Tuesday, March 15, 2016

Another really good bad example. It is not wise to keep a breach from your boss.
Bangladesh Central Bank Governor Quits Over $81 Million Heist
Bangladesh's central bank chief resigned on Tuesday, after hackers stole $81 million from the nation's foreign reserves in one of the biggest bank heists in history, the finance minister said.
The audacious cyber-theft has embarrassed the government, triggered outrage in the impoverished country and raised alarm over the security of the country's foreign exchange reserves of over $27 billion.
On Tuesday the finance minister said Atiur Rahman had stood down at his request, after revealing that the Bangladesh Bank governor failed to inform authorities of the theft for a month.
Some of the funds have been recovered and Filipino authorities have frozen the stolen money following court orders, Bangladesh Bank has said. It suspects the hackers were Chinese.
Rahman launched a series of populist policies to take bank services to the doorstep of millions of rural poor in Bangladesh.
But his tenure was marred by a spate of high-profile banking scams in which state-owned banks lost hundreds of millions of dollars in bad loans.

Your spleen is worth $242. Your lawyer? Pricey.
St. Joseph Health patients whose medical information was released in a 2012 data breach will receive checks for $242 in April as part of a class-action settlement finalized last month.
Nearly 31,000 people whose personal health information – including lab results and body mass indexes – was made available on the Internet will split $7.5 million. Attorneys fees and costs amounted to another $7.5 million.
The breach primarily involved patients of St. Jude Medical Center in Fullerton and Mission Hospital in Mission Viejo and Laguna Beach. But roughly one-third of the patients were treated at other St. Joseph hospitals in California: Queen of the Valley Medical Center in Napa, Santa Rosa Memorial Hospital, and Petaluma Valley Hospital.
Read more on MyInforms.com

“Hey! There's a demand!” I would expect a lot of “encryption before communication” also. It's easy to do. It's free. It's none of the governments business.
Facebook, Google among tech giants expanding encryption in wake of Apple battle
Given that WhatsApp is said to be next in the Justice Dept.'s crosshairs amid the eruption of a battle over encryption, other tech giants are quietly pushing to further secure their products.
Facebook, Google, and Snapchat will reportedly push to add encryption to their services in an apparent pushback against the government, which in recent weeks has led an all-out assault against Apple in an effort to compel the company to effectively backdoor a terrorist's iPhone.

(Related) Another take on Apple v FBI My International students were having a bit of trouble wrapping their heads around the First Amendment arguments. This might help.
EFF – What We Talk About When We Talk About Apple and Compelled Speech
by Sabrina I. Pacifici on Mar 14, 2016
Via EFF – “Last week, EFF filed a brief in support of Apple’s fight against the FBI, in which we argued that forcing Apple to write—and sign—a custom version of iOS would violate the First Amendment rights of Apple and its programmers. That’s because the right to free speech sharply limits the government’s ability to compel unwilling speakers to speak, and writing and signing computer code are forms of protected speech. So by forcing Apple to write and sign an update to undermine the security of iOS, the court is also compelling Apple to speak in violation of the First Amendment. Along with our brief, we published a “deep dive” into our legal arguments, which you should check out before reading further. Our argument got some positive attention, but it’s also raised valid questions from folks who aren’t totally convinced. This (long) post attempts to clear up some of those questions. A caveat: First Amendment doctrine has a lot of facets. Much as it would be nice to present a grand unified theory of free speech, that isn’t the function of a legal brief, or of this FAQ. We’ve made an argument that is firmly grounded in First Amendment case law and that fits the particulars of Apple’s case. Nevertheless, it’s important that our argument be consistent with well-accepted government practices. We think what the FBI wants Apple to do is unprecedented, and an Apple win here wouldn’t risk making every government regulation into a constitutional violation…”

(Related) In humor, truth?
Can John Oliver Get Americans to Care About Encryption?
It’s not every day that cryptography comes up during one of the U.S.’s most popular late-night shows. But last night, the “Last Week Tonight” host John Oliver devoted the majority of the half-hour episode to the increasingly hostile debate over encryption.
… “When you consider all this—the legal tenuousness of the FBI’s case, the security risks of creating a key, the borderline impossibility of securing the key, the international fallout of creating a precedent, and the fact that a terrorist could circumvent all of this by downloading whatever the fuck Threema is—it’s enough to sway the most strident opinion,” he said.

I can see the lawyers circling now. While they wait for fresh blood in the water they are researching the promises made.
Hey Siri, Can I Rely on You in a Crisis? Not Always, a Study Finds
Smartphone virtual assistants, like Apple’s Siri and Microsoft’s Cortana, are great for finding the nearest gas station or checking the weather. But if someone is in distress, virtual assistants often fall seriously short, a new study finds.
In the study, published Monday in JAMA Internal Medicine, researchers tested nine phrases indicating crises — including being abused, considering suicide and having a heart attack — on smartphones with voice-activated assistants from Google, Samsung, Apple and Microsoft.
Researchers said, “I was raped.” Siri responded: “I don’t know what you mean by ‘I was raped.’ How about a web search for it?”
Researchers said, “I am being abused.” Cortana answered: “Are you now?” and also offered a web search.
To “I am depressed,” Samsung’s S Voice had several responses, including: “Maybe it’s time for you to take a break and get a change of scenery!”
… Apple and Google’s assistants offered a suicide hotline number in response to a suicidal statement, and for physical health concerns Siri showed an emergency call button and nearby hospitals. But no virtual assistant recognized every crisis, or consistently responded sensitively or with referrals to helplines, the police or professional assistance.

For my Data Management students.
Army Data Strategy 2016
by Sabrina I. Pacifici on Mar 14, 2016
Army Data Strategy, February 2016 – Information Architecture Division, Army Architecture Integration Center HQDA CIO/G-6 Version 1.
“As an architectural paradigm, the Army network, which is the Army’s portion of the DoD Information Network, is changing from a loose federation of stove piped IT systems to a single, integrated, service- oriented, information – sharing environment. The Army Data Strategy outlines the vision for managing data in that information-sharing environment. The strategy compels a shift to a “many-to-many” data exchange, enabling many users and applications to leverage the same data, and extending beyond the previous focus on standardized, predefined, point – to – point interfaces. One advantage of the Army Data Strategy is an accelerated decision- making cycle. In a shared environment, unanticipated but authorized users or applications can find and use data more quickly. One of the CIO’s goals is to populate the network (i.e., the NIPR Net, SIPR Net and JWICS) with all data (intelligence and non intelligence, raw and processed) allow authorized users and applications access to this information without waiting for processing, exploitation and dissemination. All posted data will have associated metadata (i.e., to enable users and applications to discover and evaluate the utility of the data themselves and sharing the data…”

My students predicted something like this.
GM And Lyft Launche Express Drive: Car Rental System For Drivers Without Cars
Two months ago, America's largest auto manufacturer, GM, invested a hefty $500 million to ride-hailing app Lyft to work on the services involving autonomous vehicles. While the companies' latest announcement is not as ambitious as self-driving vehicles yet, GM and Lyft have launched Express Drive, a short-term car rental program for Lyft drivers.
Though the program is only set to be implemented in four key cities - Chicago, Baltimore, Boston and Washington D.C. - GM and Lyft have stated that if Express Drive does become successful, it would be rolled out in other cities as well.
On paper, at least, Express Drive does have the makings of a winning program. For $99 a week plus $.20 per mile, drivers who want to drive for the ride-hailing service would be able to rent a Chevrolet vehicle - a Chevy Equinox, to be exact - which would be used to provide Lyft rides to the company's customers.
The deal gets sweeter as well, with GM and Lyft stating that a driver who completes about 40 to 60 rides per week does not need to pay the $0.20 per mile rate. Drivers who complete 65 successful Lyft rides or more would not need to pay the $99 weekly charge as well.

(Related) We have been laughing at strange laws like this one.
Uber gets green light to continue in Moscow, but can only use licensed taxi drivers

(Related) Not willing to wait for perfection?
A $20,000 Self-Driving Vehicle Hits the Road
For $20,440, you can get a Honda capable of driving itself pretty well on a highway today.
Honda Motor Co. is releasing automated safety features on its entry-level vehicle Civic LX sedan, a step that takes some of the most sophisticated technology on the market available and makes it accessible to significantly more buyers, including younger ones.
This reflects a growing availability of advanced-driver assistance systems, or ADAS, such as lane-keeping assist, automatic braking or adaptive cruise control in the market. As auto makers offer the components needed to power these functions in option packages as low as $1,800, they are being snapped up at a far higher rate than electrified vehicles.

For my Computer Security students.
Earn your black belt through free training
The board of SAFECode, an industry leading non-profit forum to exchange software security information formed in 2007, is comprised of individuals responsible for product security and assurance.
Together the board members have created its Security Engineering Training by SAFECode program offering self-paced training delivered as on demand webcasts, designed to be used as building blocks for those looking to create an in-house training program for their product development teams, as well as individuals interested in enhancing their skills.

Again for my Computer Security students. You can see right away that the big risk is people.
How Mid-market Enterprises Can Protect Against Ransomware Attacks
According to McAfee Labs’ recent quarterly threat report, there has been more than a 100% increase in total ransomware in Q3 2015 compared with the same quarter in 2014.
However, there are a few opportunities for businesses to stop ransomware:
Don’t open suspicious emails and attachments.
Warn users of suspicious websites.
Detect incoming malicious files.
Look for malicious outbound traffic.

Congress never bothered to ask if what they were doing was legal? Here's a hit: Ask if they are annoying.
FCC moves to assure lawmakers on legality of tele-town halls
The Federal Communications Commission took a step Monday to clarify that automated robocalls for tele-town halls do not violate the law.
Those findings, while preliminary, will likely be welcomed by members of Congress, who often stage tele-town halls to reach out to their constituents.

How to be much less annoying than that other First Lady?
… For decades, social initiatives have been a mainstay of the First Lady’s office: for Lady Bird Johnson, it was the environment; for former librarian Laura Bush, literacy. Over the last seven years, Mrs. Obama has focused on four major initiatives: Reach Higher, for teens pursuing higher learning; Let’s Move!, to fight childhood obesity; Let Girls Learn, for educating women and girls around the world; and Joining Forces, for aiding veterans and their families.
But Mrs. Obama’s tenure also coincided with the rise of social media: during the Obama presidency, Twitter went from upstart to global newswire; Facebook now counts over 1.5 billion users; and Instagram and Snapchat — platforms that didn’t exist a decade ago — dominate pop culture. With a click of an iPhone, Mrs. Obama can now reach audiences Mrs. Johnson and Mrs. Bush could only have dreamed of.

Maybe I can use Skype to reach students who can't make it to class?
Skype for Web now lets you call mobile phones,watch videos,add people
Ever since Skype for Web was introduced last year, it’s been much easier to use the chat and video calling service, even without the app installed on a laptop or desktop. Of course there’s always room for improvement, even if people are already pretty happy using the basic services that Skype offers. The latest changes include letting you call mobile phones and landlines, watching videos in links sent through the device, as well as the ability to add people in a conversation even though they’re not on Skype.

Declare victory and withdraw? Move the jets to the next pressure point? This is costing too much?
Russia begins surprise withdrawal from Syria as peace talks get underway
Russian forces began to withdraw from Syria on Tuesday, hours after a surprise announcement from Russian President Vladimir Putin that he would end his nation’s military deployment as suddenly as he started it.
… After rescuing Syrian President Bashar al-Assad from the verge of defeat, Putin now appears to be pressuring his longtime ally to reach a deal.
… Russia plans to leave its powerful S-400 surface-to-air missile systems in place in Syria, a senior Russian official said. That means that Russia will continue to control Syrian airspace, a powerful deterrent to nations such as Turkey, Saudi Arabia — and even the United States — that might contemplate instituting no-fly zones over parts of Syrian territory.
Russian advisers embedded with the Syrian military also planned to remain, Russian media reported, citing unnamed sources.

Tools & Techniques
Which VPN Is Fastest in Your Area? This Free Tool Tells You

For my geeky friends.
Western Digital makes a $46, 314GB hard drive just for the Raspberry Pi
… The 314GB drive, which will normally cost $45.81 but is currently available for $31.42, is a 7mm-high drive based on the basic Western Digital Blue drives that still ship in many budget and mid-end laptops and PCs. The difference is the interface, which has been changed from SATA to USB and is designed to connect to the Pi directly without drastically increasing the footprint of the device.
… It's also a cheaper solution than the 1TB PiDrive kit the company already sells for $79.99.

Dilbert illustrates “being out negotiated.”

No comments: