Travelers’ cybersecurity experts have developed common cyber claims scenarios across five industries, as shown in the following pages. The costs add up quickly, often reaching more than $1 million.
Saturday, October 17, 2015
These seminars are always worth attending.
The Privacy Foundation at the University of Denver Sturm College of Law presents: Privacy Breaches
Friday, November 6, 2015 10AM – 1PM followed by lunch. Ricketson Law Building, Room 290, 2255 E Evans Avenue Denver, Colorado 80208
Register online at http://alumni.du.edu/privacybreaches or contact Privacy Foundation Administrator Anne Beblavi at firstname.lastname@example.org Seminar, CLE (3 hrs. pending) & Lunch $30
Interesting. Clearly Dow Jones would be an attractive target, but would anyone investigate a breach of their systems without contacting them?
Russian Hackers of Dow Jones Said to Have Sought Trading Tips
A group of Russian hackers infiltrated the servers of Dow Jones & Co., owner of the Wall Street Journal and several other news publications, and stole information to trade on before it became public, according to four people familiar with the matter.
The Federal Bureau of Investigation, Secret Service and the Securities and Exchange Commission are leading an investigation of the infiltration, according to the people. The probe began at least a year ago, one of them said.
Dow Jones, in a statement, said: “Since Bloomberg published its article, we have worked hard to establish whether the allegations it contains are correct. To date, we have been unable to find evidence of any such investigation.”
… Kelly Langmesser, a spokeswoman for the FBI New York office, confirmed the office is investigating a breach at Dow Jones but declined to comment further. Jim Margolin, a spokesman for the Manhattan U.S. Attorney’s Office, declined to comment. Peter Carr, a spokesman for the Justice Department’s criminal division, also declined to comment, as did spokesmen for the Secret Service and the SEC.
The White House was briefed on the investigation and the FBI and SEC have spent months trying to determine exactly how the hackers could profit from what they took, [I assume that means used in very subtle ways. The not-so-subtle ways are obvious. Bob] consulting financial and market experts among other specialists, the people said.
For my Intro to Computer Security students.
Rosalie F. Donlon reports:
For each of the scenarios/industries, Donlon reports estimates based on the NetDiligence® Data Breach Cost Calculator and then factors in estimates from Ponemon’s Ponemon’s 2015 Cost of Data Breach Study. You can see the figures/estimates on PropertyCasualty360.com.
(Ditto) Because what Congress doesn't know can hurt you!
CRS – The Internet of Things: Frequently Asked Questions
by Sabrina I. Pacifici on Oct 16, 2015
CRS – The Internet of Things: Frequently Asked Questions – Eric A. Fischer, Senior Specialist in Science and Technology. October 13, 2015.
“Internet of Things” (IoT) refers to networks of objects that communicate with other objects and with computers through the Internet. “Things” may include virtually any object for which remote communication, data collection, or control might be useful, such as vehicles, appliances, medical devices, electric grids, transportation infrastructure, manufacturing equipment, or building systems. In other words, the IoT potentially includes huge numbers and kinds of interconnected objects. It is often considered the next major stage in the evolution of cyberspace. Some observers believe it might even lead to a world where cyberspace and human space would seem to effectively merge, with unpredictable but potentially momentous societal and cultural impacts. Two features makes objects part of the IoT —a unique identifier and Internet connectivity. Such “smart” objects each have a unique Internet Protocol (IP) address to identify the object sending and receiving information. Smart objects can form systems that communicate among themselves, usually in concert with computers, allowing automated and remote control of many independent processes and potentially transforming them into integrated systems.
… Although the full extent and nature of the IoT’s impacts remain uncertain, economic analyses predict that it will contribute trillions of dollars to economic growth over the next decade.
… Security and privacy are often cited as major issues for the IoT, given the perceived difficulties of providing adequate cybersecurity for it, the increasing role of smart objects in controlling components of infrastructure, and the enormous increase in potential points of attack posed by the proliferation of such objects. The IoT may also pose increased risks to privacy, with cyberattacks potentially resulting in exfiltration of identifying or other sensitive information about an individual. With an increasing number of IoT objects in use, privacy concerns also include questions about the ownership, processing, and use of the data they generate.”
This is something to follow, I think.
The U.S. Defense Advanced Research Projects Agency (DARPA) this week named University of Massachusetts Amherst professor of computer science Gerome Miklau to lead a 4.5-year, $2.8 million grant to develop tools and techniques that enable the agency to build data management systems in which “private data may be used only for its intended purpose and no other.”
Miklau’s project is part of a national program dubbed by DARPA “Brandeis” in recognition of the U.S. Supreme Court Justice who in an 1890 essay expounded on the right to privacy.
… He estimates that UMass Amherst will receive about $1.2 million, while collaborators Ashwin Machanavajjhala at Duke University will get about $1.1 million and Michael Hay at Colgate University approximately $470,000. At UMass Amherst, the project will support two doctoral students.
… Our team designs systems that operate between a trusted data collector, for example, a hospital or the Census Bureau, and a data analyst, so social and medical scientists and government agencies can use aggregate data without knowing all about each individual.”
… Methods for protecting private information fall into two broad categories: filtering data at the source or trusting the data user to diligently protect it. Both have serious challenges
… Miklau and colleagues plan to follow a guideline established by cryptographers nearly a decade ago known as differential privacy, which seeks to offer data analysts maximum accuracy in database queries at the same time providing minimal chance of identifying individual records. It offers more reliable protection than data anonymization, he notes.
… To accomplish this, he and colleagues will add statistical “noise” to query outputs such that the data in tables and spreadsheets are slightly distorted each time a user queries them.
Miklau explains, “We are going to deliver answers to analysts that are statistically close to what would be delivered if one person has opted out of the database. It’s a random perturbation, like flipping a coin every time you ask a question. The answer then is statistically close, but there is a randomness that helps protect the individual.”
Interesting. “Quantity has a quality of its own.”
Appeals Court Validates Google's Mammoth Books Project
Google won an important legal victory on Friday, when the Second United States Court of Appeals in New York upheld a lower court's judgment in its years-long battle with the Authors Guild over Google Books.
The case "tests the boundaries of fair use," Judge Pierre Leval wrote in the appeals court's ruling.
Google's unauthorized digitizing of copyright-protected works, creation of search functionality, and displaying of snippets from those works do not constitute infringement, according to the decision.
That is because the purpose of the copying "is highly transformative," the public display of text is limited, and the snippets "do not provide a significant market substitute for the protected aspects of the originals," the appeals court ruled.
… "There is a difference between transforming the text and copying the text for a transformative purpose," said Matthew Sag, a professor at the Loyola University Chicago School of Law.
Are drones a fad similar to the hula-hoop? Will drones become old hat in six months? Apparently the government doesn't think so. This will require the FAA to learn new technologies. And perhaps provide some opportunities for businesses that identify/track drones or establish geo-fencing.
People will soon have to register their drones with the federal government
The federal government will soon require owners of drones to register their devices with the US Department of Transportation, NBC News reports.
The forthcoming rules stem from concerns about the airspace that drones share with larger aircraft.
… The Federal Aviation Administration announced earlier this month that it was also brainstorming technologies to keep drones out of restricted airspace. One such method is known as geo-fencing. If a drone has geo-fencing technology installed, it will automatically shut down the drone if the craft wanders into an area that's off-limits.
Perspective. The government is buying airwaves to auction off?
A major New York TV station could win $900 million — if it goes off the air. Here’s why.
… WCBS-TV in New York City could win as much as $900 million for going off the air, a result of its position in one of the country's busiest markets. Smaller stations such as KAWE in Minneapolis might receive around $20 million.
The figures represent the maximum amount each broadcaster could receive for participating in a never-before-tried auction of wireless airwaves, one that's designed to transfer control of that invisible real estate to wireless carriers such as AT&T and T-Mobile. Cellular providers say they need access to more of the radio spectrum to build out next-generation mobile data networks. (All wireless data, from TV signals to 4G LTE, ride atop spectrum, a finite resource.)
Perspective. Easily doable.
Chattanooga Slays Comcast, Wins Right To Offer 10Gbps Internet For $299/Month
When Google released its Fiber Internet service five years ago, it was quite something to behold. While most of us were dealing with modest broadband speeds (or worse), the big G was offering Internet speeds that could max out our home routers. At 1Gbps, Google was allowing people to both download and upload up to a theoretical 125MB/s, which is what most hard drives will peak at. It's still impressive.
Not long after Google began hitting some cities with gigabit Internet, we began to see a number of other companies follow suit. Unfortunately, almost all of these are ISPs that focus on a certain area, so a wider rollout is in most cases unlikely. One such ISP is Chattanooga's EPB Fiber Optics, which also unveiled 1Gbit service in 2009 despite stiff opposition from Comcast.
While ISPs were still in the process of rolling out 1Gbps services, Comcast thought it'd be a good guy for once and introduce 2Gbps service. For those who are serious about their Internet and have the cash to spare, that service would be hard to avoid, even if it's akin to making a deal with the devil.
Well, that is unless you happen to live in an area that EPB covers, as it's now one-upped - ahem, five-upped - Comcast by offering a 10 gigabit service.
Funny the things we think are educational.
Hack Education Weekly News
… “Every few weeks, it seems, a new investigation is launched into one of the larger for-profit colleges in the country,” Inside Higher Ed reports. And yet… And yet: the US Department of Education just announced it will allow federal financial aid to be used for “alternative education providers,” including MOOCs and coding bootcamps. Although the Obama Administration has cracked down on for-profit universities, it seems more than happy to fund a new revenue stream for for-profits: the outsourcing of instruction to tech startups. Ted Mitchell, Under Secretary of Education and former venture capitalist at New School Venture Fund, announced the pilot program. More via Edsurge. Meanwhile, as The New York Times observes, “For-Profit Colleges Accused of Fraud Still Receive U.S. Funds.”
… California governor Jerry Brown signed a bill that abolishes the state’s high school exit exam and will award diplomas to thousands who failed the exam as far back as 2004 but had completed all their high school classes. [Because showing up is enough? Bob]
… Barbara Byrd-Bennett, the former head of Chicago Public Schools pled guilty for “her role in a scheme to steer $23 million in no-bid contracts to education firms for $2.3 million in bribes and kickbacks.” She will serve 7.5 years in jail. More of the contracts she approved during her tenure are now under scrutiny.
I don't have any “nutritionally challenged” students in my spreadsheet class. I don't think I do anyway.
How to Build Perfect Meals with The IIFYM Calculator and Excel
Tracking the nutrition in your food has been pretty easy for some time now. But being able to design meals that meet your nutrition intake targets has always been a little tougher.
In this article you’ll quickly learn exactly how you can do this using a pre-made Excel spreadsheet and a free online calculator.
Tools for Math teachers, tutors and students.
5 Online Calculators to Improve Your Basic Math Skills
Humor, with a grain of truth. Ask a narcissist? (Infographic)
Take a Better Selfie With the Help of Famous Politicians
Friday, October 16, 2015
For my Ethical Hacking students.
The Obama administration has apparently decided not to support exceptional access proposals that would provide law enforcement with the means to access data on iPhones and other personal devices.
As I argued previously on Just Security, instead of pursuing exceptional access, policymakers should seek to build a durable legal structure that would provide the FBI with the authority, under appropriate oversight, to exploit software vulnerabilities. Because these vulnerabilities already exist, lawful hacking, as this is sometimes called, can help get law enforcement what it needs without introducing the additional security risks associated with exceptional access. It is worth revisiting this issue now that the administration has seemingly reached a decision regarding its encryption policy.
The law scholars I have subsequently spoken with disagree about whether the legal structure exists today to support lawful hacking. Although there are a few excellent treatments of the subject (for example, here and here), the issue seems to me to be under-examined.
I keep thinking about all those eggs in one basket. Perhaps redundancy isn't such a bad thing? This also points to some high value targets in the coming CyberWar...
Dozens of Major Websites Crash All at Once
Dozens of major websites including Netflix, Uber and the BBC went down simultaneously on Thursday in some areas of the United States, but were soon up again in most cases.
The cause of the crashes remained unclear, but some appeared connected to trouble at a cloud service relied on by companies, although that did not stop the social media rumor and conspiracy mill from going into overdrive.
… Netflix spokesman Joris Evers told AFP that the outage was the result of "technical issues" at an UltraDNS cloud service provided by Neustar and affected mostly US subscribers.
… Cloud-based DNS services essentially route traffic to websites.
"It's kind of a road map," said Silicon Valley analyst Rob Enderle of Enderle Group.
"The roads are still in place, but if the map goes away nobody knows where to go."
What makes good Computer Security? How controlled (controllable?) is an “authorized” user?
Orin Kerr writes:
Next week, a panel of the Ninth Circuit Court of Appeals (Thomas, Reinhardt, and McKeown) will hear oral argument in the second round of United States v. Nosal. This time around, the main question in the case is whether and when accessing an account using a shared password is an unauthorized access under the Computer Fraud and Abuse Act. A second question is how to interpret Nosal I, the en banc decision from 2012, and in particular whether it required circumventing a technical access barrier.
Read more on The Volokh Conspiracy.
[A draft worth reading:
My forthcoming article, Norms of Computer Trespass, offers some thoughts on how to deal with the shared password problem.
This could be useful!
Skype Goes Universal, Lets Anyone Join A Chat Even Without A Skype Account
… In a blog post, the Skype team has announced that users can now share links to their Skype chats with other people without requiring them to create or open a Skype account.
… The new feature works by letting users generate a unique link for a certain chat by clicking the +New button. This will create the link that can then be shared to other people through any means. On the receiving side, users who are invited to a chat can simply click on the link to go to the Skype for Web interface, enter their name and start chatting away.
I like WolframAlpha for Math. But it does other things too.
16 Searches You Can Run on Wolfram Alpha That Don’t Work on Google
“There are all kinds of different ways to use Wolfram Alpha, and it’s often a better idea to load up the computational knowledge engine rather than your search portal of choice. Here are 16 of the most useful queries that Wolfram Alpha can handle but leave Google stumped…”
Some “flipped” thinking: Is there a right to be remembered?
Commentary – the web is not a library, repository, a place
The Atlantic – If a Pulitzer-finalist 34-part series of investigative journalism can vanish from the web, anything can, by Adrienne LaFrance, October 14, 2015: “If a sprawling Pulitzer Prize-nominated feature in one of the nation’s oldest newspapers can disappear from the web, anything can. “There are now no passive means of preserving digital information,” said Abby Rumsey, a writer and digital historian. In other words if you want to save something online, you have to decide to save it. Ephemerality is built into the very architecture of the web, which was intended to be a messaging system, not a library. Culturally, though, the functionality of the web has changed. The Internet is now considered a great oracle, a place where information lives and knowledge is stitched together. And yet there are no robust mechanisms for libraries and museums to acquire, and thus preserve, digital collections. The world’s largest library, the Library of Congress, is in the midst of reinventing the way it catalogues resources in the first place—an attempt to bridge existing systems to a more dynamic data environment. But that process is only beginning… Yet today’s web is more at-risk than the iterations that preceded it. The serving environments are now more complex, and the volume of data involved is astonishing. In 1994, there were fewer than 3,000 websites online [nhttp://www.llrx.comote – my site LLRX went online in 1996 and continues today]. By 2014, there were more than 1 billion…”
I be two grate-full. It shell make my students gooder.
9 Websites That Solve Dumb English Grammar Mistakes Instantly
“Skills, competencies and mindsets?” Sounds like my students could benefit form this report.
Building Expertise to Support Digital Scholarship: A Global Perspective
Building Expertise to Support Digital Scholarship: A Global Perspective by Vivian Lewis, Lisa Spiro, Xuemao Wang, and Jon E. Cawthorne October 2015. 50 pp. ISBN 978-1-932326-51-2 CLIR pub 168
PDF Download of Full Report. This is a web-only report—it is not available in print. “This report sheds light on the expertise required to support a robust and sustainable digital scholarship (DS) program. It focuses first on defining and describing the key domain knowledge, skills, competencies, and mindsets at some of the world’s most prominent digital scholarship programs. It then identifies the main strategies used to build this expertise, both formally and informally. The work is set in a global context, examining leading digital scholarship organizations in China, India, Taiwan, the United Kingdom, Germany, Mexico, Canada, and the United States. The report provides recommendations to help those currently involved in or considering embarking on a digital scholarship program.”
Thursday, October 15, 2015
I bet this is not true. Politicians would be much more concerned if no one commented on their posts.
… The survey, conducted by the Congressional Management Foundation, found that staffers would pay attention if they received 30 or fewer similar comments on something posted by their office.
Forty-five percent of staffers said that they would pay attention if they received between 10 and 30 similar social media comments on an individual post, and 35 percent said they would pay attention if they noticed fewer than 10 comments.
… The staffers surveyed suggested they were most likely to see reaction to their social media posts if it appeared soon after the original message. Fifty-four percent said that they reviewed reactions to their office’s social media accounts for up to six hours after they posted. Only 40 percent said that they reviewed them after 24 hours.
Perspective. Will those smartphone payment systems kill credit cards?
How Bad Will It Get for American Express?
Perspective. There's an App for that because we can't take the time to do it the old fashioned way.
Checkr Is Raising $30M+ For Its Background Checking API, Y Combinator Investing
As on-demand businesses like Uber and Instacart grow quickly, so too do the B2B startups that service their wider ecosystem. In the latest development, TechCrunch has learned and confirmed with several sources that Checkr — which runs background checks and vets potential hires by way of an API for the likes of Uber, Instacart and Handy, and other fast-growing startups like Zenefits and Weebly — is raising a Series B of at least $30 million, at a valuation north of $250 million.
Might be useful.
PBS Students - An iPad App for Finding Educational Content
PBS Students is a new iPad app designed to showcase some of the best educational content for students. Through the app students and teachers can search for educational videos, articles, and diagrams. Some of the the video content can be downloaded directly to an iPad.
PBS Students has incorporated the Learning Media Storyboards tool that was released as a browser-based tool last January. PBS Learning Media's Storyboard tool allows you to create a collection of videos, text, and images organized around almost any topic of your choosing. The collection appears in a collage-like format. Storyboards can be shared via email.
Maybe next Quarter.
This Access Database Tutorial Will Help You Get Started
For my Data Management students.
Imagine a retail manager with no record of his store’s inventory and no way to gauge its value. Or consider a CFO who has no record of her company’s financial assets nor their value. Or an HR executive with no company directory, employee ratings nor compensation data. Well that’s the state of information management in most organizations today.
… information is not recognizable as a balance sheet asset – even though information meets all the criteria. We are in the midst of the Information Age, yet information is still considered a non-entity by antiquated accounting standards!
This lack of formal recognition manifests in most organizations that collect, manage, deploy and value their information with far less discipline than they manage traditional balance sheet assets.
Excel is not just for budgets. My students should love this!
How to Build a Free, Scalable API Testing Solution With Microsoft Excel
… Webtesting.io is a data-driven, automated API testing solution that allows developers and testers to create automated tests for JSON Web Services. Webtesting.io uses Microsoft Excel as the front-end client to manage the automated test scripts, identify expected results, capture the actual results, log API response times, and track historical test metrics for each test cycle. The Webtesting.io JSON Web Services Automated Testing solution is free to download, and use. Click here to download.
Wednesday, October 14, 2015
Do you suppose GCHQ read all of Hillary's emails too?
Alexander J. Martin reports:
The Investigatory Powers Tribunal (IPT) has ruled that GCHQ is allowed to collect the communications of MPs.
An IPT announcement stated that it “heard and resolved issues relating to the status, meaning and effect of what has been called the Harold Wilson Doctrine, or the Wilson Doctrine, originating in the statement in the House of Commons on 17 November 1966 by the Rt Hon Harold Wilson, the then Prime Minister.”
Wilson promised that MPs’ and peers’ phones would not be tapped by the security services. However, he also said that he might secretly remove this rule, and only tell parliament that he had done so at some later point decided by him. [The only time you can trust a politician is when they tell you they are not trustworthy. Bob]
Read more on The Register.
Interesting. I can use this for my Computer Security and Statistics students. More reporting (or more sensational reporting) does not change reality. Come to think of it, I should send this to my Risk Management students too.
Cyberattacks Are Not On the Rise, Researchers Say
… That's the finding of research from the University of New Mexico Department of Computer Science, which suggests that while cybersecurity should remain a priority, cyberattacks are not growing unabated.
The study published in the Journal of Interactive Marketing, "Hype and Heavy Tails: A Closer Look at Data Breaches," provides some reassuring news.
… By using a statistical modeling method known as the Bayesian approach, the authors conclude that the data provided by the PRC shows neither an increase in size nor in frequency of cyberattacks since 2005.
The study also differentiates between negligent and malicious data breaches; negligence implies the data was exposed accidentally through lack of security, while malicious breaches mean a hacker purposefully set out to bypass security measures in search of the data. The authors conclude that negligent breaches occur twice as often as malicious breaches do, meaning such the negligent variety are avoidable if the proper security measures are taken.
This is about “standing.” I wonder if Coca-Cola had a reason to keep employee data on those laptops? Six or seven years for notice to be sent to the employees?
Judy Greenwald reports:
A Coca-Cola employee who was the victim of identity theft after company laptops were stolen did suffer actual harm as a result, and can pursue a putative class action lawsuit against the company, says a Pennsylvania federal court.
Shane K. Enslin began working for a company that was eventually acquired by the Atlanta-based Coca-Cola Co. in 1996, according to the ruling by the U.S. District Court in Allentown, Pennsylvania, in Shane K. Enslin v. The Coca-Cola Company et al.
Read more on Business Insurance.
[From the article:
Mr. Enslin was required to provide the company with personal identification information including his social security number, address, bank account information, credit card numbers, driver's license information and motor vehicle records, according to the ruling.
Over nearly a six-year period beginning In January 2007 and continuing through November 2013, about 55 company laptops containing information on more than 74,000 people, including Mr. Enslin were stolen, according to the ruling.
By December 2013, all 55 laptops were recovered, and an employee who was responsible for retaining or destroying the laptops, was arrested and charged with felony and misdemeanor theft, according to the ruling.
In February 2014, Mr. Enslin received a letter from the company informing him of the theft and offering him one year of credit monitoring.
A few months later, Mr. Enslin began to experience identity theft, including the unauthorized purchase of thousands of dollars of merchandise on his credit cards and attempts to have his address changed. In July 2014, an identity thief was able to obtain a job using his name.
… While a number of Mr. Enslin's individual charges were dismissed, Judge Joseph F. Leeson Jr. held he had standing to file suit against the company based on the harm he suffered and that a connection could be drawn between the identity theft and the laptops' theft.
If you know the device I use, you can tie that to everything I do – and therefore who I am.
Venkat Balasubramani writes:
Many VPPA cases involve free online streaming services. Here, plaintiff alleged that he downloaded the Cartoon Network app, and Cartoon Network then disclosed to Bango, an ad network, plaintiff’s device ID and the videos he viewed. Plaintiff also alleged that Bango easily could derive his identity and thus knew both his identity and the videos he viewed.
The district court rejected plaintiff’s arguments, concluding that plaintiff was a “subscriber” of Cartoon Network, but it did not disclose personally identifiable information to Bango. (Blog post on the district court ruling here: “Android ID Isn’t Personally Identifiable Information Under the Video Privacy Protection Act“.) The Eleventh Circuit affirms on alternate grounds, holding that the plaintiff wasn’t a “subscriber.”
Read more on Technology & Marketing Law Blog.
Interesting. How were they spending their time? Will the FTC take over for Justice because of the Wyndham decision?
Justice Department Data Reveal 29 Percent Drop in Criminal Prosecutions of Corporations
by Sabrina I. Pacifici on Oct 13, 2015
“Criminal prosecution of corporate violators by the U.S. Department of Justice declined by 29 percent between FY 2004 and FY 2014, despite repeated claims to the contrary by top officials. [They lost touch with reality long ago? Bob] Meanwhile over the same period, there has been little change in the number of times investigators at the various federal agencies have asked that criminal cases be brought against corporations; such referrals have actually increased by 2.6 percent. Moreover, the overall number of corporations in the country that could be investigated for criminal wrongdoing has grown by about 24 percent. These findings are based on a new analysis by Syracuse University’s Transactional Records Access Clearinghouse (TRAC) of hundreds of thousands of records developed and collected by the Justice Department. The case-by-case records were obtained by TRAC as the result of a 17-year litigation effort under the Freedom of Information Act (FOIA). Supporting data from the U.S. Sentencing Commission and the Internal Revenue Service also contributed to these findings. For an in-depth analysis of this observed decrease in the criminal prosecution of corporations, see the report at: http://trac.syr.edu/tracreports/crim/406/“
Perspective. Interesting read.
For a decade or two, for most people 'the internet' meant a web browser, a mouse and a keyboard. There were a few things around the edges, like IM, Spotify, Skype or Steam (or, for some people, email), but for most people and for almost all activities, the web was the internet. The web was the platform, not the PC operating system - people created services for the web, far more than for Windows or MacOS.
And once the browser wars died down, the browser was pretty much a neutral platform. Browser technology changed and that made new things possible (Google Maps, say), but the browser makers were not king-makers and were not creating or enabling entirely new interaction models.
… On mobile this is different - it's the operating system itself that's the internet services platform, far more than the browser, and the platform is not neutral.
There's an App for that? Looking for technical errors in how the ticket is written?
Fixed, The App That Fixes Your Parking Tickets, Gets Blocked In San Francisco, Oakland & L.A.
Fixed, a mobile app that fights parking tickets and other traffic citations on users’ behalf, has had its parking ticket operations blocked in three of its top cities, San Francisco, Oakland and L.A. after the cities increased the measures they were taking to block Fixed from accessing their parking ticket websites.
… Using its app, Fixed customers could snap a photo of their parking ticket using their phone’s camera, and then Fixed would check against a variety of common errors before writing a customized letter to the city on the user’s behalf. The app also cleverly tapped into Google Street View to check to see if the city had the proper signage in place in the area a ticket was received.
Founder David Hegarty once noted that over half of tickets have an issue that would make them invalid, but the city didn’t tend to play by its own rules when arbitrating disputes. That made Fixed’s “win” rate only 20%-30% on tickets, as of earlier this year. (When the company won, it charged a success fee of 25% of the original fine – a reduction in what a customer would have otherwise paid.)
… When Fixed began faxing its submissions to SFMTA last year, the agency emailed the startup to stop using their fax machine. When Fixed pointed out that it was legal to do so, the agency simply shut off their fax.
For my students.
Wix Editor Produces Modern, Code-Free Websites
The Wix Web-development firm wants small business owners to put away their HTML guides and CSS tutorials. The company just launched a new editor and design toolset that produces professional-level small business websites and requires no meddling with the underlying code.
I can use this in many classes to keep my students from going overboard.
How to Make Your Graphs & Tables Look More Professional
Whether you’re creating charts and graphs in Excel or formatting data tables in Word, there’s one thing you should always keep in mind: if it doesn’t look good, no one will read it.
… What’s the key takeaway? Less is more. Remove or mute all unnecessary elements so that the spotlight can shine on the data you want to present. After all, data is what it’s all about.
Tuesday, October 13, 2015
This is what happens when you select a vendor based on political connections rather than Security expertise.
I know Clinton’s use of a private server has become a political issue, but it’s still also an infosec issue for our government. Jack Gillum and Stephen Braun of AP provide the latest revelations:
Clinton’s server, which handled her personal and State Department correspondence, appeared to allow users to connect openly over the Internet to control it remotely, according to detailed records compiled in 2012. Experts said the Microsoft remote desktop service wasn’t intended for such use without additional protective measures, and was the subject of U.S. government and industry warnings at the time over attacks from even low-skilled intruders.
Read more on ABC.
It's part of the Risk Management budget calculation. Ethical Hacking students: Can we develop an algorithm to calculate the most vulnerable companies (most likely targets) based partly on their cost of insurance?
Jim Finkle reports:
A rash of hacking attacks on U.S. companies over the past two years has prompted insurers to massively increase cyber premiums for some companies, leaving firms that are perceived to be a high risk scrambling for cover.
On top of rate hikes, insurers are raising deductibles and in some cases limiting the amount of coverage to $100 million, leaving many potentially exposed to big losses from hacks that can cost more than twice that.
Read more on Reuters.
Could this foster greater investment in data security? If so, that might be a good outcome. And if insurance pockets weren’t so deep, could this discourage a lot of law suits where there is no evidence of concrete injury or imminent injury? And would that, too, be a good thing?
But if all that happens is that rates and breach costs go up and those costs are passed along to consumers and patients, well, buckle up, because we may be in for a rougher ride.
[From the article:
Average rates for retailers surged 32 percent in the first half of this year, after staying flat in 2014, according to previously unreported figures from Marsh.
Higher deductibles are also now common for retailers and health insurers. And even the biggest insurers will not write policies for more than $100 million for risky customers. That leave companies like Target, which says its big 2013 data breach has cost $264 million, paying out of pocket.
Stunning! The world has run out of teenage males! (Well, I always got it for the articles.)
Playboy will no longer feature nude women in its print edition
… Starting next year, the publication long known for showcasing the female physique will no longer feature models in the nude, according to a report in The New York Times.
… The Times' Ravi Somaiya writes that now that Playboy has effectively accomplished its founding goal of "normalizing" the female body by introducing women to the world in their au naturel state, the magazine's mission has been accomplished.
Keep in mind that in the days before Playboy landed on magazine racks (in the 1950s), female nudity was taboo.
Playboy CEO Scott Flanders is quoted in The Times: "That battle has been fought and won ... you're now one click away from every sex act imaginable for free."
… According to AAM's magazine-circulation figures from 2014, the most popular magazine in circulation among the top 25 in the US was "AARP The Magazine."
I used to have my Spreadsheet students create a budget as a major project. These are a bit fancier.
7 Useful Excel Sheets to Instantly Improve Your Family’s Budget
A tool for explaining Big Data to my students.
The Internet in Real Time
Monday, October 12, 2015
How to win elections and influence politicians?
The stealthy, Eric Schmidt-backed startup that’s working to put Hillary Clinton in the White House
An under-the-radar startup funded by billionaire Eric Schmidt has become a major technology vendor for Hillary Clinton’s presidential campaign, underscoring the bonds between Silicon Valley and Democratic politics.
The Groundwork, according to Democratic campaign operatives and technologists, is part of efforts by Schmidt—the executive chairman of Google parent-company Alphabet—to ensure that Clinton has the engineering talent needed to win the election. And it is one of a series of quiet investments by Schmidt that recognize how modern political campaigns are run, with data analytics and digital outreach as vital ingredients that allow candidates to find, court, and turn out critical voter blocs.
… So what does the Groundwork do? The company and Clinton’s campaign are understandably leery of disclosing details.
According to campaign finance disclosures, Clinton’s campaign is the Groundwork’s only political client. Its employees are mostly back-end software developers with experience at blue-chip tech firms like Netflix, Dreamhost, and Google.
… sources tell Quartz that the Groundwork has been tasked with building the technological infrastructure to ingest massive amounts of information about voters, and develop tools that will help the campaign target them for fundraising, advertising, outreach, and get-out-the-vote efforts—essentially to create a political version of a customer relationship management (CRM) system, like the one that Salesforce.com runs for commerce, but for prospective voters.
… Instead of putting money behind a Super PAC that can’t coordinate with the campaign, a well-connected donor like Schmidt can fund a startup to do top-grade work for a campaign, with the financial outlay structured as an investment, not a donation.
… helping to elect yet another president could be incredibly valuable to Schmidt and to Google.
And Schmidt’s largesse is not something that other candidates, either rival Democrats like Bernie Sanders or the crowded field of Republicans, will be able to easily match.
Worldwide, More Than Half Of Google’s Searches Happen On Mobile
Earlier this year, Google announced that for the first time, it was seeing more search activity on mobile than desktop. The caveat was that this was for 10 countries, including the US. Today, Google has now said this is the case worldwide.
… It’s important to note that this doesn’t mean that desktop searches have diminished. Stats on desktop search from comScore routinely show the overall amount has risen from month to month. Rather, it’s that mobile searches have been a growing new segment that have caught up and now overtaken desktop search.
On the whole, desktop search has grown. As a percentage, it has dropped. That’s because we’re living in what I’ve called an “always-on search world,” where we’re always able to search. Got a query? Your phone is always in reach, as opposed to the past when you’d have to get to wherever your computer was. So the overall search queries happening have grown.
… Singhal also said Google has now indexed 100 billion links within apps. This means that when people are within Google’s search results, and Google knows they have a particular app installed, it can jump them from the results into the app version of a Web page.
For my students.
This $60 Budget App Is FREE For Students!
Budgeting is a simple skill to learn — take one month to track everything you spend money on. The results might surprise you, but once you know where your money is going, it becomes that much easier to rein in your spending habits.
But the actual tracking of expenditures can be a pain if all you have is a pen, some paper, and a calculator. That’s why you need You Need A Budget, which we consider to be the best budgeting software you’ll ever use.
Sunday, October 11, 2015
When the court says “unduly burdensome” are they thinking about the impact on Apple if they can bypass the security they have been promising customers they can't bypass? (I'm assuming that when the government says they “cannot gain access to any data stored on the device” they mean they can see the data, but it is encrypted.)
JAMES ORENSTEIN, Magistrate Judge:
In a sealed application filed on October 8, 2015, the government asks the court to issue an order pursuant to the All Writs Act, 28 U.S.C. § 1651, directing Apple, Inc. (“Apple”) to assist in the execution of a federal search warrant by disabling the security of an Apple device that the government has lawfully seized pursuant to a warrant issued by this court. Law enforcement agents have discovered the device to be locked, and have tried and failed to bypass that lock. As a result, they cannot gain access to any data stored on the device notwithstanding the authority to do so conferred by this court’s warrant. Application at 1. For the reasons that follow, I defer ruling on the application and respectfully direct Apple to submit its views in writing, no later than October 15, 2015, as to whether the assistance the government seeks is technically feasible and, if so, whether compliance with the proposed order would be unduly burdensome. If either the government or Apple wishes to present oral argument on the matter, I will hear such argument on October 22, 2015, at 12:00 noon.
Read more of his memorandum and order here (via Cryptome).
Read media coverage on his order from Ellen Nakashima of Washington Post.
Ha! Told you that's how it had to be done. The computer can be trusted to match all the data to a single individual, but then keep that individuals identity private. Yes it could make some relationships difficult to communicate, but those are very unique circumstances.
If you’ve been meaning to read bit on differential privacy, you might want to read this article from the National Science Foundation:
… When planning a study, data scientists need to balance their desire to uncover new knowledge with the privacy of the people whom the data represent.
Salil Vadhan, a professor of computer science at Harvard University and former director of the Center of Research on Computation and Society, is among the researchers exploring an approach known as “differential privacy” that allows one to investigate data without revealing confidential information about participants. Initially introduced by Cynthia Dwork, Frank McSherry, Kobbi Nissim and Adam Smith, among others, in the mid-2000s, researchers continue to develop the concept today to apply it for real-world problems.
As the lead researcher for the National Science Foundation (NSF) supported “Privacy Tools for Sharing Research Data,” Vadhan and his team at Harvard are developing a new computer system that acts as a trusted curator — and identity protector — of sensitive, valuable, data. (The Sloan Foundation and Google, Inc. are providing the project with additional support.)
Read more on ScientificComputing.com
How messed up was it before? I do like the “standard wording” sections of the breach notification.
Brandon Johnson writes:
On October 6, 2015, California Governor Jerry Brown signed into law a trio of bills that is intended to clarify key elements of the state’s data-breach notification statute and provide guidance to persons, businesses, and state and local agencies that deal with electronically stored personal information. The bills, which were passed together as a single legislative package, will take effect on January 1, 2016.
Read more about Assembly Bill 964 (A.B. 964), Senate Bill 570 (S.B. 570), and Senate Bill 34 (S.B. 34) on Covington & Burling InsidePrivacy.
Always the problem with “a little” censorship. Apple could have chosen to create 178 unique systems to conform to rules in 178 countries. It's possibly cheaper to cut a country off rather than constantly update the topics your can't deliver.
It appears Apple is choosing to outright block its news app in China rather than implement a system to censor stories that would earn it the ire of Beijing. A source has confirmed to The New York Times that the company has blocked users in China from accessing Apple News, which offers an iOS-optimized way to read stories from around the web.
Something to watch? More insight into Twitter and possibly a reason to join?
… It was a bit disconcerting when, during the conference call to announce the appointment of Jack Dorsey as CEO, Lead Independent Director Peter Currie, Dorsey, and newly promoted COO Adam Bain brought up Project Lightning, an internal project that was bizarrely revealed to BuzzFeed by Costolo just days before his departure; at the time it was hard to see the pre-announcement as anything other than a last ditch attempt to save his job, and one wondered if the mentions on the conference call had a similar motivation: give Wall Street something, anything, to hold onto, even if jacking up expectations would hurt the new product when it launched.
Well, the product launched…and it’s fantastic. Moreover, it’s not only that it’s fantastic from a product perspective — actually, there is a lot to nitpick — but that it is fantastic from a strategic perspective.
Moments has three components:
- When you first tap the Moments tab at the bottom of the Twitter app
you’re dropped into the ‘Today’ view that lists a mishmash of stories that, well, happened today.
Touch any of the stories to get a curated list of tweets that tell the story in question through videos, images, and sometimes just text. It’s a really great experience, and I found the sports stories with their combination of highlights and tweeted reactions particularly enjoyable
- For any Moment in progress, you can tap a button to add tweets about that Moment to your main timeline. Crucially, though, those tweets only persist for the duration of the event in question; the ‘Unfollow’, which is the most essential action when it comes to building a Twitter feed you actually read, is done for you
- Finally, in what was probably the biggest surprise in the product, there is a carousel at the top leading to more focused categories: Each of these categories includes not only ‘News’ or ‘Entertainment’ Moments that just happened, but also more timeless content, particularly in ‘Fun.’ Look carefully at those category titles, though — they sure look familiar: That’s right, Twitter just reinvented the newspaper. It’s not just any newspaper though — it has the potential to be the best newspaper in the world.
Another example of “Big Data” even if the user's think it's normal.
How the Bloomberg Terminal Made History—And Stays Ever Relevant
… Unlike the PC or the Mac, the Terminal has always catered to a niche—investors and other finance professionals—which is why most people have never seen one in person. But it's one of the industry's few truly enduring successes.
… The Bloomberg Terminal of today—which, speaking more precisely, is a service known as Bloomberg Professional—provides more than 325,000 subscribers with everything from an array of information on financial matters to a chat system to the ability to actually execute trades. It processes 60 billion pieces of information from the market a day.