Saturday, December 26, 2015

Should we assume that TSA has discovered a major flaw in their pat-down procedure? Perhaps they are merely trying to justify spending all that money on a technology that wasn't being used? (Yeah, you challenge them. I'm walking.)
TSA Body Scan? Just Say ‘No’, Leading Expert Says
Passengers required by the Transportation Security Administration (TSA) to submit to a body scan can legally refuse, according to Marc Rotenberg, President of the Electronic Privacy Information Center (EPIC).
… On Friday, without notice, the Transportation Security Authority (TSA) implemented new procedures for airport security screening. TSA had been, until Friday, using a screening procedure that consisted of either an AIT body scan or a pat-down scan, at the passenger’s option. The legality (that is, constitutionality) of the security procedure encompassing a passenger’s option to choose an AIT scan or a pat-down scan was affirmed by the D.C. Court of Appeals in 2012, in the EPIC v DHS case mentioned above.
… What is different in the new security procedures is that TSA made the body scans mandatory for some people
… Jennifer Ellison and Marc Pilcher, attorneys in the TSA Office of Chief Counsel writing in “Advanced Imaging Technology (AIT) Deployment: Legal Challenges and Responses” emphasized the legal importance of pat-downs being a screening option.

A Glossary of WWI Soldier Slang

The Saturday sillies.
Hack Education Weekly News
… “Clinton: ‘I Wouldn’t Keep Any School Open That Wasn’t Doing A Better Than Average Job.’” No schools in Lake Wobegon will be required to close.
… Class Central has released its report on 2015 MOOC enrollment: “The MOOC space essentially doubled this year. More people signed up for MOOCs in 2015 than they did in the first three years of the modern MOOC space’s existence.”
Via Boing Boing: “In Texas, a 12 year old Sikh boy was arrested for ‘terrorism’ over a solar charger.”
… “Student Loan Subsidies Cause Almost All of the Increase in Tuition,” according to the Foundation for Economic Education.

Friday, December 25, 2015

IRS Still Working on the Hack of the Year
Ten months after a major hack into taxpayer information at the IRS, the Treasury Inspector General for Tax Administration says the IRS is still working on bolstering its Internet sign-in procedures.
Initially the IRS had said last May that more than 100,000 taxpayer records had been stolen. But then in August it tripled that estimate to 334,000. The IRS says hackers had made an estimated 615,000 attempts to break in, for a success rate of more than 50%.
… The IRS moved to close the gaps in this application starting last spring, and is now trying to come up with more secure sign-on procedures for taxpayers so they can access their tax information, says the new watchdog report.
The watchdog’s findings come as more than eight out of ten taxpayers use websites to get information about their tax payments, the IRS says. [Sounds high to me. Bob]

An interesting question. (Helps me outline my next Computer Security class.)
All Security Pros Want for Christmas: Smarter Users, Decoy Networks
People like to see gifts from their wish lists under the Christmas tree, and security pros are no exception. Here are things some cyberwarriors would like old St. Nick to deliver to them.
… smarter users who are less susceptible to social engineering
… more visibility into the threat landscape posed by social media.
… "I would love it if the vendors worked together more cooperatively.
… "I'd like the EU not to focus on data residency," he told TechNewsWorld. "Rather, I'd like them to focus on security and privacy of data."
… Parekh also would like vendors making goods and services for the Internet of Things to start thinking seriously about security.
… better intrusion-detection systems to nip threats before they can blossom

A Christmas present or hoping these get lost in the holiday?
Heavily redacted Benghazi emails released on Christmas Eve
The Office of the Director of National Intelligence (DNI) released a handful of sensitive documents Thursday morning dealing with terrorism suspect Anwar al-Awlaki and the terrorist attacks in Benghazi, Libya.
The Christmas Eve document dump includes 16 pages of heavily blacked-out emails about the events surrounding the 2012 terrorist attack on a U.S. diplomatic compound in Benghazi that killed four Americans.
The documents were released as part of a “proactive disclosure” under the Freedom of Information Act. The government and public relations firms have been known to release unflattering information around major holidays or weekends to blunt the news effect.

Sometimes words in an article just jump out at me. I wonder what other hacks are possible?
2016 BMW 7-Series
… Among the new safety features for the 2016 BMW 7 Series is an update to the adaptive cruise control designed to help drivers stick to posted speed limits. Using data from the navigation system and cameras that read traffic signs, the car prompts the driver when the speed limit is about to change.
… Speedy drivers can preselect by how much they’d like the system to automatically exceed the speed limit, up to 15 km/h (9.3 mph) over.

In case they let me teach Math again.

10 Good YouTube Channels for Math Lessons

Thursday, December 24, 2015

Must be easy to hack these systems.
Brian Krebs reports:
Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations.
Hyatt’s notice to customers has very few details about the investigation, such as how long the breach lasted or how many consumers may have had their card data stolen as a result. Hyatt did say that it has taken steps to strengthen its systems, and that “customers can feel confident using payment cards at Hyatt hotels worldwide.”
[From the article:
Hyatt joins a crowded list of other hotel chains similarly breached in the past year, including Hilton, Starwood, Mandarin Oriental, White Lodging and the Trump Collection.

We live in a complicated world. (Don't you love it when one lawyer can confuse another?)
Yesterday morning, some of were following up on a ProPublica report about a New Jersey clinic who, when suing patients for overdue accounts, included their diagnostic codes in materials sent to their collection agency. Those records – containing the patients’ names, diagnostic codes, and treatment codes – became part of public court records.
There were some interesting questions raised by the case. The Short Hills Associates in Clinical Psychology provides its patients with its notice of privacy practices, but when an aggrieved patient filed a complaint with HHS over the disclosure of his diagnostic code, OCR closed the case without action because the clinic – using paper records for transactions – was not a HIPAA-covered entity.
But what about the collection agency? If the clinic was not a HIPAA-covered entity, was the collection then not a Business Associate under HIPAA? At first blush, it might seem unreasonable to think that they could still be a business associate and subject to HIPAA’s restrictions on only disclosing what is necessary to obtain payment.
But Texas attorney Jeff Drummond raised some very interesting points in our discussion, including one that if the collection agency was a BA for any other entity, then they might be covered by HIPAA to protect all clients’ patient records.
Jeff has blogged about the issues raised by this case on HIPAA Blog. It’s a post – and interpretation of HIPAA – that I found surprising, to say the least. I would love to see a panel discuss this issue at a conference. In the meantime, I may shoot a link to it over to HHS to ask for their reaction.
In the meantime, go read Jeff’s post.

Is the FAA encouraging more restrictions or looking for better wording?
FAA Issues Fact Sheet on State and Local UAS Laws
by Sabrina I. Pacifici on Dec 23, 2015
December 17, 2015 – “The Federal Aviation Administration’s (FAA) new fact sheet on state and local regulation of unmanned aircraft systems (UAS) provides information for states and municipalities considering laws or regulations addressing UAS use. The document outlines FAA’s safety reasons for federal oversight of aviation and airspace, and explains federal responsibility in this area. The fact sheet provides examples of state and local laws affecting UAS for which consultation with the FAA is recommended, such as restrictions on flight altitude or flight paths, regulation of the navigable airspace, and mandating UAS-specific equipment or training. The fact sheet also gives examples of UAS laws likely to fall within state and local government authority, such as requirements for police to obtain a warrant prior to using UAS for surveillance; prohibitions on the use of UAS for voyeurism; exclusions on using UAS for hunting or fishing, or harassing individuals engaged in those activities; and prohibitions on attaching firearms or other weapons to a UAS.”

So you don't have to get x-rayed, unless you do. Can you then opt-out? Probably not.
Full-body TSA scans are mandatory for 'some passengers'
… Now the Advanced Imaging Technologies (AIT) using Automatic Target Recognition (ATR) will be mandatory in certain cases. Slashgear notes that prior to this the scanners were opt-in, and one could go through a contactless, non-imaging scan instead. That option will exist, but security agents can insist on mandatory screening "for some passengers." The argument the DHS gives (PDF) is that these scanners are more capable of detecting prohibited, non-metallic items that could be hidden under a few layers of clothing than a metal detector wand would be.

Evan I might read a couple of these.
11 Exceptional Legal Tech White Papers from 2015
by Sabrina I. Pacifici on Dec 23, 2015
LexisNexis Business of Law Blog: “White papers are a place for deep thinking – deep thinking that is data-driven. Combine that data with innumerable client engagements, from small law firms to large – and from corporate legal departments to legal services bureaus – and we’re able to chronicle insights for the market in neatly packaged white papers. As part of our 2015 roundup series, here’s an at-a-glance listing of many of the white papers we’ve publish this year.”

Perspective. Free is not always trusted.
Facebook goes all out for saving Free Basics in India
NEW DELHI: Social media giant Facebook has started an aggressive campaign in India to gather public support for its free internet platform 'Free Basics.'
… The Telecom Regulatory Authority of India (Trai) has asked RCom to keep the service in abeyance till there is a decision on its consultation process around differential pricing of data by operators is sorted out. The last date for public comments on Trai's paper is December 30.
… The regulator has received close to 5.7 lakh [570,000 Bob] comments out which over 5.5 lakh comments are through Facebook's campaign.

I will not use this line on my students. I will not use this line on my students. I will not use this line on my students.

Wednesday, December 23, 2015

Hard to tell how good this guy was. He could have tried to Phish thousands of “celebrities” and only managed to get to 130. (Apparently it is mandatory for celebrities to have sex tapes.)
Feds arrest hacker for stealing scripts, celeb identities and sex tapes
The Department of Homeland Security has arrested and charged (PDF) a man from the Bahamas for stealing unreleased movie/TV scripts along with celebrities' files and sensitive information. According to The New York Times, the 23-year-old hacker named Alonzo Knowles contacted a radio host in an effort to sell his loot, which included the scripts for six episodes of a hit drama currently being filmed. When the unnamed host got in touch with Homeland Security, the agency cooked up a sting operation and had him put Knowles in touch with an undercover investigator posing as a buyer.
… The accused allegedly tried to sell the agent 15 scripts and the social security numbers of two athletes and a movie actress for $80,000. He also showed the agent a sex tape, saying that it's merely a "sample of things [he] can get" -- he had "more stuff along these lines and can get more" if the buyer was interested.
… He reportedly admitted to the undercover agent that when it was too difficult to hack a particular celebrity, he would look at pictures online to see who his friends are and then hack them instead. He'd also send fake automated text messages telling recipients that their accounts had been hacked, and some people actually replied with their passwords. Other times, he'd send a virus to celebrities' computers to infiltrate their systems.

Is government really able to run anything?
Inslee: Error releases up to 3,200 inmates early
For three years, state Department of Corrections staff knew a software-coding error was miscalculating prison sentences and allowing inmates to be released early. On Tuesday, Gov. Jay Inslee gave the damning tally: up to 3,200 prisoners set free too soon since 2002.
The problem stemmed from “good time” credits applied to certain prison sentences, and was discovered, according to the Corrections Department, only after a victim’s family alerted officials in 2012 that they might be planning to release an offender too early. Once the broader problem was discovered, a scheduled software fix got caught up in repeated IT delays, yet to be explained.
“That this problem was allowed to continue to exist for 13 years is deeply disappointing,” Inslee said. “It is totally unacceptable, and frankly it is maddening.”
… The governor ordered the DOC to halt all releases of prisoners whose sentences could have been affected until a hand calculation is done to ensure offenders are being released on the correct date. [Why not three years ago? Bob]

For my Canadian students, eh?
Howard Solomon reports:
Of all the publicly-disclosed data or privacy breaches in this country in 2015, one topped them all by a wide margin: Ashley Madison.
With over 30 million records exposed from the dating site, a $578 million class action suit filed against parent Avid Life Media, the CEO resigning after his emails were published, the attack is easily one of the largest reported in Canadian history.
But it’s easy for infosec pros to sit back and think, ‘Thank Gawd my company isn’t such a big fat target.’ Instead, they should remember all of the smaller breaches that happened this year as a lesson that corporations and government departments aren’t the only targets. Here’s just three of them:
Read more on IT World Canada, where Solomon actually mentions a number of incidents, including a few you may not have heard about.

Economics and debasing a virtual currency?
Rand – National Security Implications of Virtual Currency
by Sabrina I. Pacifici on Dec 22, 2015
Joshua Baron, Angela O’Mahony, David Manheim, Cynthia Dion-Schwarz: “This report examines the feasibility for non-state actors, including terrorist and insurgent groups, to increase their political and/or economic power by deploying a virtual currency (VC) for use in regular economic transactions. A VC, such as Bitcoin, is a digital representation of value that can be transferred, stored, or traded electronically and that is neither issued by a central bank or public authority, nor necessarily attached to a fiat currency (dollars, euros, etc.), but is accepted by people as a means of payment. We addressed the following research questions from both the technological and political-economic perspectives: (1) Why would a non-state actor deploy a VC? That is, what political and/or economic utility is there to gain? How might this non-state actor go about such a deployment? What challenges would it have to overcome? (2) How might a government or organization successfully technologically disrupt a VC deployment by a non-state actor, and what degree of cyber sophistication would be required? (3) What additional capabilities become possible when the technologies underlying the development and implementation of VCs are used for purposes broader than currency? This report should be of interest to policymakers interested in technology, counterterrorism, and intelligence and law enforcement issues, as well as for VC and cybersecurity researchers.”

To steal a line from Jaws, “We're gonna need a bigger jail!” (This guy makes me look anorexic.) But wait! The fun is not over yet!
Kim Dotcom Eligible to Be Extradited to U.S., New Zealand Court Rules
Internet entrepreneur Kim Dotcom and three co-defendants are eligible to be extradited to the U.S. to face charges including criminal copyright infringement, money laundering and conspiracy to commit racketeering, a New Zealand court ruled on Wednesday.
… His New Zealand-based lawyer Ron Mansfield told The Wall Street Journal that Mr. Dotcom is positive he can succeed in the higher courts in New Zealand. “We’ve just got through the starter’s gates, we haven’t lost the race. We remain pretty confident.”

Interesting, it is. This Infographic, you should see.
Wait, The Force Awakens Made How Much?

Free is good!
Free eBook Today Only: ‘Preserving Your Privacy in Windows 10
This free eBook is available today (12/23) only! Don’t miss out!

Tuesday, December 22, 2015

Can a breach provide a competitive advantage? Was Lambert linked to the hacker and not the hack? Not much to go on here.
DOJ investigating data breach at Uber
The Department of Justice is probing a data breach at Uber that an internal investigation reportedly linked to an employee at rival service Lyft, Reuters reported late Friday.
Uber has said that the data breach last year may have affected tens of thousands of drivers, exposing their identities and drivers license numbers.
Uber's internal investigation reportedly linked the initial data breach to a Comcast IP address belonging to Chris Lambert, the chief technology officer at rival service Lyft. A separate IP address reportedly executed the hack; that user remains unidentified.
… Lambert’s attorney says the software engineer has signed a sworn statement saying he was not involved in the hack. He told Reuters he expected an investigation would clear his client.

Incentive for my Computer Security students?
Cybersecurity Market Reaches $75 Billion In 2015, Expected To Reach $170 Billion By 2020
… According to IDC, the hot areas for growth are security analytics / SIEM (10%); threat intelligence (10% +); mobile security (18%); and cloud security (50%).
… There’s a huge cybersecurity market emerging around protecting cars from being hacked.
… Cybersecurity insurance is one of the fastest growing sectors in the insurance market, according to the PwC Global State of Information Security Survey 2016. A recent PwC report forecasts that the global cyberinsurance market will reach $7.5 billion in annual sales by 2020, up from $2.5 billion this year.

(Related) The subtitle for my Computer Security class is “How to Commit Computer Crime.”
How to Think Like a Hacker and Act Like a Security Pro
A rite of passage for new parents is child-proofing—securing the home from threats to children. Most experts on the subject highly recommend that parents make their way around the house on their hands and knees in order to experience the environment from a child’s perspective. This may be the only way to see the threats that aren’t obvious from an adult’s point of view.
The same is true when building security into an application. Obviously, there are lists of common vulnerabilities and other guidance in the form of best practices to consider. However, to really protect software you need to consider the hacker’s point of view of the application. You need to think like a hacker, but act like a security pro.

Betting on litigation. A new area for my Statistics students to ponder?
Caterpillar ordered to pay $73.6M to tiny British firm for stealing design
A federal jury has ordered Peoria-based Caterpillar to pay a small British firm $73.6 million for ripping off its design for a piece of heavy-duty construction equipment.
… Miller's victory was good news for Highland Park-based Arena Consulting, which helped bankroll the suit in return for a cut of the jury award.
So-called litigation financing is a growing but controversial industry. Supporters say it levels the playing field, allowing small-time litigants to have their day in court against wealthy defendants, but critics say giving outside investors a stake in the outcome of a case can skew the litigants' decision making.

Interesting. So what do we do about it?
… Some scholars argue nations must take a rigorous approach to understanding how people become radicalized — and, just as importantly, that religion itself is not the main motivation.
A substantial number of radical Islamic terrorists are recent converts who know surprisingly little about Islam, Olivier Roy, a professor at the European University Institute in Italy and well-known analyst of Islamist terrorism, said in a recent lecture, where he attempted to lay out “a scientific perspective on the causes/circumstances” of people joining radical groups.
… No comprehensive data exists on the militants who have joined the Islamic State and other organizations, but Roy has analyzed individual stories of the path to radicalization — saying that we must first understand radicalization before we can hope to prevent or reverse it.
4. Most radicals are motivated by the desire to be a hero, to do violence or get revenge.

Own everything from purchase to delivery? Interesting analysis.
An In-Depth Analysis Of Plans For An Amazon Airline
After over a month of speculation, more details are beginning to emerge surrounding Amazon's rumored plan to launch an in-house freight airline. The rumor started with someone close to the talks posting on an online forum stating that Amazon is working to create the world's largest overnight parcel service within 2 years. The source stated Amazon would not buy an existing company as it did not want to inherit the problems so instead resorted to launching its own operation. In this article, I go into detail about the implications of such an operation for Amazon financially, structurally and the risks associated with such a venture.
… Amazon has been quietly building up sorting centers across the country, replacing work that was previously done by FedEx and UPS
… Some impressive numbers to note are a 1% market share in U.S domestic parcel deliveries ($800 million), contract logistics ($2.5 billion), and freight forwarding ($1.7 billion) would add $5 billion in annual revenue to Amazon.

Humor is truth.
Strategic Humor: Cartoons from the January-February 2016 Issue

Proof that I am (almost) completely out of touch.
The Best of the ‘Best Of’ Lists
The best of the ‘Best Movies of 2015’
The best of the ‘Best Television Shows of 2015’
The best of the ‘Best Television Shows of 2015’
The best of the ‘Best Albums of 2015’

Monday, December 21, 2015

Infiltrated is not the same as disrupted. Think of it as building roadmaps for later use.
Danny Yadron reports:
Iranian hackers infiltrated the control system of a small dam less than 20 miles from New York City two years ago, sparking concerns that reached to the White House, according to former and current U.S. officials and experts familiar with the previously undisclosed incident.
Read more on WSJ.
[From the article:
Security experts say companies have done little to protect these systems from would-be hackers.
“Everything is being integrated, which is great, but it’s not very secure,” said Cesar Cerrudo, an Argentine researcher and chief technology officer at IOActive Labs, a security-consulting firm. At a hacker conference last year in Las Vegas, Mr. Cerrudo wowed the audience when he showed how he could manipulate traffic lights in major U.S. cities.
Operators of these systems “don’t think about security,” he said.

Not just educating employees, but keeping them alert. What would a serious hacker do?
Robin Sidel reports:
Terrified by a string of recent hacks, banks are spending billions of dollars trying to fend off a faceless army of digital intruders.
But the biggest threats may come from within.
Banks fear a growing number of employees are unwittingly exposing valuable information to hackers or in some cases leaving digital clues that make a breach possible. To boost their defenses, firms are banning workers from using portable devices such as USB drives, warning employees to be careful what they post on social media and even discouraging workers from posting “out-of-office” replies on their emails.
Read more on Nasdaq.

A backgrounder for my Ethical Hacking students.
Juniper Firewall Backdoor Password Found in 6 Hours
Networking and security company Juniper Networks revealed last week that it had identified unauthorized code in ScreenOS, the operating system powering the company’s NetScreen firewalls.
The vulnerabilities have been analyzed by several external researchers. Fox-IT experts said it took them just 6 hours to find the password for the ScreenOS authentication backdoor.
After analyzing the differences between the vulnerable and patched versions of ScreenOS, Rapid7’s HD Moore determined that the authentication backdoor, which can be exploited via SSH or Telnet, involves the default password <<< %s(un='%s') = %u
This backdoor password, which was presumably set this way so that it would be mistaken for one of the many debug format strings present in the code, can be leveraged by an attacker who knows a valid username for the device.
On one hand, it’s difficult to say if this vulnerability has been exploited in the wild since even though an unauthorized access attempt would normally be logged, it’s easy for an attacker to delete the relevant log entries. However, as Moore has highlighted, the logs might be sent to a centralized server, which could result in an alert being triggered.

It's not Hillary's fault. (Bet you never expected to see those words on this Blog) No politicians understand technology and that's Okay. Very few politicians bother to ask the people who do know and that's the problem.
Clueless Hillary Clinton On Encryption, Doesn't Understand The Concept Of The 'Back Door'
… On one hand, Clinton doesn't want back doors, but on the other, she wants law enforcement to be able to gain access to data if needed. She seals the deal with: "I just think there's got to be a way, and I would hope our tech companies would work with government to figure it out." Making matters worse she ponders, "maybe the back door is the wrong door?"
Clinton went on to say that maybe we need a "Manhattan-like project" [Because politicians understand spending lots and lots of money Bob] to accomplish this goal. What she doesn't seem to realize is that what she's effectively asking for is a back door, and as soon as any company (or person, for that matter) deliberately punches a hole in their product's security, it's no longer secure. Period.

Tim Cook says there isn't a trade-off between security and privacy
In a strong defense of encryption, Apple's CEO Tim Cook said that there can be no trade-off between privacy and national security when it comes to encryption.
"I think that's an overly simplistic view. We're America. We should have both," he told Charlie Rose on CBS' 60 Minutes program on Sunday, according to a transcript of the interview posted online.

What does this suggest? If it sounds foreign, kill it? (Agrabah is the country from Disney’s “Aladdin”)
We asked the Agrabah question to Dem primary voters too. They oppose bombing 'it' 36/19, while GOP supports bombing 'it' 30/13

Perspective. Just because I find it amusing. What would have happened if this was an auction?
Over ten million fans tried to buy tickets to Adele's North American tour
… When tickets for Adele's North American tour went on sale Wednesday morning, the virtual box office was literally crushed when over ten million fans rushed the site. Up for grabs were some 750,000 tickets for her 25 album tour across the continent.
… Just how unprecedented was the demand? Ticketmaster says that the ten million-plus figure represents an "all-time record," and according to Billboard's source, over four million tried to buy tickets for the six shows in New York City alone. Perhaps the craziness isn't so surprising considering sales of Adele's 25, which crushed all single-week records.

Perspective. Another of those “Year End” articles. Some charts are interesting even to me.
Goldman Sachs: 21 of the World's Most Interesting Charts
… While there are loads of billion-dollar startups in the software and internet sectors, education and energy are still a relatively small portion of that space.
… Taking a look at the largest companies in 2005 and comparing it to the largest firms in 2015 shows how important tech has become in the economy.
… the top-earning YouTube channels, with a toy review channel and Taylor Swift's VEVO account earning the most and garnering more than 250 million views per month.

Perspective. Most of my students are over 25.
The first website went online 25 years ago today
Tim Berners-Lee's first World Wide Web page flickered to life at CERN on December 20th, 1990.

Sunday, December 20, 2015

Interesting, but it seems to perpetuate the fallacy that Healthcare requires unique security tools or techniques. Why does that not surprise me? 90 days to create a new bureaucracy, look at other industries rather than your own needs, get the taxpayer to give them all that for free – how typical.
Beth Kutscher reports:
The healthcare information technology sector is hailing healthcare-specific cybersecurity provisions that have made their way into the massive omnibus legislation that Congress passed on Friday.
The $1.1 trillion spending and tax extender bill, which is now on its way to President Barack Obama, includes language that closely follows the recommendations from the Healthcare Information and Management Systems Society and other groups, which have pushed for greater government support for combating cyber threats.
Read more on Modern Healthcare.
[From the article:
The legislation creates a healthcare industry cybersecurity task force (PDF) to be established within the law's first 90 days. The task force will study how other industries combat cyber threats as well as the technical and other challenges that make the healthcare industry vulnerable to attacks.
It also calls for a single pipeline of actionable information on cyber threats that could be accessed in real-time and at no cost. Access to that information is currently cost-prohibitive to small and mid-size healthcare organizations, said Samantha Burch, HIMSS' senior director of congressional affairs.

This is political speak, right? You don't think he actually believes that? To actually do that, you would need to know that “Evil Isis Guy” uses the nom-de-guerre “Ronald McDonald”
Obama Says the Feds Vet Social Media Before Issuing Visas
… Today, during his year-end press conference, President Barack Obama attempted to clarify what social data is and isn’t included in the vetting process. “Our law enforcement and intelligence professionals are constantly monitoring public posts, and that’s part of the visa review process,” he said. What the government doesn’t have access to, he said, are the multitude of private email, chat, and text platforms that we all use on a daily basis.

Interesting. Will this cause states to require commercial licenses for Uber drivers?
Uber-Style Flight-Sharing Service Shot Down by U.S. Court
An Uber-style business that connects private pilots with travelers willing to split fuel costs and other expenses was shot down by a Washington, D.C., court.
The judges on Friday declined Flytenow Inc.’s request to review a Federal Aviation Administration ruling that pilots who use the service to find passengers must have commercial licenses. connects members who share expenses in exchange for flights on a route predetermined by the pilot. AirPooler Inc. offers a similar service that was also blocked by the FAA’s rules, which rejected the idea that cost-sharing is different from a commercial aviation operation.

(Related) Another way to speed your commute.
Inaugural routes include flights from Denver’s private airport in Centennial (APA) to Aspen, Vail-Eagle & Telluride.

Facebook Dominates Nielsen List of 2015's Most Popular Apps
Once again, Facebook was the most popular app of the year with nearly 127 million users logging on each month.
The social network handily beat YouTube, which came in second on Nielsen's "Top Smartphone Apps of 2015" list with 97.6 million users.
Facebook saw an 8 percent increase from 2014, when it topped the list with more than 118 million users. Another one of the company's apps, Facebook Messenger, jumped to the third spot in 2015 with more than 96 million users, up from around 53 million last year.

Reading is good.
Despite predictions, print books are alive and well
by Sabrina I. Pacifici on Dec 19, 2015
Pleased to share this article via Quartz – Against all odds, print books are on the rise again in the US
“For the last half decade, ever since digital books and e-readers first came on the scene, news headlines have been at war. “The physical book is dead,” some reports declared, while others vehemently argued for the eternality of the printed word. Data, actually, supports the latter sentiment. At least in the US, sales of physical books have experienced a renewed surge of interest, according to Nielsen BookScan, a data provider that collects data on roughly 85% of the print market. As of early December 2015, Nielsen says, around 571 million paper books have been sold in the country—a modest but noticeable increase over the 559 million sold in 2014.”

It's scary how closely this matches the way some of my students write.