Saturday, December 19, 2015

An update. It's not the DNC's data at issue, it's the Sanders campaign data that they can't get to. They (all candidates?) store it on the DNC's database because it's cheaper and nothing could possibly go wrong.
How Berned Is Bernie Sanders By The DNC Data Breach?
… The fracas began on Wednesday morning, with the crash of a software firewall that is supposed to prevent campaigns from seeing the voter data compiled by rival candidates. (All the Democratic presidential campaigns have access to the DNC data, and can then add their own information and analysis to the database.) The crash allowed members of Sanders’s staff to view proprietary voter lists of the Hillary Clinton campaign, including, according to news reports on Friday, information on voters less inclined to support the former secretary of state in the critical early states of Iowa and New Hampshire.
To punish the Sanders campaign for the breach, the DNC said the campaign could not have access to the party’s voter data.
The DNC files are filled with public information — no private information, à la credit card company hacks, would have been compromised here — that’s been gathered from various secretaries of state offices across the country. Those files contain names, addresses, elections voted in, and in some states, date of birth and gender.
Without access to these files, the Sanders campaign’s ability to canvass voters in a targeted manner — go to this house, but not that one — is lost, as are its capabilities to create a tailor-made phone list to contact voters who are more likely to #FeelTheBern. It basically means Sanders staffers have to campaign like it’s 1999
… the campaign could have saved or printed lists outside the NGP VAN system.
But the long-term effects are alarming enough that the Sanders campaign filed a lawsuit in federal court on Friday seeking to re-gain access to the DNC’s voter file, saying that the committee was “attempting to undermine” its campaign, and that the organization “continues to hold our data hostage.”
Campaigns gather information from voters that serve to enrich this file — who a caller says they’ll vote for or whether a landline number is dead are seen as valuable tidbits — and they agree to update the system after the campaign so that future candidates can use it.
But what probably angers Sanders and his people the most is being locked out of information they’ve collected on potential Sanders volunteers. If a person whose door is knocked on says they’d like to volunteer for the campaign, that’s quite a boon, and the campaign would store that information away in the system. When staffers were locked out of the NGP VAN system, they would have lost access to these files, Klaber said.




Does the FBI see China in every hack? Maybe China is in every hack. Or maybe they have a low threshold for “sophistication?”
FBI probes breach at Juniper Networks -CNN
… Juniper on Thursday said it discovered two security issues that can affect products or platforms running the ScreenOS software. It released an emergency security patch, advising customers to update their systems and apply the patched releases with "the highest priority." (juni.pr/1msg7WM)
CNN reported that U.S. officials are concerned because hackers who took advantage of the flaw could access the network of companies or government agencies that used the Juniper product.
The breach is believed to be the work of a foreign government because of the sophistication involved, U.S. officials told CNN. (cnn.it/1msgmkF)




The opposite of sophistication? Just think of it as a password you were unlikely to guess. (What do 28 backspaces spell in Chinese?)
The Simplest Hack: Hitting The Backspace 28 Times Will Break You Into a Linux Computer
Linux may be the operating system of choice for some computer snobs, but there is apparently one giant flaw in it: you can break into it really, really, really easily. All you have to do is hit the backspace key enough times, something on the order of 28.
Wait, what?
Lorenzo Franceschi-Bicchierai at Motherboard does a pretty good job unpacking this. Essentially, the backspace bug causes the system to bring up a Grub rescue shell. From this shell, hackers have access to all the data on the computer, and can use it to install malware, delete files, or outright steal them. The bug was discovered by two researchers at the Cybersecurity Group at the Polytechnic University of Valencia, and published on the personal site of researcher Hector Marco.
The researchers indicate that the Grub problem affects Linux systems from 2009 to the present date, though older systems may be affected. Already, many major distributions, including Debian and Ubuntu, have released emergency patches to fix the problem. So if you're a Linux user and think you might be affected, either try hitting the backspace key 28 times on the login screen, or just install the patch and don't chance it.




Perspective. Who has the weakest security? Sounds like a project for my Ethical Hacking class!
Target Corporation Hops on the Bandwagon of Mobile Wallets
It seems like all retail giants are eager to offer customers new ways to pay with a smartphone. First it was the disruptive Apple Pay, which was joined by others including Samsung Pay, Android Pay and the recently launched Walmart Pay. Now lobbying its way in, is Target Corporation.
… sources mentioned that the country's fourth largest retail chain has already undertaken certain decisions, including which financial institutions and credit card companies to partner with. Also, the company’s management is inclined to process transactions through scanning technology, using the QR code to establish communication with payment terminals, just as Wal-Mart and Starbucks do. The company will eventually integrate the mobile payment platform, with its existing mobile shopping app.


(Related) Perspective. Has anyone tried to collect Best Practices for Apps?
Mobile App Momentum Continues, Surveys Find
Companies are coming up with all kinds of new ways to use mobile apps, from customer service to an intranet alternative. So it is no surprise that many businesses use at least a dozen mobile apps. In a report published today, Apperian, a provider of mobile application management software, found that the mean number of apps across its customers is nearly 35 while the median number is 13.
Interestingly, however, Apperian found that the number of mobile apps deployed is not a leading indicator of an organization's success with mobile apps. It is more important to have mobile apps that support business processes aligned with strategic initiatives, according to Apperian, which also found that companies tend to deploy mobile apps meant for specific business functions rather than mobile apps used by entire workforces.




Do you feel more secure?
Budget bill heads to President Obama's desk with CISA intact
Earlier today, the US House of Representatives passed a 2,000-page omnibus budget bill that contains the entirety of the controversial Cybersecurity Information Sharing Act. Just moments ago, the Senate passed it too.
Update: As expected, President Obama has just signed the bill, enacting both the $1.1 trillion budget and CISA.




Goes to both security and privacy.
How to Remove Hidden Personal Data in Microsoft Office
Microsoft Office creates and maintains a metadata file attached to your document. Each time you send it, your details are passed forward to the recipient, and anybody else that document moves forward to. This is okay in certain situations, but at other times it can be handy to clean your documents of any personal data before releasing them into the wild.
The Document Inspector is an amalgam of all of the different inspector services available to Microsoft Office. Their main functions are to locate and remove any additional data from your documents. Before using the Document Inspector, save your current document.




I find it difficult to believe that Directors would be unsatisfied with the information they receive (on any subject) for long.
U.S. Senators Introduce SEC Cybersecurity Disclosure Legislation
The legislation asks each publicly traded company to disclose information to investors on whether any member of the company’s Board of Directors is a cybersecurity expert, and if not, why having this expertise on the Board of Directors is not necessary because of other cybersecurity steps taken by the publicly traded company.
A study released earlier this year from the Ponemon Institute found that 78 percent of the more than 1,000 CIOs, CISOs and senior IT leaders surveyed had not briefed their board of directors on cybersecurity in the last 12 months. In addition, 66 percent said they don't believe senior leaders in their organization consider security a strategic priority.
A separate survey published in January by the National Association of Corporate Directors (NCD) that found that more than half (52 percent) of the 1,013 corporate directors surveyed were not satisfied with the amount of information they were receiving about cyber-security. In addition, 36 percent said they were unsatisfied with the quality of that information.




If you never ask yourself the question, you don't have an answer when someone else asks. AKA: “We don't need no stinking privacy!”
FAA Finally Admits Names And Home Addresses In Drone Registry Will Be Publicly Available
The FAA finally confirmed this afternoon that model aircraft registrants’ names and home addresses will be public. In an email message, the FAA stated: “Until the drone registry system is modified, the FAA will not release names and address. When the drone registry system is modified to permit public searches of registration numbers, names and addresses will be revealed through those searches.”




The NFL bit could be interesting. If many companies grab content that requires specific (proprietary) Apps to access, we'll need a new kind of TV guide – powered by Watson!
Apple Loop: Multiple iPhone 7 Designs Leak, Tim Cook's $24 Billion NFL Dream, Apple Fights Microsoft
… Is Apple really going to go after Thursday Night Football? Reports came in this week that the NFL has reached out to Apple for a potential bid, along with Amazon, Google, Yahoo, and the more traditional broadcast partners. It’s an idea championed by Forbes’ Eric Jackson, who believes a bid from Apple of $4 billion over five years would bring in $24 billion in profits:
The extra sales of Apple TVs, content via iTunes that people would then buy on their Apple TVs, plus incremental iPhone sales would all be new iOS ecosystem sales not currently factored in by Wall Street analysts in their current price targets for the Apple stock price.
Therefore, they would have to model in all this additional revenue which would be prompted by large numbers of Americans and those internationally who love their NFL migrating to Apple to be able to stream the games on their Apple TV hockey pucks.
The Wall Street analysts would have to take their best guess of future profits flowing to Apple from this move (which I have argued is $24 billion) and multiply that number by the current forward price-to-earnings multiple which Apple has (which is 11x).




“Always bet on ignorance and intellectual laziness.”
Furor over Arabic assignment leads Virginia school district to close Friday
A Virginia county closed all of its schools Friday because of intense backlash over a class assignment about Islam, with some parents alleging that their children were being subjected to Muslim indoctrination and educators emphasizing the importance of exposing U.S. students to the world’s fastest-growing religion.
A high school geography teacher in rural Augusta County asked students to try their hand at writing the shahada, an Islamic declaration of faith, in Arabic calligraphy. The task, community reaction to it, and a sudden influx of outrage from around the country — including angry emails, phone calls and threats to put the teacher’s head on a stake — led the school district to close rather than risk disruption or violence.
… The shahada translates to: “There is no god but God. Muhammad is the messenger of Allah.” Some translations start with: “There is no god but Allah.” [Nothing about ISIS at all? Bob]




Something to illustrate why my Data Management students need Data Management. ('cause it never hurts to keep pounding home the benefits of a good education!)
Microsoft pursues analytics ambitions with Metanautix acquisition
Microsoft has furthered its pursuit of enterprise analytics with the acquisition of Metanautix, a company that makes it possible for businesses to pull together all their data and gain insights into it.
Metanautix's product can pull information in from a variety of private and public cloud data sources including traditional data warehouses, NoSQL databases like Cassandra and business systems like Salesforce. Once it's aggregated, businesses can use SQL to query the resulting data pipeline in order to glean insights from the information.




Perhaps I can have the university buy me some of this – for my students of course.
Intercept – A secret catalogue of government gear for spying on your cellphone
by Sabrina I. Pacifici on Dec 18, 2015
The Intercept has obtained a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States. The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before…”




Just because it's cool (and local) You can see a long way if you're high enough.
A New Kind of Landscape Photography
Denver and the Colorado Rockies, as you’ve never seen them before
… In the late morning, as it passed over the Pacific, it turned back and looked at the continent to the east. Gazing over Los Angeles; the Mojave desert; the Grand Canyon; and the southern tip of Utah, it captured an image of Colorado.




My favorite Saturday reading.
Hack Education Weekly News
From the Indy Star: "Scores on thousands of student exams could be incorrect because of a computer malfunction that inadvertently changed grades on Indiana's high-stakes ISTEP test, according to scoring supervisors familiar with the glitch."
… Coursera has released a list of its “most coveted certificates in 2015.” Number one: digital marketing.
Colorado College has suspended a student for 6 months for derogatory comments he made on Yik Yak.
… Career Education Corporation says it will close all its Le Cordon Bleu schools, citing the new “gainful employment” regulations.
… From Desmos (and Dan Meyer): Marbleslides.




What else would you call it?
Wookieepedia


Friday, December 18, 2015

So a vendor turned off the security and someone wandered into the “forbidden zone.” Unlikely to cost (or gain) anyone the election. It is amusing however.
DNC: Sanders campaign improperly accessed Clinton voter data
Officials with the Democratic National Committee have accused the presidential campaign of Sen. Bernie Sanders of improperly accessing confidential voter information gathered by the rival campaign of Hillary Clinton, according to several party officials.
Jeff Weaver, the Vermont senator’s campaign manager, acknowledged that a low-level staffer had viewed the information but blamed a software vendor hired by the DNC for a glitch that allowed access. Weaver said one Sanders staffer was fired over the incident.
The discovery sparked alarm at the DNC, which promptly shut off the Sanders campaign’s access to the strategically crucial list of likely Democratic voters.
… NGP VAN, the vendor that handles the master file, said the incident occurred Wednesday while a patch was being applied to the software. The process briefly opened a window into proprietary information from other campaigns, said the company’s chief, Stu Trevelyan.
… “Sadly, the DNC is relying on an incompetent vendor who on more than one occasion has dropped the firewall between the various Democratic candidates’ data,” he said.


(Related) Why Hillary will have the DNC crack down.
Bernie Sanders Can Still Catch Hillary Clinton In Iowa
… Sure, she’s almost certainly going to win the nomination. But if I were running the Clinton campaign, I’d still be a little nervous. C linton’s lead in Iowa isn’t safe; Bernie Sanders could win the caucuses. And with expectations for her as high as they are, a Clinton loss in Iowa (or even an underwhelming win) would cause her campaign a lot of heartache.




Another indication that the card readers (or payment processors) are being tapped?
Brian Krebs reports:
Fraud analysts in the banking industry tell KrebsOnSecurity that the latest hospitality firm to suffer a credit card breach is likely Landry’s Inc., a company that manages a nationwide stable of well-known restaurants — including Bubba Gump, Claim Jumper, McCormick & Schmick’s, and Morton’s.
Update, 2:57 p.m. ET: Landry’s has acknowledged an investigation. Their press release is available here (PDF).
Read more on KrebsOnSecurity.com
[From Krebs:
Industry sources told this author that the problem appears to have started in May 2015 and may still be impacting some Landry’s locations.
… Restaurants are a prime target for credit card thieves, mainly because they traditionally have not placed a huge emphasis on securing their payment systems. The attackers typically exploit security vulnerabilities or weaknesses in point-of-sale devices to install malicious software that steals credit and debit card data.




Local. Probably not related to the Landry article above.
Brian Krebs reports:
Sources at multiple financial institutions say they are tracking a pattern of fraud indicating that thieves have somehow compromised the credit card terminals at checkout lanes within multiple Safeway stores in California and Colorado. Safeway confirmed it is investigating skimming incidents at several stores.
Read more on KrebsOnSecurity.
In at least two locations where skimmers were found in California, the skimmers did not compromise any customer data, according to a corporate spokesperson.




Not a lot of detail, but generally true.
That Wearable Device Under Your Tree Is Their Next Target
Wearables are atop gift lists this year as Fitbit continues to grow and Apple is expected to sell six million Watches in the next month alone. Wearable-renting company Lumoid says it receives at least one new wearable device each week saying they “sometimes can’t keep up, especially now with the holiday season coming up.”
There are more wearables on the market than ever before but experts like Good Technology’s John Herrema say manufacturers aren’t prepared to keep such a massive scale of users secure.




The pendulum swings again.
Over on TechDirt, Time Cushing writes:
It’s a lower-level decision but it still means something. Well, a couple of somethings. First off, it appears Connecticut law enforcement probably shouldn’t continue seeking “live” cell site location information without a warrant. It also appears the law enforcement agency involved doesn’t have access to a cell site simulator (Stingray, etc.).
Read more on TechDirt.
[From TechDirt:
This sort of collection is nothing new. Many law enforcement agencies act under the belief that location information is just another business record, subject to fewer restrictions and a lower level of privacy protections. Generally speaking, courts have found the acquisition of historical cell site location data without a warrant to have minimal impact on Fourth Amendment protections. Using this information as a tracking device, however, has generated plenty of friction in the judicial system, something that probably won't be resolved until the Supreme Court tackles it.




The FTC gets to brag, LifeLock get to keep on scamming?
Identity Theft Security Firm Fined $100 Million for Lapses
The US Federal Trade Commission said its settlement with LifeLock came after the company failed to comply with a 2010 federal court order requiring it to secure consumers' personal information and prohibiting deceptive advertising.
It is the largest monetary award obtained by the commission in an order enforcement action, the FTC said.
"This settlement demonstrates the Commission's commitment to enforcing the orders it has in place against companies, including orders requiring reasonable security for consumer data," said FTC Chairwoman Edith Ramirez.
A company statement Thursday said the settlement would "enable LifeLock to move forward with a singular focus on protecting our members from threats to their identity."
It said the allegations by the FTC related to ads and practices that have been discontinued.
"There is no evidence that LifeLock has ever had any of its customers' data stolen, and the FTC did not allege otherwise," the statement said.




Too many users (voters?) to lock them out for long.
Brazilian court reinstates WhatsApp
A Brazilian court dealt a legal victory Thursday to the popular app WhatsApp, hours after another judge suspended the messaging tool.
In the second ruling, the court found that it was unreasonable to cut off access to the app for tens of millions of people because the company failed to comply with a court order. Agence France-Presse said the service was working again in the country.




Isn't this similar to the Kim Dotcom argument?
Internet provider Cox Communications is responsible for the copyright infringements of its subscribers, a Virginia federal jury has ruled. The ISP is guilty of willful contributory copyright infringement and must pay music publisher BMG $25 million in damages.
Today marks the end of a crucial case that will define how U.S. Internet providers deal with online piracy in the future.
Following a two-week trial a Virginia federal jury reached a verdict earlier today (pdf), ruling that Cox is guilty of willful contributory copyright infringement.
The case was initiated by BMG Rights Management, which held the ISP responsible for tens of thousands of copyright infringements that were committed by its subscribers.
During the trial hearings BMG revealed that the tracking company Rightscorp downloaded more than 150,000 copies of their copyrighted works directly from Cox subscribers.
It also became apparent that Cox had received numerous copyright infringement warnings from Rightscorp which it willingly decided not to act on.
… A week before the trial started Judge O’Grady issued an order declaring that Cox was not entitled to DMCA safe-harbor protections, as the company failed to terminate the accounts of repeat infringers.
BMG also argued that the ISP willingly profited from pirating subscribers, but the jury found that there was not enough evidence to back this up.
The verdict is bound to cause grave concern among various other U.S. Internet providers. At the moment it’s rare for ISPs to disconnect pirating users and this case is likely to change that position.




Perspective. Gee, the TV Ads make it sound so much faster. Reality: The US isn't in the top 10.
Akamai: Global average Internet speed grew 14% to 5.1 Mbps, only 5.2% of users have broadband
Global average connection speeds rose 14 percent year over year to 5.1 Mbps in Q3 2015. Unfortunately, just over 5 percent of users now have broadband speeds of at least 25.0 Mbps. The latest figures come from Akamai, which today published its quarterly State of the Internet Report for Q3 2015.




Perspective.
12 Social Media Facts and Statistics You Should Know in 2016




Obey the law, become a victim? Should we program them to break the law when they think they can get away with it? With some simple analysis (which may already exist) we will know when humans are likely to “cheat” and just add that to their software.
Humans Are Slamming Into Driverless Cars and Exposing a Key Flaw
The self-driving car, that cutting-edge creation that’s supposed to lead to a world without accidents, is achieving the exact opposite right now: The vehicles have racked up a crash rate double that of those with human drivers.
The glitch?
They obey the law all the time, as in, without exception.
… “It’s a constant debate inside our group,” said Raj Rajkumar, co-director of the General Motors-Carnegie Mellon Autonomous Driving Collaborative Research Lab in Pittsburgh. “And we have basically decided to stick to the speed limit. But when you go out and drive the speed limit on the highway, pretty much everybody on the road is just zipping past you. And I would be one of those people.”




This may explain a lot…
Former top Clinton aide: 'I want to avoid FOIA'
A former top aide to Hillary Clinton appeared to joke with reporters that he wanted to avoid open records laws, years before his and other Clinton aides’ use of private email accounts became an issue for her presidential campaign.
“I want to avoid FOIA,” Philippe Reines, Clinton’s combative former adviser, wrote in an email to journalists Mark Halperin and John Heilemann in February 2009, referring to the Freedom of Information Act.
The email was revealed Thursday as part of a lawsuit launched by Gawker earlier this year.
The message was apparently sent before Reines took a job at the State Department and is being dismissed by his lawyers as a joke.
Yet critics of Clinton are likely to view it more seriously, given long concerns that the use of personal email accounts by Reines, Clinton and other top officials not only skirted government recordkeeping laws but may have jeopardized national security.


(Related) Maybe? Could this be a common practice?
Pentagon Chief Admits 'Mistake' in Using Personal Email
US Defense Secretary Ashton Carter acknowledged Thursday making a "mistake" when he used his personal email for government business in the early part of his tenure, triggering concerns hackers could access sensitive information.




Interesting App, but my wife, the “power shopper” has “Buy now, have husband pay later” as her operative philosophy.
Pinterest Launches A New Way To Track Price Drops On Buyable Pins
Pinterest has a new way to entice users to come back and buy things: keeping tabs on the price.
That comes in the form today of a new tool that helps Pinterest users monitor price drops on products they’ve pinned. When users save pins, they’ll get a heads up when a price drops in the form of an in-app notification and an email. They can then jump straight to that pin and make the purchase.
… In the end, this is likely about getting Pinterest users to come back and buy products on Pinterest. Though the company might not treat commerce as a strong monetization channel just yet alongside its advertising business, it helps get users to come back to Pinterest over and over again. That, in general makes the service more sticky — giving it an opportunity to better monetize its user base.




For my students who read!
Shelfie Helps You Find Ebook and Audiobook Versions of Books
Shelfie is a neat Android and iOS app that can help you find audiobook and ebook versions of your favorite books. To use Shelfie simply take a picture of a book and the app will search for an ebook or audiobook version of a book. Some of the ebooks and audiobooks that the app locates are free and others require a purchase. The app also allows you to create a shelf of your books.


Thursday, December 17, 2015

A very rapid government response! We will pay somebody to write a few report that we might read and then we will ask the President to promise to come up with a strategy before the next Ice Age.
Overnight Tech: House presses Obama to counter ISIS on social media
The House is pressing the Obama administration to articulate a broad strategy to thwart terrorists' use of social media.
The lower chamber by voice vote approved the Combat Terrorist Use of Social Media Act on Wednesday, which would commission a number of reports on the subject and require Obama to follow through on a commitment to present a broad strategy.


(Related) Would a Social Media monitoring program been of any use?
FBI director: San Bernardino shooters never expressed public support for jihad on social media
James Comey, the FBI director, said on Wednesday that there remained no evidence the couple who massacred 14 people in San Bernardino, California, on December 2 were part of an organized cell or had any contact with overseas militant groups.
Syed Rizwan Farook, 28, and Tashfeen Malik, 29, expressed support for "jihad and martyrdom" in private communications but never did so publicly on social media, Comey said at a news conference in New York City.




Dirverless cars are legal as long as they have a driver. Way to go California!
California Proposes Driverless-Car Rules
… The proposed rules hold motorists responsible for obeying traffic laws, regardless of whether they are at the wheel.
… California’s proposed regulations would require consumers to get a special state-issued driver’s certificate after receiving training from a car company on how to use a driverless vehicle.
… Auto makers would only be allowed to lease driverless cars, as opposed to selling them outright.




Should we consider this “e-contempt?”
Brazil Court Suspends Facebook’s WhatsApp for 48 Hours
A Brazilian state judge ordered the suspension of Facebook Inc.’s WhatsApp throughout Brazil for 48 hours early Thursday, disrupting the lives of tens of millions of Brazilians who use the messaging service.
A local judge in São Paulo state ordered the block after WhatsApp refused to cooperate with a criminal investigation, the court said in a statement. The court said that the decision was made amid a criminal procedure, but didn't provide more details, saying the case is under seal.
WhatsApp is hugely popular in Brazil, where roughly half of the country’s 200 million people use its free text and voice messaging functions regularly. Many poorer Brazilians depend exclusively on WhatsApp for their day-to-day communications.
… Local telecoms companies have been complaining for months that WhatsApp, particularly its free voice messaging service, is illegal. But the speed with which the block took place, and the lack of pushback from telecoms companies, came as a surprise to many here. Similar efforts to block WhatsApp and other services in the past have been rejected by higher courts before they could be enforced.
… WhatsApp competitors wasted little time in taking advantage of their rivals’ outage. Messaging service Telegram said early Thursday that more than 1.5 million Brazilians had downloaded its app since WhatsApp went offline.




Free isn't always free. And feedback from citizens may be drafted by Mark Zuckerberg.
Facebook’s “Save Free Basics In India” Campaign Provokes Controversy
Facebook is calling on Indian users to send an email to the Telecom Regulatory Authority of India (TRAI), asking the government agency to support its Free Basics program. The campaign, which shows up when users sign onto the social media platform and includes a pre-filled form so they don’t even have to write an email, has already proven controversial, with opponents saying its message undermines net neutrality in India.
… Free Basics, which became available throughout India last month, is a program by Facebook initiative Internet.org to provide basic Internet services, like search, Wikipedia, health information, and weather updates, for free to all users. While it sounds altruistic, Free Basics has the potential to draw reams of traffic to sites from certain providers (including Facebook) at the expense of others, which violates the principles of net neutrality. The TRAI plans to hold a hearing on net neutrality next month.




I wonder how many countries they will be willing to do this for. How big a market will it take?
Microsoft Unveils Plans for China Joint Venture
Microsoft Corp. disclosed new details of a plan to work with a Chinese partner to accelerate adoption of the Windows 10 operating system introduced last summer.
The company late Wednesday said it will set up a jointly owned entity with China Electronics Technology Group Corp., or CETC, a state-owned company that provides technology for Chinese military and civilian use. The venture will extend a relationship announced with CETC in September, Microsoft said.
That venture, tentatively called C&M Information Technologies, will be based in Beijing and will license, deploy, manage and provide technical support for Windows 10 for government agencies and government-owned institutions, said Yusuf Mehdi, a corporate vice president in Microsoft’s Window and devices group, in a blog post released to coincide with a news conference in Beijing.




While waiting for a ruling, I ran found this.
PROFESSOR LESSIG FROM HARVARD LAW SCHOOL PROVIDES EXPERT OPINION IN THE KIM DOTCOM EXTRADITION CASE
In submissions filed on September 16, 2015 by the Kim Dotcom legal team in District Court in New Zealand, Professor Lawrence Lessig, from Harvard Law School, provided his expert legal opinion on the United States Department of Justice's (DOJ) criminal allegations in the extradition record against Kim Dotcom and the others. Below are quoted excerpts from Professor Lessig's opinion.
EXCERPTS FROM THE OPINION




Will this make my students reconsider their job hunting strategy?
A New Kind of Employee Perk: Student-Loan Repayment
… Earlier this year, the accounting firm Pricewaterhouse Coopers announced that the company will offer to help associate-level employees (who make up 45 percent of PwC’s 46,000 U.S. employees) out with their student-loan debt starting mid-2016. PwC will contribute about $100 a month towards an employee’s student-loan principal for up to six years, for a total payout of $7,200. Since paying off loan principal will reduce interest, the company estimates that the benefit is actually worth up to $10,000.




Interesting. Let's hope they can analyze more areas and a more granular level. (e.g. What works best for programmers in Centennial vs. Denver.)
Textio, A Startup That Analyzes Text Performance, Raises $8M
… “We had this premise that word processing in text hadn’t been disrupted in a while, from command line to GUI,” CEO Kieran Snyder said
… Textio’s first tool looks at talent acquisition documents — like job postings — to determine how well they will perform among candidates. Certain words and layouts attract more candidates than others, Snyder found, and those predictive analytics are baked into the service. For example, Textio shows that job postings with bullet points tend to perform better than job postings without them.
… Textio recognizes more than 60,000 phrases with its predictive technology, Snyder said, and that data set is changing constantly as it continues to operate. It looks at how words are put together — such as how verb dense a phrase is — and at other syntax-related properties the document may have. All that put together results in a score for the document, based on how likely it is to succeed in whatever the writer set out to do.




More students game than I thought.
Pew Study – Gaming and Gamers
by Sabrina I. Pacifici on Dec 16, 2015
Pew Research Center Study: “About half of American adults (49%) “ever play video games on a computer, TV, game console, or portable device like a cellphone,” and 10% consider themselves to be “gamers.” A majority of American adults (60%) believe that most people who play video games are men – a view that is shared by 57% of women who themselves play video games. But the data illustrates that in some ways this assumption is wrong: A nearly identical share of men and women report ever playing video games (50% of men and 48% of women). However, men are more than twice as likely as women to call themselves “gamers” (15% vs. 6%). And among those ages 18 to 29, 33% of men say the term “gamer” describes them well, more than three times the proportion of young women (9%) who say the same…”


Wednesday, December 16, 2015

I guess Target didn't learn much from their massive security breach. If I had been teaching Ethical Hacking this Quarter, this would have made a nifty group project.
Dan Goodin reports:
According to researchers from security firm Avast, the database storing the names, e-mail addresses, home addresses, phone numbers, and wish lists of Target customers is available to anyone who figures out the app’s publicly available programming interface.
Read more on Ars Technica.
[From the article:
To our surprise, we discovered that the Target app’s Application Program Interface (API) is easily accessible over the Internet. An API is a set of conditions where if you ask a question it sends the answer . Also, the Target API does not require any authentication. The only thing you need in order to parse all of the data automatically is to figure out how the user ID is generated. Once you have that figured out, all the data is served to you on a silver platter in a JSON file.




Will reality match the dream?
Facebook, Google and Twitter agree German hate speech deal
Facebook, Google and Twitter have agreed a deal with Germany under which they will remove hate speech posted on their websites within 24 hours.
German Justice Minister Heiko Maas said the measures would ensure German law was applied online.
Social media cannot "become a funfair for the far right," he said.
The agreement follows reports of a rise [Rather vague. “Yeah, I read all about it in some Blog. They said they found more racist articles now that they can read.” Bob] in online racism in Germany as the country manages an influx of up to one million migrants and refugees in 2015.
… They would assess complaints using the benchmark of German law "and no longer just the terms of use of each network", he said.
"When the limits of free speech are trespassed, when it is about criminal expressions, sedition, incitement to carry out criminal offences that threaten people, such content has to be deleted from the net," Mr Maas said.




Completely optional, for now. Soon, “What do you have to hide?”
Rachel Emma Silverman reports:
Employers want workers to know what’s in their genes.
A handful of firms are offering employees free or subsidized tests for genetic markers associated with metabolism, weight gain and overeating, while companies such as Visa Inc., Slack Technologies Inc., Instacart Inc. recently began offering workers subsidized tests for genetic mutations linked to breast and ovarian cancer.
The programs provide employees with potentially life-saving information and offer counseling and coaching to prevent health problems down the road, benefits managers say.
Read more on WSJ.
What could possibly go wrong, right?




Perspective. That Internet of Things thing is growing in importance. (No hints about how this will work.)
IBM Bets on Watson With Global Research Center in Germany
… The company on Tuesday announced the opening of a new global headquarters and research lab in Munich for a division that will build Watson-based applications for Web-connected devices. The facility and eight other global centers are part of a $3 billion investment in the unit set out in March by Armonk, New York-based International Business Machines Corp.




Looks like Heartland has recovered from the 2008 breach (~100 million cards)
Global Payments to Buy Heartland Payment for $4.3 Billion
… “The combination of Global Payments and Heartland will be transformative for the worldwide payments industry,” Robert O. Carr, chief executive officer of Princeton, New Jersey-based Heartland, said in the statement.
As consumers replace cash and checks with electronic payments including credit cards and mobile phones, companies that process transactions are rushing to consolidate. Established firms are scooping up smaller competitors and merging with companies abroad, repositioning themselves as technology for handling transactions evolves.
… Global Payments had about 2.9 percent of the global transactions processing market in 2014, while Heartland had about 2.1 percent, according to the Nilson Report, an industry trade publication and data service.




I didn't think this would go over too well.
Philips Hue users outraged after firmware update blocks third-party light bulbs




There's an App for that! (Not really, but it won't be long.)
SEC Approves Plan to Issue Stock Via Bitcoin’s Blockchain
The Securities and Exchange Commission has approved a plan from online retailer Overstock.com to issue company stock via the Internet, signaling a significant shift in the way financial securities will be distributed and traded in the years to come.
Over the past year, Overstock and its freethinking CEO, Patrick Byrne, have developed technology for issuing financial securities by way of the blockchain, the vast online ledger underpinning the bitcoin digital currency. The blockchain is essentially an enormous database that runs across a global network of independent computers. With bitcoin, this ledger tracks the exchange of money. But it can also track the exchange of anything else that holds value, including stocks, bonds, and other financial securities. Overstock has already used the blockchain to issue private bonds, which did not require explicit regulatory approval. Now, the SEC has told the company it can issue public securities in much the same way.




Interesting (to me anyway) how closely this parallels what Prof. Soma has done for years at the Privacy Foundation seminars.
The New Rules of Presentations
… Make no bones about it – the defining factor in deciding where you sit on the presentation landscape is your audience. This might sound like I’m stating the blindingly obvious, but the reality is that few presenters make this leap. They’re too busy thinking about their slides, [Slides are forbidden. Bob] their breathing, or their attire to take a moment to ask themselves the simple question – how would the audience like to be presented to? Once you recognize that the audience is the most important stakeholder in the whole presentation process, it makes it a whole lot easier for presenters to focus on engaging with the people in front of whom they are standing.




Got Pi? (Registration with MakeUseOf required)
Download 4 Raspberry Pi eBooks For Free Right Now
Today, we have one of the coolest free eBook offers we’ve ever had. We’re talking about four free Raspberry Pi eBooks all in one awesome bundle! These books would normally sell for over $90, but until 12/20, you can get all of them for free!
… To redeem your copy and download the free eBook, just head over to this page and sign up for a free account.


Tuesday, December 15, 2015

Not much detail yet. Note that this is another young hacker (like those arrested for the TalkTalk hack). What are they feeding them in England?
UK Man Arrested In VTech Hack Investigation
A 21-year-old man has been arrested in the UK as part of an investigation into the attack on Hong Kong-based children’s toy maker VTech.
He was taken into custody this morning in Bracknell, Berkshire, on suspicion of two offences under the Computer Misuse Act 1990, the South East Regional Organised Crime Unit (SEROCU) announced.


(Related) This is not going to work.
Stefan Armitage writes:
… Now, the European Union is on the verge of implementing new laws that would see children under the age of 16 banned from Facebook, Snapchat, Instagram and email, unless they have parental permission. The new regulations would see the age of consent for websites to use personal date raise from 13 to 16-years-old.
Read more on The Viral Thread. Not surprisingly, there’s a lot of opposition to the proposal.




Not exactly hacking in to Apple. More like finding the results of phishing.
13 Million MacKeeper Users Exposed
The makers of MacKeeper — a much-maligned software utility many consider to be little more than scareware that targets Mac users — have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and, er…users. Perhaps more interestingly, the guy who found and reported the breach doesn’t even own a Mac, and discovered the data trove merely by browsing Shodan — a specialized search engine that looks for and indexes virtually anything that gets connected to the Internet.
IT helpdesk guy by day and security researcher by night, 31-year-old Chris Vickery said he unearthed the 21 gb trove of MacKeeper user data after spending a few bored moments searching for database servers that require no authentication and are open to external connections.




A lot of my students will be facilitating and (I hope) securing the BYOD world.
Bye-bye Intranet, Hello Mobile App
… "The corporate intranet in a mobile environment is lousy. How do you make it work with a two-and-a- half by 4-inch screen," said Jeff Corbin, founder and CEO of APPrise Mobile, provider of an application development platform that can be used to create native, mobile communications apps for employees, investors and conference attendees, among other audiences.




Has the “click-wrap license” spread off the Internet? Sounds like it.
Len Litchfield, M.D., writes:
So you are a health professional or knowledgeable consumer and think you understand the issues surrounding privacy and exchange of personal health information? So did I, until I recently became a patient and had the temerity (or is that foolishness and patience?) to actually read the consent when I went to the outpatient surgical center for a cancer screening procedure.
And what I read was — to say the least — disturbing. When it came to sharing my health information, there were no middle options: either it could be shared with other exchanges, vendors, consultants, and others nationwide, or I wouldn’t be able to get access when I really needed it — especially in an emergency situation.
Read more on MedPage Today.




Because they have something better?
Matt Reynolds reports:
Human Rights Watch on Monday dropped legal claims over a Drug Enforcement Administration bulk-surveillance program, confirming the database used to store call records was destroyed this year.
“Today we can declare victory and voluntarily dismiss our case,” Human Rights Watch senior coordinator Henry Peck said in a statement, adding that while bulk collection still continues overseas “we can celebrate a small victory for transparency and legality today, and hope for further victories to come.”
Read more on Courthouse News.




Should we “bulk collect” social media content? If not, how would we identify individuals with “jihadist tendencies?”
Immigration officials prohibited from looking at visa applicants' social media
Homeland Security Secretary Jeh Johnson decided against ending a secret U.S. policy that prohibits immigration officials from reviewing social media posts of foreigners applying for U.S. visas, according to a report by ABC News.
Johnson decided to keep the prohibition in place in early 2014 because he feared a civil liberties backlash and “bad public relations,” according to ABC.
… A DHS spokesman told ABC News that in the fall of 2014 after Cohen left, the department began three pilot programs to include social media in vetting, but officials say it's still not a widespread policy and a review is underway.




A draft regulation only 211 pages long? They're not taking this serious.
Press Release – FAA Announces Small UAS Registration Rule
The U.S. Department of Transportation’s Federal Aviation Administration (FAA) today announced a streamlined and user-friendly web-based aircraft registration process for owners of small unmanned aircraft (UAS) weighing more than 0.55 pounds (250 grams) and less than 55 pounds (approx. 25 kilograms) including payloads such as on-board cameras.
… Registrants will need to provide their name, home address and e-mail address. Upon completion of the registration process, the web application will generate a Certificate of Aircraft Registration/Proof of Ownership that will include a unique identification number for the UAS owner, which must be marked on the aircraft. [Those numbers will be for sale on the Dark Net shortly. Bob]
… The full rule can be viewed here: www.faa.gov/news/updates/media/20151213_IFR.pdf


(Related) What took you so long?
Critics threaten lawsuit over drone registration rules
… The Washington, D.C.-based Competitive Enterprise Institute said Monday the FAA violated federal requirements for allowing public comments on the drone registration proposal, which usually lasts for a period of 30 to 60 days.


(Related)
Your Kid Just Got a Drone. Should You Get Insurance?
… One of the only insurance policies designed to cover hobbyist drone pilots comes from membership in the Academy of Model Aeronautics, which charges adults $75 per year. All the group's 185,000 members enjoy $2.5 million in personal liability coverage from Westchester Surplus Lines Insurance, part of ACE Group, and $25,000 medical coverage.
“Most of the claims we have are small claims,” says Rich Hanson, the AMA’s director of government relations. The most common case involves an out-of-control drone flying into a car. The AMA declined to reveal how many claims on average are filed per year.
Homeowner policies at Allstate, one of the largest property insurers, will cover damage if a policyholder crashes a drone and damages someone else’s property. But a “first-party claim”—damage you do to your own home—isn’t covered, says Allstate spokesman Justin Herndon.


(Related)
Fuel cell keeps drones in flight for hours, not minutes




They will hold a grudge until you die, then have you stuffed.
The RIAA has scored another win in a prominent piracy lawsuit. The music group has prevailed in its case against the 'reincarnation' of the defunct Grooveshark music service, with a New York federal court granting more than $13 million in piracy damages plus another $4 million for willful counterfeiting.
Last May, Grooveshark shut down after settling with the RIAA. However, within days a “clone” was launched aiming to take its place.




Which reminds me…
Dotcom ditches Coatesville mansion
Kim Dotcom has moved out of the sprawling Auckland mansion that was the centre of the armed raid in which he was arrested in 2012.
The internet entrepreneur, who is waiting on a district court decision as to whether he should be extradited to the United States, will take up residence in an apartment on Princes Wharf from today.
He has also confirmed to RNZ he still owes about $2 million in outstanding legal fees to his former New Zealand lawyers.
Mr Dotcom began renting the mansion in Coatesville, north of Auckland, in 2010 at a cost of $1 million a year.
However, the ongoing cost of his legal battle to stay in New Zealand had forced him to downgrade his accommodation to a mere four-bedroom penthouse overlooking Waitemata harbour.




I thought the whole point was for everything to communicate.
Philips updates Hue firmware to block bulbs from rivals
It seems that the IoT wars are finally heating up and Philips may have just fired the opening shot. The company has just rolled out a firmware update to its Hue brand of network-connected smart bulbs and one of if not the most significant thing it does is to cut off connectivity with third party bulbs, which is to say smart bulbs from its rivals like GE. This will, at least for the time being, probably dash the hopes of some to have an interconnected smart home, or at least smart lighting, with IoT devices from different and competing brands.
Technically, Philips Hue bulbs speaks the language of Zigbee, a wireless communications protocol that many devices, including some routers and remote controls, support. The purpose of such standards is to actually make devices talk to one another. At least in an ideal world. Philips, however, would prefer not to be so communicative.




Another attempt to summarize Privacy.
NISO Releases Set of Principles to Address Privacy of User Data in Library, Content-Provider, and Software-Supplier Systems
by Sabrina I. Pacifici on Dec 14, 2015
“NISO [National Information Standards Organization] has published a set of consensus principles for the library, content-provider and software-provider communities to address privacy issues related to the use of library and library-related systems. This set of principles developed over the past 8 months focus on balancing the expectations library users have regarding their intellectual freedoms and their privacy with the operational needs of systems providers. The NISO Privacy Principles set forth a core set of guidelines by which libraries, systems providers and publishers can foster respect for patron privacy throughout their operations. The Principles outline at a high level basic concepts and areas which need to be addressed to support a greater understanding for and respect of privacy-related concerns in systems development, deployment, and user interactions. The twelve principles covered in the document address the following topics: Shared Privacy Responsibilities; Transparency and Facilitating Privacy Awareness; Security; Data Collection and Use; Anonymization; Options and Informed Consent; Sharing Data with Others; Notification of Privacy Policies and Practices; Supporting Anonymous Use; Access to One’s Own User Data; Continuous Improvement and Accountability.”




Perspective. Mostly some trivial(?) examples, but I see a trend here. Social media as ombudsman?
Did You Get Screwed By a Company? Take It to Twitter!




The hoopla is over. Should we buy them? (Anyone have a spare billion or two?)
Could A GoPro Downgrade Help Fuel A Buyout?
… The downgrade cited slower growth, higher inventory, slowing demand on the drone business and stagnating product growth. We first heard about it on Twitter.
… But let's take a look at the valuation. Do we think the company will be around in 10 or 15 years to be able to deliver the future earnings that you are paying for at today's price? Yes, we do. Also, the company has zero debt, and that leaves their balance sheet open for leverage in case they want to consider things like a stock buyback or taking on debt to acquire companies or finance future operations.




See what being politically correct will do to you?
New submitter scrote-ma-hote writes:
From stuff.co.nz, news comes that the Church of the Flying Spaghetti Monster is now able to solemnize marriages. The registration was listed in the NZ gazette yesterday. The Registrar-General decided that the Church met the criteria in New Zealand for solemnizing marriages, as per the Marriage Act 1955, namely that the "principal object of the organization was to uphold or promote religious beliefs, philosophical or humanitarian convictions."




Something for my students to use. Congress asks and these guys answer – then Congress ignores them.
CRSReports.com – free access to CRS Reports
by Sabrina I. Pacifici on Dec 14, 2015
CRSReports.com is a free web based repository of Congressional Research Service (CRS) Reports. This digital library is dedicated to hosting an extensive collection of CRS documents. All information provided by CRSReports.com is publicly available and can be accessed for free without sign-up or registration. This growing collection of CRS reports is made freely available to policy makers (including Hill staffers who while off of the Hill may decide not to login into the Capitol intranet) and other users for purposes beneficial to our political system and the public… CRSReports.com hosts but does not author CRS documents. CRS documents are written by the Congressional Research Service an information resource within the US Library of Congress. CRS does not serve members of the public directly, they focus solely on assisting and informing Congress. CRS serves the US federal legislative branch and in this manner indirectly serves the public.”
  • CRSReports.com – “The Internet’s largest free and public collection of Congressional Research Service Reports.”




For my students. Slow my video to ¼ speed and I'll still flunk you too fast to see! (The “F” is quicker than the eye.)
Speed Up Is YouTube’s Greatest & Most Underrated Feature
… After expanding the gear settings symbol with a click, you can disable annotations, change the video quality, edit subtitles, or change the speed — yes, YouTube allows you to play the video in normal time, sped up at 1.25x, 1.5x, or 2.0x speed, or slowed down to 0.5x or 0.25x speed.