Saturday, August 15, 2015

“We didn't detect the breach and we are upgrading our (clearly inadequate) security.” And they don't want anyone to worry?
Ella Shoup reports:
Several portions of the University’s information technology systems were illegally accessed by “sophisticated attackers originating in China” earlier this year, Executive Vice President and Chief Operating Officer Patrick Hogan said in an email Friday to members of the University community.
The University first became aware of a possible breach when notified by federal authorities and later confirmed the attack on June 11. With the services of international cybersecurity firm Mandiant and federal authorities, the University concluded in its investigation no personal information was accessed.
Read more on Cavalier Daily.
[From the article:
In response to the breach, a system security update began at 5:00 p.m. ET and is expected to continue until the evening of Aug. 14. All users of the University system will be required to change their Eservices login passwords after the system upgrade is finished.

I thought (hoped?) we were beyond “It's a computer and they fail all the time. There is nothing you can do to prevent it.”
“It’s just sort of the vagaries of the system (on) how it got corrupted”
— a statement by the secretary for Catholic education at the Fort Wayne-South Bend Diocese, on the catastrophic failures affecting computer servers in July that have delayed school opening at one high school.

As long as they don't classify these Top Secret (except at the State Department) this could be quite useful.
Homeland Security Advisory Council-New Tasking
by Sabrina I. Pacifici on Aug 14, 2015
August 14, 2015 Federal Register Notice: “The Secretary of the Department of Homeland Security (DHS), Jeh Johnson, tasked his Homeland Security Advisory Council to establish a subcommittee entitled Cybersecurity Subcommittee on August 6, 2015. The Cybersecurity Subcommittee will provide findings and recommendations to the Homeland Security Advisory Council on best practices sourced from industry, state and local government, academic experts, and community leaders. This notice informs the public of the establishment of the Cybersecurity Subcommittee and is not a notice for solicitation.

Because you are what you Tweet, Like, Link, Blog, eMail, upload, download, off-load or reload. Because, “Sincerity - if you can fake that, you've got it made.” George Burns(?)
Being Professionally Personable on Facebook
When people talk about using social media to advance their careers, they’re usually talking about LinkedIn, Twitter, or maybe their blog. But the reality is that more people use Facebook than any other social network, which means that sooner or later, you need a Facebook strategy for your career.
… But most of the time we’re on Facebook we are using our personal accounts, so especially if you’re open to friending your colleagues it’s crucial to think about how you’ll manage your personal account in relation to your professional identity.

A sign that Computer Law is maturing? Or fragmenting.
Last week, a divided three-judge panel of the Fourth Circuit ruled in United States v. Graham that the government must obtain a warrant to obtain from a phone user’s historical cell-site location information (CSLI) from a cell phone provider if the requested information covers “an extended period of time.” The opinion by Judge Davis, joined by Judge Thacker, is an important milestone in the ongoing debate on government surveillance authority in the technology age as well as development of more traditional Fourth Amendment doctrine. Judge Motz dissented. As Orin Kerr notes, it also established multidimensional circuit splits that are ripening for Supreme Court review. Below are my thoughts about several lines of tension and contention raised by the Fourth Circuit opinion.

For my Statistics, Data Analysis and Economics students.
'Moneyball' Mastermind Sees Market's Hand in Baseball Walk Dearth
… Through August, Major League Baseball saw an average of 2.8 walks per game. If the season were to end there, that would be the lowest level since the 1920s. Similarly, a lot of the stats show that pitching is dominant over hitting. Strikeouts are up, batting average is down, among other key statistics.
What's going on here? Could the decline in offense be related to ... the market?

There is truly a market for everything/anything in the global economy.
Forget Glitter: The New Thing to Ship Your Enemies Is a Potato
When Alex Craig told his girlfriend his business plan, she told him it was the stupidest idea she had ever heard.
While many may agree, there are thousands who do not. Craig, you see, has made a business out of sending potatoes inscribed with messages anonymously through the mail.
The 24-year-old Texas entrepreneur says he has sold more than 2,000 potatoes and is making a profit of $10,000 a month since launching Potato Parcel in May, reports WFAA. Potatoes sell for $7.99 for a medium (which fits 100 characters) and $9.99 for a large (up to 140 characters). Craig will ship them anywhere in the U.S.

Perfect timing for today's Midterm Exam! This should ratchet up the pressure. I also like the music option.
A Quick Way to Access a Countdown Timer on Your Computer
This morning on my Facebook page someone asked for a recommendation for a countdown timer. The first thing that came to my mind was to suggest using the timer function built into You can simply type into Google search "set timer" followed by an amount of time and a countdown timer is displayed. An alarm beeps when time is up. Y ou can make the timer appear full screen without advertisements by clicking a little box icon to the right of the timer.
… If you're looking for a timer that has a few more features, take a look at Russel Tarr's Classtools Countdown Timer which has two slick features. You can create and set multiple timers on the same page. This means that if you had students sharing in rapid succession you wouldn't have to reset the timer for each student, you simply move onto using the next timer on the page. The second feature of note in the Classtools Countdown Timer is the option to add music to your timers. You can have your countdown timers set to music. Mission Impossible, The Apprentice, and Countdown are the standard music options. You can add other music by using the YouTube search tool built into the timer. [Perhaps the theme from Jaws? Bob]

Friday, August 14, 2015

It's not that individually they had so much money, it's that it's just so easy to take it.
Reuters reports:
A data broker operation sold payday loan applicants’ financial information to scammers, who took in millions of dollars by debiting bank accounts and charging credit cards without authorization, the Federal Trade Commission charged Wednesday.
The data brokers bought “hundreds of thousands of consumer payday loan applications” and, instead of passing them to legitimate payday lenders, sold them to non-lending third parties, the FTC charged in a complaint. Among the companies, was Ideal Financial Solutions Inc., which bought 500,000 applications and raided the accounts for at least $7.1 million, the FTC said.
Read more on NBC.
The FTC’s press release on the Sequoia One case can be found here.

Another way to misuse technology. Was this intended to push ads to people walking in or by a store?
iPhone cyber-flashing: What is it and how to stop it happening to you
Security experts have begun issuing advice on how to prevent iPhone users from becoming the victims of a new phenomenon known as cyber-flashing. The advice has started to appear online in the wake of a woman contacting the police after she was sent explicit and unsolicited photos from a stranger in her close vicinity on a train in London.
Using AirDrop - a feature on the iPhone, iPad, and Mac computers where users can send files, such as images, to each other at close range - the cyber flasher can request to send photographs to any fellow iPhone users within the range of a Bluetooth connection - usually around 10m. Even if the receiver rejects the photo, they are still shown an uncensored preview of the image.
To avoid being the victim of cyber-flashing over AirDrop, iPhone users should follow these instructions, published by security specialist Mark James on the blog of fellow computer expert Graham Cluley: "AirDrop is not turned on by default, but it's easy to set AirDrop to receive from Everyone, and then forget all about it.
"The real blame here lies with those who are sending the dirty pics. To block receiving files from complete strangers, iPhone users would be wise to change their AirDrop settings to receive from no one or just those people listed in the contacts list."

For my Intro to Computer Security students.
8 Tips for Online Safety Used by Security Experts

One of the guideline I worked under was, “What would the impact be if this data becomes public.” By that rule, Hillary should have classified everything “Tippity-Top Secret.” If you look at it from a “should this be public knowledge” perspective, would you want to “CC” the New York Times (or Congress)?
Clinton emails reveal murky world of ‘top secret’ documents
What makes an email classified? 

… However, the classified determination doesn’t end once an email has been sent.
Information in a message can be declared classified years after it was initially sent. And the State Department and Intelligence Community can also look at the same text and come to opposite conclusions over whether it contains secret information.
And that’s where the discrepancies are arising between the Office of the Inspector General (IG) of Intelligence Community, Clinton’s campaign and the State Department.
… Not only is each side entitled to different standards of classification, but information can become classified almost retroactively, as situations and guidelines change over the years.

And I expected the IRS to “kick 'em while they're down!” Shame on me.
Joe Lazzarotti writes:
When an employer is responding to a breach of their employees’ personal information, one of the last things they may think about is whether the value of the credit monitoring or other identity protection services they make available to affected employees should be considered taxable to the employees and reported as such. In Announcement 2015-22, the Internal Revenue Service clarified that it will not consider the value of such services provided by the employer to employees to be gross income or wages to the employees. The IRS also stated it will not take the position that the employees should include the value of such services as gross income on their personal income tax returns.

Useful for my students who apparently find lots of websites that “disappear” just before I try to find them. Would this work to “preserve evidence?”
The Best Tools for Saving Web Pages, Forever
… There are quite a few ways to save web pages permanently and your choice of the tool will depend on the kind of web content that you are trying to archive.

Perspective. Squeezing years into days.
Periscope is growing fast with 10 million users
According to the blog post, Periscope users now watch over 40 years of video each day.
… Periscope, Twitter’s live-streaming video app, now has 10 million accounts. And that’s just on iOS and Android – web streams aren’t yet included in the count.

(Related) Where do you put all that data? (You do the math, I don't have a math class so I can't assign this as homework.)
'World's biggest hard drive' will store more than two years of video
Get ready hoarders. Samsung has unveiled a solid-state hard drive that stores 15.36 terabytes of data.
The 2.5-inch drive - the size used in conventional laptops - was unveiled at the Flash Memory Summit in California.
… At 1.5GB for a two-hour standard-definition movie (the approximate size given by the iTunes store), the hard drive could (in theory) store 10,240 two-hour movies. That's 853 days, or two years and four months.
For HD video, around 4.5GB for two hours, 15.36TB equates to 3,413 movies, or 284 days of footage. A 4K movie - the type we'll probably all be watching by the time 16TB disks become commonplace - can be over 100GB in size, however.
You could also store 3.8 million 4MB songs.

How Google Translate squeezes deep learning onto a phone
by Sabrina I. Pacifici on Aug 13, 2015
Google Research Blog – [July 28, 2015] “we announced that the Google Translate app now does real-time visual translation of 20 more languages. So the next time you’re in Prague and can’t read a menu, we’ve got your back. But how are we able to recognize these new languages? In short: deep neural nets. When the Word Lens team joined Google, we were excited for the opportunity to work with some of the leading researchers in deep learning. Neural nets have gotten a lot of attention in the last few years because they’ve set all kinds of records in image recognition. Five years ago, if you gave a computer an image of a cat or a dog, it had trouble telling which was which. Thanks to convolutional neural networks, not only can computers tell the difference between cats and dogs, they can even recognize different breeds of dogs. Yes, they’re good for more than just trippy art—if you’re translating a foreign menu or sign with the latest version of Google’s Translate app, you’re now using a deep neural net. And the amazing part is it can all work on your phone, without an Internet connection. Here’s how…”

Or you could use it to trim your shag carpeting...
iRobot's robotic lawn mower gets U.S. regulatory approval
The future of free-wheeling automated yard work took a step closer to American consumers on Wednesday after U.S. regulators gave robot maker iRobot Corp Inc technical clearance to make and sell a robotic lawn mower.
The Bedford, Massachusetts-based company, known for its robot vacuum cleaner Roomba, has designed a robot lawn mower that would wirelessly connect with stakes in the ground operating as signal beacons, rising above the ground by as much as 24 inches (61 cm).
… IRobot's stake design, however, required a waiver from the Federal Communications Commission to make sure that transmissions between its machines and the antennas wouldn't interfere with other devices using the same frequencies.
… The National Radio Astronomy Observatory had fought iRobot's waiver request, saying the lawn mowers would interfere with its telescopes. But the regulators waived the rules for iRobot, saying its beacon design should be safe with the promised limitations on height, signal strength and use in residential areas.

(Related) While we're talking robots...
Is a Cambrian Explosion Coming for Robotics?
by Sabrina I. Pacifici on Aug 13, 2015
Pratt, Gill A. 2015. “Is a Cambrian Explosion Coming for Robotics?Journal of Economic Perspectives, 29(3): 51-60. DOI: 10.1257/jep.29.3.51
“About half a billion years ago, life on earth experienced a short period of very rapid diversification called the “Cambrian Explosion.” Many theories have been proposed for the cause of the Cambrian Explosion, one of the most provocative being the evolution of vision, allowing animals to dramatically increase their ability to hunt and find mates. Today, technological developments on several fronts are fomenting a similar explosion in the diversification and applicability of robotics. Many of the base hardware technologies on which robots depend—particularly computing, data storage, and communications—have been improving at exponential growth rates. Two newly blossoming technologies—”Cloud Robotics” and “Deep Learning”—could leverage these base technologies in a virtuous cycle of explosive growth. I examine some key technologies contributing to the present excitement in the robotics field. As with other technological developments, there has been a significant uptick in concerns about the societal implication of robotics and artificial intelligence. Thus, I offer some thoughts about how robotics may affect the economy and some ways to address potential difficulties.”

My weekly smiles (and head shakes)
Hack Education Weekly News
Via The Guardian: “Lawyers representing Virginia Wesleyan College in Norfolk have filed a motion demanding the entire sexual history of a student who is suing the school after reporting being drugged and raped on her third day of freshman orientation.” [Where and how would this be documented? Bob]
… “Five retired NBA players are receiving scholarships to attend Kaplan University and study online to earn certificates, bachelor’s or master’s degrees,” says Inside Higher Ed. [Probably need a course in Money management. Bob]
… The University of Illinois released some 1100 pages of emails pertaining to the hiring/firing last year of professor Steven Salaita. It turns out that Chancellor Phyllis Wise used her personal email account in order to – she hoped, eh – avoid scrutiny. “Email scandal plunges U. of Illinois into turmoil.” The university’s board of trustees voted to reject a deal in which Wise would receive $400,000 after resigning as chancellor. More legal battles to follow
Via Buzzfeed’s Molly Hensley-Clancy: “Career Education Corporation's plan to transform its business was simple: stop providing career education. And so far, it seems to be working: in the first quarter of the company's ‘transformation plan,’ it beat analyst estimates, sending its stock shooting up more than 30% on Friday after results were announced.”
… “A Peek at a ‘Smart’ Classroom Powered by the Internet of Things,” via Edsurge, which looks at a study from the University of Belgrade about sensors in the lecture hall. “The researchers used sensors to measure different aspects of the classroom environment – including temperature, humidity and carbon dioxide levels – and attempted to link these factors to student focus.”

Thursday, August 13, 2015

Look at how this works. Is it just advertising? Could an intelligence or criminal organization be using this too?
Lenovo Accused Of Using ‘Rootkit-Like’ Methods To Sneak Software Onto Clean Windows Installs
When acquiring a new notebook or desktop, one of the first things many power users do is wipe it clean. No one likes the "junk" that comes preinstalled, and if time is available, sometimes it's just preferable to start fresh. But what if that was easier said than done? What if that preinstalled junk became more like a plague, persisting even through a fresh install of Windows?
You might think, "That's crazy. Impossible." Well, it is crazy, but it's definitely not impossible.
It seems that installing some asinine malware on customer PCs wasn't enough to satisfy Lenovo's insatiable appetite for intrusion, as it's recently been discovered that the company's installed what's effectively a rootkit onto a range of its notebooks, including Flex and Yoga models.
The root of this problem, no pun, is something called Lenovo Service Engine, in effect low-level firmware that's able to detect whether or not certain files exist in the installed OS. In this case, it seems only Windows 7 and 8 are affected. [So far. Bob] In the event files this rootkit wants are not present, they'll automatically be fetched from the Internet, and subsequently installed.

(Related) Et tu, Microsoft?
Is Windows 10 Spying On You? Privacy Fears Raised As OS Secretly Contacts Microsoft Regardless Of Settings
Windows 10 has raised some privacy concerns over its default settings, which share speech, calendar and contact information with Microsoft. However, it has emerged that even if the user chooses not to share anything with Microsoft at all, the system will still regularly contact Redmond.
According to ArsTechnica, Windows 10 pings Microsoft during certain tasks without explaining why or even giving any indication that contact is taking place, with the news site having to use specialist tools to make the discovery.

For my Intro to Computer Security students.
What the U.S. Military Has Learned About Thwarting Cyberattacks
… The Department of Defense has found that the lion’s share of successful cyberattacks are made possible by poor human performance. Indeed, a key element of our thesis is that most organizations place too little emphasis on changing behavior and too much on technical safeguards.
We suggest that companies should follow the U.S. military’s example. It is strengthening its cybersecurity by applying the methods used by the U.S. Navy’s nuclear-propulsion program, whose safety record is second to none. These include a robust program of training, reporting, and inspections, as well as six operational excellence principles.

(Related) First, scare the pants off them. This is probably not too frivolous, but I really don't care – it will grab their attention and possibly keep them awake.
Not Even Close: The State of Computer Security (with slides) – James Mickens
by Sabrina I. Pacifici on Aug 12, 2015
In this bleak, relentlessly morbid talk, James Mickens will describe why making computers secure is an intrinsically impossible task. He will explain why no programming language makes it easy to write secure code. He will then discuss why cloud computing is a black hole for privacy, and only useful for people who want to fill your machine with ads, viruses, or viruses that masquerade as ads. At this point in the talk, an audience member may suggest that Bitcoins can make things better. Mickens will laugh at this audience member and then explain why trusting the Bitcoin infrastructure is like asking Dracula to become a vegan. Mickens will conclude by describing why true love is a joke and why we are all destined to die alone and tormented. The first ten attendees will get balloon animals, and/or an unconvincing explanation about why Mickens intended to (but did not) bring balloon animals. Mickens will then flee on horseback while shouting “The Prince of Lies escapes again!”

Probably not how Facebook would want to be seen by the world, if they thought about it.
Facebook cancelled a student's internship after he highlighted a massive privacy issue
Facebook cancelled a Harvard student's internship after he created a Google Chrome plugin that highlighted serious privacy flaws in the social network's messaging service, reports.
In May, computer science and mathematics student Aran Khanna built Marauder's Map. It was a browser plugin that made use of the fact that people who use the Facebook Messenger share their location with everyone they message with by default.
… On the afternoon of the 29th, three days after my initial posts, Facebook phoned me to inform me that it was rescinding the offer of a summer internship, citing as a reason that the extension violated the Facebook user agreement by "scraping" the site. The head of global human resources and recruiting followed up with an email message stating that my blog post did not reflect the "high ethical standards" around user privacy expected of interns. According to the email, the privacy issue was not with Facebook Messenger, but rather with my blog post and code describing how Facebook collected and shared users' geo-location data.

Anyone could have done this, if they had searched (Googled) for loopholes.
Google is testing drones in US airspace by piggybacking on Nasa exemption
… Documents seen by the Guardian also reveal technical details of Google’s drone, which is capable of speeds of up to 100 mph and weighs less than 25kg (55lb). The papers also reveal Google’s safety plans should a drone lose contact with its operator.
… Certificate of Waiver or Authorization (COA) … let public organisations like the military, state universities and police or fire departments experiment with unmanned aerial systems (UAS), as long as they meet safety standards. But COAs come with restrictions. FAA regulations state that a public agency must own or exclusively operate the drone in question, and that commercial operations are prohibited.

I don't get it. Indians have faces too. I have a half-dozen Indian faces in my class.
Facebook struggles to sell advertising in India
… Facebook has 132 million users in India, trailing only the 193 million in the United States, according to the company, and the country is critical for the Menlo Park, California, social network's global expansion.
But so far, the payoff has been small: Facebook earns 15 cents per user in India every quarter, compared to the $7 to $8 it makes on each U.S. user, according to analysts.
Facebook does not break out its revenues in India, but Neil Shah, an analyst at Counterpoint Research, a Hong Kong-based technology consulting firm, estimates it brings in $15 million a quarter, far behind the $350 million he estimates Google earns there per quarter.

Oh joy! (Can you get carpal tunnel syndrome from texting?)
Twitter Lifts 140-Character Limit for Direct Messages Today
Twitter Inc.’s 140-character limit is a defining characteristic of the social media service, both frustrating and liberating users’ public expression.
But the company believes that sacred limit doesn’t need to apply to private messaging. Starting Wednesday, Twitter is enabling users to send messages with unlimited characters directly to each other through its private-chat function.
… Twitter’s move is yet another admission that it needs to make the service more useful and easier to navigate. Over the past few months, for instance, it has begun curating more content for users in an attempt to organize the chaos, and it intends to double-down on curation with the forthcoming live-events product called Project Lightning.

Perhaps we should upgrade all those huge TVs in our classrooms?
This device can transform any TV into a touchscreen
There's big business in creating TV-sized touchscreens. Microsoft, for instance, developed the Surface Hub, a digital whiteboard for conference rooms. It's likely only a matter of time before Apple follows suit with a full-size iPad or Apple TV with a touch-enabled remote.
But Touchjet, the company behind the Pond pico projector, has other plans.
Instead of buying a touch-enabled screen that might be able to function as a standard TV, it plans on turning your tube into a massive Android 4.4 Kitkat-powered touchscreen using the same technology you'd find in your remote.
An infrared sensor is embedded in a camera that sits on top of the TV and plugs into the back of your screen via an HDMI cable. After tracking your finger movements using infrared light, the data is then interpreted by a processor and transformed into touch gestures that Android can process. Once calibrated, the sensor transforms your TV into a digital easel, an office whiteboard or an impossibly large Candy Crush playing field.

Might be a good way to introduce my students to Data Analysis.
Fantasy Football League Invokes IBM Watson APIs to Improve Fan Experience
In a move that could have broad implications for how APIs get used within the context of advanced analytics applications, Edge Up Sports, an organizer of a fantasy football league, revealed today that it plans to make use of IBM Watson cloud services to make it simpler for more fantasy football players to participate in the league.
Edge Up Sports CEO Ilya Tabakh told ProgrammableWeb that the fantasy football league organization will initially make use of the APIs that IBM gained when it acquired AlchemyAPI earlier this year. Specifically, Edge Up Sports will invoke text analytics and sentiment analysis APIs to make it easier for fans to aggregate various media reports about specific players they may be tracking.

For all my students? The wrong kind of “self improvement” App? Do these sell because we believe we need them?
The Startup Behind Popular Selfie-Editing App Facetune Raises $10 Million, Plans for New Products
In the world of Instagram, Facebook and Snapchat, you are only as cool as your last post. And in that world, editing the pimple out of your vacation selfie and pimping out your latest party photo is serious business. It’s also turbo-charging the growth of mobile photo-editing startup Lightricks.
Lightricks, the Jerusalem-based company behind the super popular Facetune app, has just closed its first-ever round of outside funding. The photo editing startup raised a $10 million round led by Israeli VC firm Carmel Ventures, according to an announcement released today.
Facetune, which is currently the second most popular paid app according to App Annie’s ranking, lets users retouch photos.

I was very excited until I realized these are two separate programs...
MIT Robots: Now able to punch through walls and serve you beer

(Related) Convergence? You no longer have to pour beer over your cereal?
New Hefeweizen beer – HefeWheaties created from Wheaties after they team up in Minneapolis
… Only presented in the Twin cities, the limited-edition Hefeweizen was created after the joint venture of local craft brewery Fulton and Wheaties. HefeWheaties has been created after the team up of the two Minnesota-based companies and it is the first alcohol partnership for Wheaties. People are calling it “beer for champions” in the local market.

Wednesday, August 12, 2015

Again, no one noticed the hack? For 5 years? Short sales that pay off in just 30 minutes should stand out like a sore thumb. Who was asleep on the job?
Feds: Hackers Stole News Releases, Made $100M from Trades
… The group includes two Ukrainian men who are believed to be the hackers, plus 30 other people from the U.S. and elsewhere who made the stock trades.
… The Ukrainian men are said to have led the scheme over a five-year period. They hacked at least two newswire services, stealing hundreds of corporate earnings announcements before they were released.
… In some cases, the traders shared a portion of their illicit profits with the hackers. [How else were they compensated? Bob]

(Related) Does Facebook have “”insider” access or can I safely trade on this information?
Facebook is reportedly working on an app that breaks news alerts

Deny. Deny. Deny!
Farzan Hussain writes:
Hackers can use a security exploit in Facebook to “decrypt and sniff out” IDs of Facebook users by using one of the vulnerable Facebook API. Allowing them to gain access to the personal information of millions of Facebook users Including their name, location, phone number, pictures and other personal data.
Read more on HackRead – and keep reading so that you read Facebook’s response to the researcher’s multiple attempts to get them to take the vulnerability more seriously.

Here's my idea for a final exam: my Ethical Hacking students try to stop my Corvette, my Computer Security students try to protect it. (Assumes I can talk the University into buying me a Corvette “for academic purposes.”)
How texting a Corvette could stop it in its tracks
As if recent research on car hacking wasn't frightening enough, a new study shows yet another danger to increasingly networked vehicles.
This time around, academics with the University of California analyzed small, third-party devices that are sometimes plugged into a car's dashboard, known as telematic control units (TCUs).
Insurance companies issue the devices to monitor driving metrics in order to meter polices. Other uses include fleet management, automatic crash reporting and tracking stolen vehicles.
In order to collect vehicle data, TCUs have access to the electronic brain of an automobile, the CAN (Controller Area Network) bus, which transmits and receives messages from many vehicle systems. The TCUs also have SIM cards, which give them cellular network connectivity in order to send information.
The researchers found a variety of security vulnerabilities which allowed them in a real-world demonstration to cause a Corvette to suddenly brake by sending a text message to the TCU, which then accessed the CAN bus, according to a study made public Tuesday.

Not hacking, but not very good IT Governance either. My students should be able to design a process that does not rely on the same employee to give the written test, score the driving test, enter and then “correct” computer records.
Feds Say California DMV Employees Traded Cash for Licenses
As many as 100 commercial truck drivers paid up to $5,000 each to bribe state Department of Motor Vehicles employees for illegal California licenses, federal authorities said Tuesday.
… Court records say the employees changed computer records to falsely show that drivers had passed written and behind-the-wheel tests after they were bribed by the owners of three truck-driving schools between June 2011 and March 2015.

“Social media, it's where the evidence is!”
Twitter sees record increase in requests for account information
The number of times that governments asked Twitter to provide account information in the first half of 2015 was more than 50 percent greater than in the previous six months, the company said on Tuesday.
Twitter revealed the data as part of its twice-yearly transparency report, which also covers requests made by private copyright holders.
From Jan. 1 through June 30, the company received 4,363 government requests worldwide for account information related to 12,711 accounts on Twitter, Periscope or Vine. Twitter provided at least some information in response to 58 percent of the requests.
That represented a roughly 52 percent increase from the number of requests received in the second half of 2014, during which the company received 2,871.

(Related) See for yourself.
Gnip Launches Full-Archive Search API To Provide Instant Access To Nine Years Worth Of Tweets
… Until now, companies have been able to pull instant reports using up to 30 days’ worth of historical tweets. Today, through Gnip, Twitter is turning that instant access on for its treasure trove — the full archive. All nine years’ worth of tweets.

(Related) Is your message getting out?
t factor: A metric for measuring impact on Twitter
by Sabrina I. Pacifici on Aug 11, 2015
Based on the definition of the well-known h index we propose a t factor for measuring the impact of publications (and other entities) on Twitter. “The new index combines tweet and retweet data in a balanced way whereby retweets are seen as data reflecting the impact of initial tweets.

Implications for 3D printing?
New front in Internet freedom battle: Dental braces
A court case argued Tuesday over a product to straighten teeth has become the latest front in the battle over the open Internet.
Major technology trade groups and open Internet advocates have urged the U.S. Appeals Court for the Federal Circuit to strike down a ruling by the U.S. International Trade Commission (ITC) that found it has the authority over the import of data that represents a digital good — an expansion from its historical authority over the import of physical goods.
Chief Circuit Judge Sharon Prost, one of the three judges reviewing the case, put the issue into clear focus Tuesday. She said she was confused by the government's attempt to try and "cabin" what would be a huge legal precedent into nothing more than a case about straight teeth.
"It does seem to me that if we were to affirm the commission here, we would be saying the ITC has jurisdiction over electronic transmissions," she said during oral arguments. "I don't see very many limiting principles there that might apply to future cases."
… The case was brought by Align Technology — the maker of Invisalign — which successfully urged the ITC to bar rival company ClearCorrect from importing infringing products into the United States. ClearCorrect has appealed.
The quirk that has riled tech companies and open Internet supporters is that ClearCorrect did not import physical dental aligners, over which the trade commission has historically had authority. Instead, the company imported digital files that allowed it to print the dental aligners in the United States.
In an alleged attempt to circumvent U.S. patent protections, ClearCorrect scanned customers' teeth and eventually printed out the clear dental aligners in the United States. But the patented method used to create the blueprints for the corrective braces was done in Pakistan. This back-and-forth was done digitally by uploading and downloading data online.

This has been handled poorly. Who has been advising Hillary to stall? Will anyone ask her to name the system she used to handle classified emails if the only device she had only handled unclassified?
Hillary Clinton to Turn Over Private Email Server to Federal Authorities
Hillary Clinton is turning over to federal authorities the private computer server she used to handle her emails when she served as secretary of state, an unexpected move and an attempt to quash concerns that her unorthodox approach included insufficient safeguards to protect government secrets.
A spokesman for Mrs. Clinton’s presidential campaign on Tuesday said she had directed her team to give to the Justice Department both the computer server—which had been kept at her home in Chappaqua, N.Y.—and a thumb drive containing copies of her emails. [At last! An electronic copy of the emails! Bob]
… She also has said the server was wiped clean of more than 31,000 emails that involved personal matters such as wedding plans, vacations and yoga routines.
… A subsequent review by federal government watchdogs found four emails out of a sample of 40 that contained classified material, although the information hadn’t been marked classified at the time it was sent.
One of the watchdogs—the intelligence community’s inspector general—sent a letter to lawmakers on Tuesday saying two of those four emails contained “top secret” information, a higher classification than previously known.
… Secretary of State John Kerry said in an interview with CBS on Tuesday that it was highly likely that his emails were being intercepted and read by Russia or China, an acknowledgment that there is an extreme level of foreign intelligence interest in collecting communications from the U.S. government’s top diplomat.

Not so social media?
Tinder just lost its mind on Twitter over a Vanity Fair story
Tinder is not happy with Vanity Fair.
The tech company's PR just went on a 30+ tweet tweetstorm lambasting the magazine for a recent feature story in the September issue of Vanity Fair.
The article, titled "Tinder and the Dawn of the 'Dating Apocalypse,'" uses Tinder to talk about the effects of technology and smartphone dating apps on youth "hook-up" culture and dating.
Using a series of anecdotes of millennials at bars, big city hangouts, and colleges, Nancy Jo Sales paints a picture of Tinder and its competitors (Bumble, Hinge, OkCupid, etc) as signaling a death knell for modern courtship.
The tweetstorm goes on for some 20-25+ more tweets. Check them all out here.

I'm not the only one who thinks this is a bit of a stretch. Why do politicians talk like the world is made of wishes?
Dollar could suffer if U.S. walks away from Iran deal: John Kerry
If the United States walks away from the nuclear deal with Iran and demands that its allies comply with U.S. sanctions, a loss of confidence in U.S. leadership could threaten the dollar's position as the world's reserve currency, the top U.S. diplomat said on Tuesday.
"If we turn around and nix the deal and then tell them, 'You're going to have to obey our rules and sanctions anyway,' that is a recipe, very quickly ... for the American dollar to cease to be the reserve currency of the world," U.S. Secretary of State John Kerry said at a Reuters Newsmaker event.
… New York-based Boris Schlossberg, managing director of FX Strategy, BK Asset Management, challenged Kerry's reasoning. He said the dollar’s status could be compromised only if the United States was unable to compete economically on a global scale.
“The reality of the situation is that the U.S. dollar hasn’t been this strong in decades. The thought that it could be replaced as a reserve currency is laughable at this point on a geopolitical basis and nothing in the Iran deal even remotely touches upon that issue,” he added.
Economists and financial analysts have often conjectured that a competing currency like the euro or the Chinese yuan will eventually dethrone the dollar as global trade and financial patterns shift. But the U.S. currency’s position has been largely immune – mostly for lack of any good alternative.

Being a world class cheap bastard, my answer is, “Yes.” (See next article for a hint about how I do it)
Can You Get By Using Purely Open Source Software?

For all my students.
This Is How You Can Get Microsoft Word for Free

For my Homeland Security, Ethical Hacking, and other students.
American Military University To Host National Security Virtual Career Fair
For those people interested in pursuing a career in national security, mark your calendars for Aug. 20 as American Military University (AMU) will be hosting a Virtual Career Fair featuring federal and private sector employers. AMU employee Jaymie Pompeo offers some pointers in preparation for the Virtual Career Fair.

Tuesday, August 11, 2015

Like the bumper sticker says, “stuff happens.” How big must the breach be before the FTC stops saying that? What constitutes Best Practices remains unclear.
Back in January 2015, Morgan Stanley disclosed an insider breach (previous coverage here and here). It appears that the Federal Trade Commission opened an investigation into the breach under Section 5 of the FTC Act, but decided not to pursue any enforcement action.
In a closing letter to Morgan Stanley’s counsel, Maneesha Mithal, Associate Director of the Division of Privacy and Identity Protection at FTC explains why the FTC decided to close the investigation, but noted that closing the investigation should not be construed as a determination that there was no violation of Section 5.
The letter may be instructive, as it suggests that if an entity has appropriate policies in place, but there’s a failure due to “human error,” then the FTC will not necessarily pursue a case. In this case, the access controls for one narrow set of reports was configured improperly and Morgan Stanley corrected the problem as soon as they become aware of it.
So here we have a situation where there was a risk of significant injury to consumers that they could not reasonably avoid. Whether the risk was offset by any benefits, well, I don’t know how the FTC calculates that in this case. But it looks like what saved Morgan Stanley was it was able to show the FTC its policies and all the ways it had attempted to prevent the very problem that occurred.

Would you expect local governments in the US to do better? We don't hear much about them here because they are small and we have no central agency to report them and fine the governments.
Ian Drury reports on the results of a FOIA investigation by Big Brother Watch:
Bungling councils have lost or wrongly shared the sensitive personal information of tens of thousands of people, a damning report reveals today.
Officials breach data rules at least four times a day, often involving the confidential details – including medical records – of countless adults and children.
The ‘shockingly lax attitudes’ that local authorities show towards protecting private records is exposed in a study by the civil liberties group Big Brother Watch.
Read more on Daily Mail. I don’t see BBW’s report up on their site yet, but will add a link to this post when I find it.
Update: here’s BBW’s report. And there’s already one criticism of it.

Strange that even in education, ignorance is bliss.
CBS News reports:
As summer vacation winds down, new legislation is raising concern over digital privacy at school. Nationwide, only four states prohibit kids’ personal information from being shared by schools with third party vendors, like marketers.
Common Sense Media founder and CEO Jim Steyer said until a couple of years ago, many schools weren’t even aware this was happening.
“Because there were no laws about it — school districts aren’t that knowledgeable about it — they were selling it to marketers, etc. so we started passing laws at Common Sense around the country, starting in California, to restrict the use of that data to only educational purposes,” Steyer said Monday on “CBS This Morning.”
Read more on CBS.
[From the article:
Across the country, 95 percent of school districts use cloud services but only 25 percent inform parents of that usage, according to a Fordham University Law School study.

(Related) Why schools should be paying attention, even though this is a “Health” survey.
Poll: Web safety tops smoking, school violence in concerns over kids
U.S. adults increasingly rank web safety and sexting as leading health concerns for children as smartphones and Web use become ubiquitous, according to a poll out Monday.
Fifty-one percent of adults ranked Internet safety as a big health concern for children, while 45 percent said the same about sexting — ranking them at the fourth- and sixth-largest concern respectively, according to the C.S. Mott Children’s Hospital National Poll on Children's Health.

Change makes Google more nimble.
The Invention Of Alphabet Is The Ultimate Larry Page Move
… Anyone who's been paying attention also knows that Page has been grooming Pichai to be Google's CEO. Creating Alphabet allows Page to give Pichai the job without pulling himself away from the parts of Google he's passionate about. And other hotshot executives—ones currently at Google, or yet to be hired—will presumably like Page's statement that Alphabet's big businesses will be run by their own CEOs, without much interference from Larry or Sergey.
… Google said its existing shares would convert to Alphabet shares and trade under its existing stock tickers, GOOG and GOOGL. Alphabet will remain incorporated in Delaware, Google said in a securities filing. Its website is at

Heading down the spiral?
With Yuan Devaluation, China Digs a Hole for Commodities
China’s appetite for commodities from gold to crude oil is likely to abate in the near term after the country’s surprise decision to devalue its currency, although a weaker yuan could boost steel exports.
As one of the world’s largest buyers of commodities, China’s decision to devalue the yuan Tuesday—effectively lowering the value of exports and increasing the cost of imports for domestic buyers—is likely to deepen price declines among copper, aluminum and other metals. China consumes nearly half of the world’s annual output of metals.
Commodities that were already at multiyear lows due to worries about China’s slowing economy and a strengthening dollar—the unit in which most commodities are priced—suffered an immediate hit Tuesday on the People’s Bank of China’s action. The move also took a toll on the currencies of commodity-dependent countries; the Australian and New Zealand dollars each fell around 1% against the U.S. dollar.

Keep up! You don't want to sound old fashioned, “haha” is now the bee's knees.
RIP to LOL - the history of laughing out loud
A Facebook study suggests that people are choosing to use "haha" and emojis over "LOL" to express laughter.
The research claims more than half (51.4%) opt for "haha", while just 1.9% are LOLers, although it didn't look at direct messages.

Fuel for the debate? Have bans stopped governments from creating and using chemical weapons? Would a ban stop the “Terminator?”
Late last month, Stephen Hawking (former Lucasian Professor at Cambridge), Elon Musk (CEO of Tesla and SpaceX), Steve Wozniak (Apple co-founder) and more than 1,000 artificial intelligence and robotics researchers co-signed a letter urging a ban on autonomous weapons.

...and my IT Governance students thought (hoped? prayed?) I would run out of things for them to read.
Designing Successful Governance Groups
by Sabrina I. Pacifici on Aug 10, 2015
“The Berkman Center for Internet & Society, together with the Global Network of Internet and Society Research Centers (NoC), is pleased to announce the release of a new publication, “Designing Successful Governance Groups: Lessons for Leaders from Real-World Examples,” authored by Ryan Budish, Sarah Myers West, and Urs Gasser. Solutions to many of the world’s most pressing governance challenges, ranging from natural resource management to the governance of the Internet, require leaders to engage in multistakeholder processes. Yet, relatively little is known how to successfully lead such processes. This paper outlines a set of useful, actionable steps for policymakers and other stakeholders charged with creating, convening, and leading governance groups. The tools for success described in this document are distilled from research published earlier this year by Berkman and the NoC, a comprehensive report entitled Multistakeholder as Governance Groups: Observations From Case Studies,” which closely examines 12 examples of real-world governance structures from around the globe and draws new conclusions about how to successfully form and operate governance groups. This new publication, “Designing Successful Governance Groups,” focuses on the operational recommendations drawn from the earlier case studies and their accompanying synthesis paper. It provides an actionable starting place for those interested in understanding some of the critical ingredients for successful multistakeholder governance. At the core of this paper are three steps that have helped conveners of successful governance groups:
  1. Establish clear success criteria
  2. Set the initial framework conditions for the group
  3. Continually adjust steps 1 and 2 based on evolving contextual factors
The paper explores these three steps in greater detail and explains how they help implement one central idea: Governance groups work best when they are flexible and adaptive to new circumstances and needs and have conveners who understand how their decisions will affect the inclusiveness, transparency, accountability, and effectiveness of the group. The paper, as well as the research it builds upon, is intended as a contribution to emerging good and best practices in Internet governance and is offered as a submission to the IGF Best Practice Forum and the NetMundial Initiative, among other forums.”

Some amusing “predictions” from the past. The only one that still seems true is from Arthur C. Clarke who said, “If a teacher can be replaced by a machine, she or he should be.”
Teaching Machines and Turing Machines: The History of the Future of Labor and Learning

For the Tutor's toolkit.
How to Learn Microsoft Access: 5 Free Online Resources

8 Types of Excel Charts & When You Should Use Them

I'm ready to go, but I think I'll need at least a couple of months to cover just the highlights. I wonder if there are Apps for Colorado? I'll look. If not, perhaps my students can create a few.
18 Apps You Need to Download for Travelling to India

Monday, August 10, 2015

“Hey there! This is your boss. Please send $1,000,000 to Tony Soprano, care of the Bank of Nigeria.” Do companies actually do it like that?
Brian Krebs reports:
Networking firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole $46.7 million using an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers.
Ubiquiti, a San Jose based maker of networking technology for service providers and enterprises, disclosed the attack in a quarterly financial report filed this week with the U.S. Securities and Exchange Commission (SEC). The company said it discovered the fraud on June 5, 2015, and that the incident involved employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department.

Santayana was right, "Those who do not learn history are doomed to repeat it." This seems to be particularly true with the history of Computer Security.
Darren Pauli reports:
Four FireEye researchers have found a way to steal fingerprints from Android phones packing biometric sensors such as the Samsung Galaxy S5 and the HTC One Max.
The team found a forehead-slapping flaw in HTC One Max in which fingerprints are stored as an image file (dbgraw.bmp) in a open “world readable” folder.
“Any unprivileged processes or apps can steal user’s fingerprints by reading this file,” the team says, adding that the images can be made into clear prints by adding some padding.
Read more on The Register.
[From the article:
It is one of four vulnerability scenarios in which biometric data normally secure in an Android phone's TrustedZone can be pilfered.

Long suspected. Call them mercenaries, contractors, friends of the government – whatever. What happens if these guys cross the line in service to the Russian government?
Cyber crimes against NATA and its members
by Sabrina I. Pacifici on Aug 9, 2015
Via Atlantic Council – New Twists in Russia’s Cyber Campaign Against NATO and Its Members By Sam Jones, Financial Times: “Russia’s aggressive actions in cyber space are all carefully designed to fall short of warranting any kind of serious military or aggressive response. One of Moscow’s new favoured tactics is to arm crime syndicates with sophisticated hacking tools and malware and subcontract them to undertake operations against adversaries or to mount so-called “false flag” attacks [Can the hack in Chinese? Bob] to muddy the water around attribution, says a senior US military cyber command officer.”

More jobs for my Computer Security students?
Tesla Courts Hackers to Defend High-Tech Cars
Hackers swarmed a Tesla sedan in a 'hacking village' at the infamous Def Con conference on Saturday as the high-tech electric car maker recruited talent to protect against cyber-attacks.
It was the second year in a row the California-based company was at the world's largest gathering of hackers in Las Vegas, and came on the heels of a massive recall of Fiat Chrysler Automobiles vehicles to patch a flaw that could let them be remotely commandeered.
… Tesla recruiters were on hand, along with members of the California-based company's security team.
Tesla cars are highly computerized. New features as well as software updates are pushed out to vehicles over wireless Internet connections.
"They are not messing with our software," Brooklyn said with only a hint of hesitation.
She knew of no cyber-attacks aimed at Tesla cars, at Def Con or anywhere else.
… They referred to Tesla sedans as data centers on wheels, and urged great care when trying to hack vehicles that could be racing along at 100 mph (160 km) or so.
"As cars become more connected, we need to think about them a lot more like smartphones where you are constantly testing and improving products to make they as secure as you can," Brooklyn said.

Are you keeping an eye on the old home town? Following your favorite university sports? Stalking an old girlfriend? Override your phone's location...
Blockfeed App Surfaces Hyper Local News
… And that’s where Blockfeed comes in. This New York city-based startup is aggregating local news sources, from small blogs to established newspapers, geolocating relevant news stories to a hyper local location — such as a particular street or block — and then serving those stories to readers based on where they happen to be at the time they open the mobile app. Thanks to smartphone location-positioning tech, knowing a reader’s location is trivial.
… Currently the app is live in New York City only, after soft launching on iOS at the start of last month. Thus far it’s gained around 900 active users without any marketing. It’s launching on Android today, and stepping up the noise.

Another Copyright article for my IT Governance students.
Why Facebook’s video theft problem can’t last
Earlier this year, Facebook’s increased focus on video — which began with it introducing autoplay video in 2013 — began to show real results. In April, the company reported that it received more than 4 billion video views every day. If you make videos or want to sell advertising against them, this is great news: a giant platform with unparalleled reach is finally paying attention to you.
But then popular YouTuber Hank Green leveled a number of allegations at Facebook’s video team, including a charge of rampant copyright infringement from Facebook users who are uploading videos from YouTube and other platforms without creators’ consent. Facebook has responded that it has measures in place to address copyright infringement, including allowing users to report stolen content and suspending accounts guilty of repeated violations.
But that has done little to satisfy content creators, whose support Facebook needs as it works to challenge YouTube’s dominance. Green and other video makers are increasingly disgruntled, and Facebook’s weak denials could lead to expensive lawsuits. Meanwhile, the failure to protect against copyright infringement could ward off the advertisers whose ads will eventually come to Facebook video. If Facebook doesn’t act quickly, it risks alienating the two groups it needs most to establish itself as a next-generation video platform.

For my students who write – that's all of them.
Hemingway Editor Updated in Time for the New School Year
Last year I featured the Hemingway App Editor as a good tool to help students analyze their own writing. Hemingway is a free tool designed to help you analyze your writing. Hemingway offers a bunch of information about the passage you've written or copied and pasted into the site. Hemingway highlights the parts of your writing that use passive voice, adverbs, and overly complex sentences. All of those factors are accounted for in generating a general readability score for your passage.
This summer the Hemingway Editor was updated to offer a few more features. The Hemingway Editor now provides tools for formatting the text that you write in the web version of Hemingway. You can now create bullet lists, change font size and style, write numbered lists, and indent paragraphs.
StoryToolz offers a tool similar to Hemingway that you may also want to check out.

For all my students.
IT Salary Survey 2015
by Sabrina I. Pacifici on Aug 9, 2015
ComputerWorld 29th Annual Report It Salary Survey: “After years of tight budgets, employers are boosting pay to attract and retain hot IT talent. Our survey of more than 4,800 tech workers reveals who’s getting the cash — and how you can too.. Topics include: Cash Is Back!; IT Pay All the Numbers; Job Seekers Call the Shots; Security Talent Is Red-Hot.”

Amusement for my programing students.
How I wrote a Twitter bot to automatically enter contests
...and ended up winning on average 4 contests per day, every day, for about 9 months straight.