Saturday, September 19, 2015

There will be a lot of discussion on this topic.
Avery Dial and Rory Eric Jurman of Fowler White Burnett, P.A., write:
As it is commonly understood, the Great Fire of London spawned two fixtures of the modern world: advancements in firefighting and property insurance. The risk of fire was seen as a threat to society as a whole and mechanisms to mitigate that risk were naturally born. Now, the world has ubiquitous measures to minimize the risk of fire. However, in the modern era, we are facing a new fire: data breaches. In the words of the Talking Heads “[h]old tight, we’re in for nasty weather.“
Read more on JDSupra.

(Related) Another decision impacting businesses with inadequate security. (In this case, “Pretty Good Practices” vs. “Best Practices?”)
Jody Godoy reports:
The Seventh Circuit declined to rehear an appeal it decided against Neiman Marcus over a payment card data breach on Thursday, leaving in place the precedential ruling that held plaintiffs can sue for the trouble and expense of preventing fraud on their accounts.
The ruling will allow the suit in Illinois federal court, which has been on ice for a year during the appeal, to move forward. The plaintiffs claim their payment card details were compromised in the 2013 breach of Neiman Marcus systems that affected a proposed class of 350,000 customers, saying the retailer cut corners on security measures that could have prevented or mitigated the breach and didn’t give them timely notice of the attack.
Read more on Law360.

You don't hear about many of these. Are they not news?
Jenn Schanz reports:
FBI officials and U.S. Attorney William Hochul called 38-year-old James Allen “a master manipulator.”
The Detroit man was convicted of Child Pornography and Cyber Stalking for harassing 18 Western New York girls online between April and August of 2012.
Monday, Allen was sentenced to more than 20 years behind bars.
Assistant Special Agent in Charge with the FBI in Buffalo, Holly Hubert, said despite Allen’s invasive crimes, he wasn’t an expert hacker or computer genius.
Read more on WIAT.

Isn't context important?
Remember when people put that “RTs ≠ endorsements” disclaimer in their Twitter bios, like that would offer some form of protection from the being associated with what they retweeted? Well, a retweet can be seen as an endorsement. It can also apparently be used as evidence that you’re trying to join ISIS.

Not surprising.
Judge Says Hillary Clinton Didn’t Follow Government Email Policies
A federal judge on Thursday said that Hillary did not comply with government policies in her exclusive use of a personal email account while she was secretary of state, challenging her longstanding position that she abided by the rules.
… At a hearing for a Freedom of Information Act lawsuit against the State Department, the judge, Emmet G. Sullivan, pictured, of Federal District Court for the District of Columbia, said that “we wouldn’t be here today if the employee had followed government policy.”
Judge Sullivan also opened the door for the FBI, which is ever-so-slowly investigating whether there was classified information on Clinton’s email server, to expand its inquiry to pursue emails that she may have deleted. The judge ordered the State Department to ask the FBI to give it any emails recovered from Clinton’s private server that were not already in the State Department’s possession or that may be related to the lawsuit.
… In doublespeak that would have embarrassed Orwell, the Justice Department, which oversees the FBI, has argued before Judge Sullivan that Freedom of Information Act searches do not typically involve a government employee’s personal email account. Of course, had Clinton followed the rules and acted like ever other government employee, including the rank-and-file who worked for her at State, none of this would be considered personal email.

I've been following this for years. Amazing that the government got off so cheap.
Feds agree to pay $940 million to settle claims that US government shorted tribes on contracts
The Obama administration has agreed to pay hundreds of Native American tribes nearly $1 billion to settle a decades-old claim that the government failed to adequately compensate tribes while they managed education, law enforcement and other federal services.

Weekly Waff?
Hack Education Weekly News
… Jared Keller on Ahmed Mohamed's experiences and “The Criminalization of the American Schoolyard”:
… Manitoba announced an Open Textbook Initiative, that will create a library of free and openly licensed textbooks for the province’s most highly enrolled college classes.
Did you really read the syllabus? A test.
Gawker on “exam-time spyware software” ProctorTrack: “Students Wonder When Creepy-As Hell App That Watches Them During Exams Plans on Deleting Their Data.” (The answer: once the media picks up on the story.)
Via the LA School Report: “While LA Unified may still be struggling to integrate its iPads and other digital devices into the classroom, its police department has found a few useful things to do with theirs.” (That is, monitoring schools for “vulnerabilities.”)

Is Dilbert suggesting that Trump is in trouble?

Friday, September 18, 2015

The electronic equivalent of marked cards?
Poker players targeted by card-watching malware
The sneaky malware has been found lurking in software designed to help poker fans play better, said the security firm that found it.
… The malware targets players of the Pokerstars and Full Tilt Poker sites, said Robert Lipovsky, a security researcher at Eset, in a blogpost.
When it infects a machine, the software monitors the PC's activity and springs to life when a victim has logged in to either one of the two poker sites. It then starts taking screenshots of their activity and the cards they are dealt. Screenshots are then sent to the attacker.
The images show the hand the player has been dealt as well as their player ID. This, said Eset, allows the attacker to search the sites for that player and join their game. Using information about a victim's hand gives the attacker a significant advantage.
"We are unsure whether the perpetrator plays the games manually or in some automated way," wrote Mr Lipovsky.

The insurance perspective.
A Guide to Cyber Risk
by Sabrina I. Pacifici on Sep 17, 2015
“Cyber risk is now a major threat to clients’ businesses. Companies increasingly face new exposures including first-and third-party damage, business interruption (BI) and regulatory consequences. A Guide to Cyber Risk examines global trends and developments in cyber, while also identifying the emerging risks that will significantly impact the industry in the near future.
> Download the full report here
> Download the Executive Summary here
> Download the cyber risk exposure infographic here

Never doubt the doggedness of football fans. They will force you to answer.
Daniel Chang reports:
More than two months after the chief executive of Jackson Health System promised an “aggressive internal investigation” into the unauthorized release of the medical chart for New York Giants pass rusher Jason Pierre-Paul — a possible violation of federal privacy laws — hospital officials have yet to explain how the breach occurred, who was responsible for the leak or what they are doing to prevent such incidents in the future.
Read more on Miami Herald.

I doubt any country is more interested in spying now than say 50 years ago. It's just that there are many tools to automate the process and many hackers who notice those tools and make the information public.
A new report ties the Russian government to a seven-year malware campaign
A new report from F-Secure has found evidence that the Russian government is behind the widespread Duke malware strain, orchestrating a seven-year campaign that has targeted Chechnya, NATO and possibly as far as the State Department and White House. Titled The Dukes: Seven Years of Russian Cyberespionage, the report details the results of research dating back to 2008, connecting the dots between more than a dozen different incidents. The team behind the Duke malware waged their campaign with nine different variants, each tailored to specific systems and situations. The variants have been the subject of a number of security reports over the years, but this is the most definitive evidence yet that the Russian government has been sponsoring the attacks.

For my Computer Security students.
Cultivate a Talent Pipeline While Bridging the Cybersecurity Resource Gap
A new labor market report by Burning Glass, Job Market Intelligence: Cybersecurity Jobs, 2015, finds that job postings for cybersecurity openings have grown three times as fast as openings for IT jobs overall and take longer to fill. The professional services, finance, and manufacturing/defense sectors have the greatest number of openings. Finding qualified candidates for positions that require a security clearance or a combination of IT security skills and industry knowledge, for example in finance or healthcare, takes even longer.

A clear indication that even TSA recognizes that they are security theater. “Because it is better to look secure than to feel secure.”
Jenna McLaughlin reports:
In a spectacular failure of a “back door” designed to give law enforcement exclusive access to private places, hackers have made the “master keys” for Transportation Security Administration-recognized luggage locks available to anyone with a 3D printer.
The TSA-recognized luggage locks were a much-vaunted solution to a post-9/11 conundrum: how to let people lock their luggage, on the one hand, but let the TSA inspect it without resorting to bolt cutters, on the other.
When the locks were first introduced in 2003, TSA official Ken Lauterstein described them as part of the agency’s efforts to develop “practical solutions that contribute toward our goal of providing world-class security and world-class customer service.”
Now that they’ve been hacked, however, TSA says it doesn’t really care one way or another.
Read more on The Intercept.
[From the article:
“The reported ability to create keys for TSA-approved suitcase locks from a digital image does not create a threat to aviation security,” wrote TSA spokesperson Mike England in an email to The Intercept.
“These consumer products are ‘peace of mind’ devices, not part of TSA’s aviation security regime,” England wrote.

Is Japan walling itself off like the EU in a world where everything is global?
Joe Jones of Squire Patton Boggs writes:
The Japanese Diet passed amendments to the Personal Information Protection Act on September 3, 2015, which will become effective within the next two years. While further details will be revealed in upcoming implementing regulations, several major changes, which are summarized below, are clear from the text of the statute. Companies doing business in Japan should take a close look at their privacy policies and personal data procedures in preparation for these changes.
More leeway to disclose anonymous data
“Anonymized” personal data – stripped of personal identifiers such as names and dates of birth – may now be transferred to third parties, including companies who would use the data for marketing purposes, without the subject’s consent. The disclosure must still be reported to the “Personal Information Protection Committee” (discussed further below), and must also be publicly announced. This is one of the few “pro-business” changes in the amendment, and will allow companies to use and sell “big data” about their customers, which was previously a gray area in Japanese data privacy law.
Read more on Lexology.

Google Is 2 Billion Lines of Code—And It’s All in One Place
… Google’s Rachel Potvin … estimates that the software needed to run all of Google’s Internet services—from Google Search to Gmail to Google Maps—spans some 2 billion lines of code. By comparison, Microsoft’s Windows operating system—one of the most complex software tools ever built for a single computer, a project under development since the 1980s—is likely in the realm of 50 million lines.

Pinterest Crosses User Milestone of 100 Million
Pinterest said on Wednesday that it had surpassed 100 million monthly active members, in a milestone for the digital scrapbooking start-up, which has faced scrutiny over whether the size of its user base and business growth can justify its huge valuation.

This article has a most unbelievable chart.
Ed-Tech Might Make Things Worse... So Now What?
The OECD released a “first-of-its-kind” report earlier this week on computers and education, eliciting – as all of its PISA-related reports tend to do – precisely the responses you’d suspect: a lot of “schools are doing it wrong.”

I need to survey my students. What do they prefer?
Cut the Cord With 4 VoIP Phone Plans That Are Cheaper Than Skype

An easy way to extend our website creation class?
DWNLD, The Easy-Bake Oven For Apps, Picks Up $12M In Series A
The DWNLD App Maker gives users the ability to finely customize their apps with various colors, layouts, fonts, etc. so that each DWNLD-created app has its own unique look and feel.
Of course, DWNLD has a paid product that gives users analytics on their app performance, ways to generate revenue through in-app purchases, advertising and paid downloads, as well as the ability to send more (or unlimited) push notifications, with prices starting at $15/month.
But DWNLD also offers a free tier that gives the Average Joe the ability to publish their own app, complete with social media integrations, blog content, etc.
… If you want to learn more about DWNLD, head over to the website right here.

Thursday, September 17, 2015

If I was insuring them, I certainly have some questions about this.
BitPay Sues Insurer After Losing $1.8 Million in Phishing Attack
BitPay has filed suit against a Massachusetts insurance company after losing $1.8m during a phishing attack last December.
According to documents obtained by the Atlanta Business Chronicle, the bitcoin payment processor was defrauded in mid-December by an unknown individual posing as BTC Media CEO David Bailey, whose computer was infiltrated prior to the attack.
The attacker subsequently obtained email credentials for BitPay CFO Bryan Krohn, which were then used to prompt CEO Stephen Pair and executive chairman Tony Gallippi to authorize three payments totalling 5,000 BTC on 11th and 12th December, including one transaction from a wallet on the bitcoin exchange Bitstamp.

(Related) I think Dilbert is commenting on this story.

Encryption is inevitable. Deal with it!
Google forges ahead with data encryption despite FBI warnings
Google on Wednesday vowed to charge ahead with more encryption of user data even as law enforcement officials warn the technology could hamper their investigations.
The tech giant's director of law enforcement and information security, Richard Salgado, on Wednesday told the Senate Judiciary Committee that the security techniques are a net positive for law enforcement, because they can many times prevent online crime in the first place. [So what is the strategy here? Catch crooks or prevent crime in the first place? Bob]
"There are lots of different ways to secure data besides encryption, but there is pretty much a consensus inside the security community that encryption is a fundamental and critical way to protect users data from the very thieves, identity theft cases, [and] privacy intrusions that law enforcement is interested in investigating," Salgado told Chairman Chuck Grassley (R-Iowa).
… Echoing law enforcement concerns, Grassley said officials have warned "this technology made court authorized warrants not worth the paper that they are printed on." However, recent reports note that the Obama administration might be softening its tone on the issue.

(Related) China wants the same things the FBI is asking for. Does that make the issues clearer?
China Tries to Extract Pledge of Compliance From U.S. Tech Firms
HONG KONG — The Chinese government, which has long used its country’s vast market as leverage over American technology companies, is now asking some of those firms to directly pledge their commitment to contentious policies that could require them to turn user data and intellectual property over to the government.
The government distributed a document to some American tech companies earlier this summer, in which it asked the companies to promise they would not harm China’s national security and would store Chinese user data within the country, according to three people with knowledge of the letter who spoke on the condition of anonymity.
The letter also asks the American companies to ensure their products are “secure and controllable,” a catchphrase that industry groups said could be used to force companies to build so-called back doors — which allow third-party access to systems — provide encryption keys or even hand over source code.

(Related) Correcting an error. Library users want TOR.
From the good-for-them dept., Nora Doyle-Burr reports:
The Kilton Public Library will reactivate its piece of the anonymous Internet browsing network Tor, despite law enforcement’s concerns that the network might be used for criminal activities.
The Lebanon Library Board of Trustees let stand its unanimous June decision to devote some of the library’s excess bandwidth to a node, or “relay,” for Tor, after a full room of about 50 residents and other interested members of the public expressed their support for Lebanon’s participation in the system at a meeting Tuesday night.
Read more on Valley News.

Do we have a common understanding of appropriate policing to serve as a basis for appropriate drone use?
Veronique Dupont reports:
Drones are increasingly making their mark in the arsenal of US police forces, operating in a legal gray area and sparking concerns of constant surveillance of civilians.
The specter of armed drones surfaced with a law passed in North Dakota last month that allows police to equip the aircraft with teargas.
“It’s still a bit of a Wild West,” said American Civil Liberties Union (ACLU) policy analyst Jay Stanley.
Read more on Yahoo.

Should I categorize this as a marketing tool or a security warning?
I created a fake business and bought it an amazing online reputation
If you live in the Bay Area and have looked for something special to spice up a birthday party, you might have discovered the Freakin’ Awesome Karaoke Express, a truck that promises to deliver an unbelievable selection of songs to your doorstep. You might have seen a review on Yelp that said it’s perfect for a girl’s night out or a Facebook review that mentioned it being a crowd-pleaser at a neighborhood block party. You may have been impressed by its 19,000 Twitter followers, and considered hiring this mobile song-slinging truck to drive up to your next outdoor shindig.
What you probably didn’t realize was that there is no such thing as the Freakin’ Awesome Karaoke Express (or F.A.K.E., for short). I made it up and paid strangers to pump up its online footprint to make it seem real. I didn’t do it to scam anyone or even for the LULZ. I wanted to see firsthand how the fake reputation economy operates. The investigation led me to an online marketplace where a good reputation comes cheap.

Perspective. Yet another definition of “unlimited.” Why are they still allowed to use that word? If the network is “particularly busy” speeds are already “throttled.”
AT&T changes data rules for 'unlimited' plans
AT&T is increasing the amount of data that customers on “unlimited” plans can consume before their speeds are slowed, three months after the Federal Communications Commission proposed fining the company $100 million for allegedly not being forthright with customers about its policies.
Under the new policy, users' data speeds will only be slowed — or throttled — if they use more than 22 gigabytes in a billing period and are in an area where the network is particularly busy. The previous threshold was five gigabytes.

So should Jeff buy more content producers?
Amazon converting Prime members into Washington Post digital subscribers with new promotion
Amazon launched a new promotion with The Washington Post this morning, offering its tens of millions of Amazon Prime members the opportunity to sign up for a free digital subscription to the newspaper — converting automatically to a discounted paid subscription after six months.
It’s the latest collaboration between the e-commerce giant and the newspaper, which was acquired by Amazon founder Jeff Bezos two years ago. Amazon is touting the promotion as a benefit to Prime members, but it also promises to be a boon for the Washington Post — giving the newspaper a deep connection to some of Amazon’s most loyal customers.

A record of those who open their mouth before engaging their brain. (But, will they continue to gather these Tweets?)
Open State preserves Politwoops’ history on the net
In a move to preserve the public record for everyone, Open State has uploaded its complete Politwoops archive of deleted tweets by politicians to the Internet Archive. The archive consists of 1,106187 deleted tweets by 10,404 politicians collected in 35 countries and parliaments over a period of five years.
In August, Twitter blocked Politwoops in more than 30 countries that enabled the public to see what legislators and other elected officials, once had tweeted but then decided to delete.
… Earlier this month, 17 rights groups including Human Rights Watch, the Electronic Frontier Foundation, Access, Sunlight Foundation and others joined in opposition to Twitter’s crackdown on Politwoops and called on the social network to restore Politwoops’ API access.
In less than a week, the open letter published by the group, was endorsed by 50 organizations across five continents, including World Wide Web Foundation, European Federation of Journalists, Derechos Digitales and EDRi.

A resource for my students.
ScienceOpen Hits the 10 Million Article Mark
by Sabrina I. Pacifici on Sep 16, 2015
PR Newswire: “ScienceOpen, the research + open access publishing network, has added article records from more than 10 million scientific publications. Researchers can now filter published content by the number of citations and monitor the relevance and impact of recent scientific results by tracking social media mentions. Over 20,000 scholarly journals are currently published worldwide. At this volume, researchers need a reliable overview of trends in their discipline. ScienceOpen has exponentially grown its database to allow scientists to more easily navigate, search and comment on scientific articles. To enhance discoverability, each research article page provides recommendations for related articles regardless of publisher. This function has long been common to consumer platforms but ScienceOpen is one of the first to bring this feature to the research community. The new ScienceOpen release is the next step in creating an independent, open database which contains references and citation information for current global research in all disciplines. The citation count of an article helps to quantify the influence of research and those who performed it. To support search and discovery, ScienceOpen has begun building the first openly and freely available citation index. This was achieved by tracking the references of the nearly 2 million Open Access articles on the site. The new release of the ScienceOpen platform displays the relative citation count, all the citing articles, and their own citations. Researchers can now filter all content based on a wide range of options including citations, journal, publisher, date and other bibliometric data. Moreover, scientists can track in real time the social media coverage of articles in Twitter, Google+, Mendeley and other social networks.”
“ScienceOpen is a freely accessible research network to share and evaluate scientific information. We aggregate Open Access articles from a variety of sources – opening them up to commenting and discussion. Manuscripts submitted to ScienceOpen will be published Open Access and evaluated in a fully transparent Post-Publication Peer Review process.”

A “suggestion” for my Data Management students.
The Hottest Live-Streaming Social Apps You Need To Try

Wednesday, September 16, 2015

Oops! A word managers should never need to utter. NOTE: This is not the first time data was loaded into Amazon's public servers.
Insurance carriers, third party administrators (TPAs), and self-insureds had claims data exposed when a cloud-hosted claims management service inadvertently left their databases and files unprotected on a public server.
Another week, another infosecurity failure that exposed oodles of personal information.
This time, it’s a leak that not only exposed insurance claims data, but allegedly included internal documents that reveal how some entities planned to defend against specific claims.
According to a source who contacted, as part of research on data leaks, the self-described “technology enthusiast” (“TE”) downloaded some random data from a publicly available subdomain on Amazon Web Services (AWS). Inspection of the files revealed many GB of SQL database backups with “names, social security numbers, addresses, dates of birth, phone numbers, as well as various financial and medical injury data.”

I hope we're not talking default passwords again.
Edd Gent reports:
Cyber-spies have managed to plant snooping software in Cisco routers, located on three continents, which direct traffic around the Internet.
Security research firm FireEye says it has so far found 14 instances of the router implants in India, Mexico, Philippines and Ukraine, adding that this may be just the tip of the iceberg and that the problem could potentially affect routers from other makers.
Read more on E&T.
[From the article:
A highly sophisticated form of malicious software was installed onto the devices, but Cisco - the world's top supplier of routers - said the attacks were not due to any vulnerability in its own software. Instead, the attackers stole valid network administration credentials from targeted organisations or managed to gain physical access to the routers.

Target still a target.
Joseph Ax reports:
A U.S. judge on Tuesday certified a class action against Target Corp brought by several banks over the retailer’s massive data breach in 2013.
Read more on Reuters.

Worth a try, I suppose.
Jennifer Baker reports:
Civil rights NGO Human Rights Watch (HRW) has launched a legal challenge to find out if its information was shared between the US National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ).
The organisation is unhappy that a ruling by the Investigatory Powers Tribunal (IPT) in February did not reveal the full extent of intelligence sharing.
Read more on The Register.

How different Tom Sawyer would have been...
The Local reports:
Six out of ten Norwegians would use GPS tracking devices to keep tabs on children under the age of 12, according to a new poll by Gallup.
The poll found that only 10 percent of Norwegians found the use of tracking devices unacceptable, while 60 percent were in favour.
Read more on The Local (No).

Wow! Only 10 years? (That's like 200 Internet years) By then, we'll be inserting chips subcutaneously. (See the article above.)
De Blasio to Announce 10-Year Deadline to Offer Computer Science to All Students

Americans agree computer science is important—but only one-quarter of US schools teach it
Gallup and Google just teamed up to conduct one of the most comprehensive studies of computer science education in schools. Interviewing nearly 16,000 7th- to 12th-grade students, parents, teachers, principals and superintendents, this study provides us with yet another painful reminder of how our education system is out of touch with and slow to respond to opportunities for our kids’ futures. Despite massive and growing demand to fill high-paying computer science jobs in all kinds of organizations and industries all over the world, a mere one in four principals in the US report offering computer programming or coding in their school. And as we argue about what should and shouldn’t be taught in US schools, it turns out we agree on at least one thing very clearly: Computer science should be taught. A surprising 85% of parents, 75% of teachers and 68% of principals say that computer science education is “just as important” or “more important” than teaching required courses like math, science, history and English.

What have sex robots ever done to you? Wait, don't answer that. I really don't want to know.
New campaign launches to save us from harmful, lonely life of sex with robots
… The Campaign Against Sex Robots sounds like a funny idea — but when you see the potential for human-rights violations down the road, you’ll have an “a-ha” moment. [More like a “you have got to be kidding!” moment. Bob]

Because God help us if anything should happen.
Feds declare 'No Drone Zone' for Pope's visit

Interesting. Or at least it could be.
Federal Court Invalidates 11-Year-old FBI gag order on National Security Letter recipient Nicholas Merrill
by Sabrina I. Pacifici on Sep 15, 2015
Calyx Institute: “A federal district court has ordered the FBI to lift an eleven-year- old gag order imposed on Nicholas Merrill [document is redacted] forbidding him from speaking about a National Security Letter (“NSL”) that the FBI served on him in 2004. The ruling marks the first time that an NSL gag order has been lifted in full since the PATRIOT Act vastly expanded the scope of the FBI’s NSL authority in 2001. Mr. Merrill, the executive director of the Calyx Institute, is represented by law students and supervising attorneys of the Media Freedom and Information Access Clinic, a program of Yale Law School’s Abrams Institute for Freedom of Expression and Information Society Project. For more than a decade, the government has refused to allow Mr. Merrill and other NSL recipients to tell the public just how broadly the FBI has interpreted its authority to surveil individuals’ digital lives in secret using NSLs. Tens of thousands of NSLs are issued by FBI officers every year without a warrant or judicial oversight of any kind. The letters demand disclosure of user information and are almost always accompanied by complete gag orders. Today’s decision will finally allow Mr. Merrill to speak about all aspects of the NSL and, specifically, to inform the public about the categories of personal information that the FBI believes it can obtain using an NSL… U.S. District Judge Victor Marrero’s decision invalidated the gag order in full, finding no “good reason” to prevent Merrill from speaking about any aspect of the NSL, particularly an attachment to the NSL that lists the specific types of “electronic communication transactional records” (“ECTR”) that the FBI believed it was authorized to demand. The FBI has long refused to clarify what kinds of information it sweeps up under the rubric of ECTR, a phrase that appears in the NSL statute but is not publicly defined anywhere… Merrill first challenged the NSL statute in 2004 in a landmark ACLU lawsuit that resulted in significant changes to the law but ended in 2010 with much of the gag order still intact…”

This is done by a simple program on a computer. Lots of companies do it to personalize advertising (talk about your car, get an ad about cars). Would it be more acceptable if a “trusted third party” ran the program and gave nothing from the content to Twitter? (Is there such a thing as a “trusted third party?”) It is not clear from this article how this benefits Twitter technically. Shortening the URL gains you nothing but complexity if you keep the old URL to display for the user.
Twitter Hit With Suit Claiming It Snoops on Direct Messages
Twitter Inc.’s direct messages may not be as private as it claims, according to a lawsuit filed against the company on Monday.
A lawsuit seeking class action status alleges that Twitter “surreptitiously eavesdrops on its users’ private direct message communications. As soon as a user sends a direct message, Twitter intercepts, reads and, at times, even alters the message.”
The lawsuit takes particular issue with the hyperlinks sent within the private-chat function. The plaintiff claims that, for example, when a hyperlink to a New York Times story is sent via direct message, Twitter goes in and replaces the link with its own link-shortening tool,, before it reaches the intended recipient, which it then masks by displaying the original New York Times link.

Winning friends no matter who is elected? (I hereby announce my candidacy for teacher of the year. Can I get a Donate Button?)
Twitter rolls out donate button for political campaigns
… The button allows mobile users to enter their credit card and identifying information to donate, then return to their place in their Twitter timeline.
“By partnering with Square to enable donations through Tweets, and as the 2016 election season heats up, we’ve upgraded these tools through which citizens can raise their voices to champion causes and candidates they support,” the company announced in a blog.

Kick 'em while they're down? But what if they are not down enough.
Obama cyber sanctions could spur Chinese backlash
Swift economic retaliation against American businesses is expected if the White House levies hacking sanctions against Chinese companies.
But U.S. industry groups are still pressuring the government to stand up to China over what’s believed to be a massive campaign to pilfer corporate secrets from U.S. firms. The alternative, they say, could be even worse: Unabated cyberattacks that drain the American private sector of its global competitive advantage.

Nothing foretells the legalization of marijuana like more revenue for governments to waste spend.
Colorado Just Became The First State In History To Collect More Taxes From Marijuana Than Alcohol
No state has ever generated more tax revenue from marijuana than alcohol—until now.
The Colorado Department of Revenue, according to recently released figures, just brought in $70 million in taxes relating to marijuana, compared to less than $42 million for alcohol taxes, over the course of a year.

An update on Kim Dotcom. Extradition hearing is next Monday.
Megaupload, Kim Dotcom, and others filed their reply brief today in the Fourth Circuit Court of Appeals urging the Court to reverse the trial court's finding of "Fugitive Disentitlement."
Here is an excerpt from the reply brief:
"The government asks this Court to affirm a forfeiture order that is purely advisory, was justified only by Claimants’ exercise of their right to oppose extradition, and was obtained without any opportunity to contest the government’s case on the merits. Our justice system requires more. Claimants have not been convicted of any crime, have not fled the jurisdiction, and have not been extradited. They stand ready to defend their property—located entirely in countries that have refused to enforce the U.S. forfeiture orders. But without considering the merits, the district court declared that property forfeited. That order contravenes fundamental jurisdictional requirements, statutory commands, and due process..."
Read the full reply brief.

(Related) More Kim Dotcoms?
The FBI has seized domains belonging to sites involved in pre-release music piracy. and now display the infamous Department of Justice banner informing visitors that the sites are being investigated for criminal copyright infringement. The RIAA welcomed the news, describing the takedowns as a "huge win."

If you can't put your foot in your mouth, keep shooting yourself in the foot until you can?
The Three Stages Of Hillary Clinton’s Self-Perpetuating Funk
… Candidates can just as easily get caught — or entrap themselves — in self-reinforcing cycles of negative media attention and declining poll numbers. Hillary Clinton looks like she’s stuck in one of these ruts right now.
The Washington Post’s David Weigel recently observed that voters were hearing about only three types of Clinton stories, all of which have negative implications for her. First are stories about the scandal surrounding the private email server she used as secretary of state. Next are stories about her declining poll numbers. And third are stories about how Vice President Joe Biden might enter the Democratic presidential race.

A useful research tool?
Harvard Kennedy School – Think Tank Search
by Sabrina I. Pacifici on Sep 15, 2015
Think Tank Search is a custom Google search of more than 590 think tank websites. For the purposes of this search, think tanks are defined as institutions affiliated with universities, governments, advocacy groups, foundations, non-governmental organizations, and businesses that generate public policy research, analysis, and activity. Inclusion is based upon the relevancy of subject area to HKS coursework and scholarship, the availability of the think tank’s research in full-text on the website, and the think tank’s reputation and influence upon policy making. The list represents a mixture of partisan and non-partisan think tanks.”

Several tools for my geeky students.
Find Out How Much Traffic a Website Gets

Tuesday, September 15, 2015

You only need a few minutes (seconds?) advanced notice.
Defendants in Newswire Hacking Case Agree to Pay $30 Million
The SEC revealed in August that a cybercriminal group led by Ukrainian nationals Ivan Turchynov and Oleksandr Ieremenko hacked into the systems of newswire services Marketwired, PR Newswire and Business Wire in an effort to steal unreleased corporate earnings announcements that would be highly valuable for making profitable financial trades. The stolen data was transmitted via a website to traders in the U.S., Russia, Ukraine, Malta, France, and Cyprus.
The scheme is believed to have generated more than $100 million in illegal profits based on roughly 150,000 press releases stolen between 2010 and 2015. The hackers reportedly gained access to the valuable information after stealing the login credentials of newswire employees and planting malware on the targeted systems.
In one example provided by SEC, the hackers and traders managed to make over half a million dollars after getting their hands on a negative earnings report 36 minutes before it was released to the public.

This is a rather big deal. Intercept the plain text before it goes into the encryption software and you don't need to worry about breaking encrypted communications.
TLS Communications Exposed to KCI Attacks: Researchers
A flaw in the Transport Layer Security (TLS) protocol can allow man-in-the-middle attackers to access apparently encrypted communications, researchers have warned.
The new method, dubbed “Key Compromise Impersonation (KCI) attack,” leverages a vulnerability in the protocol specification of TLS. The technique allows an MitM attacker to gain complete control over the client-side code running in the victim’s browser. Malicious actors can eavesdrop on communications, replace legitimate elements on a website with arbitrary content, and even perform actions on the victim’s behalf.

Ignorance is not bliss, it's just ignorance.
Bob McGovern reports:
Gov. Charlie Baker — responding to a Herald report on potential hacking and civil liberties problems with the E-ZPass system — said he has asked transportation officials to study the issue.
“Obviously every time there is a story that suggests there’s an issue with something like this we ask folks, whatever it is, to look into it and hopefully we’ll have an answer on that in a day or two,” Baker said yesterday.
Read more on Boston Herald.
[From the article:
Universal electronic tolling on the Pike is due by the end of next year, and experts told the Herald that E-ZPass technology — which is linked to users’ bank accounts — could be susceptible to hacking. Meanwhile, the movements of New York drivers with E-ZPass transponders have been monitored by state officials even when they were far away from the toll, according to a report by the New York Civil Liberties Union.
Baker, who has a transponder, said he isn’t worried about someone stealing his information. [See my comment, above. Bob]

Interesting twist, but unlikely to operate long before irate customers notify (scream at?) their bank.
New ATM Malware Allows Attackers to Physically Steal Cards
According to the security firm, Suceful is capable of reading data from the payment card’s magnetic stripe and chip, and disabling ATM sensors. The malware, which attackers can control from the ATM’s PIN pad, also includes a feature that hasn’t been seen at other such threats: it can retain and eject inserted cards to allow fraudsters to physically steal them.

For my Computer Security students – looks like your career success is guaranteed.
DNI Testimony on Worldwide Cyber Threats
by Sabrina I. Pacifici on Sep 14, 2015
“Worldwide Cyber Threats – Overview – Cyber threats to US national and economic security are increasing in frequency, scale, sophistication, and severity of impact. The ranges of cyber threat actors, methods of attack, targeted systems, and victims are also expanding. Overall, the unclassified information and communication technology (ICT) networks that support US Government, military, commercial, and social activities remain vulnerable to espionage and/or disruption. However, the likelihood of a catastrophic attack from any particular actoris remote at this time. Rather than a “Cyber Armageddon” scenario that debilitates the entire US infrastructure, we envision something different. We foresee an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security.”

“We're here to help you!” Sound familiar?
Mark Bergen reports:
Edith Ramirez wants Silicon Valley to see her agency as something more than a wrist slapper.
Last Wednesday, the Chairwoman of the Federal Trade Commission came to San Francisco to host the agency’s first “Start with Security” conference, an initiative to institute broad guidelines for consumer privacy protection — and convince tech companies to turn to the FTC for guidance.
Read more on Re/code.

There is Privacy, then there is what? Hiding? Being “on the lam?”
AP reports:
Federal prosecutors say registering at a hotel under a false name cost real estate heir Robert Durst his right to privacy there.
That opens their 65-page response to defense lawyers’ contentions that all evidence found in Durst’s New Orleans hotel room should be thrown out.
Read more on Fox News.

Law Times reports:
A recent Ontario Superior Court of Justice ruling appears to open the way to adding invasion of privacy claims to defamation lawsuits against journalists, says a defamation lawyer.
“It’s a development that I think is of concern to the media that invasion of privacy torts that one would have thought are subsumed in defamation may now be treated differently and separately from defamation, as the judge seemed to accept,” says Paul Schabas, a partner at Blake Cassels & Graydon LLP and an adjunct media law professor at the University of Toronto.
On Aug. 31, Justice Graeme Mew released the reasons for his July 17 decision on a motion in Chandra v. CBC. The motion, brought by the CBC, sought to have the court decide that it shouldn’t put an invasion of privacy claim to the jury that the plaintiff had added to his original defamation case.
Read more on Law Times.

A peak at your data should not mean potential insurers get to keep it forever.
Over on I’ve Been Mugged, George Jenkins describes what he learned when he and his wife really pursued the question of how Medical Informatics Engineering had wound up with his wife’s personal information caught up in their breach.
It’s a long – but important – read, as it highlights routine business practices that may come back to bite consumers who have no interest in – or knowledge that – their employer may have shared their identity information with prospective health insurers.
You can read his article here.
Should your employer be able to share your identity information with prospective health insurers without your knowledge or consent? Should the prospective insurers be able to retain that information forever – again without your knowledge or consent?
If you answer “no” to either of the above questions, then what law prohibits this from occurring? Should this be considered an “unfair” business practice under the FTC Act?
There’s lots to think about from George’s article. I encourage you all to read it.

Content and semantics will make this difficult and error prone. Can you tell if I'm pointing out the error of someone's rant or ranting myself?
Facebook will work with Germany to combat anti-refugee hate speech
Facebook this week said it will work with the German government to crack down on hate speech and xenophobia online, following calls from the country's justice minister to do more to combat hateful speech about refugees. As The Wall Street Journal reports, Facebook will work with Germany's ministry of justice, internet service providers, and other social networks to form a task force aimed at flagging and removing hateful content more quickly. Facebook also pledged to help finance organizations that track online hate speech, though the company did not say it would change its policy on what types of content are considered offensive.

(Related) Political correctness carried to the ridiculous?
On August 28, 2015 the British Library publicly stated that it would not acquire or give access to the digital archive of materials collected by the Taliban Sources Project (TSP). This decision, coming from “one of the world’s greatest research libraries” and “a place of knowledge and inspiration, encouragement and engagement” has been criticized by academics/researchers as madness” and “completely, completely ridiculous.” But, from a legal perspective, the British Library’s self-censorship is a predictable consequence of the UK’s broad terrorism laws and so if that self-censorship is to be criticized then it is important not to lose sight of the root cause of such decisions — the underlying law. It is only then that progress is likely: the effectiveness of the law can be practically assessed, its content re-appraised and, who knows, lessons may even be learned and applied to future counter-terrorism proposals engaging academic freedom.

Is “Free” also “Secure?” What constitutes a “third party” in a client/attorney conversation?
2015 Legal Technology Survey Report – Online Research
by Sabrina I. Pacifici on Sep 14, 2015
Via Bob Ambrogi [he refers to a fee based set of reports from ABA]: In referencing the 2015 Legal Technology Survey Report, Vol. V: Online Research – Ambrogi highlights that younger lawyers who replied to the survey indicated they choose to use free sources for legal research over fee based services more often than older counterparts.

How fast will this spread? I bet takedowns will continue to be a problem.
Overnight Tech: Copyright ruling could spill over to campaign trail
The Ninth Circuit Court of Appeals ruled that copyright holders — such as movie and music publishers — must consider fair use before demanding companies such as YouTube remove potentially infringing content. The court allowed Stephanie Lenz’s lawsuit against Universal to go forward after the company improperly demanded her video, in which her child dances to a Prince song, be taken offline because of infringement concerns.
“Today’s ruling in the Lenz case comes at a critical time,” according to the Electronic Frontier Foundation, which argued the case. “Heated political campaigns — like the current presidential primaries—have historically led to a rash of copyright takedown abuse. Criticism of politicians often includes short clips of campaign appearances in order to make arguments to viewers, and broadcast networks, candidates, and other copyright holders have sometimes misused copyright law in order to remove the criticism from the Internet.”

Interesting. Something for my Enterprise Data Management students to consider.
GE To Take On IBM In The Race For IOT Dominance
General Electric announced yesterday the creation of a new unit with the aim to become the leader in the Industrial Internet of Things race. GE Digital will integrate GE’s Software Center, the expertise of GE’s global IT and commercial software teams, and the industrial security strength of Wurldtech. This new business model will be led by Bill Ruh, formerly GE’s Vice President and Global Technology Director and now newly appointed as Chief Digital Officer.
… This is a direct aim at the announcement from IBM, also timed yesterday, with the creation of two new business units that will apply Big Blue’s portfolio in Big Data, analytics and cognitive computing (aka Watson) to the Internet of Things (IOT) and Educations markets, respectively.
… In a typical industrial example, an electric turbine generates power but also 500Gb of data a day. That data is extremely useful if used in the right way but the machine itself is not considered ‘smart’. Now imagine how that turbine that can communicate in advance when it could potentially have a critical failure. In industrial situations a machine can advise other systems when it’s likely to fail due to being monitored against performance and tolerance levels. GE’s platforms such as Predix caters for these types of scenarios. The process can schedule maintenance in advance before the event occurs through the data it’s receiving, but not only this it can tell other turbines to take a spread of the load during the maintenance and then switch back again once the repairs are completed. To the outside world nothing has happened because it was all seamless and taken care of by the platform.

(Related) Doh!
Richard Chirgwin reports:
The FBI has decided that your Things are too risky to be allowed anywhere on the Internet.
Curiously, given that the Internet of Things is backed by some of the largest tech vendors in the world, the Bureau has also decided that responsibility for security – and for understanding the capability of hardware and software – should rest with the technological equivalent of Homer Simpson. [I've got to start using that phrase! Bob]
The FBI’s public service announcement, published on September 10 here, puts nearly all of the consumer protection responsibility on consumers.
Read more on The Register.

An IT Governance victory? Only out for one hour! Someone has their act together!
Twitter for Web is down: ‘Something is technically wrong’ (Update: It’s back)
… Twitter’s last minor outage was in August when it went down for 40 minutes. Unlike last month’s blip, today’s outage appears to affect all users.
Twitter Support says the website went down from 11:22 a.m. to 12:16 p.m. PST, but the issue has since been resolved.
… We’ve reached out to Twitter for more information. We’ll be live-tweeting updates. [Cute Bob] Check back here for updates.

(Related) Also an IT Governance and Data Management issue.
NY regulator reaches agreement with four banks on Symphony messaging
New York State's Department of Financial Services said it has reached an agreement with Goldman Sachs, Deutsche Bank, Credit Suisse and Bank of New York Mellon on record-keeping for the Symphony messaging system.
The banks, part of a consortium of 14 financial institutions that have set up the Symphony service, have agreed to retain a copy of their chat messages for seven years.
They will also store duplicate copies of the decryption keys for their messages with independent custodians.
… Under New York law, banks are obligated to retain records of their operations.
Many on Wall Street view Symphony Communications LLC as a rival to message systems provided by Bloomberg LP [and Thomson Reuters Corp, whose clients include bankers, traders and investors.
Symphony's technology, which was originally developed by Goldman Sachs, will become available to all potential customers from Tuesday.
The regulator had earlier expressed concerns over some of Symphony's features, such as its promise of "guaranteed data deletion" that could hinder regulatory investigations.

Russia acts like a Capitalist when they choose to.
Google Found Guilty of ‘Abusing Dominant Market Position’ in Russia
MOSCOW— Google Inc. has been found guilty in a rapid Russian antitrust probe, a spokesperson for the country’s antitrust regulator told The Wall Street Journal.
In February, Russia’s Federal Antimonopoly Service opened a probe into Google for alleged anticompetitive practices related to how the company bundles apps with its Android mobile operating system.
The company was found guilty of “abusing its dominant market position,” but not of “unfair competition practices,” the regulator told The Wall Street Journal.

To be expected.
Chicago’s ‘Netflix’ tax challenged in court
As was to be expected, the 9 percent “amusement tax” being levied on all kinds of streaming services and gaming platforms in Chicago has provoked a lawsuit. The complaint was filed last week by a legal non-profit on behalf of six Chicago residents, each of whom is a subscriber to one or more of such services: Amazon Prime, Hulu, Netflix, Spotify, Xbox Live, and what have you.
The amusement tax itself is not the problem, though. At issue here is the imposition of the said tax on streaming music, streaming video, and online gaming platforms, all of which were not on the city’s list of taxable “amusements” until June 9, 2015. That’s when Chicago’s Comptroller Dan Widawsky ruled that the charges paid for accessing the above services within its limits would attract a 9-percent amusement tax from September 1, 2015.

Perspective. Is this because of a serious flaw in the Taxi business model? It seems to me they could match this kind of service easily.
Indian Cab-Hailing Firm Ola Is Raising Over $500M At A Valuation Of Around $5B

Another Thing on the Internet of Things and a lot of hackable data?
Unmanned Aircraft Systems (UAS): Commercial Outlook for a New Industry
by Sabrina I. Pacifici on Sep 14, 2015
CRS – Unmanned Aircraft Systems (UAS): Commercial Outlook for a New Industry. Bill Canis, Specialist in Industrial Organization and Business, September 9, 2015.
“Unmanned aircraft systems (UAS) — commonly referred to as drones — have become a staple of U.S. military reconnaissance and weapons delivery in overseas war zones such as Afghanistan. … However, the Federal Aviation Administration (FAA) currently prohibits the use of UAS for commercial purposes, except where it has granted an exemption permitting specific activities. FAA has granted such exemptions since May 2014, primarily to firms wishing to use UAS for agricultural, real estate, film and broadcasting, oil and gas, and construction activities. As of September 2, 2015, it had granted more than 1,400 such exemptions. … Around 89 companies in the United States now produce UAS, which can range from hobbyist planes that fly on a single charge for about 10 minutes and cost under $200 to commercial-level craft that can stay aloft much longer but can cost as much as $10,000. Manufacture of the aircraft, known as unmanned aerial vehicles ( UAVs), is relatively simple. The aircraft’s basic elements include a frame, propellers, a small motor and battery, electronic sensors, Global Positioning System (GPS),and a camera. Some UAVs are operated by controllers, but others can be guided by the operator’ s smart phone or tablet. The widespread availability of electronic sensors, GPS devices, wifi receivers, and smartphones has reduced their cost, enabling manufacturers to enter the market without worrying about the supply of components. It has been estimated that, over the next 10 years, worldwide production of UAS for all types of applications could rise from $4 billion annually to $14 billion. However, the lack of a regulatory framework, which has delayed commercial deployment, may slow development of a domestic UAS manufacturing industry..”

Apple is on pace to sell 10M+ iPhones on opening weekend, beating last year’s record

You can't tell the players without a scorecard! resources on voting, political candidates and parties
by Sabrina I. Pacifici on Sep 14, 2015
“With the 2016 Presidential Election a little over a year away, do you know how to research presidential candidates and their political parties? On The Issues [Every Political Leader on Every Issue] has a complete list of all the current presidential candidates and includes their views on issues important to constituents across the United States. For more information visit our Researching Candidates page on” Links and sources are public, non-partisan, current, and useful for educators, citizens and researchers.

Remember students, 1% to your favorite professor.
15 Great Online Business Ideas

This may explain my sleepy students.
The Habits of Super Successful Sleepers (Infographic)

I should print this for my Spreadsheet students.
Quick Excel Tips Every Office Worker Needs to Know