspector general referred the issue to the Justice Department in July. Intelligence officials expressed concern that some sensitive information was not in the government’s possession and could be “compromised.” The referral did not accuse Clinton of any wrongdoing, and the two officials said Tuesday that the FBI is not targeting her.
… A lawyer for the Denver company, Platte River Networks, declined to comment, as did multiple Justice Department officials.

For my Computer Security students. You have to act fast, which suggest you had better have a plan!
Adam Klasfeld reports:
In a case involving sex, cyberbullying and the statute of limitations, a schoolteacher filed her lawsuit just in time to accuse of (sic) her ex-boyfriend of taking over her Facebook account to post obscene messages, the Second Circuit ruled on Tuesday.
The court warned in its opinion that the case demonstrates the “troubling” predicament of victims of hacking who are unable to learn the identity of their attackers within two years.
Read more on Courthouse News.

“We already have this data, let's see what else a bit of clever Data Analysis can reveal. Then we can ask for a warrant based on what we already know exists” Did I read that correctly?
William W. Hellmuth writes:
On July 29, 2015, BakerHostetler filed an amicus brief with the Second Circuit on behalf of the Center for Democracy and Technology, joined by five prominent nonprofit public interest groups, for the en banc rehearing of United States v. Ganias, Case No. 12-240. In Ganias, the Court will grapple with arguments centering on whether the government, after seizing a large volume of digital data pursuant to a warrant, may retain that data indefinitely and later use it in ways outside the scope of the original warrant, including bringing charges against individuals not originally under investigation. Recognizing the huge impact the Second Circuit’s en banc decision will have for anyone subject to a warrant, the amicus brief urges the Court to ensure that Fourth Amendment protections remain strong in the face of ever-evolving technologies.
Read more on BakerHostetler Data Privacy Monitor.

Perspective. If Warren Buffet won't, who will? (Wadda ya say we each chip in $10...)
Twitter May Be a Takeover Target, but Google Is Unlikely to Take It Over
As markets closed yesterday, Twitter’s stock sank to its lowest level ever — a drop that raised speculation, yet again, that another company would take it over. At only a $19 billion market valuation, that’s not a surprise.
Neither is the other company most often cited as its obvious buyer: Google.

Some day, I want to take or teach a class on social media.
Social Media Done Right: Advertising You’ll Actually Want to See
… In today’s world, having a social media presence for your company just makes sense.
Creating a profile on any of the major social media networks (such as Facebook, Pinterest, Instagram, Twitter, or Tumblr) is free, posting content is easy, and there is the potential for any post to go absolutely viral — sharing your brand far further than any television, radio, or print ad ever could.
With that being said, there’s more to advertising on social media than just having a profile – companies have to understand the tone and purpose of the platform they are trying to use.

A challenge for my students. What would you automate with Siri? The Help Desk? Create a personal shopper? 911?
Hey, Siri - Get Out Your Steno Pad
… When a call is placed to a phone that has iCloud Voicemail enabled and you don't answer it, Siri will pick it up for you. Depending on who the caller is, Siri can provide information about where you are and why you can't answer the call, according to the report. If your caller leaves a voice message, Siri will notify you and send you a transcription.
… Why transcribe voice mail messages?
"A lot of people like to leave voice mail, but very few people like to listen to it," said Roger Kay, president of Endpoint Technologies Associates.
Reading transcripts of voice mail messages can be a productivity booster.

The Most Popular Programming Languages of 2015
… With so many options to choose from, each with their own pros and cons, senior editor Stephen Cass discussed the top 10 languages for 2015 in a recent article for IEEE Spectrum.

Tuesday, August 04, 2015

There are Best Practices for dealing with a breach. Ignore them at your own risk.
On August 1, I noted some media reports about a breach at the Siouxland Pain Clinic. As I mentioned, the reports raised more questions than they answered. Mike Bell of the Sioux City Journal now has a few more details:
Siouxland Pain Clinic sent letters Friday to more than 13,000 patients that their medical and other personal information may have been exposed in a hacking attack, a lawyer for the clinic said Monday.
“We never did prove that any information was taken, but we could not disprove that, either,” said Lonnie Braun, an attorney in Rapid City, S.D.
Braun said patients’ names, medical information, Social Security numbers and addresses may have been compromised when the clinic’s server was hacked between March 26 and April 2.
As to how the clinic learned of the breach, well, it’s still not clear who notified them. Bell reports:
The clinic was notified of the breach June 26. Braun said the firm that discovered it said the investigation showed the hackers were Chinese.
So it was an external party that alerted them to the breach on June 26? If so, the patients are lucky that the breach didn’t go undetected for even longer.
Read more on Sioux City Journal.
As of this morning, there is still no notice linked from the clinic’s home page, and the incident is not yet up on HHS’s public breach tool. Nor can I find any substitute notices, although Google is not great about indexing classifieds/legal notices, so it may have appeared in local media already.
It is somewhat surprising that the clinic is not offering patients free credit monitoring services if Social Security numbers were involved. Although not all entities do that, it seems like a good litigation defense in terms of mitigation and it’s better from a public relations perspective to do something to help patients instead of just leaving them to arrange for monitoring at their own expense.

Another organization (the whole federal government) in need of some Best Practices education. Was this package addressed to “Benjamin Krause or current resident?” No signature required?
Benjamin Krause, an investigative reporter, Veterans law attorney, and a disabled veteran of the US Air Force, has a site called One of his posts showed up in one of my searches, and I thought it was worth noting here.
In the context of discussing a recent VA breach and government accountability, Benjamin writes:
I personally had VA VocRehab mistakenly mail an entire copy of my file to my old address from two years earlier – a large apartment complex in a major American city. There is no telling where the files ended up.
Veterans Affairs indignantly declined to proactively retrieve the documents and told me to call the cops if I was worried about it. I repeat, the agency made me do the leg work to try to recover my files that were mistakenly delivered to the wrong address.
I did call the cops. They were confused why VA would not take charge of the recovery of my files and said their was little they could do unless a crime was committed.
VA offered me one year of identity protection. That was it. Meanwhile, over 1,000 pages of files containing everything about me were misplaced and now floating around somewhere in the United States.
Did anyone get reprimanded for the cockup? No. Did I get the records back? No.
What a crock. How is it that we live in a country where the Federal government is not held accountable?
It’s an excellent question. All a-flutter over the OPM breach, Congress is trying to enact legislation that will provide longer credit monitoring and greater liability protection to those affected by that breach, but as Benjamin notes, after-the-fact credit monitoring is often not sufficient nor satisfactory.
Should the VA have gone to the apartment complex or attempted to track down Benjamin’s errant files if they erred by not updating his mailing address? According to the VA’s monthly reports to Congress, mailing errors happen (there were 161 paper mis-mailing incidents in June, 2015). Indeed, paper incidents account for the bulk of VA breaches that result in the exposure of personally identifiable or protected health information.
But if the VA sends out literally millions of mailings each month (over 7 million in June, 2015), is 161 an acceptable error rate? If not, should the VA reduce paper mailings where electronic transmission is a viable alternative? Or should it use a more costly mailing system – of requiring a signature for delivery – when a veterans’ files with sensitive information are being mailed?
Mistakes will happen either way, and Benjamin raises a valid question: what should the VA do to mitigate or remediate? Could they have at least initiated a trace request with the post office? Why should Benjamin – or any other veteran – have the burden and worry of trying to track down their personal and sensitive information when the VA makes a mistake? Don’t our veterans have enough problems without being told that the VA won’t even try to track down their mis-mailed records?

A “we really screwed up” reaction or something else? Best Practices don't come overnight.
Linn Foster Freedman of Robinson & Cole provided this update on their Data Privacy + Security Insider blog:
The Senate Appropriations Committee has approved funding to provide the 22 million individuals affected by the OPM data breaches with 10 years of credit monitoring services and $5 million in liability protection for damages, extending the OPM’s offer of three years of services for those affected by the background check breach and 18 months for those affected by the breach of personnel records.
OPM also requested an appropriation of $37 million to beef up its security, but the request was rejected by the Committee.
The voice vote approval must move through both the House and the Senate before the protections can become available to affected individuals.
If this passes, will it raise the bar for breach remediation/mitigation in other cases, or will defenders argue, “Well, this was unusual because it was a foreign government getting information on government employees and so is riskier?”

Looks like all those “rumors” were true. About the name I mean, the spying was a given.
On The Register:
Special ReportDuncan Campbell has spent decades unmasking Britain’s super-secretive GCHQ, its spying programmes, and its cosy relationship with America’s NSA. Today, he retells his life’s work exposing the government’s over-reaching surveillance, and reveals documents from the leaked Snowden files confirming the history of the fearsome ECHELON intercept project. This story is also published simultaneously today by The Intercept, and later today we’ll have video of Duncan describing ECHELON and related surveillance matters.
Read more on The Register.

Wasn't this the DHS's idea in the first place? Oh I get it now, they want total control.
Dennis Fisher reports:
A major information-sharing bill that’s in the Senate right now would allow private organizations to share threat data with any government agency, something that the Department of Homeland Security says could have severe privacy implications and cause confusion and inefficiencies inside the federal government.
The bill, known as the Cybersecurity Information Sharing Act, would allow private companies and other organizations to share vulnerability information and threat indicators with government agencies under most circumstances.
Read more on ThreatPost.
[From the article:
The letter, written in response to a letter last month from Franken to DHS Secretary Jeh Johnson, also says that if organizations are trying to share information through many different agencies, it could be come confusing and inefficient.

(Related) Three words: Total Information Awareness
Joe Cadillic takes a look at the relationship between some companies and the Department of Homeland Security and raises the question as to whether students’ biometric data may be in the hands of DHS “fronts.”
Do you know enough about the vendors or software your child’s school or university may be using to collect biometric data?
Is Joe just paranoid or haven’t we looked closely enough at some ties?

Could be amusing.
From EFF:
San Francisco – Responding to a troubling rise in law enforcement’s use of high-tech surveillance devices that are often hidden from the communities where they’re used, the Electronic Frontier Foundation (EFF) today launched the Street-Level Surveillance Project (SLS), a Web portal loaded with comprehensive, easy-to-access information on police spying tools like license plate readers, biometric collection devices, and “Stingrays.’’
The SLS Project addresses an information gap that has developed as law enforcement agencies deploy sophisticated technology products that are supposed to target criminals but that in fact scoop up private information about millions of ordinary, law-abiding citizens who aren’t suspected of committing crimes. Government agencies are less than forthcoming about how they use these tools, which are becoming more and more sophisticated every year, and often hide the facts about their use from the public. What’s more, police spying tools are being used first in low-income, immigrant, and minority communities — populations that may lack access to information and resources to challenge improper surveillance.
“Law enforcement agencies at the federal, state, and local level are increasingly using sophisticated tools to track our cell phone calls, photograph our vehicles and follow our driving patterns, take our pictures in public places, and collect our fingerprints and DNA. But the public doesn’t know much about those tools and how they are used,’’ said EFF Senior Staff Attorney Jennifer Lynch. “The SLS Project provides a simple but in-depth look at how these surveillance technologies work, who makes and uses them, and what kind of data they are collecting. We hope that community groups, advocacy organizations, defense attorneys, and individuals all take advantage of the information we’ve gathered.”
The SLS Project website went live today with extensive information on biometric technologies which collect fingerprints, DNA, and face prints as well as on automated license plate readers (ALPRs)—cameras mounted on patrol cars and on city streets that scan and record the plates of millions of cars across the country. Each topic includes explainers, FAQs, infographics, and links to EFF’s legal work in courts and legislatures. Information about “Stingrays’’—devices that masquerade as cell phone towers and trick mobile phones into connecting with them to track phone locations in real time—drones, and other surveillance technologies will be added in the coming months.
“The public has heard or read so much about NSA spying, but there’s a real need for information and resources about surveillance tools being used by local law enforcement on our home turf. These technologies are often adopted in a shroud of secrecy, but communities deserve to understand these technologies and how they may be violating our rights,’’ said EFF Activist Nadia Kayyali. “The SLS Project is a much-needed tool that can help communities under surveillance start a conversation about how to advocate for limiting or stopping their use.’’
For Street-Level Surveillance Project:

Amazon probably self-insures, but what risks do they see? Aside from getting shot down in Kentucky.
Caitlin Bronson reports:
As new privacy laws governing the use of commercial drones begin to take effect, independent insurance agents are finding difficulty adequately sourcing the risk of privacy-related litigation against drone users.
According to Jason Riley, vice president of aviation wholesale broker Halton Hall, many insurers are willing to offer aircraft liability policies or aviation CGLs for drones. Components coverage, though expensive, is also available for cameras, gimbles and other accessories.
What’s harder to find is coverage for potential privacy violations.

Defining “Harm.”
Since the Seventh Circuit revived the class action lawsuit, Remijas v. Neiman Marcus, there has been a lot of buzz about how the opinion will make it easier for consumers going forward. The opinion (appended to this file), addresses Article III standing, which has been a major stumbling block in the majority of lawsuits.
But skip on over to the Third Circuit for a minute, where it appears that the FTC submitted a filing on July 24th that tries to use the Neiman Marcus opinion to support its case against Wyndham. The FTC argues, in part:
… The court there held that even though the victims were reimbursed for fraudulent charges, plaintiffs had alleged “identifiable costs associated with the process of sorting things out,” including “the aggravation and loss of value of the time needed to set things straight, to reset payment associations after credit card numbers are changed, and to pursue relief for unauthorized charges.” Slip Op. 7. Those alleged harms were sufficient to give plaintiffs standing.
Wyndham’s lawyers fired back that the FTC’s contention is incorrect:
As an initial matter, Remijas is inconsistent with other databreach cases, including this Court’s decision in Reilly v. Ceridian Corp., 664 F.3d 38 (3d Cir. 2011). More importantly, Remijas did not address the consumer-injury requirements of Section 5—only the less rigorous standing requirements of Article III.
While the test for constitutional standing is exceedingly low, see, e.g., Blunt v. Lower Marion Sch. Dist., 767 F.3d 247, 278 (3d Cir. 2014) (requiring only “some specific, identifiable trifle of injury”), the FTC Act contains two additional requirements: the injury must be (1) “substantial,” which, to have any meaning, must be something more than the injury required by Article III; and, (2) not “reasonably avoidable by consumers themselves.” 15 U.S.C. § 45(n). Those requirements mean that time and money spent resolving fraudulent charges cannot satisfy Section 5(n), even if they might confer standing under Article III.

“We haven't got a law yet” is the equivalent of “We just invented a new sin!” Your guide to infinite riches.
Wendy Davis reports:
Shutterfly is asking a federal judge in Illinois to dismiss a lawsuit accusing the company of violating a state privacy law by compiling a database of “faceprints.”
“Helping a user re-identify his own friends within his own digital photo album does not violate any law,” Shutterfly writes in a dismissal motion filed on Friday with U.S. District Court Judge Charles Norgle in Illinois.
Shutterfly’s papers come in response to a lawsuit filed in June by Illinois resident Brian Norberg.
Read more on MediaPost.

(Related) The Internet of Things is a lawless zone. Think “Jeep hack.”
W. David Stephenson writes:
Could this be the incident that finally gets everyone in the IoT industry to — as I’ve said repeatedly in the past — make privacy and security Job 1 — and to drop the lobbying groups’ argument that government regulation isn’t needed?
I hope so, because the IoT’s future is at stake, and, frankly, not enough companies get it.

Americans’ Attitudes About Privacy, Security and Surveillance
by Sabrina I. Pacifici on Aug 3, 2015
Pew – Americans’ Views About Data Collection and Security By Mary Madden and Lee Rainie: “Contrary to assertions that people “don’t care” about privacy in the digital age, this survey suggests that Americans hold a range of strong views about the importance of control over their personal information and freedom from surveillance in daily life. As earlier studies in this series have illustrated, Americans’ perceptions of privacy are varied in important ways and often overlap with concerns about personal information security and government surveillance. In practice, information scholars have noted that privacy is not something one can simply “have,” but rather is something people seek to “achieve” through an ongoing process of negotiation of all the ways that information flows across different contexts in daily life. The data from the new Pew Research surveys suggest that Americans consider a wide array of privacy-related values to be deeply important in their lives, particularly when it comes to having a sense of control over who collects information and when and where activities can be observed. When they are asked to think about all of their daily interactions – both online and offline – and the extent to which certain privacy-related values are important to them, clear majorities believe every dimension below is at least “somewhat important” and many express the view that these aspects of personal information control are “very important.” The full range of their views is captured in the chart below and more detailed analysis is explored after that.”

This could never happen here, could it? Oh the horror!
Porn ban could cost Indian ISPs, telcos 30-70% of data revenue
… “Through our discussions with the various Internet Service Providers (ISPs), we have been able to estimate that as much as 30-70% of the total browsing in the country is related to pornography,” a senior executive at an Internet industry body said. “It’s very difficult to be any more specific than that since putting together a data packet specific inspection of what users are browsing could be seen as a breach of privacy,” added this person who asked not to be identified.

Perspective. The future according to Harvard.
The Age of the Robot Worker Will Be Worse for Men
Many economists and technologists believe the world is on the brink of a new industrial revolution, in which advances in the field of artificial intelligence will obsolete human labor at an unforgiving pace. Two Oxford researchers recently analyzed the skills required for more than 700 different occupations to determine how many of them would be susceptible to automation in the near future, and the news was not good: They concluded that machines are likely to take over 47 percent of today’s jobs within a few decades.
This is a dire prediction, but one whose consequences will not fall upon society evenly. A close look at the data reveals a surprising pattern: The jobs performed primarily by women are relatively safe, while those typically performed by men are at risk.
… Many of the jobs held by men involve perception and manipulation, often in conjunction with physical exertion, such as swinging a hammer or trimming trees. The latest mobile robots combine advanced-sensory systems with dexterous manipulators to successfully perform these sorts of tasks.
Other, more cerebral male-dominated professions aren’t secure either. Many occupations that might appear to require experience and judgment—such as commodity traders—are being outdone by increasingly sophisticated machine-learning programs capable of quickly teasing subtle patterns out of large volumes of data.

For my students, just in case they were asleep in class.
34 Tech Tools Small Business Owners Rely on Most

(Related) Extensions like these are available in every browser.
10 Awesome Social Media Add-ons You’ll Love for Opera

For my students who look up!
Put a Planetarium in Your Web Browser
Planetarium by Neave Interactive is a website on which you can specify your current location and it will show you a map of the night sky based upon your location and the date. You can also use Planetarium without specifying your location and instead explore the night sky from any place on Earth. For Google Chrome users, Planetarium offers a Chrome Web App that you can add to your browser.

For all my students.
WixED Teaches You How to Build a Website...on Wix
Wix is a popular DIY website creation tool. They claim to have more than 63 million registered users (source: CrunchBase). To help those 63 million users and anyone else who wants to build a website, last month Wix launched WixEd.
WixEd is a free online course all about building and maintain a website through Wix. The course has three sections, but first section is the only section teachers will need. The other two sections are about ecommerce and business development through websites. Each section of the course is comprised of a series of short videos followed by "homework" assignments.

Google demonstrates its free Translate App. I wonder if the speech translate works as well?
Google Translate vs. “La Bamba”