Saturday, September 05, 2015

Be careful when using all that cheap gas.
I’m seeing a rash of reports involving card skimmers at gas stations, most of which I’m not posting to this blog. Here are two such reports as examples, though:
Michigan State Police and the Ionia County Sheriff’s Office are investigating reports of fraudulent credit card activity.
There have been at least 12 credit card skimmers found at Michigan gas stations within the past month. Most of them in West Michigan. Read more on WZZM.
And 127 skimmers have already been detected at Florida gas pumps this year:
Skimming devices used to steal credit and debit card data are still being found on pumps at Florida gas stations, including a Chevron station in Riviera Beach where two skimmers were found recently, the Florida Department of Agriculture said Wednesday.
The station at 4128 Blue Heron Blvd. had skimmers at two pumps. Seven other skimmers were found and removed at stations in Brevard, Broward, Lake, Miami-Dade, Seminole, and Washington counties in the last two weeks. Read more on Palm Beach Post.

But will they?
Dan Solove and Woody Hartzog have 5 suggestions for how FTC could use its authority to improve data security:
Here’s how we think the FTC should use its authority to drive important change:
1. Do more proactive enforcement
2. Take on more data security cases
3. Push companies toward improved authentication – moving beyond mere passwords
4. Restrict the use of Social Security numbers for authentication purposes
5. Develop a theory of data stewardship for third parties
Read their article on FierceITSecurity for their explanation and comments.

I agree with Open State. Political speech is largely advertising, “See how smart I am?” We should hold them accountable for “false advertising” and all example of stupid.
Human Rights Watch, Transparency Groups Condemn Twitter's Politwoops Ban
Last month, Twitter revoked access to its API from Politwoops, a network of sites that automatically archived the deleted tweets of politicians.
Twitter's rationale was that deleting tweets is an "expression of the user's voice" and that "no one user is more deserving of that ability than another," the company wrote in a note to Open State Foundation, creator of Politwoops.
Open State Foundation, however, argues that the social media posts of politicians should be part of the public record, whether or not they are later deleted.
Twitter's protest that everyone has the right to expunge a tweet is somewhat disingenuous; because tweets can easily be copied, quoted, and captured by screenshot, nothing posted to Twitter is truly retractable.

Politicians don't recognize parody.
Man arrested for parodying mayor on Twitter gets $125K in civil lawsuit
An Illinois man arrested when his residence was raided for parodying his town's mayor on Twitter is settling a civil rights lawsuit with the city of Peoria for $125,000. The accord spells out that the local authorities are not to prosecute people for parodies or satire.
Plaintiff Jon Daniel, the operator of the @peoriamayor handle, was initially accused last year of impersonating a public official in violation of Illinois law. However, the 30-year-old was never charged. His arrest was kicked off after the local mayor, Jim Ardis, was concerned that the tweets in that account falsely portrayed him as a drug abuser who associates with prostitutes. One tweet Ardis was concerned about said, "Who stole my crackpipe?"
As part of the agreement, (PDF) which includes legal fees, his attorneys from the American Civil Liberties Union said Peoria will publish a "directive" to the police department making it clear that Illinois law criminalizing impersonation of a public official does not include parody and satire.
"The directive makes clear that parody should never be the predicate for a criminal investigation and that the action against Mr. Daniel should never be repeated again," Karen Sheley, an ACLU attorney, said in a statement.

No doubt there will be speculation that Amazon (or Alibaba?) will buy Uber.
Uber is just what retailers need to take on Amazon
Uber may have started as a ride-sharing app but it’s trying to morph into a full-blown transportation company, applying its knowhow of moving millions of people around to delivering groceries, clothes, and other packages.
This fall, Uber is planning to announce a partnership with dozens of popular retailers and fashion brands to speedily deliver their goods, reports Recode’s Jason Del Ray.

This is not going away.
Clintons personally paid State Department staffer to maintain server
Hillary Rodham Clinton and her family personally paid a State Department staffer to maintain the private e-mail server she used while heading the agency, according to an official from Clinton’s presidential campaign.
… according to the campaign official, it also ensured that taxpayer dollars were not spent on a private server that was shared by Clinton, her husband and their daughter as well as aides to the former president.
That State Department staffer, Bryan Pagliano, told a congressional committee this week that he would invoke his Fifth Amendment rights against self-incrimination instead of testifying about the setup.
The private employment of Pagliano provides a new example of the ways that Clinton — who occupied a unique role as a Cabinet secretary who was also a former and potentially future presidential candidate — hired staff to work simultaneously for her in public and private capacities.

Hillary Clinton's Favorable Rating One of Her Worst
… Currently, 41% of U.S. adults say they have a favorable opinion of the Democratic front-runner, while 51% hold an unfavorable view.

(Related) I just find the quote amusing.
Clinton: Email system not 'best choice' but she didn't 'stop and think' about it

These are the ones my Business Intelligence students should be tracking.
Here Are the Fastest Growing Social Networks You Need to Join

My geeks will love this. I'll need to look into how I can use it with my non-geek students.
LinkedIn Open-Sources FeatureFu, A Toolkit For Building Machine Learning Models

My industry constantly amuses me.
Hack Education Weekly News
… A law protecting student data has been signed in Delaware – privacy legislation is a “trend,” says Education Week.
… The Department of Education announced it was awarding $25 million in grants to Twin Cities Public Television and the Corporation for Public Broadcasting for kids’ TV. [Perhaps they have not heard that kids don't watch TV any longer. Bob]
… The Washington State Supreme Court has just ruled that charter schools are unconstitutional.
… Public school parents do not have a constitutional right to decide where to send their children to school (unless they choose to enroll their child in a private school), the Eighth U.S. Circuit Court of Appeals ruled this week.
… “The family of a student at the Fay School in Southboro has filed a lawsuit claiming the school’s strong Wi-Fi signal caused the boy to become ill,” the Worcester Telegram reports.
… “New report finds ongoing iPad and technology problems at L.A. Unified,” reports The LA Times’ Howard Blume. (And according to the LA School Report, there are hints there may be more problems arising from the FBI’s investigation into the Pearson/Apple/LAUSD deal.)
… According to a survey conducted by the University of Phoenix, “K–12 Teachers Use Social Media at Home, But Not in Class.”
Via the School Library Journal: “The State of the School Ebook Market.”

Friday, September 04, 2015

For my Computer Security students. An article to think about.
Cyber Intelligence: Competitive Intelligence By Any Other Name…
The current environment around cybercrime is quickly becoming a forcing function that’s causing businesses to begin evaluating how they’re doing cybersecurity across the board.
Most importantly of all, it’s forcing companies to start thinking about how to measure and prepare for the real, business impacts of cyber threats lest they be held legally accountable by, say, the fine folks at the FTC. Or any number of voracious civil suit-seeking lawyers [Hee, hee. Bob] closely monitoring their failings and foibles.
But words and phrases like “begin evaluating” and “start thinking about” don’t equate to decision-making or “doing” anything real about it at all.
In fact, despite a cyber and business “pop culture” zeitgeist brimming with signs and indicators that people really are starting to notice cyber insecurity (Mr. Robot’s ratings anyone?), an alarming number of companies put some very considerable roadblocks in front of themselves for not getting started on the same sorts of “competitive intelligence” programs for cyber that have become widely used and benefited from across industry.

(Related) Microsoft gathers data about you to keep itself competitive.
Microsoft Boosts Remote Data Collection in Windows 7 and 8
Following a series of updates meant to prepare Windows 7 and Windows 8 for the impending upgrade to Windows 10, Microsoft pushed the Diagnostics and Telemetry tracking service to existing devices and began collecting more data on them, as Winaero notes in a recent article.
A quick look at the Windows 8.1 Feature Supplement reveals that Microsoft is already collecting details on how the platform, application, computers, and connected devices, are used, as part of its Windows Customer Experience Improvement Programs (CEIP).

As long as you don't collide with planes, do whatever you want?
FAA Approves Corporation's Use of Drones To Collect Data, Prompting Protest from Privacy Advocates
The August 28 decision allows a Washington, DC-based company, called "Measure," to fly the largest fleet of commercial drones on record, a FAA spokesman told VICE News. The company has produced reports with the American Red Cross and the American Farm Bureau on how bird's eye views could help first responders in a disaster or farmers seeking to maximize their harvests.
… It's important to note that the FAA granted Measure an exemption to fly its drones. That's because, currently, it's technically illegal for businesses to fly unmanned aerial vehicles unless they obtain a FAA waiver. The FAA has granted more than 1,000 exemptions so far as it drafts regulations to govern drones.
But the FAA's proposed rules, as currently written, address only safety. The National Telecommunications & Information Administration, meanwhile, is considering how the federal government might address drones and privacy.
… While the federal government drafts its regulations, state governments are instituting a hodgepodge of rules.
The National Conference of State Legislatures reports that 26 states have enacted laws regulating drones, often with the aim of dissuading peeping toms whose drone use has prompted violent reactions, like the Kentucky father who shot down a drone he thought was spying on his sunbathing daughters. (The pilot claimed he was snapping photos of a friend's nearby house).

For Hillary: An article to think about? (No doubt Hillary will suggest that Snowden isn't an objective observer, but she won't dispute the conclusions.)
Snowden: Clinton's email server 'a problem'
National Security Agency whistleblower Edward Snowden said on Thursday that 2016 Democratic front-runner Hillary Clinton is likely aware her personal email server exposed sensitive national intelligence.
Snowden added that lesser employees would have lost their jobs for copying Clinton’s actions during her tenure as secretary of State.
“This is a problem because anyone who has the clearances that the secretary of State has, or the director of any top level agency has, knows how classified information should be handled,” he said, according to excerpts of an Al Jazeera interview airing Friday.

Sometimes you learn what a tool/technology can do when you see what they promise not to do.
Justice Department Announces Enhanced Policy for Use of Cell-Site Simulators
by Sabrina I. Pacifici on Sep 3, 2015
“The policy, which goes into effect immediately and applies department-wide, will provide department components with standard guidance for the use of cell-site simulators in the department’s domestic criminal investigations and will establish new management controls for the use of the technology… Cell-site simulators are just one tool among many traditional law enforcement techniques and are deployed only in the fraction of cases in which the capability is best suited to achieve specific public safety objectives. To enhance privacy protections, the new policy establishes a set of required practices with respect to the treatment of information collected through the use of cell-site simulators. This includes data handling requirements and an agency-level implementation of an auditing program to ensure that data is deleted consistent with this policy. For example, when the equipment is used to locate a known cellular device, all data must be deleted as soon as that device is located, and no less than once daily. Additionally, the policy makes clear that cell-site simulators may not be used to collect the contents of any communication in the course of criminal investigations. This means data contained on the phone itself, such as emails, texts, contact lists and images, may not be collected using this technology. While the department has, in the past, obtained appropriate legal authorizations to use cell-site simulators, law enforcement agents must now obtain a search warrant supported by probable cause before using a cell-site simulator. There are limited exceptions in the policy for exigent circumstances or exceptional circumstances where the law does not require a search warrant and circumstances make obtaining a search warrant impracticable. Department components will be required to track and report the number of times the technology is deployed under these exceptions. To ensure that the use of the technology is well managed and consistent across the department, the policy requires appropriate supervision and approval.”

Legal arguments are fun!
With less than a week before the Second Circuit considers the dispute between Microsoft and the government over emails stored in Ireland (an issue I have blogged about here, here, and here), I thought it worth responding to Orin Kerr’s novel suggestions as to how to understand the case. Over at the Washington Post, Kerr explains why both parties have the analysis all wrong. He then suggests that, under the (erroneous) theory being pursued, the government ought to win. I disagree with both points.

Is Google automating doctors? (auto-diagnosis?)
Google increases health information available via search
by Sabrina I. Pacifici on Sep 3, 2015
Google Inside Search: “In early August, New York City saw an outbreak of Legionnaires’ disease, a very rare and sometimes deadly form of pneumonia. As more outbreaks came to light, Google searches for Legionnaires’ disease spiked over 1,000%. People wanted to know what this disease is, why it’s spreading, and how to prevent it. So we quickly updated our health conditions feature (first launched last February) to provide information on Legionnaires’ right up front, from a simple search. Indeed, health conditions continue to be among the most important things people ask Google about, and one of our most popular features. So today we’re announcing broader updates—over the next few weeks, you’ll notice:
  • Hundreds more health conditions (soon over 900 total, more than double the number we started with) where you’ll get quick at-a-glance info on symptoms, treatments, prevalence, and more
  • Visual design improvements and some more specific triggering so it’s quicker and easier to get the info you need (for example, you can now search for “pink eye symptoms” and you’ll get straight to the symptoms tab)
  • A ‘Download PDF’ link so you can easily print this information for a doctor’s visit—this has been a top request from doctors.”

This is not an explanation.
SAT Scores Fall to Lowest Level in 10 Years
There's no obvious reason why average SAT scores continue to fall, but continue to fall they do.
… Across all three sections, scores slumped slightly from last year's averages. For math, the mean was 511, down from 513 last year. For reading, it was 495 (down from 497) and for writing it was 484 (down from 487).
Unfortunately, this year's decrease isn't a one-off: Overall, SAT scores have been falling slightly but steadily since 2010, when students averaged 515 in math, 500 in reading and 491 in writing.
… This percentage varied drastically across racial groups, however. While only 16 and 23 percent of African-Americans and Hispanics, respectively, hit the benchmark, 61 percent of Asians and 53 percent of white test-takers did so. In general, students' scores have been shown to consistently rise with family income.

(Related) Can Facebook help educate students?
Facebook working with charter schools on software
Facebook is developing software, which it hopes to one day make available to any school that wants it, that helps teachers run personalized lesson plans for students, the company said Thursday.
The company is helping to further develop the software used by charter school operator Summit Public Schools, which says it tailors lessons to each student.
“They told us that while this model was changing the way kids learn, the technology just wasn’t good enough,” said Chris Cox, the company’s product head, in a blog post. “So what if we could build this together and then give it away for free?”
The product appears to allow teachers to craft curriculums for students and for students to track their progress, according to screenshots offered by Facebook. Cox said that the technology gives teachers more time to work one-on-one with students in the classroom.
… Cox looked to calm potential fears about the privacy of students who use the software. He said that it does not require students to have Facebook accounts, and that the team developing the program is separate from the social giant’s main operations.

For my entrepreneurial students.
… A 15-feature “travel jacket,” which launched two months ago, just made a killing in a Kickstarter campaign that ended at 1 p.m. this afternoon. Originally aiming for a $20,000 goal, a total of 44,949 project backers pledged a whopping $9.19 million for the garment, which makes it the crowd-funding website’s most successful clothing campaign, according to reports. The $20,000 goal was met in a matter of hours, when the original intent was to raise the sum in a 58-day period.

Perspective. Some interesting App stats. Compare “most downloaded” to “most revenue”
Facebook, Google, Apple Dominate Top Apps Of All Time Lists; Candy Crush And Clash Of Clans Are Top Games
A new report from app store analytics firm App Annie this morning offers insight into the most popular – and profitable! – iOS applications of all time. Not surprisingly, the most downloaded app to date is Facebook, which also places elsewhere in the top 10 list thanks to its other mobile properties like Facebook Messenger (#2), Instagram (#4) and WhatsApp Messenger (#6).
Meanwhile, King’s Candy Crush Saga is the world’s most downloaded game, but Supercell’s Clash of Clans edged it out in terms of revenue.

Prepackaged App tools?
Plyfe Brings Interactive Tools to Small Business
You've seen all the great interactive Web tools that big companies use—trivia games, polls, and image carousels that keep site visitors engaged. It's difficult for small businesses to offer those same experiences, because the coding requirements often lie outside their reach. Unless your core business relates to technology or Web design, you probably don’t have that kind of expertise in-house.
The Plyfe platform changes all that by offering ready-to-use interactive cards for websites, social media channels, and mobile devices—all without any coding needed and all for free.

Dilbert shows us what females think is a defect.

Thursday, September 03, 2015

So, the manufacturers send their phones to “middlemen” who install spyware, then return the phones for packaging?
Tara Seals reports:
Over 190.3 million people in the US own smartphones, but many do not know exactly what a mobile device can disclose to third parties about its owner. Mobile malware is spiking, and is all too often pre-installed on a user’s device.
Following its findings in 2014 that the Star N9500 smartphone was embedded with extensive espionage functions, G DATA security experts have continued the investigation and found that over 26 models from some well-known manufacturers including Huawei, Lenovo and Xiaomi, have pre-installed spyware in the firmware.
However, unlike the Star devices, the researchers suspect middlemen to be behind this, modifying the device software to steal user data and inject their own advertising to earn money.
Read more on InfoSecurity.
[From the article:
Further, the G DATA Q2 2015 Mobile Malware Report shows that there will be over two million new malware apps by the end of the year.

Like my students, some (most?) parents don't bother reading the instructions.
IoT baby monitors STILL revealing live streams of sleeping kids
… Isolated real-world reports of hacking of baby monitors date back at least two years, so it’s not as if the problem is new.
Last year privacy watchdogs at the ICO warned parents to change the default passwords on webcams to stop perverts shopping on kids.
The warning followed a security flap created by the site, hosted in Russia, that streamed live footage ranging from CCTV networks to built-in cameras from baby monitors. The website itself – – accesses the cams using the default login credentials, which are freely available online for thousands of devices.

Legal doublethink. This poor, helpless minor will be charges as an adult. (Isn't the legal marrying age in the south somewhere around 12? Or is that only for first cousins?) The boyfriend was also charged.
Paul Woolverton reports:
After a 16-year-old Fayetteville girl made a sexually explicit nude photo of herself for her boyfriend last fall, the Cumberland County Sheriff’s Office concluded that she committed two felony sex crimes against herself and arrested her in February.
The girl was listed on a warrant as both the adult perpetrator and the minor victim of two counts of sexual exploitation of minor – second-degree exploitation for making her photo and third-degree exploitation for having her photo in her possession.
Read more on Fay Observer.

Typical bureaucracy: When in doubt, hire more underlings, ask for a larger budget,
FAA bolsters drone outreach with new hires
The Federal Aviation Administration (FAA) on Wednesday brought on two high-level officials to help lead the agency’s regulation of drone flights in the United States.
The agency hired Hoot Gibson as senior adviser on drone integration, a new position that reports to the FAA deputy administrator. The position, first announced in May, will focus on outreach to other areas of the government and airspace stakeholders.
The agency also hired Earl Lawrence to become the new director of the UAS Integration Office, which has been vacant since the retirement of Jim Williams in June. The office was created in 2013 to help create regulations to safely integrate drones into the nation’s airspace.

Just in case you missed it. Initial reports always seem to underestimate the damage. Imagine if this had been something really dangerous, like Donald Trump's hair tonic.
Pentagon Now Says Army Mistakenly Sent Live Anthrax to All 50 States
Deputy Defense Secretary Bob Work has repeatedly said the scandal over the military's mistaken shipment of live anthrax spores around the nation and the world would get worse -- and he was right.
The number of labs that received live anthrax has more than doubled to 194 since Work and Frank Kendall, the Pentagon's top acquisition official, released a report in July on the shipments of the deadly pathogen from the Army's Dugway Proving Grounds in Utah.
The number of states receiving live anthrax also more than doubled to include all 50 states and Washington, D.C., plus Guam, the U.S. Virgin Islands and Puerto Rico.

The world gets its news from Twits?
Nearly 9 in 10 people on Twitter use it to get news
… Eighty-six percent of users overall say they use the platform for news, according to the study, which was funded by Twitter but developed independently by the American Press Institute and released Tuesday.
… A Pew Research Center earlier this year found that use of Twitter and Facebook to consume news is on the rise, with current users seeing more news on the platforms.

Apple Adds More Publishers for Its News App, Which Will Launch Soon
One thing you won’t hear much about at Apple’s media event next week: Its News app, a newsreader that will work something like Flipboard, that will be included in Apple’s upcoming iOS 9 software this fall.
That doesn’t mean Apple isn’t interested in getting the word out about the app, which it has been fixing up since debuting a rough-around-the-edges beta a few months ago. It has also signed up more publishers for the launch, which will likely be in the next few weeks. When it announced News at WWDC in June, Apple had 18 publishers on board; now it says it has more than 50.

Should we consider the source and laugh at this guidance?
White House Wants Feedback on IT Contract Security
Cybersecurity is a key component of all contracts between U.S. government agencies and information technology vendors. Yet cyberbreaches continue to occur – some of them with alarming scope and depth.
The White House is seeking input from private sector vendors and others on how to improve the cybersecurity elements involved in federal government purchases of IT equipment and services. The Office of Management and Budget recently released draft guidance dealing with that issue, and it will accept input on the proposal until Sept. 10.

Someone has to fall on his sword! Will that be the job of the staffers who will testify? What could they say? “We did it, Hillary was ignorant?”
Ex-Hillary Clinton Staffer Who Set Up Email Server Plans to Plead the Fifth
A former Hillary Clinton staffer who helped set up the former secretary of state's private email server has vowed to invoke the Fifth Amendment and refuse to answer questions after a congressional committee subpoenaed him, MSNBC confirmed late Wednesday.
Bryan Pagliano, who worked for Clinton during her 2008 presidential campaign and at the State Department, has been identified in digital records as the person who set up her email server in 2009.
… A Clinton campaign aide said in a statement to NBC News Wednesday the candidate has encouraged aides to answer any questions.

(Related) It's easy to teach Best Practices if you have plenty of really, really bad examples. It does raise yet another question: Did Hillary's server block all known security issues? Did she ever receive emails from unknown sources and open them?
The "Executive" IT Security Problem - Lessons Learned from Hillary Clinton
Not every executive wants to dedicate space in their bathroom to an email server. But there are companies without a BYOD policy where executives insist on using personal tablets. Yahoo’s CEO famously refused to put a passcode on her personal phone. Some execs retain access to sensitive information following retirement. They insist on downloading software from any Internet site they want to. With authority and resources, convenience is easily prioritized over policy.
Further, the risks presented by privileged users, including executives, continues evolving. No longer limited to the malicious or careless user, we now are confronted with outsiders obtaining and abusing insider credentials. Spear phishing executives, or “whaling” is a rising attack vector to take advantage of the broad access attackers possess, while self-inflicted vulnerabilities make them a softer target as well.

Not analysis of bits and bytes. Using tech to record artifacts before some fanatic destroys them.
Institute for Digital Archaeology
by Sabrina I. Pacifici on Sep 2, 2015
“Digital archaeology represents the natural evolution of classical archaeology, permitting researchers to look at ancient objects in a whole new way, to uncover hidden inscriptions, invisible paint lines, the faintest palimpsests... and to share these discoveries with the world.”
The Million Image Database Project – “In collaboration with UNESCO World Heritage and the epigraphical database project at NYU’s Institute for the Study of the Ancient World and engineering specialists at Oxford University, we hope to capture one million 3D images of at-risk objects by the end of 2016. To that end, we have created a heavily modified version of an inexpensive consumer 3D camera that will permit inexperienced users to capture archival-quality scans. The camera has the facility to upload these images automatically to database servers where they can be used for study or, if required, 3D replication. It is our intention to deploy up to five-thousand of these low-cost 3D cameras in conflict zones throughout the world by the end of 2015. Each camera contains an automated tutorial package that will help field users – local museum affiliates, imbedded military, NGO employees and volunteers – both to identify appropriate subject matters and to capture useable images. This project is the first of its kind in both purpose and scale. However, it is our hope that it will become a model for future similar endeavors. All of the associated technology and software will be open-source to facilitate that goal.” This project is especially timely in light of the seemingly unstoppable destruction of antiquities, including in Palmyra, Syria.

If you thought “old stuff” disappeared you haven't tried to buy anything for your horse recently. Weak and poor quality companies are forced out of the market, but the survivors always command a premium.
This Company Is Still Making Audio Cassettes and Sales Are Better Than Ever
The audiocassette tape is not dead. In fact, one Springfield, Mo., cassette maker says it has had its best year since it opened in 1969.
“You can characterize our operating model as stubbornness and stupidity. We were too stubborn to quit,” said National Audio Company President Steve Stepp.
NAC is the largest and one of the few remaining manufacturers of audiocassettes in the U.S. The profitable company produced more than 10 million tapes in 2014 and sales are up 20 percent this year.

I do want to collect articles like this. I think they would benefit my students.
Leaving Voicemails, and Other Prickish Phone Habits
… With all the focus on what smartphones can do and how they’re affecting us, many people have lost sight of how to use our phones like an actual, original, dial-a-number phone without behaving like an ass. This isn’t an argument against buying a smartphone, but just a sad fact of life.

Wednesday, September 02, 2015

Nobody drags out a straightforward process like the government.
Victims of the breach still have not been notified. OPM will start sending postal laters “later this month.”
The government will spend $133 million on identity theft protection services. With options, it could go up to $330 million. ID Experts (Identity Theft Guard Solutions LLC) got the gig to provide the service, which will provide three years of credit monitoring and $1 million in identity restoration insurance to affected employees and their minor children.
CSID got the gig to provide services to the 4.2 million employees whose personal data was compromised in the initial reports of the breach.

A heads-up to my lawyer friends.
Jeff Stein reports:
Marion “Spike” Bowman, a top former FBI lawyer and U.S. counterintelligence official who heads an influential organization of retired American spies, says a hacker from China penetrated his home computer, beginning with an innocent-looking email last spring.
Read more on Newsweek.

BYOA (Bring your own App) is becoming mainstream.
Enterprise App Stores Continue to Evolve
Apps are increasingly the way we get things done, in our personal lives and at work – and sometimes in a fuzzy space between the two.
The app store quickly became the delivery method of choice for purchasing personal mobile apps, thanks to Apple, which has seen a mind-boggling number of purchases from its app store. (Half a billion dollars for apps and in-app purchases in the first week of 2015 alone, according to Apple.)
In the enterprise, though, it's a bit more complicated. While some companies are OK with employees purchasing their own productivity apps for work, they struggle with concerns over security, compatibility and compliance with enterprise standards. Despite these concerns, the phenomenon of employees using their own apps at work is so popular it has earned an acronym: BYOA, for bring your own app.
… Concerned companies do have options. A fairly large, and growing, number of software companies have their own app stores where folks can purchase enterprise apps. Hootsuite, for example, announced this week that its App Directory, introduced in late 2011 and featuring 140-plus apps and integrations for apps including Zendesk, Marketo and IBM SilverPop Engage, has seen more than 2 million installs.
The directory is focused on social media management, said Hootsuite Director of Product Marketing Kevin Quan in an email. It gives Hootsuite customers "the ability to use the best-of-breed business applications and extensions that work for their unique needs," he said. "Through the Hootsuite App Directory we are able to extend social across all cross functional departments in any organization."
Other software companies offering enterprise app stores include ServiceNow, which earlier this year introduced an app store with more than 80 applications built on its cloud service management platform, and SugarCRM, which launched an app store for users of its CRM software in May.

(Related) Of course, there is a downside...
Mobile Gambling Apps Expose Enterprise Data: Report
According to Veracode, on average, multiple gambling apps are installed in an enterprise environment, and many of these programs are plagued by critical vulnerabilities that can result in privacy breaches and enterprise data theft.
… Mobile gambling apps are often offered for free, but include advertising software development kits (SDKs) that send user information to third-party servers and can allow outsiders to track individuals and steal corporate intellectual property.
Earlier this year, IBM’s Application Security Research Team conducted a study of 41 popular dating applications for Android and determined that more than 60 percent of them are potentially vulnerable to cyberattacks.
Mobile applications can pose serious risk to enterprise data, customers and security in general, so it is especially important for organizations to be able to identify these apps,” Adam Ely, Founder and COO of Bluebox, wrote in a 2014 SecurityWeek column.
… “No mobile app is an island,” Ely said. [Cute Bob]

John Wesley Hall writes:
A Phoenix officer was shot and killed on duty. “More than 300 public safety personnel, the chief of police, and the mayor quickly converged on the scene. Roughly 100 people entered the area where Sergeant Drenth’s body was discovered, including the three plaintiffs, who were assigned to canine search teams.” Male DNA was found at the scene. All but five voluntarily contributed DNA to exclude them. The five weren’t suspects, but they needed to be excluded. [If they weren't suspects, weren't they already excluded? Bob] They steadfastly refused to provide DNA, so the PPD applied for a court order to get it. After it was obtained they sued for nominal damages, a declaratory judgment, and to have it destroyed. A court order, a warrant, to obtain evidence does not require that the person from whom it is obtained be a suspect in a crime. DNA can be collected by court order to exclude people from an investigation. Bill v. Wheeler, 13-15844 (9th Cir. August 31, 2015):
[From the article:
If the killer is identified and charged, it also has the salutary effect of removing a defense argument that DNA at the scene wasn’t tested and could belong to another person who could have been the actual killer.

Looks like low-hanging fruit to lawyers? Or maybe only one lawyer.
Popcorn Time lawsuits continue as 16 are sued for watching Survivor
The "Popcorn Time" app was launched in 2014 as a kind of "BitTorrent for dummies" with a simple Netflix-style interface for viewing movies. But now with a second lawsuit filed against users of the app, it looks like 16 as-yet-anonymous watchers may soon need a primer on "mass copyright suits for dummies."
The lawsuit (PDF), entitled Survivor Productions Inc. v. Anonymous Users of Popcorn Time (Does 1-16), targets 16 Comcast subscribers who allegedly used the app to watch Survivor—not the reality series, but a thriller starring Pierce Brosnan released earlier this year.

Also useful for civilians considering the Cloud.
The US Military Gets A Guidebook to the Cloud
DISA rolls out a collection of best practices for a Pentagon herding its myriad information services toward their cloud-based future.
… Released by the Defense Information Systems Agency, the guide is aimed at DOD “mission owners” wanting to migrate an existing information system from a physical environment to a virtualized cloud environment. The framework is based on real-world cloud pilot efforts within DOD.
… While somewhat technical, the best practices guide is worth a read. It contains a short intro to the cloud, impact-level requirements, a breakdown of available cloud services and a detailed section dedicated to understanding shared security responsibility within the cloud – vital reading considering the recent data breach headlines.

You're hosting Uncle Sam's files in the cloud. You get hacked. This is what happens next
The US government has posted a new set of rules outlining how cloud providers should report IT security cockups that involve Uncle Sam's data.
The new Department of Defense (DoD) rules [PDF] include requirements on how contractors who handle government information should deal with computer network breaches and attacks, and how to report them to government agencies.
The rules apply only to those contractors whose cloud services host unclassified material. Classified data is covered by a different set of reporting rules and security requirements.

Perhaps the White House wants to be “Liked?”
White House taps Facebook alum to be first director of product
The White House has hired a Facebook employee to serve as its first director of product, a new position focusing on software like the "We The People" petition site.
Josh Miller, who announced the job move on his personal website, said that he expects to build off the White House’s existing digital efforts.
“The White House has many digital products — from to the We the People Petition site,” he said. “It’s a dream to be able to add to and improve this portfolio.

Dragging the government into the 21st Century?
Dem wants better data about 'on-demand economy'
Sen. Mark Warner (D-Va.) is calling for the federal government to hone its data collection efforts to gather more information about how on-demand economy companies like Uber and TaskRabbit are affecting the way Americans work.
“Unfortunately, our definitions, data collection, and policies are still based on 20th century perceptions about work and income,” he said in a statement on Tuesday accompanying letters to the heads of several federal agencies inquiring about their data-collection practices.
The requests are part of a larger push by Warner to examine how policy might be changed to accommodate the rise of the on-demand economy.

For my entrepreneurial minded students and a few of us old faculty types.
4 of the Hottest Markets for Professionals Who Want to Teach and Train Others
In Start Your Own eLearning or Training Business, you'll find information on all the steps you need to start and run a distance learning business. In this edited excerpt, the Staff of Entrepreneur Media, Inc. discuss the four areas of digital learning that are seeing the more interest from those wanting to learn.

Does this signal a Polaroid come-back? Could be the hot stocking-stuffer this year.
Polaroid Snap camera takes instant photos without ink
… Polaroid … just announced the Polaroid Snap, a digital camera that can immediately print out a photo, and it doesn't even need ink to do it.
… The trick is in the Zero Ink printing technology developed by a company called ZINK. Instead of using ink, the camera uses special printing paper which contains cyan, yellow and magenta dye crystals under a protective polymer coating. The ZINK-enabled printer inside the Polaroid Snap camera then activates those crystals to create a full-color photo.
… If you wish, you can have the photo printed in a larger size later, as Polaroid Snap takes 10-megapixel photos and has a microSD slot holding memory cards with up to 32GB of capacity. The camera has several simple presets — color, black and white and vintage — a selfie timer, and a photo booth mode, which takes six photos in 10 seconds.
Polaroid Snap will be available in four colors — black, white, red and blue — in the fourth quarter of 2015 for $99.

For my Website coding students.
Mozilla Relaunches Its Thimble Online Code Editor For Teaching HTML, CSS And JavaScript
Back in 2012, Mozilla launched Thimble, an online code editor for teaching the basics of HTML, CSS and JavaScript. Over time, though, things got pretty quiet around the project as other browser-based code editors like Brackets and full online IDEs like Nitrous took center stage. Today, however, Mozilla relaunched Thimble with a major redesign and a slew of new features.
Thimble, which is based on the Adobe-supported Brackets open source project, is still meant to be a platform for teaching the basics of web development. Mozilla is aiming the projects at educators (and their students) who want to build their own learning experiences, as well as at independent learners who want to teach themselves.
… Thimble now also reflects the fact that even beginners will want to target their sites at mobile, so the preview mode now allows you to see mobile previews as well.
… The new Thimble also features a number of new starter projects that teachers can use to teach their students basic skills like how to edit HTML content and CSS style sheets.
Even though this is a Mozilla project, it’s worth noting that Thimble should work in any modern browser.
If you want to give Thimble a try, just head over here and start coding.

For my students. At lest they're reading.
Bam! Pow! 8 of the Best Ways to Read Comics Online for Free

(Related) Tools for students who don't read.
Tired of Reading? Make Your iPhone Read Everything to You
Too lazy to read? Why not get your iPhone to read for you instead? With native iOS text-to-speech and a few great apps, you can use your smartphone to take your productivity to the next level.

Tuesday, September 01, 2015

Any publicity is good publicity? Can you trust any of this?
Ashley Madison Claims 'Hundreds of Thousands' of New Users Have Created Accounts in the Last Week
Extramarital affair dating site Ashley Madison's identity was based on its ability to facilitate private, discreet affairs.
Considering recent events – in which hackers exposed the personal information and account details of more than 33 million of its members – you'd think it may be time for the company to throw in the towel.
Instead, Ashley Madison just came out swinging. In a new blog post, the company suggests that in contrast to reports that the hack attack has crushed its business, things are actually going swimmingly.
"Despite having our business and customers attacked, we are growing," the post reads. "This past week alone, hundreds of thousands of new users signed up for the Ashley Madison platform – including 87,596 women."
The company also refuted reports that the leaked data revealed Ashley Madison's user base contained almost no real women

Data Breaches by the Numbers
The Privacy Rights Clearinghouse has maintained an easily searchable database of breaches from 2005 to the present, allowing us to easily track the rise and fall of data breaches.
The data is clear and powerful. First, based on the number of records compromised, breaches are on the rise. In security circles, 2014 was known colloquially as “the year of the breach.” However, 2015 almost doubled the 2014 tally of breached records, and has done so in the first eight months.
Digging deeper, we can see the source of these breaches. The first thing that stands out is that external hacking is far and away the leading source of breaches, and the percentage is growing. In 2013, external hacking accounted for 83.77 percent of the total records that were compromised. In 2014, that percentage jumped to 98.73 percent. So far in 2015, the percentage continued its rise to 99.99 percent.

Grounding the pendulum of rulings?
EFF amicus brief in SCOTUS case on seizure of historical cell site records from a cell phone provider
by Sabrina I. Pacifici on Aug 31, 2015
EFF – “Americans have the right to expect that digital records of their daily travels—when they left home, where they went, and how long they stayed—is private information, the Electronic Frontier Foundation (EFF) said in an amicus brief filed with the Supreme Court of the United States. Weighing in on one of the most important digital privacy rights cases of the year, EFF is asking the court to hear arguments in Davis v. U.S., a federal criminal case from Florida that examines whether police need a search warrant to obtain historical cell site location information (CSLI). These records show law enforcement which cell phone towers your phone has connected to in the past. In this case, police obtained 67 days of records about defendant Quartavious Davis without a warrant and used them to implicate him in various robberies. In the brief filed Monday, EFF and other advocacy groups argue that the ubiquity of cell phone use in this country—along with a clear increase in law enforcement demands for cell site records and conflicting court rulings about the need for search warrants—means the U.S. Supreme Court should grant review in Davis’s case.”

(Related) You mean it's not a series of pipes?
… For example, it is well-established — and generally understood — that the contents of any sealed letters or packages we send through the Postal Service are considered private, and they “can only be opened and examined under [a] warrant, issued upon [] oath or affirmation, particularly describing the thing to be seized, as is required when papers are subjected to search in one’s own household.” The only exceptions to this rule are the observations of the letter’s properties one can observe without opening it, such as its size, its weight, and the address information written on it. Can the same be said about our email? One can’t touch or otherwise physically manipulate an email message like one written on paper, but we still tend to think of email messages as a contemporary analogue to “letters.” Does it therefore follow that we have the same expectation of privacy in our email messages as we do our letters and packages?

Research tool or stalking tool?
How to get Social and Professional Info From Email Addresses with Pipl
The Pipl Search API allows you to perform people lookups using a variety of search inputs. In this tutorial I will demonstrate how to use the API to enrich the data you have of your newsletter subscribers.

Lawsuits? You know there's an App for that!
Law firm targets Google foes for private damages claims
U.S. law firm and class action specialist Hausfeld launched a platform on Tuesday to help pursue claims against Google, posing a potential headache for the world's No. 1 Internet search engine amid its regulatory troubles in Europe.
… The law firm said the Google Redress & Integrity Platform (GRIP) is aimed at those affected by alleged anti-competitive behavior by Google in Europe.
It said the platform would build on the European Commission's April charge sheet, which accuses Google of unfairly promoting its own shopping service to the disadvantage of rivals.
"GRIP offers corporations, consumers and other entities harmed by Google's anti-competitive business practices in Europe a mechanism to evaluate their potential claims," Michael Hausfeld, chairman of Hausfeld, said in a statement.

Perspective. Interesting, but I doubt it's predictive.
Which Presidential Candidate Is Winning the Tech Money Race?
It is becoming clear that the road to the White House in 2016 leads straight through Silicon Valley.
Once a bit-player in the political money game, the technology industry came in second behind the oil and gas industry among the top sources for political contributions in the 2012 presidential and congressional elections. The candidates have noticed and are courting the Valley’s wealthy tech elite.
With 435 days to go until Election Day 2016, several of the major party candidates — including Hillary Rodham Clinton, Jeb Bush and Marco Rubio — have already made early pilgrimages to Silicon Valley, looking to drum up support and to build their campaign war chests.

Political courtesy? I have to agree with my military students – if they sent classified information over personal email they'd face a court-martial.
Hillary Clinton email scandal: Legal experts see no criminal activity thus far
Experts in government secrecy law see almost no possibility of criminal action against Hillary Clinton [That is quite different from the headline. Bob] or her top aides in connection with now-classified information sent over unsecure email while she was secretary of state, based on the public evidence thus far.

Perspective. We've gone from corporate, room-sized mainframe computers to employee owned, pocket sized computers. How do we control them?
Apple, Cisco Unveil Business Partnership
Apple Inc. and Cisco Systems Inc. are teaming up to help bring more iPhones and iPads to business users.
The partnership, announced Monday, is aimed at helping Apple’s mobile devices communicate more effectively on corporate networks where Cisco gear is widely used, the companies said. They also plan to jointly work on technology to help workers with iPhones and iPads better exploit Cisco’s collaboration products, including its video- and Web-conferencing services.

It matters to me.
Good to hear that “Why blogging still matters”
by Sabrina I. Pacifici on Aug 31, 2015
opinion | David Weinberger |Boston Globe: “…blogging went mainstream. Most media outlets now feature less formal, more personal columns either by their official columnists or by a cadre of writers who can’t be fitted into the limited space of a print newspaper or magazine. Even so, when the media refer to “bloggers,” they often mean unschooled amateurs unaffiliated with respectable publications — people who are obsessed with the trivial, full of hate, and unfamiliar with spellcheck. Yet delve into almost any field of research and you’ll find webs of bloggers joined by their common interests, whether it’s cooking, policy, or contemporary philosophy. We bloggers are still there, connecting, learning from one another, and speaking in our own flawed human voices. The leading blogging site,, hosts 37 million of them, although not all are personal or still active. Tumblr claims 252 million blogs and 99 billion posts, mainly short form. We’re not noticed as much outside of our webs, and we are no longer considered a “phenomenon,” but we’re there. In fact, blogs now often are where the most interesting ideas are surfaced, argued, and appropriated into a discipline’s discourse. Unlike the output in scholarly journals and magazines, in these webs of blogs we get to see ideas emerging from conversation among people sharing what in the old days we’d take as early drafts. These webs allow participation by people regardless of credentials, enabling voices to rise to their own level of credibility…” [thanks to Bob Ambrogi – grateful to hear this message and share it via my Word Press blog – and also celebrate 13 years of blogging on beSpacific.]

For my (you had better be) researching students.
NISO Launches New Primer Series with the Publication of Primer on Research Data Management
by Sabrina I. Pacifici on Aug 31, 2015
“The National Information Standards Organization (NISO) has launched a new Primer Series on information management technology issues with the publication of the first primer on the topic of Research Data Management. Two more primers on the topics of Understanding Metadata and Linked Data for Cultural Institutions, respectively, will be released in coming months, with additional Primers to be published periodically. The primer on Research Data Management provides an overview of how data management has changed in recent years, and outlines best practices for the collection, documentation, and preservation of research data. The importance of creating a data management plan (DMP) before beginning a research data project is emphasized. Crucial questions regarding how the data will be managed are answered ahead of time in a DMP, thus making it easier for the researcher to collect and document the data properly for future use and reuse. Creating research data that is easily reproducible and transparent is the ultimate goal, and following the guidelines in this primer can help educate researchers to ensure their data is available for others. The differences between publishing papers and publishing datasets and the citation challenges the data community are working on solving are also discussed. “Research in all domains is seeing an increasing prevalence of data-driven research and an influx of diverse data sources and analysis methods,” says Carly Strasser, author of this primer. “Data management is therefore an emerging concern for researchers. This primer provides a high-level overview of research data management, and is intended to be useful across domains.” This primer on Research Data Management and the forthcoming primers on Understanding Metadata and Linked Data for Cultural Institutions are introductory documents on these important topics relating to information management for those new to our community, or for those who just need a summary understanding of these issues. The NISO Primer series will be freely available and licensed for reuse under a Creative Commons-BY-NC 4.0 license. “Meant to provide insight and instruction to researchers collecting data, these primers discuss the latest developments in research data and the new tools, best practices, and resources now available,” says Todd Carpenter, NISO Executive Director. “Providing basic information to the wider community about NISO’s activities is a critical component of our work as an organization. We seek to serve not only those who are deeply versed with technology in our community, but those who are starting out as well.” The NISO Primer on Research Data Management is available as a free download from the NISO website at:

Dilbert suggests a downside to “smart” robots.