Saturday, March 12, 2016

All you have to do is ask and all secrets will be revealed!
Another day, another successful phish compromising employee data.
Add Endologix to any list you’re compiling. You’ve probably already added Seagate, right? DataXu may also have been a victim of this type of attack; it’s not totally clear from their notification.
And did I remember to tell you about Information Innovators? Or that York Hospital might have been hit the same way (it’s hard to be sure from their notification)? And maybe Turner Construction? I’m pretty sure I already told you about Central Concrete, but at this point, my head is spinning from all the reports, so maybe I forgot.
And if your business has escaped so far, be sure to use this opportunity to warn all your employees about this type of attack.

My Computer Security class was trying to figure out how to steal a Billion yesterday. None of my students thought that detailed instructions and codes would be available online. We were convinced they had to have inside help.
Serajul Quadir reports:
Investigators suspect unknown hackers installed malware in the Bangladesh central bank’s computer systems and watched, probably for weeks, for how to go about withdrawing money from its U.S. account, two bank officials briefed on the matter said on Friday.
More than a month after hackers breached Bangladesh Bank’s systems and attempted to steal nearly $1 billion from its account at the Federal Reserve Bank of New York, cyber security experts are trying to find out how the hackers got in.
The hackers appeared to have stolen Bangladesh Bank’s credentials for the SWIFT messaging system, which banks around the world use for secure financial communication.
Read more on Reuters.

No doubt we will laugh at this later, and Apple will offer FBI Special Agents huge discounts on the next generation iPhone.
Apple Legal Chief Eviscerates ’Cheap Shot Brief’ As FBI Threatens To Demand iOS Source Code
The battle between Apple and the FBI over unlocking the iPhone 5c belonging to one of the San Bernardino mass shooters is getting nasty — really nasty. Although Apple and the U.S. Government are set to see each other in court on March 22nd, the two have been playing up their respective sides of the story to the public for weeks.
… But perhaps the most troubling part of the document [to Apple] is the government’s statements that it could simply force Apple to hand over its source code if it doesn’t comply with the unlocking demands. “The FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature.
“The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labour by Apple programmers.”
… "It seems like disagreeing with the Department of Justice means you must be evil and anti-American." said Sewell during a conference call with reporters yesterday afternoon. “The tone of the brief reads like an indictment. We’ve all heard director Comey and Attorney General Lynch thank Apple for its consistent help in working with law enforcement. Director Comey’s own statement… that there are no demons here? We certainly wouldn’t conclude it from this brief.

(Related) The Bully Pulpit should not be used to spread Bull@#$%! Just saying.
Michael D. Shear reports:
President Obama said Friday that law enforcement must be legally able to collect information from smartphones and other electronic devices, making clear, despite divisions in his administration, that he opposes the stance on encryption taken by technology companies like Apple.
Speaking to an audience of about 2,100 technology executives and enthusiasts at the South by Southwest festival here, Mr. Obama delivered his most extensive declarations on an issue that has split the technology community and pitted law enforcement against other national security departments. Mr. Obama declined to comment specifically on the efforts by the F.B.I. to require Apple’s help in gaining data from an iPhone used by one of the terrorists in the December attack in San Bernardino, Calif.
But the president said that America had already accepted that law enforcement can “rifle through your underwear” in searches for those suspected of preying on children, and he said there was no reason that a person’s digital information should be treated differently.
Well, he just lost my vote. Oh, wait…
Read more on the New York Times.
[From the article:
“If, technologically, it is possible to make an impenetrable device or system, where the encryption is so strong that there is no key, there is no door at all, then how do we apprehend the child pornographer?” Mr. Obama said. “How do we disrupt a terrorist plot?” [Perhaps the President is deliberately forgetting that we found Osama bin Laden without even seeing his messages, let alone breaking encryption. Bob]

(Related) Here is a company that says they CAN do it. Why doesn't the FBI ever ask them?
Microsoft: We Store Disk Encryption Keys, But We’ve Never Given Them to Cops

(Related) Wharton talks about Apple v FBI. No conclusions.
Apple vs. the FBI: What It Means for Privacy and Security
The subject of corporate constitutional rights is of great interest to professors Eric Orts and Amy Sepinwall from Wharton’s legal studies and business ethics department. Perhaps presciently, they recently penned the article, “Privacy and Organizational Persons,” in the Minnesota Law Review that foreshadowed this debate.

This is not a bad idea (giving credit where due) A better idea would be to publish the code and pay a bounty to anyone who identifies a bug.
Leveraging American Ingenuity through Reusable and Open Source Software
Today, we’re releasing for public comment a draft policy to support improved access to custom software code developed for the Federal Government.
… And if you want to see how these projects are doing, the General Services Administration’s government analytics platform—which gives users a peek into how people are interacting with the government online—released its code to the public, which has already been used by local governments.

Old technologies are scrambling to learn how new technologies can keep them in business.
Here's why GM is buying an autonomous driving software firm
General Motors announced Friday that it's acquiring Cruise Automation for Cruise's deep software talent and rapid development capability -- a move designed to further accelerate GM's development of autonomous vehicle technology.
Over the past two months, GM has entered into a $500 million alliance with ride-sharing company Lyft; formed Maven – its personal mobility brand for car-sharing fleets in many U.S. cities – and established a separate unit for autonomous vehicle development.
"This acquisition announcement clearly shows that GM is serious about developing the technology and controlling its own path to self-driving and driverless vehicles," said Egil Juliussen, research director for IHS Automotive.

Ford Creates New Business Unit Chaired by Ex-Steelcase CEO
Ford is creating a new unit tasked with investing in and building out the automaker’s transportation services, a business segment that includes car-sharing and ride-hailing.
The private subsidiary, called Ford Smart Mobility, will be based in Palo Alto, Calif. with offices in Dearborn, Mich., and will be chaired by Jim Hackett, former chief exec at Mich.-based office furniture company Steelcase, the company said.

So, all I have to do is link Amazon to my bank account? What could possibly go wrong?
Capital One to let users pay bills via Amazon’s Echo
Capital One has teamed with Amazon to let owners of Amazon’s Echo smart speaker system pay their bills and get other account information through voice commands.
Amazon’s Echo speakers use a voice-command service called Alexa to help users perform various tasks, such as turning on smart lights, playing music or setting a kitchen timer. The number of so-called “skills” Alexa can perform has been growing since the Echo became widely available last year and now numbers more than 100.
The Capital One service will be the first time a credit-card company has been involved, however. Capital One will let users check their credit card balance, review recent transactions, pay their credit card bill and perform other tasks simply by talking to the device.
Users can sign up for the service via the Amazon Echo setup app. There they can set up a checking account link if they want to pay their credit card balance via the Echo.

Because governments throw money at anything that promises to educate children?
Amazon eyes up education, plans a free platform for learning materials
Back in 2013, Amazon acquired (and continued to operate) online math instruction company TenMarks to gain a foothold in the online education space. Now it looks like Amazon is taking those learnings to the next level. The e-commerce giant plans to launch a free platform for schools and other educators to upload, manage and share educational materials. Signs indicate that the platform will be based around open educational resources (OER) and will come with a ratings system and interface that will resemble the commercial many of us already know and use.
Earlier this month, Amazon Education quietly opened an “Amazon Education Wait List,” where educators could sign up to get an alert for when a new, free platform opens for business.
… The development comes at an interesting time, with companies like Apple and Google also sizing up how their own platforms and hardware can play a bigger role in education services (and where they might not). Amazon has made a point of noting that its OER platform will be free and unlimited, but it comes amid a wider education play that is more revenue focused.
… Whether this is free or not, the wider e-learning market is massive, and something that Amazon, a bookseller at its heart that already has students and teachers as customers, cannot ignore. One researcher estimates that by 2022, it will be worth $244 billion globally, up from $165 billion in 2014.

Another week closer to being educated.
Hack Education Weekly News
… The state of California is weighing outlawing classes that “without educational content.”
Via the San Jose Mercury News: “Responding to overwhelming public protest, a federal judge has backtracked on the potential release of records for 10 million California students – and decided that they won’t be provided to attorneys in a special-education lawsuit.”
… “Universities Are Becoming Billion-Dollar Hedge Funds With Schools Attached,” writes Astra Taylor in The Nation.
… McGraw-Hill issued a press release, touting that “in 2015 unit sales of digital platforms and programs exceeded those of print in its U.S. Higher Education Group for the first time.”
… Elsewhere in e-book-related news: “B&N Ed Retires Its Digital Textbook Platform, Replaces It With VitalSource.” And a nice reminder, as the NOOK pulls out of the UK, meaning customers might lose access to the digital materials they’ve purchased: “You Don’t Own Your Ebooks.”
… Volley has raised $2.3 million in seed funding from Zuckerberg Education Ventures and Reach Capital. Via Techcrunch: “‘This is so fast it feels like cheating’ students tell Volley. The education startup’s app lets students point their phone’s camera at a textbook page or piece of homework, and instantly see resources about key facts and tricky parts, prerequisites, and links to snippets of online classes or study guides that could help.” The startup plans to build “learning algorithms,” according to Edsurge.

Friday, March 11, 2016

For my Computer Security students. You do not have to be overly smart to be a hacker. Only persistent. If you are trying to steal a Billion dollars, you should probably hire someone who can read & write English and any other language you are likely to encounter.
The Telegraph reports:
A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion (£700 million) heist last month involving the Bangladesh central bank and the New York Fed, banking officials said.
Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history.
The hackers breached Bangladesh Bank‘s systems and stole its credentials for payment transfers, two senior officials at the bank said. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank’s account there to entities in the Philippines and Sri Lanka, the officials said.
Read more on The Telegraph.
[From the article:
Hackers misspelled "foundation" in the NGO's name as "fandation", prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said.

Unfortunately, this case won't be resolved before my Computer Security class ends. Probably not before many of my students graduate. Let's hope it is resolved before they retire. (Wired even highlighted the juicy parts)
Government Calls Apple’s iPhone Arguments in San Bernardino Case a ‘Diversion’
The government says the security and privacy issues raised by Apple and numerous other tech companies about a court order in the San Bernardino iPhone case are mere diversions designed to hide the fact that Apple has deliberately created technical barriers to avoid assisting the government with lawful warrants. The government made the assertion in a brief filed in court today.
“Instead of complying, Apple attacked the All Writs Act as archaic, the Court’s Order as leading to a ‘police state,’ and the FBI’s investigation as shoddy, while extolling itself as the primary guardian of Americans’ privacy,” the government wrote in its brief, filed in the US District Court for the Central District of California (.pdf). “Apple’s rhetoric is not only false, but also corrosive of the very institutions that are best able to safeguard our liberty and our rights: the courts, the Fourth Amendment, longstanding precedent and venerable laws, and the democratically elected branches of government.”

(Related) I was surprised to learn that my students use 3 or four messaging Apps each, and now here's another. No doubt the FBI will want them to break their security too. (Just a note: If terrorists used this App it would be re-encrypted by Apple's iPhone. If the FBI could break Apple's encryption, they would find more encryption. Welcome to the modern world!)
Wire, the messaging app backed by Skype’s Janus Friis, gets video calls and message encryption
It’s been more than 15 months since Wire entered the competitive messaging app fray with the promise to build a Skype for the modern age — a promise given real credence by the backing of Skype cofounder Janus Friis.
Available for Android, iOS, and desktop, Wire is making good on that promise today by introducing video calls to the messaging mix. “It has consistently been our most requested feature,” explained Friis, who serves as executive chairman of Wire. In addition, Wire is also rolling out end-to-end encryption for messaging, a feature that has been available on voice calls since the app’s launch back in 2014.
“We are introducing privacy features that will keep our personal, private conversations on Wire out of the growing online data economy, where private user data is being harvested to build profiles and target us with advertising,” added Friis.

Is this why we tend to mistrust the FBI?
Andrew Crocker writes:
EFF recently received records in response to our Freedom of Information Act lawsuit against the Department of Justice for information on how the US Marshals—and perhaps other agencies—have been flying small, fixed-wing Cessna planes equipped with “dirtboxes”: IMSI catchers that imitate cell towers and are able to capture the locational data of tens of thousands of cell phones during a single flight. The records we received confirm the agencies were using these invasive surveillance tools with little oversight or legal guidance.
Read more on EFF.

No mention of encryption?
FCC proposes new privacy rules for Internet providers
… Under the proposal, customers would automatically consent to having their data used by their broadband provider when it was required for the delivery of their service.
… But beyond that, customers would have to explicitly consent to their data being shared with other companies or used for any other purposes.

Another 'government knows best' debate? Presumed innocent, but photogenic?
Tresa Baldas reports:
A Free Press-led battle over the public’s right to see mug shots of criminal defendants is back before a federal appeals court today, only this time the media company has loads of backup — roughly 60 news organizations have joined in the fight.
At issue is a policy by the U.S. Department of Justice, which has refused to release mug shots of criminal defendants on privacy grounds, even though courts have repeatedly ruled that the public has a right to see those photos. The latest such ruling came in August, when a three-judge panel of the U.S. 6th Circuit Court of Appeals ruled in favor of the Free Press, but still urged the full court to take up the issue.
Read more on THV11.

(Related) Children have no rights! (But they are tech savvy)
KJ Dell’Antonia writes that a recent study of 249 parent-child pairs revealed that kids are three times more concerned about what their parents are sharing about them online than the parents are. Read more on Well.

Another phrase I'll start using in my lectures. (If I steal enough smart stuff, I might be mistaken for smart)
Changing Cybersecurity Outcomes with Intelligence
Our modern world is strewn with cyber breaches, a proliferation of dangers, regional crises, political unrest, and dangerous threat actors – all at play against a backdrop of an over reliance on the Internet which was never designed to be the backbone of a global economy.
While we must continue to use defensive technologies because they help address the level of white noise that has become part of the cost to operate in our hyper-connected, digitized world, we can’t stop there.
This traditional, defensive cybersecurity approach has largely been deterministic in nature, which is a fundamental flaw. We know cyber threats and breaches are probabilistic.
The cost to operate and truly be resilient in the new digital landscape is most likely many times more than the average organization is spending today.

Is this inevitable or could the legal department actually anticipate reactions in every country? Perhaps if they hired a team of marketing experts and sociologists in each country?
Facebook Inc (FB) Should Worry About a String of Unfavorable German Court Rulings
… Facebook has rules that prohibit harassment, bullying and use of threatening language, but it has been criticized for its laxity in enforcing them.
This laxity is costing the company its reputation and finances, as German courts are having a field day issuing rulings that are placing Facebook at a disadvantage.
… The German court ruled that Facebook was abusing its dominant position by using its users’ private information to make a profit without their full consent. Facebook relies on the user data to better target its advertising offerings, which account for nearly all of its profits.
Earlier in January, Facebook had also lost a case in Germany’s highest court- -The Federal Court of Justice, which declared its “Find-a-Friend” feature unlawful and amounting to deceptive advertising. The feature was considered a ploy by Facebook to entice its users to market the social media site to their friends.
On Wednesday, Facebook found itself being mentioned, albeit negatively, in German courts again (Source: “German court rules against use of Facebook “like” button, Reuters, March 9, 2016). This time, the court ruled that local websites shouldn’t send visitor data to the social media site through its “like” button without the knowledge and consent of the visitors.
Facebook should reorganize its legal department or start complying with local regulations in countries it is operating in, or risk ruining its reputation and appeal.

Amusing and sad, at the same time.
RNC rolls out new attack on Clinton emails
The Republican National Committee on Thursday rolled out a new line of attack against Hillary Clinton’s private email setup while secretary of State, one year after she first publicly addressed the contested issue.
A new website attempts to rebut what it calls the “dishonest claims” the Democratic presidential front-runner has offered about her exclusive use of a private server while serving as secretary of State, claiming she violated federal policies and regulations.
… More than 2,000 of the roughly 30,000 supposedly work-related emails of Clinton’s that the State Department has released contained some level of classified information. Another 22 emails were classified at the highest level of “top secret” and were not released at all — even in a heavily redacted form.
… Clinton has claimed that all of those classification decisions were made retroactively. Government officials have disputed the point on at least the top secret emails.

I'm not sure I'd like a device to share the fact that my wife is home alone. (She might look at it as an opportunity to test the Rottweiler's protection training.) My Ethical Hacking students might find this an interesting target.
Home Alone? Now Nest Can Tell
Nest on Thursday announced two new features, Family Accounts and Home/Away Assist.
Family Accounts would let up to 10 people access the Nest products in a connected home from their Android or iOS devices. That means an end to sharing logins and passwords, the company said. Users can be added or removed seamlessly from the Family Account, which can provide notifications to the entire family. Users also can get updates from Nest Protect, check in with the Nest Cam and receive a monthly report on product usage.

I'm going to have a long think about this.
Is Twitter Making Us More Productive?
That question — how to measure technology’s effect on productivity, the economy, and well-being more broadly — is at the core of a major debate in economics right now. Productivity — in its simplest form, total economic output (gross domestic product) divided by the number of hours people work to produce it — is the central driver of economic growth and a reliable measure of a society’s prosperity.
… Yet by conventional measures, U.S. productivity has been in a slump for a decade — some fear permanently.
Many people in Silicon Valley, though, are skeptical that the productivity slowdown is real. How could it be? We all carry supercomputers in our pockets. We have every map of every neighborhood at our fingertips. We can order pizza from our phones! (OK, we’ve been able to order pizza from our phones for a long time. But now we can do it without talking to anyone.)
… In a new paper being presented at the Brookings Institution on Friday, economists David Byrne, John Fernald and Marshall Reinsdorf look at the Silicon Valley argument and firmly reject it. It’s true, they say, that official statistics underestimate the impact of technology on economic output. The government routinely understates gains in computing power, for example. But that was also true in the 1990s and early 2000s, before the productivity slump began. In fact, they argue, if we fully accounted for the impact of technology, the recent slowdown would look even worse than it does in the official statistics.

(Related) Maybe I can get an inflatable chauffeur for my self-driving car?
Tech Savvy: When to Hire a Robot
Robotics have reached their tipping point, according to International Data Corp. In a newly-released research report, the firm forecasts a near doubling of the worldwide robotics market over the next 4 years — from $71 billion in 2015 to $135.4 billion in 2019. Almost simultaneously, President Obama sent The Annual Report of the Council of Economic Advisors to Congress. It says advances in robotics technology are “presaging the rise of a potentially paradigm-shifting innovation in the productivity process.”

Thursday, March 10, 2016

This website is not run by my Ethical Hacking students. Someone else thought of it first. Great way to identify potential nut cases. If ISIS hadn't made it easy to hack, DHS would have had to create one themselves.
Stuart Ramsay reports:
Tens of thousands of documents, containing 22,000 names, addresses, telephone numbers and family contacts of Islamic State jihadis, have been obtained by Sky News.
Nationals from at least 51 countries, including the UK, had to give up their most personal information as they joined the terror organisation.
Only when the 23-question form was filled in were they inducted into IS.
Read more on Sky News. I cannot believe they named their source on this instead of just describing him.

Actually, there are even more reasons. These will do for now.
Why the NSA is staying out of Apple's fight with the FBI
From the beginning of Apple’s fight with the FBI, there’s been an inconvenient question: why can’t the NSA just break into the San Bernardino iPhone?
… But while the FBI has pulled no punches in going after Apple, the NSA has largely stayed out of the fight. In a judiciary committee hearing last week, FBI Director James Comey said he had asked for a way to open the phone from "anybody who will talk to us" but came up empty. He declined to name the NSA specifically, but the implication was clear. The agency has now denied the FBI even political cover, with Reuters reporting that "several key officials" in the NSA opposed the move against Apple.
… First, there’s good reason to think that the NSA really could help with at least some of the phones that the FBI is looking at. The phone in the New York unlocking case, which has played out in parallel to the San Bernardino trial, is still running iOS 7, making it vulnerable to a $350 lockscreen-breaking device that’s commercially available to law enforcement agencies. The same device could handle at least 11 of the 12 other Apple devices identified as under FBI order. There are plenty of similar tools available, as detailed here, and it’s genuinely unclear why the feds haven’t used them to unlock at least some of the phones. All of the attacks take advantage of bugs that were closed in more recent versions of iOS, and while we still don’t know if there’s an outstanding bug for iOS 9 — that is, a bug that could get into the specific San Bernardino phone at the center of all this — the broader picture is clear. There’s been some bug in the lockscreen protections of every previous version of iOS. It would be foolish to think iOS 9 is the exception.
… A string of exploits isn’t as reliable as a legally mandated backdoor, and it’s a poor substitute. It’s the difference between climbing up your neighbor’s drainpipe and making a copy of his keys. If the FBI really has the legal right to compel Apple’s help — as Comey clearly believes — it would be foolish to settle for exploits like this.

(Related) Now let's not get all fussy. I'm not sure the slope is that slippery. (Although, hackers seem to be able to do this now.)
Could FBI Turn on Cameras and Microphones Next?

For my Computer Security students. New media, old rules.
From Understanding Social Media Risks to Preventing Them
In a recent column, I discussed the importance of opening your eyes to the specific risks that the use of social media can present to your organization. Now that you have a better understanding of these risks, what options do you have to better protect your organization against them?

(Related) Anything to make everyone more aware of security risks.
New FDIC resources target cyber threats and fraud in online and mobile banking
by Sabrina I. Pacifici on Mar 9, 2016
“The Federal Deposit Insurance Corporation (FDIC) announced new resources today to educate bank customers about appropriate steps they can take to help avoid fraud and other cyber threats when banking online or on their mobile devices. The information is being issued in advance of National Consumer Protection Week, March 6-12. As part of an ongoing effort to highlight safe online banking strategies, the FDIC released two new cybersecurity brochures today aimed at consumers and business customers of financial institutions. The brochures include tips to help users protect and maintain their computer systems and data. In addition to expanded cybersecurity information available online, the FDIC also released a special edition of the quarterly newsletter FDIC Consumer News featuring precautions consumers can take at home and when banking remotely using laptops, desktops, smartphones, and other mobile devices. While federally insured financial institutions are required to have vigorous information security programs to safeguard financial data, financial institution customers and businesses also need to know how to steer clear of potential fraudulent situations. The FDIC is using National Consumer Protection Week as an opportunity to remind bank customers about taking appropriate cybersecurity precautions…”

A video for the “Self-Driving” file!
Watch This Google Self-Driving Car Very Slowly Crash Into a Bus

Sometimes a well turned phrase just sticks in your head.
Why Hillary Clinton is unlikely to be indicted over her private email server
… Based on the available facts and the relevant precedents, criminal prosecution of Clinton for mishandling classified information in her emails is extraordinarily unlikely.
My exasperation with Clinton’s use of a private email server while secretary of state is long-standing and unabated. Lucky for her, political idiocy is not criminal.
“There are plenty of unattractive facts but not a lot of clear evidence of criminality, and we tend to forget the distinction,” American University law professor Stephen Vladeck, an expert on prosecutions involving classified information, told me. “This is really just a political firestorm, not a criminal case.”

(Related) Hillary is not the only one.
WV lawmakers suffer stomach illness after drinking raw milk to celebrate legalizing raw milk

At the B School, they taught us that nothing lasts forever. That's why you depreciate assets over their expected lifetime. Failing to plan/budget for replacing assets as they become obsolescent is poor management. A separate “update” fund is just another chance to tie up the government in partisan bickering.
White House Proposes $3B IT Update Fund
The Obama administration is seeking US$3.1 billion for a modernization fund to update federal information technology resources that need to be replaced with more efficient and productive systems.
Initially, the fund would bolster the government's annual spending on IT, which is set for a modest increase to $89.8 billion in the administration's proposed budget for fiscal 2017.

Tools & Techniques. Why would I want to kill Ads you ask? (Also shows how impactive those Ad cookies can be)
Opera's testing a browser that kills ads, accelerating webpage loading by up to 90 percent
Opera's fired a broadside in the web content wars Thursday morning, becoming the first desktop Web browser with built-in ad blocking—and explicitly encouraging users to turn it on as a way of improving their browsing experience.
Competing browsers like Chrome or Firefox assign plugins like AdBlock Plus the task of blocking ads. But with Opera’s 37.0.2162.0 developer build for Mac OS and Windows, it's baked right into the software. Opera claims that turning on the ad-blocking feature can cut page load times by a whopping 90 percent, which PCWorld confirmed using a test build.

Remember those perfect masks they wear in the Mission Impossible movies? This is more like Halloween masks, but the potential is there. (See the video at the end of this article)
Facebook Acquires Face-Swapping App Masquerade: Are You Ready, Snapchat?
Facebook has purchased the face-swapping app Masquerade, also known as MSQRD, treading further on Snapchat territory.

Cute, but I think they are way behind the students.
What Will Online Education be Like in the Future?

Chrome Music Labs open for all ages to experiment with making music
by Sabrina I. Pacifici on Mar 9, 2016
“Music is for everyone. So this year for Music In Our Schools month, we wanted to make learning music a bit more accessible to everyone by using technology that’s open to everyone: the web. Chrome Music Lab is a collection of experiments that let anyone, at any age, explore how music works. They’re collaborations between musicians and coders, all built with the freely available Web Audio API. These experiments are just a start. Check out each experiment to find open-source code you can use to build your own.

Tools & Techniques. Writing, the 21st Century way.
Google's New Docs Feature Might Be The Tool Novelists Have Been Waiting For
… it seems that Google is getting in on the novel game by introducing a tool that makes editing a 55,000 word manuscript – the typical length of a novel – a lot less hectic.
Essentially, the outline tool uses headers to break up a word doc and make it more navigation-friendly in the form of a pane on one side of the page. By clicking on a header in the pane, you can jump to that part of the text without having to spend half the time scrolling up and down to locate it. As per Google, it "intelligently [detect]s the logical divisions within your work," which users can use to "edit or remove these headers as necessary."
The tool is also available in a mobile version.

For my students.
25 Highest Paying Jobs in America for 2016

Wednesday, March 09, 2016

That's a lot of lumber… I'll ask my students to apply for the CSO job.
Home Depot will pay up to $19.5 million for massive 2014 data breach
Included in that figure is a reported $13 million to reimburse customers for their losses and $6.5 million to provide them with one and a half years of identity protection services.
Home Depot was not required to admit any wrongdoing.
… The retailer also agreed to improve its data security, including hiring a chief information security officer.
First disclosed by the retailer in late 2014, the breach included the theft of data pertaining to about 56 million payment cards, as well as 53 million email addresses, making it one of the largest to date.
… It was hit with more than 50 lawsuits as a result of the breach. They were consolidated into two suits each seeking class action status.
Last year, Target agreed to pay $10 million in a settlement over a data breach it suffered in 2013 that affected at least 40 million cards.
In all, Home Depot has reportedly booked $161 million in pre-tax expenses for the breach.

Oh well, if Snowden says it, it must be true! (In this case, I agree with him)
Samuel Gibbs reports that Edward Snowden is calling “bullshit” on the FBI’s claim that it needs Apple’s assistance to disable the passcode on the phone of one of the San Bernardino shooters.
Talking via video link from Moscow to the Common Cause Blueprint for a Great Democracy conference, Snowden said: “The FBI says Apple has the ‘exclusive technical means’ to unlock the phone. Respectfully, that’s bullshit.”
Snowden then went on to tweet his support for an American Civil Liberties Union report saying that the FBI’s claims in the case are fraudulent. [Good summary Bob]
Read more on The Guardian.

(Related) A somewhat less dramatic summary.
Encryption: Selected Legal Issues
by Sabrina I. Pacifici on Mar 8, 2016
ia FAS – CRS report – Encryption: Selected Legal Issues, Richard M. Thompson II, Legislative Attorney; Chris Jaikaran, Analyst in Cybersecurity Policy. March 3, 2016.
“This report first provides background to the ongoing encryption debate, including a primer on encryption basics and an overview of Apple, Google, and Facebook’s new encryption policies. Next, it will provide an overview of the Fifth Amendment right to be free from self-incrimination; survey the limited case law concerning the compelled disclosure of encrypted data; and apply this case law to help determine if and when the government may require such disclosures. The next section of the report will provide back ground on the All Writs Act; explore both Supreme Court and lower court case law, including a discussion of United States v. New York Tel. Co.; and apply this case law to the San Bernardino case and potential future requests by the government to access a locked device…”

(Related) “These are good changes. Trust us!”
FBI quietly changes its privacy rules for accessing NSA data on Americans
The FBI has quietly revised its privacy rules for searching data involving Americans’ international communications that was collected by the National Security Agency, US officials have confirmed to the Guardian.
… Sharon Bradford Franklin, a spokesperson for the PCLOB, said the classification prevented her from describing the rule changes in detail, but she said they move to enhance privacy. She could not say when the rules actually changed – that, too, is classified.
“They do apply additional limits” to the FBI, Franklin said.

I thought that was the whole point of immunity deals! We give you immunity from self-incrimination and you tell us what you did that might incriminate you.
Senators want Clinton aide who received immunity deal to talk
A pair of leading Republican senators are asking a former State Department official who reached an immunity deal with the Justice Department last week to answer their questions about Hillary Clinton’s private email server.
In a letter sent last week but released on Tuesday morning, Sens. Chuck Grassley (R-Iowa) and Ron Johnson (R-Wis.) told the aide, Bryan Pagliano, that he should have no reason not to appear.
“Because the Department of Justice has granted you immunity from prosecution in this situation, there is no longer reasonable cause for you to believe that discussing these matters with the relevant oversight committees could result in your prosecution,” wrote Grassley and Johnson, who lead the Judiciary and Homeland Security committees, respectively.

A Criminal Justice reading list?
Joe Cadillic wants to make sure you realize how serious this is as a growing problem. So without additional comment, here’s the email he just sent me:
Americans are assigned “risk assessments” while travelling inside the US:
Risk assessments are being used to sentence people to jail and death:
Universities are using data analytics to assess students mental health and much more:

(Related) On the other hand… Could any large department justify not using this system?
We Now Have Algorithms To Predict Police Misconduct
… These researchers, part of the White House’s Police Data Initiative, say their algorithm can foresee adverse interactions between officers and civilians, ranging from impolite traffic stops to fatal shootings. Their system can suggest preventive measures — an appealing prospect for police departments facing greater scrutiny and calls for accountability

I doubt the government or anyone spouting the 'government line' will have much impact.
The Government Is Secretly Huddling With Companies to Fight Extremism Online
… The secret meeting was the latest move in the government’s increasingly urgent campaign to head off terrorist support and calls to action online. In order to limit the reach of Islamic State messaging, the feds are teaming up with the tech companies that control the platforms where the propaganda appears.
But some groups are troubled by the secret nature of this public-private collaboration. On Tuesday, a coalition of privacy and civil-rights advocacy organizations sent a letter to top White House officials asking for pro-privacy voices to be included in conversations about combating violent extremism online.

What if Facebook offered “Free Basics” here in the US?
FCC Proposes Broadband Internet Subsidy For Low Income Consumers
… Lifeline was first tossed to the elderly and impoverish in 1985, providing them with assistance for obtaining basic phone service.
… now Lifeline is in need of more modernization, FCC Chairman Tom Wheeler and Commissioner Mignon Clyburn, said in a blog post on Tuesday.
"We can recite statistics all we want, but we must never lose sight of the fact that what we're really talking about is people – unemployed workers who miss out on jobs that are only listed online, students who go to fast-food restaurants to use the Wi-Fi hotspots to do homework, veterans who are unable to apply for their hard-earned benefits, seniors who can't look up health information when they get sick," the blog post states.
The FCC hasn't submitted its proposal for consideration, but the two administrators described three facets that'll frame the foundation of the proposal.
For starters, the FCC wants to readjust the minimum standards of Lifeline to include both voice and broadband.
The FCC also wants to strip outdated stipulations and "administrative burdens" from Lifeline to make it easier for ISPs (Internet Service Providers) to participate in the program.
And relating to that last measure, the FCC wants to establish a "National Eligibility Verifier" that'll work independently. It'll have the verification of applicants so that there's one less excuse for ISPs to opt out of participating in Lifeline.

For my Data Management students.
What's Ahead for Enterprise Data in 2016?
… Let's explore five key data governance trends that we can expect this year - and how companies can utilize them to deliver on their corporate goals and maximize operational effectiveness.
Rise of Application Data Management
Linking Big Data to Transactional Data
Data Governance 2.0 Takes Hold
Leveraging Software Automation
New Data Migration Wave

(Related) Not just Big Data – frequently updated Big Data.
A New 50-Trillion-Pixel Image of Earth, Every Day
… This is the home of Terra Bella—the satellite company, formerly known as Skybox, that Google purchased for $500 million in June 2014. In the next 18 months, it plans to put more than a dozen new satellites into orbit. This will increase its imagery “refresh rate”—that is, how often any one spot on Earth is photographed—from one new image every three days to four to five new images per day.
Terra Bella is part of a larger group of satellite companies that promise to transform the way we see Earth. Planet Labs is another: An independent startup based in San Francisco, it estimates that in the next 12 months, it will have more than 100 satellites beaming imagery down to Earth. That will give it an almost-daily imagery refresh rate.
… More than two years ago, I looked at a class of startups that I said were making “Silicon Valley’s new spy satellites.”
… Analysis companies, including Descartes Labs and Orbital Insight, have also sprouted up around the new bounty of imagery.
But however much they’ve expanded so far, the coming year will be decisive for many of these firms. By the summer of 2017, many promise daily or more-than-daily refresh rates. Within a few years, hundreds of Earth-observing satellites could float above the planet, each little more than a camera at the end of a massive (and affordable) chain of processing, computing, and distribution.

Just to stir up the “discussion” my students are having… No need to buy a self-driving car, just plug this into your existing car.
How George Hotz Plans To Beat Tesla And Google With His Robocar Startup
… Hotz is also starting work on what will become the company’s first product — a self-driving kit that car owners will be able to purchase directly from Comma to equip their vehicles with autonomous driving capabilities. He hasn’t come close to working out the details of what this product will ultimately look like, but he said it might be a dash cam that plugs into the on-board diagnostics 2 port, which gives access to the car’s internal systems and is found in most cars made after 1996. It will provide cars with ADAS features, like lane-keeping assistance and emergency breaking.
“We believe our killer app is traffic,” Hotz said. “Humans are bad at traffic. We can make something that drives super-humanly smooth through traffic.”

Perspective. Of course there's an App for that.
The Church Collection Plate Goes Digital
… (In one podcast, a pastor, sermonizing about society’s obsession with markers of achievement, uses an Internet-approved term of endearment to channel his audience, asking, “When am I going to get my own bae?”) At the end, a member of the “worship team” will call on parishioners to tithe and pass the collection plate. But not all people reach into their wallet. Many take out their phone instead.
Ciamacco gives each week, using the app. It takes fewer than five taps, and built-in geolocation means he can contribute at any of the 1,000 churches that subscribe—a feature that’s especially useful around holidays like Easter, when many people travel.

Here's an App that shows how Google views the desktop.
Google Search now has travel guides to help plan your vacation
… Destinations on Google isn't a new website. Instead, you'll stumble upon it during mobile searches for travel deals and advice. If you search "European vacations," you'll be presented with a grid of major cities, what it'll cost to get to them, and the best weeks to go. Search for travel to a specific country or city, and you'll see an option to open up Google's new "travel guide."
… There's one other oddity to Destinations. While you're probably used to researching vacations and booking flights on the desktop, Google has designed its new product exclusively for mobile — as in, next to none of this will show up in a desktop search. That could change in the future, but Google says it wanted to specifically design this as a mobile product, since it's seeing big increases in travel search there; half of Google Flights searches happen on mobile, as do 60 percent of "destination information" searches. Those figures are only growing, which explains why Google prioritized your phone.

“But... They made a pinky-promise!” John Kerry
Iran tests more missiles, says capable of reaching Israel
… State television showed footage of two Qadr missiles being launched from northern Iran which the IRGC said hit targets 1,400 km (870 miles) away. Tests on Tuesday drew a threat of new sanctions from the United States.
"The reason we designed our missiles with a range of 2,000 km is to be able to hit our enemy the Zionist regime from a safe distance," Brigadier General Amir Ali Hajizadeh was quoted as saying by the ISNA agency.
… The missile test underlined a rift in Iran between hardline factions opposed to normalizing relations with the West, and Rouhani's relatively moderate government which is trying to attract foreign investment to Iran.
… Washington said Tuesday's missile tests would not themselves violate the Iran nuclear deal.

I'm gonna hang this article in all the computer labs! (Because competition is good!)
Women Write Better Code Than Men, Study Suggests
Silicon Valley, take note: When it comes to coding, women may actually be superior to men.
That conclusion comes from a study published by Cal Poly and North Carolina State University researchers after reviewing more than 1 million users of sharing site Github.
… It was found changes made by unidentified women were more commonly accepted than changes made by unidentified men. However, when genders were identified, the acceptance rate for changes made by women dropped 10 percent.
According to the study, this could mean women are simply more competent coders overall. But bias against women in the software industry still exists.

(Related) Duct tape is good!
Is Perl the Duct Tape of the Internet? [PODCAST]
… In a podcast with Enterprise Apps Today Tom Radcliffe, director of Engineering at ActiveState, discusses why after all these years Perl remains such an active and vibrant development language.

Tuesday, March 08, 2016

I don't bother blogging about small breaches, except when I can lump a bunch together like this.
Maryland’s Attorney General’s list for 2015 contains over 500 breach reports, many of which were never covered by the media. Here are two involving health or medical entities or health data, followed by some from the education sector that you may not have known about:
Dharani Jasthi DMD PC dba Today’s Dental Associates reported that they:
received an anonymous fax after close of business on June 24, 2015. The anonymous source stated that it found a document containing names, ages, social security numbers and dates of birth of 6 of Today’s Dental patients during a search of the apartment of a former Today’s Dental employee and was notifying Today’s Dental because the source understood it to be sensitive information.
N. Stephen Delgado O.D. of Columbia Eye Care (Columbia, MD) notified 20 Maryland customers after their safe was stolen:
Meanwhile, in the education sector:
  • Boston University, who reported a server breach in July, had another incident later in the year when an employee fell for a phishing scheme that came from a Nigerian IP address. This time, 174 students had their names, SSN, and in some cases, driver’s license numbers, acquired.
  • Nova Southeastern University, who first discovered a 2013 hack in 2014, reported another breach in November involving student and employee name, address, phone number, and SSN.
  • Wabash College reported that malware both exfiltrated personal information and locked up all files (ransomware). The personal information of 49 people who were alumni or friends of the college was exfiltrated, including SSN, credit card information, and/or bank account information. The college was able to restore files from backup, and did not pay the ransom demand.
  • Brandeis University notified 193 students after two computers were stolen from the Registrar’s office in October, 2015. The types of information involved included names, dates of birth, permanent and email addresses, phone numbers, student records information, and in some cases, SSN. The total number of students impacted was not disclosed.

You knew this was going to happen.
Justice Dept. Appeals Ruling in Apple iPhone Case in Brooklyn
In the latest volley in its high-profile fight with Apple, the Justice Department said on Monday that a federal judge in Brooklyn had erred last week in refusing to order the company to unlock a drug dealer’s iPhone.
… The two cases are very different in some ways — one involves a high-level terrorism investigation, the other an inquiry into a low-level drug dealer — but both center on whether the Justice Department can use a 1789 statute to force Apple to unlock an iPhone.
Unlocking the iPhone in the Brooklyn case would be far easier for Apple, because it involves a device running an older operating system with simpler encryption.

The NSA will have several, perhaps the FBI could invest in one?
MIT's new 5-atom quantum computer could make today's encryption obsolete
Much of the encryption world today depends on the challenge of factoring large numbers, but scientists now say they've created the first five-atom quantum computer with the potential to crack the security of traditional encryption schemes.
… The results of the new work were published Friday in the journal Science.
… A functional quantum computer large enough to crack traditional RSA encryption may still be in the future, but the U.S. National Security Agency is taking the possibility seriously. In January, it posted an FAQ on the technology's potential.
"If you are a nation state, you probably don’t want to publicly store your secrets using encryption that relies on factoring as a hard-to-invert problem,” said Chuang. “Because when these quantum computers start coming out, [adversaries will] be able to go back and unencrypt all those old secrets.”

Wow! The hack gets simpler as the technology matures? Looks like we're going backward here. NOTE: Any repository of unencrypted fingerprint data just became a much more valuable target!
Fake Fingerprints From an Inkjet Printer Can Fool Your Smartphone
Last year, when the Office of Personnel Management notified 22 million people that their personal information was compromised in a massive data breach, one in four received especially nasty news. For most hack victims, the sensitive personal data that was exposed included Social Security numbers, health and financial records, names of relatives, and past addresses. But 5.6 million people learned that their fingerprints were also stolen.
At the time of the announcement, OPM downplayed the importance of the stolen fingerprints. “Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” an OPM statement read. “However, this probability could change over time as technology evolves.”
That was in September. Now, researchers have developed a cheap and easy way to print out an image of a fingerprint with enough accuracy to fool commercially available fingerprint readers—using just a standard inkjet printer.
The method, outlined in a paper published last month, is certainly not the first one to produce fake fingerprints that are able to fool readers. But where earlier methods required more time and specialized materials, this new method is replicable in just about any home office.

I suspect Apple knew it was going to lose this one.
Supreme Court Denial Closes Apple's E-Book Case
The U.S. Supreme Court on Monday denied without comment Apple's petition for a review of a lower court ruling that it engaged in price-fixing of e-books.
The company now must comply with a US$450 million settlement it reached with 33 states and territories and a private class of e-book purchasers that, together with the U.S. Department of Justice, sued it over the issue.
However, e-book purchasers who were overcharged won't get their hands on any of the $450 million -- most of them would be reimbursed through automatic credits at e-book retailers. The credits could be used for future purchases, the DoJ said.

Okay, I was not expecting that!
Jury Awards Erin Andrews $55 Million in Nude Video Civil Suit
After two weeks in court, a Nashville jury has awarded sportscaster Erin Andrews $55 million on Monday, according to Law360.
Andrews filed a $75 million lawsuit against Michael David Barrett, the stalker who posted a nude video of the journalist he captured through a peephole, as well as the owner and operator of the Nashville Marriott where the crime took place. Over time, the video has been viewed nearly 17 million times. The stalker -- Michael David Barrett -- has since been sentenced to 30 months of jail time.
Overall, the jury found Windsor Capital 49 percent at fault and Barrett 51 percent at fault.

An Infographic for both my Computer Security and Data Management students.
Why Can’t We Buy a Self-Driving Car Yet?

For my Data Management students. Facebook was banned from providing free (Facebook oriented) Internet. Does Google have the right idea?
Google to provide internet connectivity in India through Project Loon in partnership with telecom companies
… Months after Google CEO Sundar Pichai partnered with Indian Government to provide WiFi internet access to 400 railway stations, the tech firm has now come up with an innovative method to provide internet connectivity through ‘Project Loon’, where by internet would be beamed in areas through air balloons floating hundreds of feet above the ground.
The news has been confirmed by Google’s managing director for South East Asia and India Rajan Anandan during an interview with The Economic Times.
… However, based upon the success of Project Loon trials in Sri Lanka and Indonesia, Google is now in talks with telecom companies, along with the Telecom Regulatory Authority of India (TRAI) to bring the internet service in parts of India on trial basis.
However, it is worth to know that the internet services would not be offered by Google from a philanthropic point of view. The services for the same would be charged.

Balloon-Powered Internet For Everyone

Perspective. Being rather anti-social myself, I struggle to understand how all this social stuff works. Would this be something that politicians could use?
Ben Horowitz backs rapper Ryan Leslie’s SMS commerce startup Superphone
… Here’s how Superphone works. Celebrities and other clients can distribute a special phone number connected to their Superphone account. Any time a fan calls or texts it, or buys something on one of their online stores and fills out a form, they get a welcome message prompting them to provide some personal info. That could include location, biographical info, or any data type the client wants to segment their audience by.
Superphone creates a next-generation phone book that’s actually more of a customer relationship management tool. For now it’s a web tool but the Superphone team hopes to have native apps available in the next few weeks. The Superphone dashboard lets clients view charts and graphs of who is paying for what so they can hone in on their most important fans.
… While everyone else buys ads, plays nice with the press, and, blasts out social media trying to reach fans, Superphone lets creators simply talk to the directly like they would any of their friends.

A little history of technology for all my students.
… in 1876, Alexander Graham Bell patented the telephone.
… by 1904, people worried that telephones were creating a race of left-eared people.
It’s easy to take for granted just how much the invention of the telephone changed cultural norms. For instance, take the art of eavesdropping. As Mark Twain wrote in our June 1880 issue, “I consider that a conversation by telephone—when you are simply sitting by and not taking any part in that conversation—is one of the solemnest curiosities of this modern life.”
Twenty-five years later, The Atlantic published a piece by Frederick W. Coburn on the development of the phone. “Once a community, like a family, has acquired the telephone habit, its members are never satisfied to revert to primitive conditions,” he observed.
… When other phone companies began to pop up, “the Bell Company brought infringement suits against all persons or concerns manufacturing or using telephones, save those operating under proper licenses from itself,” Weik wrote. What were called “the telephone cases” eventually reached the Supreme Court, which ruled in favor of Bell:
By the slender majority of one in the vote of the judges the claims of Alexander Bell had now secured the indorsement of the highest judicial tribunal in the land. From that decree there could be no appeal. By virtue of it every rival or competitor of the Bell Company was driven from the field, and that corporation rested, serenely content, in the undisputed ownership of one of the greatest benefactions that ever came to bless mankind.

More ways to waste time online.
5 Places to Watch TV Online You’ve Never Heard Of

For my gamers.
Internet Archive Revives 500 Classic Apple II Programs To Play In Your Web Browser
What would we do without the Internet Archive? In the past few months alone, the Internet Archive has posted a virtual museum of old 80s and 90s era malware and resurrected over 2,300 MS-DOS games — all of which were playable through your browser. Today, the non-profit is upping the ante with the release of 500 Apple II games that you can play for free (as always).
… As with previous software made available via the Internet Archive, the programs can be played using its JSMESS “play-in-a-browser” emulator. You don’t need to install any additional software mess around with emulators — you simply click on a screenshot of the title you wish to run and “presto” you’re transported 30 years into the past to relive a small slither of computing history.

Now I can put my handouts in a Kindle ready format! I bet they still won't get read.
Google Docs now lets you export files as an EPUB ebook
If you’re on the hunt for an easy way to convert your online documents to an ebook-friendly format, Google has quietly announced that it will now let you save your documents directly to .epub (EPUB).

Sort of the history of spreadsheets. For my Spring spreadsheet students to play with.
From VisiCalc to Google Sheets: The 12 Best Spreadsheet Apps
Just go to the VisiCalc page, press the Play button and wait for it to load, then get a blast from the past with a DOS-style interface with a real, working copy of VisiCalc.
… It might not be the tool you'll want to use to make your next budget, but with the VisiCalc manual in hand, it's a fun way to peek back at where it all started.