Wednesday, July 27, 2016

Do you get the feeling that some people just don’t get the whole “security thing?”  (Note that in also offline.) 
Sometimes, I’d really love to know why.
Caitlin Mota reports:
Apparently, someone really doesn’t like Harrison.
Since the West Hudson town’s website was initially hacked on July 7,  Harrison’s website has been infiltrated seven more times in the past two weeks, officials said.
“These are highly intelligent criminals who seek to cause havoc and destruction in the cyber world,” said Nick Ayala of Scan Worx, the company that has managed the town’s website for eight years.  “Unfortunately, these are the times we live in.”
Harrison Mayor James Fife told The Jersey Journal this morning that the town’s website does not contain any private information and no “sensitive material” has been compromised.
[From the article:
Asked if he knew why his town's website -- which is currently offline -- is being targeted, Fife said it was "almost impossible" to determine.
"I don't know why, I don't think anyone knows," the mayor said. 
Ayala said Scan Worx has put in hundreds of hours working to repair the website, along with adding extra security features. [A typical response.  Why were they not there in the first place?  Bob]

For my Ethical Hacking students.  Yet another example of a “new” technology that security has not caught up with.  Encrypting communications has been around for thousands of years, but no one thought it might apply to them? 
Hackers Can Spy on Wireless Keyboards From Hundreds of Feet Away
   According to research published Tuesday by Bastille, a cybersecurity company, eight wireless keyboards manufactured by major electronics companies transmit information in a way that makes it possible for a hacker to eavesdrop on every sentence, password, credit card number, and secret typed on them.

(Related) Every new technology needs to re-invent the security wheel.
Wearables could compromise corporate data
As smartwatches and other wearables gain popularity, experts are warning of potential data security risks in workplaces.

Some employees have begun connecting their personal smartwatches with corporate Wi-Fi networks, which could mimic the problems caused when personal smartphones started showing up at work several years ago.  That earlier bring-your-own-device (BYOD) trend fostered an explosion of software products from various vendors for managing devices securely, alongside laptops and desktops.
   Gillespie is concerned that as smartwatches are allowed to attach to emails -- or internal productivity software in some cases -- vital corporate and personal data could be lost, stolen or corrupted.
The problem is only just emerging and few companies seem to understand the potential harms, Gillespie and others said.
"As of now, wearables and Internet of Things devices are not getting attached to employer networks and so it's not been viewed as a serious problem," Gillespie said in an interview.  "But I do think employer IT and HR departments should be aware that the consumer rollout of wearables has not been designed with enterprise data security in mind."

This is in Chicago.  Think it will spread? 
Joe Cadillic writes:
Nearly 1,500 people were arrested earlier this year, because they were put on a police ‘Strategic Subject List‘ (SSL).  The SSL was formerly called the ‘Heat List‘ which started in 2013.  (SSL is just another term for Predictive Policing)
According to CBS Chicago police are using an algorithm to predict who’ll commit a crime in the future!
The SSL uses an algorithm to try to predict who is most likely to be involved in a shooting – either as the shooter or victim – by analyzing data such as gang affiliations, criminal records, past shootings, and previous contact with police.
Read more on MassPrivateI.

Perhaps Bitcoin is becoming more acceptable?
Europe's first regulated bitcoin product launches in Gibraltar
Europe's first regulated bitcoin product - an asset-backed exchange-traded instrument that will invest exclusively in the digital currency - begins trading this week on the Gibraltar Stock Exchange and Germany's Deutsche Boerse.
The Web-based currency can be used to send money instantly around the world, free of charge and with no need for third-party checks.  It is accepted by several major online retailers and is used in more than 200,000 daily transactions.
Its value has been highly volatile, peaking at more than$1,200 in late 2013 before crashing after the collapse of the Mt. Gox bitcoin exchange.  It has since stabilized somewhat, trading at around $655 on Monday, up more than 50 percent this year.

(Related) It’s not money, but it is currency and you can buy stuff with it.  Got it? 
Bitcoin not money, Miami judge rules in dismissing laundering charges
A Miami-Dade judge ruled Monday that Bitcoin is not actually money, a decision hailed by proponents of the virtual currency that has become popular across the world.
In a case closely watched in financial and tech circles, the judge threw out the felony charges against website designer Michell Espinoza, who had been charged with illegally transmitting and laundering $1,500 worth of Bitcoins.  He sold them to undercover detectives who told him they wanted to use the money to buy stolen credit-card numbers.
But Miami-Dade Circuit Judge Teresa Mary Pooler ruled that Bitcoin was not backed by any government or bank, and was not “tangible wealth” and “cannot be hidden under a mattress like cash and gold bars.”
“The court is not an expert in economics; however, it is very clear, even to someone with limited knowledge in the area, the Bitcoin has a long way to go before it the equivalent of money,” Pooler wrote in an eight-page order.
   “This court is unwilling to punish a man for selling his property to another, when his actions fall under a statute that is so vaguely written that even legal professionals have difficulty finding a singular meaning,” she wrote.
The ruling was lauded by Bitcoin experts who believe the ruling will encourage the use of the virtual currency, and offer a roadmap to governments across the world that have struggled to understand and regulate it.
   Law enforcement has struggled to figure out how Bitcoin fits into illegal activities, and Espinoza’s case was believed to be the first money-laundering prosecution involving the virtual currency.
The controversial virtual currency allows some users to spend money anonymously and it can be also be bought and sold on exchanges with U.S. dollars and other currencies.
   Regulated services such as CoinBase, which operates similarly to PayPal, allow people to buy, sell and use the Bitcoins.  But authorities have raised concerns about the currency being used in the anonymous black market.
Most notoriously, Bitcoins were used to traffic drugs in the now-shuttered Silk Road network. In an unrelated South Florida case, a Miramar man got 10 years in prison after using Bitcoins to buy Chinese-made synthetic heroin from a Canadian prisoner.

For a second there, I thought LinkedIn was saying that PowerPoint sucked.  Apparently, PointDrive is more about tracking customer eyes.  Send them a bunch of data, find out what they looked at and then sell, sell, sell! 
LinkedIn acquires Chicago-based PointDrive
PointDrive, a Chicago-based presentation-sharing software startup, has been acquired by LinkedIn, the companies announced Tuesday.
   PointDrive, which CEO Bill Burnett launched widely in 2014, lets users create presentations and send them through its Web app or an email link.  The goal is to present files in a more organized, visually appealing manner than email attachments, and to collect analytics on when, for how long, and where recipients look at presentations.

Perspective.  Okay, I admit this one snuck up on me. 
Apple Pay Now Accounts for Three-Fourths of U.S. Contactless Payments

What do you bet that the US will double this amount next year?  (My tax dollars at work waste!)
U.S. Spent $1.4 Billion To Stop HIV By Promoting Abstinence. Did It Work?
In the past 12 years, the U.S. has spent more than $1.4 billion funding abstinence programs in Africa.  They're part of a larger program — called the President's Emergency Plan for AIDS Relief — aimed at stopping the spread of HIV around the world.
Many health officials consider PEPFAR a success. It is credited with giving lifesaving HIV drugs to more than 5 million people and preventing nearly 1 million babies from getting HIV from their mothers.
But a study, published Monday in Health Affairs, finds the abstinence programs have been a failure.
   The results were clear: PEPFAR funding wasn't associated with changes in young people's choices about sex. Bendavid and his team could find no detectable differences in the rates of teenage pregnancies, average number of sexual partners and age at first sexual intercourse in countries that had received PEFPAR money compared with those that hadn't.

I could use this to plan my IoT class!  Maybe.
Searching for the Internet of Things on the Web: Where It Is and What It Looks Like
by Sabrina I. Pacifici on Jul 26, 2016
Searching for the Internet of Things on the Web: Where It Is and What It Looks Like.  Ali Shemshadi, Quan Z. Sheng, Wei Emma Zhang, Aixin Sun, Yongrui Qin, Lina Yao  (Submitted on 23 Jul 2016).
“The Internet of Things (IoT), in general, is a compelling paradigm that aims to connect everyday objects to the Internet.  Nowadays, IoT is considered as one of the main technologies which contribute towards reshaping our daily lives in the next decade.  IoT unlocks many exciting new opportunities in a variety of applications in research and industry domains.  However, many have complained about the absence of the real-world IoT data.  Unsurprisingly, a common question that arises regularly nowadays is “Does the IoT already exist?”.  So far, little has been known about the real-world situation on IoT, its attributes, the presentation of data and user interests.  To answer this question, in this work, we conduct an in-depth analytical investigation on real IoT data.  More specifically, we identify IoT data sources over the Web and develop a crawler engine to collect large-scale real-world IoT data for the first time.  We make the results of our work available to the public in order to assist the community in the future research.  In particular, we collect the data of nearly two million Internet connected objects and study trends in IoT using a real-world query set from an IoT search engine.  Based on the collected data and our analysis, we identify the typical characteristics of IoT data.  The most intriguing finding of our study is that IoT data is mainly disseminated using Web Mapping while the emerging IoT solutions such as the Web of Things, are currently not well adopted.  On top of our findings, we further discuss future challenges and open research problems in the IoT area.”

Next best thing to having my students write their own textbook,
Opening the Textbook: Educational Resources in U.S. Higher Education, 2015-16
by Sabrina I. Pacifici on Jul 26, 2016
Opening the Textbook: Educational Resources in U.S. Higher Education, 2015-16  I. Elaine Allen, Ph.D. Professor of Biostatistics & Epidemiology, UCSF Co- Director, Babson Survey Research Group Jeff Seaman, Ph.D. Co- Director, Babson Survey Research Group.
Most higher education faculty are unaware of open educational resources (OER)–but they are interested and some are willing to give it a try.  Survey results, using responses of over 3,000 U.S. faculty, show that OER is not a driving force in the selection of materials – with the most significant barrier being the effort required to find and evaluate such materials.  Use of open resources is low overall, but somewhat higher for large enrollment introductory-level courses.”

“Lazy is as lazy does?”  I don’t play computer game (I stink at games) so this would be perfect for me.
The tireless, automated bots that want to play Pokémon Go for you
Last week, we took a look into the growing world of Pokémon Go hacks that reveal the location of usually hidden Pokémon nearby.  Now, a new wave of PC-based Pokémon Go "bots" take the hacking a step further, spoofing locations and automating actions to essentially play the game for you while you sit in the comfort of your own home.
There are a number of competing bots out there, from the open source Necrobot to the pre-compiled Pokébuddy to MyGoBot, which recently started charging $4.99 for its automation tool following a three-hour free trial.  All of them work on the same basic principles, sending artificial data to the Pokémon Go servers to simulate an extremely efficient, entirely tireless player.

(Related)  Like “SWATting, but for gamers.”  
Pokémon GO users PRANKED into stampeding local park to catch Mewtwo

(Related)  …which suggests this idea for a sting.
Cops should use the Pokemon Go craze to catch mobile phone thieves, urge politicians
The calls come after a reported spate of crimes has seen crooks mugging or attacking Pokémon Go players, who travel to real locations to collect items and catch monsters.
Vulnerable victims – many of whom are youngsters – are likely to be distracted while playing and holding their phones out in front of them, and they could be lured or tracked to isolated locations, a Tory warned.
Conservative London Assembly member Steve O’Connell said the Met should station cops near key “PokéStops” locations, that are likely to be used by lots of players.

No comments: