Tuesday, June 14, 2016
Not bad for a country that probably doesn’t have 140,000 computers the south could hack into in retaliation.
Jack Kim reports:
North Korea hacked into more than 140,000 computers at 160 South Korean firms and government agencies, planting malicious code under a long-term plan laying groundwork for a massive cyber attack against its rival, police in the South said on Monday.
South Korea has been on heightened alert against cyber attacks by the North after Pyongyang conducted a nuclear test in January and a long-range rocket launch in February that led to new U.N. sanctions.
The North has always denied wrongdoing.
Read more from Reuters on Business Insider.
See also FedScoop for how U.S. fighter jet blueprints wound up in the breach.
A bad year keeps getting worse?
Paul Wagenseil reports:
If you’re suffering from data-breach fatigue, tough luck. LeakedSource, the shadowy website that broke the recent news of the LinkedIn and MySpace breaches, today (June 13) announced that 51 million account credentials for iMesh, a defunct file-sharing service, were being sold online.
Read more on Tom’s Guide.
In its blog post, LeakedSource explains:
iMesh.com (now defunct) was hacked on September 22nd, 2013. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data.
Strange that this is now one of the first questions asked after a mass shooting.
Orlando shooter used Samsung phone: report
FBI Director James Comey on Monday declined to tell reporters whether the Orlando shooter’s communications were encrypted, but reports indicate that he likely used an Android device — not an iPhone.
Since very few Android devices boast stiff encryption, should those reports be confirmed, investigators would likely be able to access the contents of gunman Omar Mateen’s device without technical assistance from the manufacturer.
Comey said Monday that investigators know the make of the phone but that he could not reveal it. [I wonder why? Bob]
A new buzzword. The trick is to ensure the identifiable data gets deleted after it is merged with the database.
Apple Touts 'Differential Privacy' Data Gathering Technique in iOS 10
With the announcement of iOS 10 at WWDC on Monday, Apple mentioned its adoption of "Differential Privacy" – a mathematical technique that allows the company to collect user information that helps it enhance its apps and services while keeping the data of individual users private.
… Wired has now published an article on the subject that lays out in clearer detail some of the practical implications and potential pitfalls of Apple's latest statistical data gathering technique.
Differential privacy, translated from Apple-speak, is the statistical science of trying to learn as much as possible about a group while learning as little as possible about any individual in it. With differential privacy, Apple can collect and store its users' data in a format that lets it glean useful notions about what people do, say, like and want. But it can't extract anything about a single, specific one of those people that might represent a privacy violation. And neither, in theory, could hackers or intelligence agencies.
Wired notes that the technique claims to have a mathematically "provable guarantee" that its generated data sets are impervious to outside attempts to de-anonymize the information. It does however caution that such complicated techniques rely on the rigor of their implementation to retain any guarantee of privacy during transmission.
You can read the full article on the subject of differential privacy here.
(Related) Would Differential Privacy work here? No. You need the name of the student who borrowed the book.
Planet Biometrics reports:
Plans by Western Australian high schools to use fingerprint and other biometric authentication methods for library loaning and attendance have been criticised by privacy advocates.
Churchlands Senior High School plans to install biometrics finger scanning for library book withdrawals this year and Byford Secondary College and Atwell College have used biometrics to monitor student attendance since 2014.
The plans have been described as “overkill” by Biometrics Institute privacy expert group chairman Terry Aulich.
Read more on Planet Biometrics.
So if I get encrypted data I have to treat it exactly like a particular type of unencrypted data even if I have no way of knowing it is that type of data?
David Zetoony of Bryan Cave writes:
There is no shortage of data-privacy and security laws in the United States. By our count there are now about 300 state and federal statutes. They include breach-notification laws, data-disposal laws, data-safeguard laws, payment card information-protection laws … the list goes on and on. Many of these laws, and practical strategies for managing compliance with them, are discussed in a Washington Legal Foundation Contemporary Legal Notes paper I authored, Data Privacy and Security Practical Guide for In-House Counsel.
Nonetheless the push continues to be a push for more regulation to make sure that the consumer data held by companies is secure.
Quantity does not, in this case, equal quality. In fact, it means the opposite.
Read more on Lexology to find out what Zetoony does recommend.
Perhaps my Statistics students could design and execute an analytics program. It might teach them a lot!
Jarrett Carter writes:
The concept of academic intrusion isn’t novel, but the usage of monitoring technology invites a lot of questions and possibilities for things that can go wrong. Institutions should be extraordinarily careful not to paint a particular type of student with data points on academic performance, without the investment in the human resources to help these students manage the issues which may be causing poor performance.
Factors like how often one visits the cafeteria or swipes into the library could be indicators of how much time a student spends on campus, and since national data show more students are opting out of dorms, they could lead to false correlations.
Read more on EducationDive.
The always mysterious ways of the Justice Department? This article suggests they are coming in on Facebook’s side. Why?
In “an unusual move,” US government asks to join key EU Facebook privacy case
The US government has asked to be joined as a party in the Irish High Court case between the Austrian privacy activist and lawyer Max Schrems, and the social network Facebook. In a press release, Schrems called this "an unusual move."
… Schrems speculated that the US government has made this move because it wanted to defend its surveillance laws before the European Courts. "I think this move will be very interesting," he told Ars. "The US has previously maintained that we all misunderstood US surveillance."
The Court of Justice of the European Union struck down the Safe Harbour agreement between the EU and the US largely because of fears that personal data sent from the EU to the US would be subject to US surveillance without sufficient safeguards. The latest move seems to be an attempt by the US government to convince European courts that personal data is adequately protected when it is transferred to the US.
But as Schrems notes in his press release, the US government's bold approach carries risks.
… Schrems told Ars that he hopes to use this unexpected opportunity to grill the US government to the maximum. "Now they have every chance to make their point, but we also have every chance to ask questions they have previously not had to respond to."
… Since the invalidation of the Safe Harbour framework, many companies have turned to so-called "model contracts" as a way of ensuring that the data transfers across the Atlantic comply with EU privacy laws. However, as Schrems points out, "this shift in the legal basis does not remedy the fact that Facebook is still subject to US mass surveillance laws and programs, which the CJEU already found to be conflicting with EU law."
The current action in the Irish High Court will play a major role in establishing whether that is the case, which no doubt partly explains the US government's unusual intervention.
(Related) I think the previous article got it right. Justice is not going to like the questions asked about surveillance.
Levi Pulkkinen reports:
The Justice Department has sued the city of Seattle in an effort to hide details of FBI surveillance efforts in the city.
Attorneys for the federal government are seeking a court order preventing the city from releasing Seattle City Light documents related to FBI-operated surveillance cameras installed on power poles. In a lawsuit filed Monday, the U.S. Attorney’s Office contends the information requested through Washington’s Public Records Act would expose the covert video surveillance effort.
Read more on Seattle PI.
Update: And they got a temporary injunction.
Will pressure from the Feds always outweigh pressure from the voters?
New Hampshire once had the strongest protections in the nation for the privacy of its drivers. State officials were explicitly prohibited from participating in any way with national licensing databases, and neither photo enforcement nor automated license plate readers (ALPR, also known as ANPR) could be used, with the exception of license plate readers on toll roads. Governor Maggie Hassan (D) set a different course last month as she signed legislation eliminating these protections.
House Bill 1154 repealed the existing prohibition on “highway surveillance.” In its place is a blanket authorization allowing any law enforcement agency in the state to use camera systems to record the movements of motorists with license plate reader systems. The state attorney general will have the authority to audit any department’s use of license plate cameras. The revised language, which takes effect July 18, does not authorize the use of red light cameras or speed cameras.
[From the article:
The governor also signed House Bill 1616, which brings the state in line with the federal driver's license system established under Real ID. Previous law prohibited any participation in the national program.
Remember the old days, when I sent you ads when you landed on my web page?
Yeah, but they became annoying, so I blocked them.
I know, then I had to find software that detected and avoided you Ad Blocker.
And I found software that detected you Anti-Ad Blocker and blocked it.
(You can guess the next 600 lines of this dialog.)
The Rise of the Anti-Ad Blockers
As consumer adoption of online ad-blocking tools continues to grow, publishers and media companies are experimenting with various ways to limit the impact of ad-blocking on their businesses.
That’s given rise to a new breed of “anti-ad-blockers”, or technology companies hoping to cash in on the situation by selling software designed to counteract the effects of ad-blocking.
PageFair, Sourcepoint, Secret Media and Admiral are among the companies currently in the market pitching publishers that technology. The companies are taking somewhat different approaches to the issue, but they all promise media companies one thing: to help recapture revenues lost because of ad-blocking users.
Microsoft is changing its business model and not everyone is happy. Not sure Bill Gates would have/could have done this.
Microsoft is adding LinkedIn to its professional network
Microsoft is buying LinkedIn for $26.2 billion
… The two companies cater to similar customers. Under Nadella's tenure, Microsoft has sought to become a cloud-computing powerhouse that largely serves businesses. LinkedIn also primarily targets professionals and is the United States' 11th-largest website by traffic and visitors, according to the online index Alexa. In a sign of LinkedIn's importance to corporations, executives have been known to publish blog posts on the platform that act as corporate statements.
… LinkedIn is a major brand name with 433 million users and $3 billion a year in revenue, according to a company-wide email that Weiner sent to staff.
… Microsoft may also capitalize on Lynda.com — a LinkedIn-owned website offering online courses on everything from big data to design and marketing — to become a leader in professional development, she added.
4 Reasons Microsoft Wasted $26.2 Billion To Buy LinkedIn
… It fails the four tests of a successful acquisition.
While the deal certainly rescues LinkedIn from a huge growth problem that slashed the value of its shares in February, it is unclear how Microsoft will generate a return on that $26.2 billion investment.… Here’s why I believe the deal fails the four tests.
1. Industry is not attractive.
If the industry of business social networking were attractive, LinkedIn — which is a leader — would likely enjoy the economies of scale needed to make it profitable. But the company lost $166 million on $2.9 billion in sales in 2015.
To be sure, LinkedIn considers it unsophisticated for people to look at its Generally Accepted Accounting Principles (GAAP) net income. Instead, it wants analysts to value it based on Earnings Before Interest Taxes Depreciation and Amortization (EBITDA) which strips out stock-based compensation.
This reveals another fundamental flaw with the industry — profits are so slim in the industry that LinkedIn must use more stock than its peers to attract and retain talent. [Worked out pretty good for the talent, didn’t it? Bob]
2. Combined companies will not be better off.
There is no scenario I can envision in which the combined companies will be better off.
While I have no doubt that Microsoft will try to use the 433 million people who have their profiles on LinkedIn to sell them software and services, there is no reason to believe that Microsoft has the strategic skills needed to revive LinkedIn’s growth.
3. Microsoft will not earn a positive net present value on its investment.
To be sure, I have not reviewed the financial projections on which Microsoft justified paying a near 50% premium for LinkedIn.
But since LinkedIn is losing money, there is little reason to believe that Microsoft will boost its cash flow — which has fluctuated from negative to positive over the last few years — enough to earn back the $26.2 billion it is paying.
4. It will be difficult to integrate the two companies.
How will Weiner continue to be CEO of LinkedIn? Sure he can keep the title if he wants — but he will report to Nadella instead of a board of directors. So he is no longer CEO.
What process will he have to go through if he wants to introduce a new service, make an acquisition, or target a new set of customers?
It is also unclear why employees will want to stay at LinkedIn once it is owned by Microsoft.
(Related) Harvard will see your four and raise you three more.
7 Ways Microsoft Can Make LinkedIn Worth $26 Billion
… Microsoft is known for overpaying for its acquisitions, including Skype, Nokia’s handset business, aQuantive, and the attempted deal for Yahoo. So how can it avoid repeating its past mistakes?
I like to go to the big used book sales the libraries hold once or twice a year. Often, on the last day they let you fill a grocery bag for 5 or six bucks. Then I grab anything that looks like it will fit in the bag. This is clearly more scientific.
5 Curious Ways to Find Interesting Books to Read
Because you never know when a dancing gerbil could become your best illustrator of quantum computing?
3 Best Tools to Make Animated GIFs Images on Windows