Saturday, September 26, 2015

You are safe to book the hotel, just don't spend any money once you get there.
Hackers reportedly stole credit card data from numerous Hilton hotel properties
According to online security analyst, Brian Krebs, hackers have "compromised" numerous point-of-sale registers in restaurants, coffee shops, and gift shops at Hilton hotel properties across the country in order to steal credit card information.
In August, Visa alerted numerous financial institutions of a breach. Five different banks determined the commonality between the cards included in that alert was that they were used at Hilton properties — including Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts, Krebs reports.
Hilton says it is investigating the claims.
… Krebs notes that the guest reservation systems at the affected properties do not appear to be impacted by the alleged breach, and says it remains unclear how the compromise will affect Hilton. He also says the incident may be ongoing.

Of course they did. That does not mean that every Internet user is a suspected terrorist or that any of the details captured will ever be looked at. But, it is better to have the data and not need it than to need the data and not have it. (And what makes you think the NSA and GCHQ are the only ones?)
GCHQ tried to track Web visits of “every visible user on Internet”
If you used the World Wide Web anytime after 2007, the United Kingdom's Government Communications Headquarters (GCHQ) has probably spied on you. That's the revelation contained in documents published today by The Intercept, which detail a GCHQ operation called "Karma Police"—a program that tracked Web browsing habits of people around the globe in what the agency itself billed as the "world's biggest" Internet data-mining operation, intended to eventually track "every visible user on the Internet."

This must be limited to “official government agencies” because no one has contacted me yet. No doubt they will continue to subscribe to similar (non-government) services.
The U.S. and China agree not to conduct economic espionage in cyberspace

For my Computer Security students.
Troy’s ultimate list of security links

What if my password was “I'd like to call my lawyer now?”
Forcing suspects to reveal phone passwords is unconstitutional, court says
The Fifth Amendment right against compelled self-incrimination would be breached if two insider trading suspects were forced to turn over the passcodes of their locked mobile phones to the Securities and Exchange Commission, a federal judge ruled Wednesday.
"We find, as the SEC is not seeking business records but Defendants' personal thought processes, Defendants may properly invoke their Fifth Amendment right," US District Judge Mark Kearney of Pennsylvania wrote.

What if the image was from their sex education textbook? Oh. Wait. They don't teach sex education in New Jersey so kids have to teach themselves.
Don E. Woods reports:
Authorities charged two 11 year olds for their possession of an illegal nude photo of another juvenile, police said.
Police learned Tuesday that the two were in possession of and forwarded a nude photo of the other juvenile.
Would someone PLEASE stop the madness of criminalizing what is often normal child or pre-adolescent behavior?

Worth reading and thinking about.
Lucy Schouten reports:
Technology has made wearing a camera nearly as easy as putting on a pair of shoes, but the constant surveillance made infamous by George Orwell’s “1984” raises its own set of questions.
Body cameras offer an impression of safety in what can otherwise feel like an insecure world. One man from Florida said he started wearing a GoPro camera on his belt to get evidence his wife was abusing him, WSTP News reports. Michael Novak said he hopes video can help him in a custody battle, since courts generally believe women – and not men – are the victims of domestic violence.
Read more on CS Monitor.

What price “free Internet?”
Critics Still Doubt Facebook’s Free Internet Despite Changes
Mark Zuckerberg has his eye on the rest of the world.
This week, Facebook and its conspicuous founder rebooted the free app that provides (some) online access from mobile phones in 19 countries across the globe, dropping its old moniker in the face of various complaints and rebranding it as “Free Basics by Facebook.” On Saturday, at the United Nations in New York, Zuckerberg will give two speeches on the importance of online communications in the developing world. And on Sunday, back at Facebook headquarters in Northern California, he’ll host a town-hall-style Q&A with Indian Prime Minister Narendra Modi. No doubt, the Internet will be the main topic of conversation.

Perspective. Continuing the search for the perfect music delivery service.
Deezer's IPO Filing Shows Both Potential and Problems
The financial information in Deezer's filing for a public stock offering provides rare transparency into a standalone music subscription service's challenges and weaknesses. While the public has limited information about Spotify's financial performance and detailed information about its licensing contract, it hasn't had this kind of insight since Napster's last quarterly earnings release back in late 2008 — and that was a different era for subscription services.
Deezer, an on-demand subscription service available in about 180 countries, has filed for an initial public stock offering on the Paris stock exchange.

If I'm going to make my students write Apps (and I am) I should give them some examples they can steal learn from.
5 Safe and Clean Places to Download Free Apps

Stuff to share with my students and with other teachers.
Best of the Web - Autumn 2015
This morning at the 21st Century Technology and Learning Symposium in Ponoka, Alberta I gave the latest version of my popular Best of the Web presentation. The presentation included some old favorites mixed with some new favorites. Some of the old favorites in the slides continue to update which is why they continue to be in this slide deck. The slides are embedded below.

What a silly profession.
Hack Education Weekly News
… the Department of Education has released a (competency-based-education) CBE Experiment Reference Guide.
… Florida has closed its investigation into the DDOS attack that shut down its online testing system earlier this year. It found no motive and no leads. More via Education Week.
… "Introduction to Computing and Programming" is now the most popular course in Yale College. The materials and lectures mostly come from Harvard’s class of the same name, just with a Yale TA.
Via The Guardian: “School questioned Muslim pupil about Isis after discussion on eco-activism.”
Elsewhere in the UK: “Student accused of being a terrorist for reading book on terrorism.”
The Chronicle of Higher Education looks at a new feature on that lets researchers post papers “in progress” and solicit feedback from others.
A study to be published in CBE - Life Science Education has found that the flipped classroom (that is, videotaped lectures as homework and more hands-on activities in class) is beneficial for women and students with low grades.

Friday, September 25, 2015

Oh the horror! Yes, it really is a big deal. (and it is kinds funny)
Temporary Facebook Panic Causes Twitter To Erupt In Chaos: Here Are The Most Hilarious Reactions
When millions of users in some parts of the world lost access to Thursday, Sept. 24, users had to turn to other networks, particularly to Twitter, to vent. As expected, the Facebook outage ignited humorous jabs from Twitter users.
Instead of being greeted with the Facebook homepage, some users received an error message starting at approximately 12:30 p.m. Eastern Time.
… The outage affected Facebook users in Europe, North America, Australia and India, based on the Facebook outage map on
… During the most recent outage, tweets with the hashtag #FacebookDown swelled over Twitter.
Patriots being investigated for recent Facebook crash
I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror...

For my Computer Security and Ethical Hacking students.
Cookies can render secure websites vulnerable in all modern browsers
CERT have issued a new directive notifying that cookies can be used to allow remote attackers to bypass a secure protocol (HTTPS) and reveal private session information – and that modern browsers, including Apple’s Safari, Mozilla’s Firefox and Google’s Chrome, currently provide no protection against the attack vector. Research indicates that secure sites as important as Google and the Bank of America are vulnerable to the technique.
A ‘cookie injection attack’, as described by Xiaofeng Zheng in Cookies Lack Integrity: Real-World Implications [PDF], can be mounted by man-in-the-middle attackers who set cookies throughout their invasive session. Cookies set in this way can facilitate the disclosure of any private data being transmitted in the session.

Missed opportunity. We could have done this.
IoT Security Foundation Launches
The Internet of Things Security Foundation (IoTSF), a collaborative initiative aimed at addressing concerns regarding the security of IoT, launched publicly in London this week.
IoTSF’s creation is the result of an eight month investigative and consultative process, the foundation said, explaining that Its initial focus will be on “promoting excellence in IoT security”, in order to make devices safe to connect. The organization will also make a self-certification for product developers available.
The organization also announced plans for its inaugural conference, scheduled to take place on Dec. 1 at the recently refurbished Savoy Place in London.
The IoT market is still in its infancy and, as it grows, it opens all companies around the world to new security risks, as Agiliance’s Torsten George explains in a recent SecurityWeen column. According to an HP study, 70% of IoT devices are vulnerable to digital attacks.
Learn About IoT Security at the 2015 ICS Cyber Security Conference

It's not what you think. It's scarier.
BIOSURVEILLANCE: Challenges and Options for the National Biosurveillance Integration Center

Has some privacy issues but also might improve the mental health of some of my students.
Take Part In Medical Studies With Your iPhone & ResearchKit

Your tax dollars not quite at work.
Zombie Blimp Project Cost $2.7 Billion
It’s likely that not too many Americans have ever heard of JLENS – short for Joint Land Attack Cruise Missile Defense Elevated Netted Sensor System. It’s the government’s giant radar-equipped blimp defense system that cost taxpayers approximately $2.7 billion over the past 17 years, according to a report Thursday in the Los Angeles Times.
The blimps are to serve as an early warning system if the United States were ever attacked by cruise missiles or weaponized drones. However, even with the high price tag, the system has failed to get off the ground (pun intended) and has now become what defense analysts label a ‘zombie’ project, i.e, one that is “costly, ineffectual and seemingly impossible to kill,” according to the LA Times.

Philosophizing for fun and profit?
Stanford Encyclopedia of Philosophy
by Sabrina I. Pacifici on Sep 24, 2015
Via Quartz – This free online encyclopedia has achieved what Wikipedia can only dream of – “The Stanford Encyclopedia of Philosophy may be the most interesting website on the internet. Not because of the content—which includes fascinating entries on everything from ambiguity to zombies—but because of the site itself Its creators have solved one of the internet’s fundamental problems: How to provide authoritative, rigorously accurate knowledge, at no cost to readers. It’s something the encyclopedia, or SEP, has managed to do for two decades. The internet is an information landfill. Somewhere in it—buried under piles of opinion, speculation, and misinformation—is virtually all of human knowledge. The story of the SEP shows that it is possible to create a less trashy internet. But sorting through the trash is difficult work. Even when you have something you think is valuable, it often turns out to be a cheap knock-off. The story of how the SEP is run, and how it came to be, shows that it is possible to create a less trashy internet—or at least a less trashy corner of it. A place where actual knowledge is sorted into a neat, separate pile instead of being thrown into the landfill. Where the world can go to learn everything that we know to be true. Something that would make humans a lot smarter than the internet we have today…”

Of course it does! I don't talk like those twits!
Twitter Language Use Reflects Psychological Differences between Political Parties
by Sabrina I. Pacifici on Sep 24, 2015
PLOS One: “Previous research has shown that political leanings correlate with various psychological factors. While surveys and experiments provide a rich source of information for political psychology, data from social networks can offer more naturalistic and robust material for analysis. This research investigates psychological differences between individuals of different political orientations on a social networking platform, Twitter. Based on previous findings, we hypothesized that the language used by liberals emphasizes their perception of uniqueness, contains more swear words, more anxiety-related words and more feeling-related words than conservatives’ language. Conversely, we predicted that the language of conservatives emphasizes group membership and contains more references to achievement and religion than liberals’ language. We analysed Twitter timelines of 5,373 followers of three Twitter accounts of the American Democratic and 5,386 followers of three accounts of the Republican parties’ Congressional Organizations. The results support most of the predictions and previous findings, confirming that Twitter behaviour offers valid insights to offline behaviour.

Just saying... (Watch the TED talk from the CU Medical Center)
Hate Handwriting? Me Too. Here’s Why We Should Teach It Anyway.
… 41 out of 50 states don’t require handwriting to be taught in schools as of 2014. Maybe you think this is no big deal, after all, why handwrite when we can type?

(Related) Or, if that's too much work...
How To Turn Your Handwriting Into A Font

Strange that the Great American Beer Festival website is down this morning. I wonder why?

Thursday, September 24, 2015

You allocate time and treasure based on your strategic vision. “It is better to look good than to feel good.” Billy Crystal
Apple iOS privacy bugs again -- lockscreen unsafe in 9.0.1 update
… José Rodriguez reported lockscreen failings in iOS versions 5.1–5.1.1, 6.0–6.1.3, 7.0–7.0.1, 8.0–8.3, 9.0 and now he says the bug is still in 9.0.1.

The never-ending story... OPM “discovers” things they should have known about immediately.
Andrea Peterson reports:
One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people’s fingerprints were stolen as part of the hacks.
That’s more than five times the 1.1 million figure the agency had cited in earlier updates after the cyberattacks were disclosed over the summer. However, the agency said the total number of those believed to be caught up in the breaches remains the same.
Read more on Washington Post. And then do read Emptywheel’s commentary on what OPM’s revelations really demonstrate.

Strange. They should be better than this.
Josh Chin reports:
The email attachment would tempt anyone following the diplomatic standoff between China and other countries in the South China Sea. The Microsoft Word document contained text and photos depicting Thai naval personnel capturing Vietnamese fishermen and forcing them to kneel at gunpoint.
But the attachment was a decoy: Anyone who opened it inadvertently downloaded software that searched their computers for sensitive information and sent it to an obscure corner of the Internet. Manning that corner, according to a new report from U.S. security researchers, was Ge Xing, a member of a Chinese military reconnaissance unit.
Read more on WSJ.

Apparently the obvious isn't obvious in Washington. All those antennas on Embassy roofs are not just for TV.
ACLU – Capitol Hill staffers should be able to make encrypted calls, send secure text messages
by Sabrina I. Pacifici on Sep 23, 2015
“Today, the ACLU sent a letter to both the House and Senate, urging them to provide secure voice and text messaging capabilities to Members and their staff. (The Washington Post writes about our letter today. In recent years, computer security researchers have warned about the poor security of cellular networks, which in many cases use broken encryption technology that is several decades old. As a result, it is often trivially easy for third parties—which can include foreign intelligence services, criminals and stalkers—to intercept calls and text messages Although the calling and texting services provided by wireless carriers are not secure, there are a number of widely available secure communications apps that individuals and organizations can use to protect themselves. These include tools like Apple’s iMessage and Facetime, Facebook’s WhatsApp, and Open Whisper Systems’ Signal. In the letter we sent today, to the House and Senate Sergeants at Arms—who are also responsible for Congress’ digital security—we encourage the Sergeants to provide smartphones and secure communications apps, such as Signal or FaceTime, to members and their staff. As we note in the letter:
“While the civil liberties implications of vulnerable government information technology may not be readily apparent, they are nonetheless, and increasingly, significant….secure communications facilities preserve effective checks and balances in constitutional government, and insecure facilities threaten them. Those checks and balances serve as safeguards of individual liberties and civil rights. They also protect the civil liberties and privacy of the thousands of Congressional and government employees, who are themselves attractive targets of both foreign adversaries and, indeed, insider threats. Ensuring the security of Congressional communications against all interception—whether by foreign governments, criminals, or even other branches of the U.S. government or rogue Congressional staffers — would promote both basic liberty interests and national security.”

Perspective. For my Computer Security students.
The price of your identity in the Dark Web? No more than a dollar
… In Trend Micro's new report, dubbed "Understanding Data Breaches," the security firm explores who is most often targeted in data breaches, how they take place, and what happens to data once it leaves corporate networks.
Using the Privacy Rights Clearinghouse (PRC)'s Data Breaches database, Trend Micro found that hacking or malware was behind only 25 percent of data breach incidents from 2005 to April this year. Insiders are also a common reason for data loss, as well as the use of physical skimming devices and the loss or theft of devices including laptops, flash drives and physical files were also found to be the root cause of damaging data breaches.
However, not all data breaches are caused maliciously. Unintended disclosure, through mistakes or negligence, is also a reported reason for information to end up in the wrong hands.

The price of getting it wrong?
Babak Siavoshy writes:
One of the more interesting cases slated for review by the Supreme Court next term is Spokeo v. Robins (here’s a WSJ blog post with an outline of some of the issues). First things first: several regular and guest contributors to this blog have written a ‘friend of the court’ brief in the case. You can find that brief here; scotusblog has the dozens of other briefs supporting one side or the other.
While I’m planning to write more about the case’s substantive legal issues (which concern Article III standing), this post will be dedicated to the small bit of silliness outlined in the title. Namely, what will the justices’ reactions be when they look themselves up on Spokeo’s service, and find results that may strike them as a bit… revealing?
Read more on Concurring Opinions.

Because deflated footballs aren't enough?
Feds approve NFL drone flights

This is not what I mean when I teach my students to manage their social media accounts.
VW scrubs diesel references from social media, YouTube
Volkswagen appears to have scrubbed many references to clean diesel from its webpage and social media accounts amid a growing scandal over its attempts to trick regulators’ air pollution tests.
… While the Justice Department has reportedly launched a criminal investigation, at least one Democratic lawmaker is called for the Federal Trade Commission (FTC) take action against its allegedly deceptive advertising — which appears to have been scrubbed from the web.

A new technology for 'digital evidence?'
New on LLRX – Vermont’s Legislature is Considering Support for Blockchain Technology and Smart Contracts
by Sabrina I. Pacifici on Sep 23, 2015
Via LLRX.comVermont’s Legislature is Considering Support for Blockchain Technology and Smart Contracts: Bitcoin is a significant disruptive technology with a growing impact on the financial sector and legal sectors, around the world. Alan Rothman expertly educates us on new legislation from Vermont that is intended to move the state towards using blockchain technology for “records, smart contracts and other applications.” One of the key distinctions Rothman highlights is that Vermont is not in any manner approving or adopting Bitcoin, but rather, the state is diversifying and adapting the underlying blockchain technology that supports it.
[From the article:
“Blockchain technology shall be a recognized practice for the verification of a fact or record, and those facts or records established through a valid blockchain technology process shall have a presumption of validity for matters to be determined subject to, or in accordance with, the laws of the State of Vermont.“

New on LLRX – Wearable tech data as evidence in the courtroom
by Sabrina I. Pacifici on Sep 23, 2015
Via LLRX.comWearable tech data as evidence in the courtroom Nicole Black discusses how data downloaded from wearable technology has entered into the discovery phase of personal injury cases. A wealth of data can be collected about the direct activities of individuals who are using wearable devices while exercising, as well as conducting routine and regular activities such as walking. The implications of this concept may have considerable implications on par with those pertaining to the use of social media.

For my geeky students.
A first look at the Chinese operating system the government wants to replace Windows
… NeoKylin has long been part of the Chinese government’s hopes that a successful domestic OS would emerge. This has been driven by Microsoft dropping support for Windows XP—still widely used in China—and the government’s push to limit dependence on foreign technology, primarily for security reasons.
Now NeoKylin is starting to be considered a legitimate option even for users outside the government. Workers in the entire city of Siping switched to it. Over 40% of commercial PCs sold by Dell in China are running NeoKylin, the company says.

For my Ethical Hacking students. That is NOT me in the photograph of General Grant.
How to Change a Picture’s Date in Google Photos

Perspective. Where all browsers are heading.
Firefox 41 integrates WebRTC messaging app as it fights for relevance
Firefox 41, released yesterday, has a new feature: integrated instant messaging, with voice and video, called Firefox Hello.
… This enables Web-based voice and video messaging between Firefox, Chrome, and Opera. Microsoft is working on a related spec, Object RTC, which is available in the most recent preview of the Edge browser

The Plot Twist: E-Book Sales Slip, and Print Is Far From Dead
… Higher e-book prices may also be driving readers back to paper.
As publishers renegotiated new terms with Amazon in the past year and demanded the ability to set their own e-book prices, many have started charging more. With little difference in price between a $13 e-book and a paperback, some consumers may be opting for the print version.
On Amazon, the paperback editions of some popular titles, like “The Goldfinch” by Donna Tartt, are several dollars cheaper than their digital counterparts. Paperback sales rose by 8.4 percent in the first five months of this year, the Association of American Publishers reported.

A challenge to my students. Write a replacement.
Copyright on 'Happy Birthday' Song Ruled Invalid
… "Happy Birthday to You," the most popular tune in the English language, is copyrighted. So, using the tune means paying licensing fees.
At least, that used to be the case. On Tuesday, a federal court judge in Los Angeles ruled that copyright on "Happy Birthday to You" is in fact invalid. If the ruling stands, the song will enter the public domain, free for all to use.
That's a blow to Warner/Chappell Music and its parent company, the Warner Music Group, which has held the tune's copyright since 1988 and collects around $2 million in annual licensing fees, according to The New York Times.
… The "Happy Birthday" tune -- which was co-written by Kentucky sisters Patty and Mildred Hill and originally titled "Good Morning to All" -- was first published in 1893 by Clayton Summy, a company later purchased by Warner/Chappell.
The copyright case was filed in 2013 by the independent filmmaker Jennifer Nelson. In July Nelson produced powerful new evidence in the form of a songbook published in 1927 -- eight years before Warner/Chappell's copyrighted version appeared -- that contains the song's lyrics.
Considering that Summy never acquired the rights to the tune's lyrics, the judge ruled, the copyright is invalid.

I admit I like to tease my students with cool Apps. Perhaps I can inspire them to write their own Apps. (A couple I found interesting.)
The 20 most fascinating iOS apps from TechCrunch Disrupt
The best new app for bibliophiles, Shelfie (free) is like Shazam for your book collection. Simply take a photo of books on your shelf (a shelf selfie, or “shelfie” if you will) to create a digital library that you can share with fellow book-lovers. The makers of Shelfie have also struck deals with several publishers, including Harper Collins, to let you read an ebook version of a print book you already own for free or with a discount.
Built to empower citizen journalism, Witness is a different type of livestreaming app. You can use it to record video whenever you feel you are in danger or want to document criminal activity, all while being able to call 911 and communicate with police. The footage then gets sent anonymously to Witness’ secure servers, where it can be retrieved as legal evidence shall you have to appear in court. Sign up on their website to get early access to the iOS app.

For all my students.
… The app lets you browse Khan Academy's huge collection of educational videos and explanations on various topics ranging from math to science, history, economics, art, and more. Find something you want to study later on, while you're in the subway for example? You can bookmark it to be saved and available offline to you. And everything you do is synced between the app and the website. However, the app doesn't have the website's cool exercises that help you better understand each subject matter. I guess they gotta leave something for future versions.
The app is available for free on the Play Store or you can grab it on APK Mirror. The Google+ community is still live if you want to stay on top of the latest beta improvements to the app before they make it to the public release.

For my Website students.
U.S. Web Design Standards
by Sabrina I. Pacifici on Sep 23, 2015
Open source UI components and visual style guide to create consistency and beautiful user experiences across U.S. federal government websites: “Tools for creating beautiful online experiences for the American people Built and maintained by a team of U.S. Digital Service and 18F designers and developers, this resource is built on the highest standards of 508 compliance, reuses best practices of existing style libraries and modern web design to guide us in creating beautiful and easy-to-use online experiences for the American people.”

Statistically speaking...
Yogi Berra Was One Of A Kind

(Related) Some more Yogi Berra quotes.
… You wouldn't have won if we'd beaten you.
… If the world was perfect, it wouldn't be.
You don’t have to swing hard to hit a home run. If you got the timing, it’ll go.

Wednesday, September 23, 2015

Will the FTC add a fine of their own?
Sarah N. Lynch reports:
A St. Louis-based investment advisory firm will pay $75,000 to settle civil charges alleging it failed “entirely” to protect its clients from a July 2013 cyber attack that was later traced to China, U.S. regulators said on Tuesday.
The Securities and Exchange Commission said R.T. Jones Capital Equities Management did not even encrypt its customers’ data or install a firewall on its servers, and the hack compromised the personal details of about 100,000 people.
Read more on Reuters.
Previous coverage of their breach here. Note that at the time, we had no idea of how extensive the breach was in terms of numbers. This appears to be the first time we’re learning that 100,000 (and not hundreds) of people were affected.

Actions short of war... Inevitable. There's gold in them thar bits & bytes.
What Goes Around Comes Around: Russia Gets Hacked
… For more than two months, hacker attacks originating in China have bedeviled Russia's military and telecom sectors, researchers at Proofpoint revealed last week.
"We also observed attacks on Russian-speaking financial analysts working at global financial firms and covering telecom corporations in Russia, likely a result of collateral damage caused by the attackers' targeting tactics," wrote Thoufique Haq and Aleksy F, authors of the report.
The attacks began with carefully crafted emails designed to lure recipients into following a URL to a compressed archive file containing malicious software, or to open an infected Microsoft Word attachment, the researchers explained.
Once infected, a machine downloads a Remote Access Trojan, or RAT, called "PlugX."

(Related) Just because they're a Chinese company... (and because it's so easy!)
Michael Horowitz uncovered some tracking or monitoring software in ThinkPad that customers will want to know about. Using TaskScheduleViewer in Windows 7 Professional, Horowitz found a task called “Lenovo Customer Feedback Program 64”.
It was running daily. According to the description in the task scheduler: “This task uploads Customer Feedback Program data to Lenovo”.
I have setup my fair share of new Lenovo machines and can’t recall ever being asked about a Customer Feedback program.
The program that runs daily is Lenovo.TVT.CustomerFeedback.Agent.exe and it resides in folder C:\Program.Files.(x86)\Lenovo\Customer.Feedback.Program.
Other files in this folder are Lenovo.TVT.CustomerFeedback.Agent.exe.config, Lenovo.TVT.CustomerFeedback.InnovApps.dll and Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst.dll.
According to Wikipedia, Omniture is an online marketing and web analytics firm, and SiteCatalyst (since renamed) is their software as a service application for client-side web analytics.
So, while there may not be extra ads on ThinkPads, there is some monitoring and tracking.
Read more on Computerworld.

(Almost) Too common to note.
The Canadian Press reports:
The B.C. government says a hard drive containing personal information and student records of 3.4 million residents in British Columbia and Yukon has been lost.
Technology Minister Amrik Virk says the unencrypted data from 1986 to 2009 also includes information about children in care, teacher retirement and graduation dates for cancer survivors.
The minister says the hard drive also contains decades worth of names, grades, postal codes and personal education numbers.
Read more on Globe and Mail.
Were these data unencrypted, as I fear? (Answer: YES). What physical security did the government have for this drive?
For a more detailed listing of the 437 GB of contents of this drive containing 8,766 folders with 138,830 files, see this release from the government.

Your tax dollars at work. This should be a consideration when budgeting your Computer Security.
Feds Award $500M Credit-Monitoring Contract Following OPM Breach

Not really exploding, but “self-destructing.” What great fun for my Ethical Hacking students.
Exploding Chip Could Thwart Cyberthieves
Researchers at Xerox PARC have developed a self-destructing mechanism for microchips embedded on a hardened glass surface.
The glass can self-destruct upon command and could be used to secure personal data such as health and banking records. It also can be used to destroy encryption keys stored on memory chips in standard consumer, enterprise and government electronic devices.
The research is part of the Defense Advanced Research Projects Agency's Vanishing Programmable Resources project.

I still don't have (need?) a smartphone.
In North Carolina, where the State Court of Appeals relied on Third Party Doctrine, the answer is no.
The Free Press reports:
Should you be suspected of a crime, the state Court of Appeals – in an opinion released Tuesday – ruled law enforcement can discover where you are through your mobile phone location without needing to obtain a search warrant.
Indeed, according to the court, obtaining such information isn’t construed as a search.
Read more on Government Technology.

An unintended consequence or a consequence of secrecy? This could have firms scrambling. (But doesn't every country do this?)
EU-US data flows using “Safe Harbour” may be illegal because of NSA spying
The "Safe Harbour" framework—which is supposed to ensure data transfers from the EU to the US are legal under European data privacy laws—does not satisfy the EU's Data Protection Directive as a result of the "mass, indiscriminate surveillance" carried out by the NSA. That's the opinion of the Court of Justice of the European Union (CJEU) Advocate General Yves Bot, whose views are generally followed by the CJEU when it hands down its final rulings.
The case was sent to the CJEU by the High Court of Ireland, after the Irish data protection authority rejected a complaint from Maximillian Schrems, an Austrian citizen. He had argued that in light of Snowden's revelations about the NSA, the data he provided to Facebook that was transferred from the company's Irish subsidiary to the US under the Safe Harbour scheme was not, in fact, adequately protected. The Advocate General Bot agreed with Schrems that the EU-US Safe Harbour system did not meet the requirements of the Data Protection Directive, because of NSA access to EU personal data.
According to the CJEU statement (PDF link), "the access enjoyed by the United States intelligence services to the transferred data constitutes an interference with the right to respect for private life and the right to protection of personal data, which are guaranteed by the [Charter of Fundamental Rights of the EU]." Another issue, according to the Advocate General, was "the inability of citizens of the EU to be heard on the question of the surveillance and interception of their data in the United States," which therefore amounts to "an interference with the right of EU citizens to an effective remedy, protected by the Charter."

The downside of failure to understand technology. “Deleted” does not mean “unrecoverable.”
FBI Said to Recover Personal E-Mails From Hillary Clinton Server
The FBI has recovered personal and work-related e-mails from the private computer server used by Hillary Clinton during her time as secretary of state, according to a person familiar with the investigation.
The Federal Bureau of Investigation’s success at salvaging personal e-mails that Clinton said had been deleted raises the possibility that the Democratic presidential candidate’s correspondence eventually could become public. The disclosure of such e-mails would likely fan the controversy over Clinton’s use of a private e-mail system for official business. [You think? Bob]

Perspective. The “face” of the news?
Facebook Ramps Up Its Instant Articles, and the Washington Post Is All In
Last spring Facebook started hosting stories from the New York Times, BuzzFeed and other publishers directly on its iPhone app — a move that generated much chatter and hand-wringing about the Future of Media.
… The Post has also published its full content on other platforms, like Flipboard. But the move is a symbolic one for Facebook, which is now one of several platforms that want to host digital publishers’ stuff.
Snapchat has its Discover feature, Apple just launched Apple News, and Google and Twitter are working on an open-source version of the concept that they are explicitly pitching as a response to Facebook.

Perspective. We abandoned gold, now we abandon reality?
NY regulator issues first license for bitcoin company
Circle Internet Financial, a Boston-based bitcoin startup backed by Goldman Sachs Group Inc, has received New York's first BitLicense, allowing it to offer digital currency services in the state.
The firm, founded in 2013, released a new version of its mobile payment service on Tuesday.
The BitLicense from the New York Department of Financial Services is based on the first set of U.S. state guidelines for companies that operate in virtual currencies such as bitcoin, which is created and exchanged independent of banks.
[In case you want to get in on the ground floor:

Too nerdy?
'Star Trek' virtual tour will recreate every deck of the Enterprise

For my Spreadsheet students, but I rarely ask them to print anything. Paper is so “Age of the Pharaohs.”
How to Print an Excel Spreadsheet on One Single Page

For all my students.
How to Learn Anything New with 5 Sure-Fire Tips

To my horror, I discovered that some of my students (and not just the International students) did not know who Yogi Berra was!
Yogi Berra's most famous quotes: The wit and wisdom of the late Yankees legend
On getting enough rest:
“I usually take a two-hour nap from one to four.”
On "fan" mail:
“Never answer an anonymous letter.”
On education:
“I’m not going to buy my kids an encyclopedia. Let them walk to school like I did.”
“You can observe a lot by watching.”
On the future:
“The future ain’t what it used to be.”
On travel:
“If you don’t know where you are going, you might wind up someplace else.”
“Why buy good luggage, you only use it when you travel.”
“The towels were so thick there I could hardly close my suitcase.”
“When you come to a fork in the road, take it.”
On social life:
"Nobody goes there anymore, it's too crowded."
“It gets late early out here.”
On youth sports:
“I think Little League is wonderful. It keeps the kids out of the house.”
On the human anatomy:
“I don’t know (if they were men or women fans running naked across the field). They had bags over their heads.”
On receiving advice:
“Take it with a grain of salt.”
On weather:
“It ain’t the heat, it’s the humility.”
On finance:
“A nickel ain’t worth a dime anymore.”
On baseball:
“In baseball, you don’t know nothing.”
“We made too many wrong mistakes.”
“So I’m ugly. I never saw anyone hit with his face.”
“If the people don’t want to come out to the ballpark, nobody’s going to stop them.”
“Baseball is 90 percent mental. The other half is physical.”
“All pitchers are liars or crybabies.”
“We were overwhelming underdogs.”
“Bill Dickey is learning me his experience.”
“He hits from both sides of the plate. He’s amphibious.”
“I always thought that record would stand until it was broken.”
“I can see how he (Sandy Koufax) won 25 games. What I don’t understand is how he lost five.”
“I want to thank everyone for making this night necessary.”
On being thought of as a philosopher:
"I didn't really say everything I said."
On death:
“You should always go to other people’s funerals, otherwise, they won’t come to yours.”

Tuesday, September 22, 2015

Public outrage? Seems to work.
National Encryption Policy draft withdrawn: 13 things to know

For my IT Governance and Data Management students.
Getting Data Governance Right
… The emergence of the chief data officer and director of data governance positions is a testament to that. The data governance and master data management (MDM) market is approximately 10 years young, yet organizations are restructuring internally and changing the way they do business, by leveraging data to gain a competitive advantage within their marketplaces.

3 Social Media Monitoring Success Stories
Enterprise Apps Today looked for some successful use cases of enterprise social media monitoring tools and found three interesting ones.
And for more information on social media monitoring, check out our primer on social media monitoring and our list of apps that facilitate social media monitoring from mobile devices.

For my Spreadsheet students.
5 Excel Tools You Need Right Now

Changing how we teach, too.
The new version of Office is a huge shift for Microsoft — here's why
Today, Microsoft Office 2016 comes out for Windows 7 and later, bringing with it a slew of new capabilities and features.
… Microsoft is making it clear that it's going to keep releasing tiny updates and experimental apps on an ongoing basis. This, combined with the way Microsoft has priced it, means it makes more sense to subscribe Office 365 — and get updates like Office 2016 for free — than it does to buy the new packaged product.
Office is irrelevant. Long live Office 365.
… The new Word 2016 lets users collaborate with each other directly from within the document, Google Apps-style. Meanwhile, a new integration with Skype for Business in all of the desktop Office apps means that it's a lot easier to stream your screen to a colleague or just start a video chat.
… You can get Microsoft Office 2016 for Windows and Mac as one-time, boxed software releases just as you've always bought them if you really want to. The Home & Student edition is $149, and Home & Business is $229.
But for their $6.99-plus a month, Office 365 subscribers can get the full versions of Microsoft Office 2016 for the desktop right now, plus the promise of these rolling upgrades, for as long as you keep paying.

I gotta get me some students like these!
What started as a class project at Harvard just raised $110 million from Fidelity, Google, and Microsoft
It didn’t take too long for CloudFlare cofounders Matthew Prince and Michelle Zatlyn to realize they were on to something big when they launched their startup as a class project at Harvard Business School.
CloudFlare, a web performance and security startup, was seeing quick traction after winning the Harvard Business School’s Business Plan Contest that year. What had initially started out as a class project to get course credit was turning into a real business that VCs were lining up to invest in.
… CloudFlare is now one of the fastest growing startups in the world with a valuation well-north of a billion dollars.
… CloudFlare basically works as a “digital bouncer” in that it filters all the internet traffic before it reaches its customers’ websites. It can clean that traffic, identifying the good ones and bad ones, and accelerate traffic to the most efficient route.
Its service ranges from routing and switching that helps computers connect to the web, all the way up to load balancing and performance acceleration that helps make sure servers don’t get overloaded and makes websites run faster. And best of all, it doesn’t cost as much as some of the services from established companies, making its technology available to a lot of small and medium sized businesses as well.

So stupid it's brilliant!
Say hello to yourself while eating with the first selfie spoon
Finally, it’s here, the selfie accessory no one’s been waiting for.
In a promotional stunt for Cinnamon Toast Crunch cereal, maker Great Mills has launched the Selfie Spoon that helps you take a photo of yourself eating your first meal of the day. Because you really want to do that.
With tongue so firmly in cheek it’s at risk of causing painful bruising, the selfie spoon, as its name suggests, is basically a selfie stick with a spoon on the end.
To be clear – this is a real device and can be yours for the cost of shipping and handling (that’s right, the Selfie Spoon itself is free).

For all my students. You don't need them all, but some you use frequently can be real time savers.
How to Find Every Microsoft Office Keyboard Shortcut You Could Ever Need

Monday, September 21, 2015

A perspective on infrastructure.
AWS DynamoDB downtime, Sunday am, September 20, 2015
A distributed system is one in which the failure of a computer you didn’t even know existed can render your own computer unusable. Leslie Lamport, 1987
Amazon Web Services DynamoDB experienced downtime in the N Virginia availability zone early Sunday morning, September 20, 2015. As a result, a number of other AWS services inside N Virginia that depend on DynamoDB also had downtime. Companies and organizations that built services on top of those systems who didn’t have geographic load balancing were having problems as well.
Affected services include at least CloudWatch, SES, SNS, SQS, SWS, AutoScale, Cloud Formation, Directory Service, Key Mgmt and Lambda, according to a report on Hacker News.
… There are a lot of applications built on AWS and on Heroku, which are at risk of downtime. A comprehensive list is probably impossible, but here are some reports, in alphabetical order.
  • Airbnb
  • Amazon Instant Video
  • IFTTT. “We have identified an issue with our service provider. We will continue to provide updates as more information becomes available.”
  • IMDB
  • Nest. “We’re investigating a service outage with the Nest mobile app and Cam services, and the team is working on a fix. Details to come.”
  • Netflix. “We are currently experiencing issues streaming on all devices. We are working to resolve the problem. We apologize for any inconvenience.”
  • Reddit.
  • Tinder.
  • Walt Disney World app.

Local firm in a hot industry. My Computer Security students should keep an eye on them.
Two D.C. firms team up to invest in Colorado cybersecurity company
Private equity giant Carlyle Group has teamed with Washington-based The Chertoff Group to buy a majority stake in Coalfire Systems, a Colorado company that helps firms and governments protect themselves against cyber threats.
“Cyber is a hot market,” said David Leach, who leads private equity investments at Chertoff, which advises companies and governments around the world on security and risk management. Chertoff was founded by former U.S. Homeland Security secretary Michael Chertoff.
… Coalfire, founded in 2001, is based near Boulder, Colo., and has 1,500 customers, including more than 60 Fortune 500 companies. Leach said Coalfire will attempt to double its revenue by 2017. It plans to aggressively expand beyond the firm’s current headcount of 300 in the United States and United Kingdom.

Suspicions confirmed.
Brian Krebs reports:
In December 2013, just days after a data breach exposed 40 million customer debit and credit card accounts, Target Corp. hired security experts at Verizon to probe its networks for weaknesses. The results of that confidential investigation — until now never publicly revealed — confirm what pundits have long suspected: Once inside Target’s network, there was nothing stop attackers from gaining direct and complete access to every single cash register in every Target store.
[From the article:
In one instance, they were able to communicate directly with cash registers in checkout lanes after compromising a deli meat scale located in a different store.

I think I've posted this before, but it is worth duplicating.
DOJ Policy Guidance – Use of Cell-Sites Simulator Technology
by Sabrina I. Pacifici on Sep 20, 2015

Did they think they could get away with it?
Volkswagen Drops 23% After Admitting Diesel Emissions Cheat
Volkswagen AG lost almost a quarter of its market value after it admitted to cheating on U.S. air pollution tests for years, putting pressure on Chief Executive Officer Martin Winterkorn to fix the damaged reputation of the world’s biggest carmaker.
The shares plunged as much as 23 percent to 125.40 euros in Frankfurt, extending the stock’s slump for the year to 31 percent. The drop wiped out about 15.6 billion euros ($17.6 billion) in value.

Is this reasonable? Any country, any language, pro or con, you have to find it and wipe it?
France Rejects Google’s Efforts to Limit Application of Privacy Ruling
France’s privacy watchdog just will not take no for an answer.
On Monday, the country’s data protection authority rejected Google’s efforts to limit how a landmark European privacy ruling may be applied worldwide.
That privacy decision was handed down last year by Europe’s top court, and allowed anyone with connections to Europe to request that global search engines remove links to items about themselves from queries.
Several European privacy regulators, particularly in France, have urged that this so-called right to be forgotten be applied to all of Google’s search domains.
In contrast, Google has argued that the privacy ruling should apply only to European websites like in Germany or in France.
The standoff took another turn on Monday after the Commission Nationale de l’Informatique et des Libertés, or C.N.I.L., the French privacy watchdog, said that it had rejected Google’s appeal for the ruling to be limited to Europe.

Perspective. Worth a quick scan.
Here’s what IoT will do for transportation

If we pooled our funds to invest, would the UK offer us a guarantee?
UK guarantees £2bn nuclear plant deal as China investment announced
Chancellor George Osborne has announced that the UK will guarantee a £2bn deal under which China will invest in the Hinkley Point nuclear power station.
… Energy Secretary Amber Rudd told the Financial Times she wanted Beijing to take the lead in developing new nuclear plants in Britain.
She said China was expected to lead the construction of a Beijing-designed nuclear station at the Essex site.

The carnival begins!
Allegations of 'disruptive tactics' during Kim Dotcom extradition hearing
Kim Dotcom's lawyer says New Zealand's copyright law provides a safe harbour for his client which should end the United States' extradition bid.
… Ron Mansfield said Megaupload was effectively an internet service provider and as such, under the Copyright Act, could not be prosecuted.
It was the first time the issue had been raised in reference to Dotcom's case.
Mr Mansfield expected the Crown - on behalf of the US government - to forward a "competing interpretation" of the law but he said if the court saw it from Dotcom's point of view it would put the kybosh on extradition proceedings.
… Ortmann's lawyer Grant Illingworth, QC, said he and other counsel had been deliberately restricted from accessing US expertise by Crown lawyers.
"This case is being touted as the biggest copyright case in the history of the United States," Mr Illingworth said.
"It inevitably involves the need for us to engage advisers in US law and advisers concerning the way cloud storage facilities operate. Those issues are embedded in the US case."
They had asked for clarification regarding funding to retain the overseas experts in April but only received a response from the Crown in September.
He said the amount involved was proportionately small compared to the large sums the on which the case was based.
Mr Illingworth called it a "deliberate tactical decision" to hinder their defence and was an abuse of process.

Does anyone think ye olde paper books are going to become rare?
New app offers 'books for the Snapchat generation'
"Umm...why do u have Claires phone?"
"Well if u must know i sat down on this park bench to read"
"And sat right on someone's phone. Claire's I'm guessing"
"What r u reading?"

That's an excerpt from a book meant to be read on an iPhone or Apple Watch. It's available on an app that launched this week called Hooked.
Prerna Gupta describes her app as "books for the Snapchat generation."
Hooked will feature short fiction for young-adult readers. Gupta said that 80% of young-adult novels are read digitally. So the teen-set seemed like the most natural audience.
Each book will be roughly 1,000 words and is designed to be read in about five minutes. The stories will be told entirely through dialogue and read like texts. Messages show up on screen when readers click "Next."
… The app is free to download and features one free story a day. Readers can unlock more stories with the subscription service. A week of unlimited stories costs $2.99. A month is $7.99 and a year is $39.99.

Something for my Enterprise Data Management students.
Empirical Big Data Research: A Systematic Literature Mapping
by Sabrina I. Pacifici on Sep 20, 2015
Empirical Big Data Research: A Systematic Literature Mapping – Leendert Wienhofen, Bjørn Magnus Mathisen, Dumitru Roman (Submitted on 10 Sep 2015)
“Background: Big Data is a relatively new field of research and technology, and literature reports a wide variety of concepts labeled with Big Data. The maturity of a research field can be measured in the number of publications containing empirical results. In this paper we present the current status of empirical research in Big Data. Method: We employed a systematic mapping method with which we mapped the collected research according to the labels Variety, Volume and Velocity. In addition, we addressed the application areas of Big Data. Results: We found that 151 of the assessed 1778 contributions contain a form of empirical result and can be mapped to one or more of the 3 V’s and 59 address an application area. Conclusions: The share of publications containing empirical results is well below the average compared to computer science research as a whole. In order to mature the research on Big Data, we recommend applying empirical methods to strengthen the confidence in the reported results. Based on our trend analysis we consider Variety to be the most promising uncharted area in Big Data.”

And for my Spreadsheet students.
Tips & Templates for Creating a Work Schedule in Excel
Excel templates remain one of the most useful tools in the history of computing. They’re great for managing tasks and projects, keeping finances in order, tracking fitness progress, and just staying organized in general — but scheduling is one area where Excel really shines.