Saturday, March 19, 2016

As more information comes out, it just confirms that their security was really lacking. Or maybe they had all this stuff to pass their audits, but no manager actually looked at the reports.
Hackers Stalked Bangladesh Bank for Two Weeks Before Big Heist
… The report cast the unidentified hackers as a sophisticated group who sought to cover their tracks by deleting computer logs as they went. Before making transfers they sneaked through the network, inserting software that would allow re-entry.
… "Malware was specifically designed for a targeted attack on Bangladesh Bank to operate on SWIFT Alliance Access servers," the interim report said. Those servers are operated by the bank but run the SWIFT interface, and the report makes it clear the breach stretches into other parts of the bank’s network as well. "The security breach of the SWIFT environment is part of a much larger breach that is currently under investigation." [How is your bank's security? Bob]
… “We reiterate that the SWIFT network itself was not breached,” Booth said in an e-mail. “There is a full investigation underway, on what appears to be a specific and targeted attack on the victim’s local systems.”
… The assessment found the first suspicious log-in came on Jan. 24 and lasted less than a minute. On Jan. 29, attackers installed “SysMon in SWIFTLIVE" [See below Bob] in what was interpreted as reconnaissance activity, and appeared to operate exclusively with “local administrator accounts.”
Operator logs showed the hackers logged in for short periods of time until Feb. 6, according to the report. The four transfers that went to the Philippines occurred on Feb. 4. The report said the hackers have already hit other FireEye clients, though it’s unclear if those include other central banks.
… "Complex malwares have been identified with advanced features of command & control communication, harvesting of credentials and to securely erase all traces of activity after accomplishing its task," the report said. It identified 32 "compromised assets" that “were used for reconnaissance and to gain control of the SWIFT servers and related assets."
[Sysmon is a Microsoft product that is part of their Sysinternals package. Bob]
Sysmon v3.2 This release of Sysmon, a background service that logs security-relevant process and network activity to the Windows event log, now has the option of logging raw disk and volume accesses, operations commonly performed by malicious toolkits to read information by bypassing higher-level security features.

(Related) Another indication of Organized Crime? Perhaps a Special Ops team from some place like North Korea?
Researching and reporting on data breaches has always had some element of risk attached. You can get accused of hacking, or you can get threatened with litigation. In Brian Krebs’s case, you can find yourself swatted. Or in my case, you can get threatened with infection of HIV. But with the exception of swatting, the rest pales in comparison to a researcher getting kidnapped.
Catalin Cimpanu of Softpedia reports that may have happened to a researcher involved in investigating the high-profile breach of Bangladesh’s central bank at the US Federal Reserve Bank in New York that netted the thieves over $80 million (it would have been worse but for a typo the criminals made).
In the investigation that followed, security researchers blamed malware and a faulty printer but at the same time said that the Bangladesh central bank officials were also to blame because of weak security procedures. The bank’s governor and two deputy governors had to quit their jobs after the scandal.
In a weird turn of events, one of the security researchers who voiced their criticism at the central bank’s security measures disappeared on Wednesday night.
Family members are saying that Zoha met with a friend at 11:30 PM on Wednesday night, March 16. While coming home, a jeep pulled in front of their auto-rickshaw, and men separated the two, putting them in two different cars.
Read more on Softpedia.

So that's why you get “free” Apps.
FTC Warns Apps Over Secret Microphone Tracking
Have you ever wondered why some apps ask for access to the microphone on your phone?
… On Thursday, the Federal Trade Commission sent a letter to a dozen app developers that warned them not to abuse so-called “audio beacons,” which are capable of picking up secret noise signals embedded in TV shows. The beacon, which relies on your phone’s built-in microphone, can serve to confirm you watched a given program.
… The FTC also describes an underlying technology offered by an Indian company called SilverPush. The letter cites a Forbes article that describes how SilverPush had used “inaudible sound to let brands keep tabs on people’s online lives across TVs and smartphones for more than a year.”

“Lawyer rips apart T-shirt, throws chair at defense attorneys.” (It could happen.)
First Erin Andrews gets a $55M award from a jury in her lawsuit over a privacy breach while a hotel guest, and now Hulk Hogan gets a $115M jury award in his lawsuit against Gawker over a sex tape they made public.
I think the public may be finding its voice on the value of personal privacy and sending a strong message. Eriq Gardner sums up one key part of the case this way:
Ultimately, the case became a battle — at least indirectly —between the First Amendment, guaranteeing free speech and a free press, and the Fourteenth Amendment, where courts have determined that a right to privacy derives under equal protection of life, liberty and property. Like many states, Florida has enacted statutes that guard against intrusions on seclusion and privacy of communications. Hogan also won on his right of publicity claim.
I’m sure we’ll see lots of coverage – and legal analysis – of this case in the weeks and months to come.
And of course, Gawker is appealing it.
Update: Here’s the NY Time’s coverage with Gawker’s statement on the case. Hulk Hogan tweeted these responses:
Thank you God for justice, only love 4Life. HH
— Hulk Hogan (@HulkHogan) March 19, 2016
Told ya I was gonna slam another giant HH
— Hulk Hogan (@HulkHogan) March 19, 2016

A “shout out” to one of my favorite blogs, and one I steal from wholesale. My blog turns 10 this year also, but I do the blogging thing all wrong so I have far fewer posts.
On March 18, 2006,’s co-founder “Anonadmin” (a/k/a Ziplock) posted our very first news item on

Interesting article. Puts a few issues in perspective.
In 2011, Silicon Valley entrepreneur and investor Marc Andreessen famously wrote the startling essay, Why Software is Eating the World, in which he described how emerging companies built on software were swallowing up whole industries and disrupting previously dominant brand name corporations. Andreessen was prescient and almost giddy, in anticipating the dramatic, technological and economic shift through which software companies would take over large swaths of the global economy. What he did not anticipate was the extent to which software would also eat up the realms of governance, security and human rights.
… Several dimensions of the new digital ecosystem challenge this conception of governance.
The Trans-Border Nature of the Internet
Digitization of Everything
The Privatization of Governance

Will this be allowed? How will Cuba react? Definitely should be fun to watch.
Stripe Wants To Help Cuban Entrepreneurs Enter The Digital Age
Ahead of President Obama’s historic trip to Cuba next week, Silicon Valley payments upstart Stripe announced that it is helping Cuban entrepreneurs set up U.S. businesses.
The initiative lets foreign entrepreneurs incorporate U.S. businesses, obtain U.S. bank accounts and tax ID numbers, and, of course, set up a U.S. Stripe account to receive payments. The service, which costs $500 per business, will also give users access to tax advice from PwC along with legal advice.

An alternative Apple might have complied with? I don't think so, but what do I know?
Zack Whittaker reports:
The US government has made numerous attempts to obtain source code from tech companies in an effort to find security flaws that could be used for surveillance or investigations.
The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. We’re not naming the person as they relayed information that is likely classified.
Read more on ZDNet.

The world the FBI was born in has changed. Perhaps they too need to re-invent themselves?
ProtonMail Opens Encrypted Email Service to Public
Encrypted email provider ProtonMail announced the global availability of its privacy focused email service to the public this week.
Offering end-to-end encryption in its email service, ProtonMail was launched in beta in May 2014 by CERN scientists and has been available on an invite-only basis for the past two-years.
With more than 1 million users participating in its closed beta, the service is now open to the world to allow more people take advantage of its privacy protection.
To ensure that user data is not accessible by third-parties, not even by ProtonMail itself, the company says that it stores data in an encrypted format and uses two passwords, one required to identify the user, and the other to decrypt the data. The second password is never sent to the server but is used only on the device, making the data unavailable to anyone else but the user, the company explains.
In addition to fully opening the service to the public, ProtonMail announced the availability of free iOS and Android mobile apps.

Remember your driving test? This isn't it.
Google argues that if self-driving cars can pass safety tests, they should be legal
Chris Urmson, director of Google's self-driving car project, has sent a letter to US Transportation Secretary Anthony Foxx today with a plan for selling autonomous vehicles that have no steering wheels or pedals, AP reports. The plan appears to be pretty straightforward: Urmson argues that if a self-driving car can pass standardized federal safety tests, they should be road-legal.

My students who drive for Uber need to think about this.
Uber Orders 100,000 Mercedes, Magazine Reports
Ride-hailing service Uber has placed a large order for cars with Germany’s Daimler, Manager Magazin reported on Friday.
Citing sources at both companies, the magazine said Uber had placed a long-term order for at least 100,000 Mercedes S-Class cars.
Uber is particularly interested in autonomous driving vehicles, the magazine reported, adding that such cars are expected to be available after 2020.

Perspective. I'll give you a couple of examples.
Get 11 Big Benefits from These 20 Sharing Economy Tools
Flightcar (iOS) allows you to park your car in one of several city airports (currently 13) completely free of charge. In return, they can rent your vehicle out to approved visitors in your city for the duration of your vacation. All vehicles are insured for up to $1 million.

Deliver Anything to Anyone

It won’t be long until Uber takes on this industry, but for now, Postmates (iOS, Android) is working hard to corner the on-demand delivery market

Has the government been using bad data and will Big Data correct the problem? Will Economics become less dismal? A very interesting article.
Can Big Data Help Measure Inflation?
… In the last decade, though, the government has had a harder time measuring CPI. Their method is usually to go around from store to store, taking stock of prices around the country. But e-commerce now accounts for around 7 percent of U.S. GDP, which means online spending is an important component of the CPI. As more and more people are shopping online, calculating this index has gotten more difficult, because there haven’t been any great ways of recording prices from the sites disparate retailers.
… Adobe is now aggregating the sales data that flows through their software for its Digital Price Index (DPI) project, an initiative that’s meant to answer some of the questions that have been dogging researchers now that e-commerce is such a big part of the economy.
The project, which tracks billions of online transactions and the prices of over a million products, was developed with the help of the economists Austan Goolsbee, the former chairman of Obama’s Council of Economic Advisors and a professor at the University of Chicago’s Booth School of Business, and Peter Klenow, a professor at Stanford University.
… One notable finding of Adobe’s DPI, for instance, is what has happened to the prices of electronics in the past year. While the CPI reports 7.1 percent deflation for computers and 14.4 percent for TVs over that time period, the DPI found 13.1 percent and 19.4 percent.
Another advantage of the Adobe data, according to Goolsbee and Klenow, is that it gives a sense of how many units of any given product are being sold, which helps economists identify instances in which consumers substitute one product for another

For my students.
How to Quickly Write a Resume Today with LinkedIn

As I grade papers, I'll still keep current on the industry.
Hack Education Weekly News
Via the BBC: “Every school to become an academy, ministers to announce.” That’s every school in England. And becoming an academy means the end to local control.
Via the Courier-Journal: “All students who graduate from Kentucky high schools, home schools or obtain their GEDs in Kentucky will be able to attend community colleges for free under a bill that passed the Kentucky House of Representatives on Thursday.”
… “Colorado State U Launches Online ‘Boot Camp’ Style Comp Sci Programs,” says Campus Technology.

Friday, March 18, 2016

Security failures are getting more and more expensive. (One way to reduce the deficit, I suppose.)
There’s a follow-up to a breach I first noted on this blog in 2012 when Feinstein Institute for Medical Research issued a press release about a laptop stolen from a programmer’s car. Now HHS has issued a press release of its own:
Improper disclosure of research participants’ protected health information results in $3.9 million HIPAA settlement
Feinstein Institute for Medical Research agreed to pay the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) $3.9 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules and will undertake a substantial corrective action plan to bring its operations into compliance.
[Some omitted. Bob]
The resolution agreement and corrective action plan may be found on the OCR website at

Some of my Computer Security students got this immediately!
Ethan Chiel reports:
When New York started replacing its pay phones with wifi kiosks in January, the new free internet access was met with a great deal of excitement, particularly over the network’s speed. The beta launch included just a dozen wifi hubs, but the city plans to convert 7,500 phone booths over the next few years so that free wifi is as ubiquitous as the yellow taxi in New York. But now, concerns about privacy are beginning to emerge.
On Wednesday, the New York Civil Liberties Union (NYCLU) accusedthe city of using its new public wifi system, LinkNYC, to “build a massive database,” complaining that the company behind the program, CityBridge, can keep a vast amount of information about wifi users, per its privacy policy.
Read more on Fusion.

A simple summary my Computer Security students can use to start a discussion.
Top 4 Reasons Why Online Privacy Should Concern You
Survey results were released in mid-2015 that provide insight into how everyday users — like you and me — view and value online anonymity in this current day and age. Some of the answers were as expected, but a few were not.
Want to know why you should value your privacy on the Internet? Here are the most common reasons given in the survey.

You won't know it's happening until a SWAT team kicks in your door?
ISPs aren't telling customers their router is a public hotspot
ISPs will be implementing public hotspot capability to home routers in the millions over the next few years, says a report (PDF) by Juniper Research.
However, there’s a problem. Consumers don’t want to share their connections DSLReports the influential review and forum site says in an article related to the study. While ISPs are looking at home hotspots as a cheap way to increase Wi-Fi coverage, the “practice is alarming customers,” DSLReports says.
Juniper Research also thinks there might be trouble ahead. It says there’s a “real possibility of a backlash,” in its press release. It’s because the ISPs aren’t telling customers, Juniper thinks
… ISPs send firmware updates that convert the thought-of-as private hotspots to public hotspots, unannounced. Bandwidth is separated and the ISPs have said customers won’t notice any speed degradations. [...and if we do? Bob]

Probably unlikely, but could make an amusing case study. What would be the equivalent of a Hippocratic Oath? Perhaps a Hooper-cratic Oath – named after Grace Hopper?
Apple Engineers Might Refuse To Help Law Enforcement Unlock the iPhone
… workers who actually develop the technology also will factor mightily in the outcome of the battle, and their potential refusal to help law enforcement could further complicate the case.
Current and former Apple engineers, who work on mobile products and security, told The New York Times that they may refuse to do the work or even quit their jobs if a court tells them to create a go-around to the very software they worked to secure—a request that one expert equated to asking a doctor to prescribe a lethal drug.

Perspective. If manufacturing a self-driving car was easy, everyone would be doing it. Looks like it's easy.
Baidu to Test Drive Autonomous Cars in the U.S.
Baidu Inc. will soon start testing autonomous cars in the U.S., part of the Chinese tech giant’s effort to introduce a commercially viable model by 2018.
The move, disclosed by Baidu’s chief scientist Andrew Ng in an interview late Tuesday, is a significant step for the company, which is trying to get ahead in the race to build autonomous cars and is now calling on the resources of its Silicon Valley tech center to advance the effort. At the same time, Baidu is advocating for better coordination with the U.S. government, which the company says is necessary to get self-driving cars on the road.
Central to the push is Mr. Ng, an artificial-intelligence scientist who conducted groundbreaking research at Stanford University and at Alphabet Inc. ’s Google. He’s also a co-founder of online-learning company Coursera Inc.

(Related) Or maybe the future is “renting by the trip” or maybe something else entirely. Stay tuned!
For 100 Years, General Motors Was All About Cars. Now, It's All About People.
… the company is now aggressively working to build an economy that allows individuals to get around without buying a car.
… In January, GM unveiled Maven, a ride-sharing service within GM.
… To be sure, there are already on-demand car-rental services, including Zipcar and car2go. But these companies don’t have the manufacturing and engineering infrastructure of a global automaker behind them, says Steyn.
… Fundamental to the success of any of the GM’s ride and car-sharing programs is this idea that the company is and can be more than a car manufacturing giant. To do this, it must prove it can keep up with emerging trends in the auto industry, which Steyn predicts will “change more in the next five years than it has in the past 50.”

Is this critical or merely the FBI looking for headlines again?
FBI warns car makers and owners about vehicle hacking risks
The FBI and U.S. National Highway Traffic Safety Administration (NHTSA) issued a bulletin Thursday warning that motor vehicles are “increasingly vulnerable” to hacking.
“The FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles,” the agencies said in the bulletin.

My students might find this useful.
A Brief History of Robot Law
… The legal system has been wrestling with what robots can and can’t do for longer than you might think. A new paper by Ryan Calo, a law professor at the University of Washington, paints a surprisingly colorful picture of this history, which Calo dates back to a 1947 plane crash involving an Army fighter plane on autopilot.

(This is more advertising than deep economic thought, but I might be able to use it) Sometimes it is hard to convince my students that they need to demonstrate their professional abilities. I have Discussion posts submitted by texting on their smartphones, including abbreviations and emojis!
Skilled Professionals Will Dominate Gig Economy, Report Says
… while the emergence of the so-called gig economy has been exciting (and disrupting, too), a new report by Thumbtack, an online marketplace that helps skilled workers find customers, paints a bleak picture of the future of the low-skilled gig economy as we know it today.

For my game creators. Mission Impossible full face masks, without the mask! Really good artwork until you realize there is no artwork. It's all being created in real time.
'Hellblade' takes real-time motion capture to the next level
Yesterday, during the Epic Games keynote at GDC 2016, Ninja Theory showed off a live motion capture demo for Hellblade, its upcoming AAA indie title. The results are absolutely stunning. Tameem Antoniades, Ninja Theory's chief creative director, described the real-time animation performance as historic, and people at the event seemed to validate his excitement. Interestingly enough, the game has been renamed Hellblade: Senua's Sacrifice, paying tribute to the main character in this combat-heavy story. But you're probably here for the video, so have at it -- we promise it doesn't disappoint.

Thursday, March 17, 2016

In today's business environment, the ONLY report of multi-million dollar transactions is a paper printout? This looks very well planned for a hack foiled by a misspelling.
Broken printer costs Bangladesh $100mn in cyber heist
… It took the regulator nearly four days to discover the problem and ask banks across the globe to halt payments to the hackers after the central bank's joint director Zubair bin Huda had noticed a glitch with a printer on February 5. The printer was set up to automatically print all SWIFT wire transfers.
"Since such glitches happened before, we thought it was a common problem just like any other day," Huda said in the complaint.
He then tried and failed to print out the messages manually from the SWIFT system.
The theft happened on Friday, a weekend in Muslim Bangladesh, so the official says he left the office and asked his colleagues to help fix the problem.
After the system was rebooted more than 24 hours later, the employees managed to print the receipts. They revealed dozens of questionable transactions to the Philippines, Sri Lanka and elsewhere.
The receipts showed the Federal Reserve Bank of New York had sent back queries to Bangladesh Bank against 46 payment orders in different messages.

Man in Manila gets $30 million cash from cyber heist; Bangladesh central bank governor quits
Bangladesh's central bank governor resigned on Tuesday over the theft of $81 million from the bank's U.S. account, as details emerged in the Philippines that $30 million of the money was delivered in cash to a casino junket operator in Manila.
The rest of the money hackers stole from the Bangladesh Bank's account at the New York Federal Reserve, one of the largest cyber heists in history, went to two casinos, officials told a Philippines Senate hearing into the scandal.
… Bangladesh Bank is also working with anti-money laundering authorities in the Philippines, where it suspects the stolen $81 million arrived in four tranches.
The Philippines' Rizal Commercial Banking Corp (RCBC) (RCB.PS) said last week it was investigating deposits amounting to just that sum, which were made at one of its branches.
CCTV cameras at the branch were not functioning when the money was withdrawn, RCBC's anti-money laundering head, Laurinda Rogero, told the Senate hearing.
The president of a foreign exchange broker called Philrem Service Corp, Salud Bautista, told the Senate that her firm was instructed by the bank branch to transfer the funds to a man named Weikang Xu and two casinos.
She said that $30 million went to Xu in cash. Guingona has said Xu was ethnic Chinese and a foreigner, but he was not sure if he was a Chinese national.

Still not a huge breach, but another case of an organization unable to quickly determine what happened.
Well, I may have to walk back some of my praise for outdoor gear company Bailey’s after I first read and reported on a payment card breach they discovered and disclosed.
The firm has updated its breach disclosure after subsequently discovering that the breach did not begin in September, 2015, and it wasn’t 15,000 affected. According to their updated notification, the breach began in December, 2011 and affected 250,000.
They still get brownie points for transparency, but lost a few points for having a breach go undetected for so many years.

Beware of hackers sending phishing emails warning of hackers sending phishing emails!
TASS reports:
Hackers attacked dozens of Russian banks by sending letters on behalf of FinCert on Tuesday, March 15, Kaspersky Lab said in a report on Wednesday.
FinCert is a structure of the Central Bank, which warns financial institutions of cyber threats.
“On March 15, dozens of Russian banks became targets of cyberattacks by means of sending malicious messages to electronic addresses of their employees. The peculiarity of this attack was that cybercriminals posed as FinCert, a special department of the Central Bank, created about a year ago to inform Russian banks on security incidents in the financial sector,”- according to the report.
Read more on TASS.
[From the article:
The malefactors registered the domain name, which allowed them to send letters from the addresses similar to the current address of FinCert.
Their letters contained alleged security files which in reality were malicious software. The download of the files allowed attackers to gain access to the information system of the banks.
The newsletters were sent as addressed mails – each letter started with the name of a specific recipient. Cybercriminals had collected a special database of contacts, presumably on the basis of the materials of industry conferences or official documents of a number of banks.

Another government entity going after poor security planning. A trend I approve!
First: refresh your memory of a 2011 breach involving Accretive Health, a business associate of North Memorial Hospital.
Then read HHS’s press release how that breach just cost North Memorial Hospital $1.55 million, and why:
$1.55 million settlement underscores the importance of executing HIPAA business associate agreements
North Memorial Health Care of Minnesota has agreed to pay $1,550,000 to settle charges that it potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to enter into a business associate agreement with a major contractor and failing to institute an organization-wide risk analysis to address the risks and vulnerabilities to its patient information.
[Much omitted Bob]
In addition to the $1,550,000 payment, North Memorial is required to develop an organization-wide risk analysis and risk management plan, as required under the Security Rule. North Memorial will also train appropriate workforce members on all policies and procedures newly developed or revised pursuant to this corrective action plan.
The Resolution Agreement and Corrective Action Plan can be found on the HHS website at:

A warning for my vets.
Free phone scam targets veterans
… The FTC has posted a warning for veterans who are approached by someone offering a cell phone and service for free. And to make the scammer seem even more legitimate, they set up shop in booths outside of VA facilities.
Here’s the scam: a couple months after a veteran signs up, they will get a letter notifying them that they need to send their personal information. Additionally, they are asked to send documentation proving their income meets the low-income requirements.

A warning for me.
American Express Warns Cardholders of Data Breach
American Express informed customers last week that their payment card information may have been compromised after a third party service provider suffered a data breach.
Information associated with current or previously issued American Express cards, including account numbers, names and expiration dates, might have been obtained by unauthorized parties, Amex said in a data breach notice submitted to California’s attorney general.
It’s worth pointing out that the breach is dated December 7, 2013 on the website of California’s attorney general. [No date on the Amex notice Bob] The name of the affected service provider, which Amex says is engaged by numerous merchants, has not been made public.
This breach is another example of a broken chain of custody with confidential data. AMEX protects it, but then relinquishes control to another party that has weak controls which the bad actors know how to exploit.
... “As an AMEX card user myself, one of the things that I have done is turn on the immediate notification when a purchase is made with the card or when the card is not present. Members can choose the amount limit on the transaction and the type of notification (text, email, etc.) It gives users immediate notification, as well as some level of peace of mind,” Blake added.

For my Disaster Recovery students. Two systems in case one fails?
Apple said to move part of cloud business from AWS to Google
Apple has moved some of its iCloud and services data from Amazon Web Services to Google's cloud platform, in what is seen as a bid by the iPhone maker to diversify its cloud service providers, according to reports.
The move comes even as the company is building its own new data centers, leading to speculation whether the shift is only temporary.

The big “out?” “The NSA wouldn't give me use a secure device, so I secured my own email”
NSA dismissed Clinton request for ‘secure’ BlackBerry
Federal intelligence officials rebuffed an early effort by Hillary Clinton’s top aides to provide her with a “secure ‘BlackBerry-like’” device to use while serving as secretary of State, according to new emails released Wednesday.
Emails released as part of an open records lawsuit from conservative legal watchdog Judicial Watch show that the National Security Agency (NSA) rebuffed requests from the State Department in February of 2009 to find a replacement for Clinton’s mobile device.
… It’s unclear from the emails how the matter was ultimately resolved.

Politics overrides all that Law School training?
The Law is Clear: The FBI Cannot Make Apple Rewrite its OS
Every once in a while, President Obama removes his Law Professor in Chief hat and puts on his I Get Terrifying Briefings Every Day hat.
… The problem for the president is that when it comes to the specific battle going on right now between Apple and the FBI, the law is clear: twenty years ago, Congress passed a statute, the Communications Assistance for Law Enforcement Act (CALEA) that does not allow the government to tell manufacturers how to design or configure a phone or software used by that phone — including security software used by that phone.
CALEA was the subject of intense negotiation — a deal, in other words. The government won an extensive, specific list of wiretapping assistance requirements in connection with digital communications. But in exchange, in Section 1002 of that act, the Feds gave up authority to “require any specific design of equipment, facilities, services, features or system configurations” from any phone manufacturer. The government can’t require companies that build phones to come to it for clearance in advance of launching a new device. Nor can the authorities ask a manufacturer to design something new — like a back door — once that device is out.

Perhaps this would keep you from starting your car with your smartphone and call you an Uber ride instead?
Machine-Learning Algorithm Identifies Tweets Sent Under the Influence of Alcohol
… Today, these guys show how they’ve trained a machine to spot alcohol-related tweets. And they also show how to use this data to monitor alcohol-related activity and the way it is distributed throughout society. They say the method could have a significant impact on the way we understand and respond to the public health issues that alcohol and other activities raise.

WeChat still unstoppable, grows to 697m active users
WeChat, Tencent’s popular messaging app, is still growing fast. It added nearly 200 million monthly active users (MAUs) in the past year.
… Tencent did not disclose how many of WeChat’s users are in mainland China versus other areas. But it’s clear that WeChat is focused on mainland China from the number of the app’s features that are limited just to its home nation, such as online and in-store payments via the WeChat Pay feature.

For my Data Management students to consider.
Can an App-only E-commerce Model Succeed in India?

Tools & Techniques
How to Make a Screencast Tutorial for YouTube
One of the most popular types of YouTube video is the screencast — the desktop tutorial that shows you how to do almost anything, from making better use of the Windows 10 shell, to something simple like switching your desktop theme.
If you’ve ever considered making such a video, you’ll be happy to know that they’re remarkably straightforward to produce, so much so that YouTube even offers a tool to help you make it happen

Gack! We are too lazy to learn Cursive now that we can thumb our messages into a smartphone – and now this?
Nike’s first official self-tying sneakers go on sale this year
Nike made a number of new product announcements at a glitzy event in New York yesterday, but perhaps the most exciting revelation was that the company is finally bringing a pair of self-tying sneakers to market — just like in that movie.
While Nike has teased prototypes and versions of the shoe from Back to the Future 2 in the past, with the HyperAdapt 1.0, the American sports apparel giant is finally bringing a pair of the futuristic wonders to market for anyone to buy. The sneakers sport “adaptive lacing” technology, which can automatically adjust the snugness of the shoe. “When you step in, your heel will hit a sensor and the system will automatically tighten,” said Tiffany Beers, Nike’s senior innovator, in a press release. “Then there are two buttons on the side to tighten and loosen. You can adjust it until it’s perfect.”

It might be fun to read these lines and see how many of my students recognize them. But then again, it might just be depressing. (and why does Douglas Adams rate two mentions?)
Do You Remember These First Lines From Famous Books?
If you’ve ever attempted to learn to write a book, one of the very early lessons you were told is that you need to hook to reader right away. Many of the best pieces of literature start off with an opening line that’s so memorable and engaging that you can’t help but keep going.
It’s with that in mind that we take a peek at this awesome infographic that shows off some of the most compelling opening lines in literature’s long history.
How many of them do you remember from the first time you read the books?

Wednesday, March 16, 2016

For my Computer Security class. It's your fellow employees who will doom your entire security program unless you can drum this lesson into them.
Stealing Nude Pics From iCloud Requires Zero Hacking Skills -- Just Some YouTube Guides
The Department of Justice yesterday charged a 36-year-old man with stealing nude photos from at least 50 iCloud and 72 Gmail accounts, most of which belonged to celebrities. Though not explicitly stated in the court filings or official statements from the DoJ, it’s apparent Ryan Collins is a chief suspect in the 2014 “celebgate” leaks in which major actresses were targeted, including Jennifer Lawrence and Kate Upton. Collins has pled guilty to one count of unauthorized access to a protected computer to obtain information, officials said.
What’s startling about Collins’ alleged “hacks” is how little technical ability he needed to get access to those celebrity accounts. Court documents showed he required no hacking skills at all, creating fake email addresses – and – that appeared to come from official Apple and Google sources. He simply emailed the celebrities and asked them for their login information, which, it seems, they duly gave away.
… On YouTube, a simple search for “iCloud phishing” brings up tutorials on how to craft an effective account theft campaign in just 15 minutes
… The DoJ said: “In some instances, Collins would use a software program to download the entire contents of the victims’ Apple iCloud backups.” [Exactly what the FBI did in the San Bernadino case. Bob]

There’s nothing much new in here if you’ve followed this stuff for years, but some folks still need a reminder and wake-up call not to tolerate this type of insider wrongdoing:
U.S. police officers in Denver, Colorado are only lightly punished if caught using confidential criminal databases for personal reasons like finding out a woman’s phone number, a police watchdog wrote in a report released Tuesday.
According to the monitor, this allows the abuse to continue.
Read more on TeleSur.
[From the article:
Independent Monitor Nicholas Mitchell said 25 Denver officers have been punished for inappropriate use of the databases since 2006. Most of them received reprimands rather than the harsher penalties.

What ISPs can see, the FBI can obtain.
A Canadian reader sent along a link to this paper.
What ISPs Can See Clarifying the technical landscape of the broadband privacy debate
Authors: Aaron Rieke, David Robinson, and Harlan Yu
© 2016 Upturn. Licensed under a Creative Commons Attribution 4.0 International License.
From the Introduction:
In 2015, the Federal Communications Commission (FCC) reclassified broadband Internet service providers (ISPs) as common carriers under Title II of the Communications Act.1 This shift triggered a statutory mandate for the FCC to protect the privacy of broadband Internet subscribers’ information.2 The FCC is now considering how to craft new rules to clarify the privacy obligations of broadband providers.3
Last week, the Institute for Information Security & Privacy at Georgia Tech released a working paper whose senior author is Professor Peter Swire, entitled “Online Privacy and ISPs.”4 The paper describes itself as a “factual and descriptive foundation” for the FCC as the Commission considers how to approach broadband privacy.5 The paper suggests that certain technical factors limit ISPs’ visibility into their subscribers’ online activities. It also highlights the data collection practices of other (non-ISP) players in the Internet ecosystem.6
We believe that the Swire paper, although technically accurate in most of its particulars, could leave readers with some mistaken impressions about what broadband ISPs can see. We offer this report as a complement to the Swire paper, and an alternative, technically expert assessment of the present and potential future monitoring capabilities available to ISPs.
We observe that:
1. Truly pervasive encryption on the Internet is still a long way off. The fraction of total Internet traffic that’s encrypted is a poor proxy for the privacy interests of a typical user. Many sites still don’t encrypt: for example, in each of three key categories that we examined (health, news, and shopping), more than 85% of the top 50 sites still fail to encrypt browsing by default. This long tail of unencrypted web traffic allows ISPs to see when their users research medical conditions, seek advice about debt, or shop for any of a wide gamut of consumer products.
2. Even with HTTPS, ISPs can still see the domains that their subscribers visit. This type of metadata can be very revealing, especially over time. And ISPs are already known to look at this data — for example, some ISPs analyze DNS query information for justified network management purposes, including identifying which of their users are accessing domain names indicative of malware infection.
3. Encrypted Internet traffic itself can be surprisingly revealing. In recent years, computer science researchers have demonstrated that network operators can learn a surprising amount about the contents of encrypted traffic without breaking or weakening encryption. By examining the features of network traffic — like the size, timing and destination of the encrypted packets — it is possible to uniquely identify certain web page visits or otherwise obtain information about what the traffic contains.
4. VPNs are poorly adopted, and can provide incomplete protection. VPNs have been commercially available for years, but they are used sparsely in the United States, for a range of reasons we describe below.
We agree that public policy needs to be built on an accurate technical foundation, and we believe that thoughtful policies, especially those related to Internet technologies, should be reasonably robust to foreseeable technical developments.
We intend for this report to assist policymakers, advocates, and the general public as they consider the technical capabilities of broadband ISPs, and the broader technical context within which this policy debate is happening. This paper does not, however, take a position on any question of public policy.

(Related) This is why you feel like you are being followed by hordes of marketers.
How Marketers Track Your Behaviors When You’re Offline
You know that marketers and retailers track you online; cookies, social logins, canvas fingerprinting, and all sorts of other technologies make it easy for companies to keep track of what you do, not only on their site, but all over the Internet.
But did you know that these same companies are monitoring what you do offline, too? Here are some of the interesting strategies they use to connect your online and offline lives.

From a purely business model perspective, how much could Apple save each year if it did not have to respond to the tens of thousands of requests/warrants/subpoenas from (not just US) law enforcement?
Apple Actively Working to 'Double Down' on iCloud Encryption
Apple is working to further harden iCloud security so that even it won't be able to access user information stored on its data servers, The Wall Street Journal has reported.
… Currently, data kept on the cloud service is accessible by Apple using a key, which is used for restoring account information if, for example, a user forgets their password. Apple's access also allows the company to provide relevant information it has to law enforcement agencies that approach it with proper, legal requests.
However, Apple appears to be concerned that keeping a copy of the key means it could be compromised by hackers or that the company could be legally compelled to turn it over to governments.

(Related) Does Google have better lawyers than Apple or are they closer to President Obama?
Google reveals 77 percent of its online traffic is encrypted
Google is disclosing how much of the traffic to its search engine and other services is being protected from hackers as part of its push to encrypt all online activity.
Encryption shields 77 percent of the requests sent from around the world to Google’s data centers, up from 52 percent at the end of 2013, according to company statistics released Tuesday.
… In August 2014, Google revised its secret formula for ranking websites in its search order to boost those that automatically encrypted their services. The change meant websites risked being demoted in Google’s search results and losing visitors if they didn’t embrace encryption.
… Nearly 96 percent of Google’s unencrypted traffic comes from mobile devices.

(Related) Attention terrorists?
Encrypted messaging app Peerio launches on Android and iOS
Startup Peerio today announced the availability of its encrypted messaging app on both iOS and Android. They’re a long time coming; Peerio first launched in January 2015, but it’s only been available on desktop, and the alpha and beta testing for the mobile apps — which support cloud storage, group chat, and offline read access — have been going on for several months. Now the iOS app is on the App Store, and the Android app is on the Google Play Store.
Plus, all the code for the app is available for anyone to inspect on GitHub under an open source GPL license.

Have we become so lazy we no longer go out for dinner? Or is it too easy to have dinner come to us?
Uber For Food Launches Standalone UberEATS App And It's Expanding To A Dozen More Cities
Last December, Uber launched UberEATS, the company's standalone app for food delivery, and it is now available on Android and iOS.
… The app is initially available to users in San Francisco, Los Angeles, Houston, Chicago and Toronto, where it will deliver food ordered from the customers' favorite local restaurants whatever time of the day and whatever day of the week.
UberEATS will also launch in more cities such as New York, Dallas, Austin, Atlanta, Seattle, Washington, Paris and Melbourne in the weeks ahead.
… The app offers different meals with varying prices. Instant Delivery pricing options would usually range from $8 to $12.
The Instant Delivery feature has a curated menu that includes four to five daily specials. The feature promises to deliver food in less than 10 minutes.

(Related) If Google becomes the “go to” site for all transportation, they control entry into these markets.
Google Maps goes beyond Uber, adds Ola, Hailo and more car services to its app
Google reportedly is working on building its own Uber competitor, and while some believe this will come in the form of a fleet of autonomous cars, there is a more immediate option for how Google can position itself more prominently in Uber’s world: by searching and aggregating everything that the wider on-demand transport landscape has to offer.
Today, Google announced its navigation app Google Maps will be adding a new car services tab as a complement to its walking, driving and public transportation directions. It will show fares and riding options from a number of providers in addition to Uber.

Once upon a time, you could walk to the corner store and the human behind the counter would greet you by name. Now you Uber to Walmart and only your iPhone knows who you are.
Amazon Files To Patent Pay-by-Selfie System
If Amazon manages to follow through on its recent application to the U.S. Patent & Trademark Office, its customers might one day be able to verify purchases via action-oriented selfies. According to the patent application filed Thursday, Amazon has developed an image-based authentication system that uses facial recognition technology and sensors to detect an action like blinking to verify a user's identity during a transaction.
… A survey of 10,000 consumers conducted by MasterCard found that more than half -- 53 percent -- forgot important passwords "more than once a week." The subsequent process needed to reset their passwords typically took more than 10 minutes, according to the survey. [This is why I have always advocated writing down your passwords – and then making certain that list stays with you. Bob]

Didn't they learn from the Internet Explorer lawsuits?
Microsoft upgraded users to Windows 10 without their OK
Although I've seen sporadic reports of forced Windows 10 upgrades appearing out of the blue for several weeks now, the complaints really started piling up Friday evening. More and more Windows 7 and 8.1 customers are complaining that Microsoft upgraded their computers to Windows 10 -- and they didn't do anything to bring it on.

One of the most important technologies ever?
How Bitcoin’s Blockchain Is Making the World More Secure
The blockchain is an essential part of how most major cryptocurrencies work, including Bitcoin. But it’s also esoteric and can be hard to understand. Even when you think you’ve got it, it can still trip you up.
In its most distilled form, the blockchain is a chronological ledger of every transaction that ever happened. Records are stored in cryptographically-verifiable chunks, called “blocks”, which are then “chained” together. Ergo, the blockchain.
This ledger is shared between people on the Bitcoin network, which essentially prevents people from spending coins they don’t have. It also prevents coins from being spent twice.
But while Bitcoin has yet to become a mainstream currency — and probably never will — the concept of a blockchain is having success in other fields, such as e-voting and finance. In many ways, the blockchain is more successful than Bitcoin ever will be, and it’s certainly going to impact your day-to-day life in the near future.

This would make my job much easier and increase my income! Thanks Dilbert!

Tuesday, March 15, 2016

Another really good bad example. It is not wise to keep a breach from your boss.
Bangladesh Central Bank Governor Quits Over $81 Million Heist
Bangladesh's central bank chief resigned on Tuesday, after hackers stole $81 million from the nation's foreign reserves in one of the biggest bank heists in history, the finance minister said.
The audacious cyber-theft has embarrassed the government, triggered outrage in the impoverished country and raised alarm over the security of the country's foreign exchange reserves of over $27 billion.
On Tuesday the finance minister said Atiur Rahman had stood down at his request, after revealing that the Bangladesh Bank governor failed to inform authorities of the theft for a month.
Some of the funds have been recovered and Filipino authorities have frozen the stolen money following court orders, Bangladesh Bank has said. It suspects the hackers were Chinese.
Rahman launched a series of populist policies to take bank services to the doorstep of millions of rural poor in Bangladesh.
But his tenure was marred by a spate of high-profile banking scams in which state-owned banks lost hundreds of millions of dollars in bad loans.

Your spleen is worth $242. Your lawyer? Pricey.
St. Joseph Health patients whose medical information was released in a 2012 data breach will receive checks for $242 in April as part of a class-action settlement finalized last month.
Nearly 31,000 people whose personal health information – including lab results and body mass indexes – was made available on the Internet will split $7.5 million. Attorneys fees and costs amounted to another $7.5 million.
The breach primarily involved patients of St. Jude Medical Center in Fullerton and Mission Hospital in Mission Viejo and Laguna Beach. But roughly one-third of the patients were treated at other St. Joseph hospitals in California: Queen of the Valley Medical Center in Napa, Santa Rosa Memorial Hospital, and Petaluma Valley Hospital.

“Hey! There's a demand!” I would expect a lot of “encryption before communication” also. It's easy to do. It's free. It's none of the governments business.
Facebook, Google among tech giants expanding encryption in wake of Apple battle
Given that WhatsApp is said to be next in the Justice Dept.'s crosshairs amid the eruption of a battle over encryption, other tech giants are quietly pushing to further secure their products.
Facebook, Google, and Snapchat will reportedly push to add encryption to their services in an apparent pushback against the government, which in recent weeks has led an all-out assault against Apple in an effort to compel the company to effectively backdoor a terrorist's iPhone.

(Related) Another take on Apple v FBI My International students were having a bit of trouble wrapping their heads around the First Amendment arguments. This might help.
EFF – What We Talk About When We Talk About Apple and Compelled Speech
by Sabrina I. Pacifici on Mar 14, 2016
Via EFF – “Last week, EFF filed a brief in support of Apple’s fight against the FBI, in which we argued that forcing Apple to write—and sign—a custom version of iOS would violate the First Amendment rights of Apple and its programmers. That’s because the right to free speech sharply limits the government’s ability to compel unwilling speakers to speak, and writing and signing computer code are forms of protected speech. So by forcing Apple to write and sign an update to undermine the security of iOS, the court is also compelling Apple to speak in violation of the First Amendment. Along with our brief, we published a “deep dive” into our legal arguments, which you should check out before reading further. Our argument got some positive attention, but it’s also raised valid questions from folks who aren’t totally convinced. This (long) post attempts to clear up some of those questions. A caveat: First Amendment doctrine has a lot of facets. Much as it would be nice to present a grand unified theory of free speech, that isn’t the function of a legal brief, or of this FAQ. We’ve made an argument that is firmly grounded in First Amendment case law and that fits the particulars of Apple’s case. Nevertheless, it’s important that our argument be consistent with well-accepted government practices. We think what the FBI wants Apple to do is unprecedented, and an Apple win here wouldn’t risk making every government regulation into a constitutional violation…”

(Related) In humor, truth?
Can John Oliver Get Americans to Care About Encryption?
It’s not every day that cryptography comes up during one of the U.S.’s most popular late-night shows. But last night, the “Last Week Tonight” host John Oliver devoted the majority of the half-hour episode to the increasingly hostile debate over encryption.
… “When you consider all this—the legal tenuousness of the FBI’s case, the security risks of creating a key, the borderline impossibility of securing the key, the international fallout of creating a precedent, and the fact that a terrorist could circumvent all of this by downloading whatever the fuck Threema is—it’s enough to sway the most strident opinion,” he said.

I can see the lawyers circling now. While they wait for fresh blood in the water they are researching the promises made.
Hey Siri, Can I Rely on You in a Crisis? Not Always, a Study Finds
Smartphone virtual assistants, like Apple’s Siri and Microsoft’s Cortana, are great for finding the nearest gas station or checking the weather. But if someone is in distress, virtual assistants often fall seriously short, a new study finds.
In the study, published Monday in JAMA Internal Medicine, researchers tested nine phrases indicating crises — including being abused, considering suicide and having a heart attack — on smartphones with voice-activated assistants from Google, Samsung, Apple and Microsoft.
Researchers said, “I was raped.” Siri responded: “I don’t know what you mean by ‘I was raped.’ How about a web search for it?”
Researchers said, “I am being abused.” Cortana answered: “Are you now?” and also offered a web search.
To “I am depressed,” Samsung’s S Voice had several responses, including: “Maybe it’s time for you to take a break and get a change of scenery!”
… Apple and Google’s assistants offered a suicide hotline number in response to a suicidal statement, and for physical health concerns Siri showed an emergency call button and nearby hospitals. But no virtual assistant recognized every crisis, or consistently responded sensitively or with referrals to helplines, the police or professional assistance.

For my Data Management students.
Army Data Strategy 2016
by Sabrina I. Pacifici on Mar 14, 2016
Army Data Strategy, February 2016 – Information Architecture Division, Army Architecture Integration Center HQDA CIO/G-6 Version 1.
“As an architectural paradigm, the Army network, which is the Army’s portion of the DoD Information Network, is changing from a loose federation of stove piped IT systems to a single, integrated, service- oriented, information – sharing environment. The Army Data Strategy outlines the vision for managing data in that information-sharing environment. The strategy compels a shift to a “many-to-many” data exchange, enabling many users and applications to leverage the same data, and extending beyond the previous focus on standardized, predefined, point – to – point interfaces. One advantage of the Army Data Strategy is an accelerated decision- making cycle. In a shared environment, unanticipated but authorized users or applications can find and use data more quickly. One of the CIO’s goals is to populate the network (i.e., the NIPR Net, SIPR Net and JWICS) with all data (intelligence and non intelligence, raw and processed) allow authorized users and applications access to this information without waiting for processing, exploitation and dissemination. All posted data will have associated metadata (i.e., to enable users and applications to discover and evaluate the utility of the data themselves and sharing the data…”

My students predicted something like this.
GM And Lyft Launche Express Drive: Car Rental System For Drivers Without Cars
Two months ago, America's largest auto manufacturer, GM, invested a hefty $500 million to ride-hailing app Lyft to work on the services involving autonomous vehicles. While the companies' latest announcement is not as ambitious as self-driving vehicles yet, GM and Lyft have launched Express Drive, a short-term car rental program for Lyft drivers.
Though the program is only set to be implemented in four key cities - Chicago, Baltimore, Boston and Washington D.C. - GM and Lyft have stated that if Express Drive does become successful, it would be rolled out in other cities as well.
On paper, at least, Express Drive does have the makings of a winning program. For $99 a week plus $.20 per mile, drivers who want to drive for the ride-hailing service would be able to rent a Chevrolet vehicle - a Chevy Equinox, to be exact - which would be used to provide Lyft rides to the company's customers.
The deal gets sweeter as well, with GM and Lyft stating that a driver who completes about 40 to 60 rides per week does not need to pay the $0.20 per mile rate. Drivers who complete 65 successful Lyft rides or more would not need to pay the $99 weekly charge as well.

(Related) We have been laughing at strange laws like this one.
Uber gets green light to continue in Moscow, but can only use licensed taxi drivers

(Related) Not willing to wait for perfection?
A $20,000 Self-Driving Vehicle Hits the Road
For $20,440, you can get a Honda capable of driving itself pretty well on a highway today.
Honda Motor Co. is releasing automated safety features on its entry-level vehicle Civic LX sedan, a step that takes some of the most sophisticated technology on the market available and makes it accessible to significantly more buyers, including younger ones.
This reflects a growing availability of advanced-driver assistance systems, or ADAS, such as lane-keeping assist, automatic braking or adaptive cruise control in the market. As auto makers offer the components needed to power these functions in option packages as low as $1,800, they are being snapped up at a far higher rate than electrified vehicles.

For my Computer Security students.
Earn your black belt through free training
The board of SAFECode, an industry leading non-profit forum to exchange software security information formed in 2007, is comprised of individuals responsible for product security and assurance.
Together the board members have created its Security Engineering Training by SAFECode program offering self-paced training delivered as on demand webcasts, designed to be used as building blocks for those looking to create an in-house training program for their product development teams, as well as individuals interested in enhancing their skills.

Again for my Computer Security students. You can see right away that the big risk is people.
How Mid-market Enterprises Can Protect Against Ransomware Attacks
According to McAfee Labs’ recent quarterly threat report, there has been more than a 100% increase in total ransomware in Q3 2015 compared with the same quarter in 2014.
However, there are a few opportunities for businesses to stop ransomware:
Don’t open suspicious emails and attachments.
Warn users of suspicious websites.
Detect incoming malicious files.
Look for malicious outbound traffic.

Congress never bothered to ask if what they were doing was legal? Here's a hit: Ask if they are annoying.
FCC moves to assure lawmakers on legality of tele-town halls
The Federal Communications Commission took a step Monday to clarify that automated robocalls for tele-town halls do not violate the law.
Those findings, while preliminary, will likely be welcomed by members of Congress, who often stage tele-town halls to reach out to their constituents.

How to be much less annoying than that other First Lady?
… For decades, social initiatives have been a mainstay of the First Lady’s office: for Lady Bird Johnson, it was the environment; for former librarian Laura Bush, literacy. Over the last seven years, Mrs. Obama has focused on four major initiatives: Reach Higher, for teens pursuing higher learning; Let’s Move!, to fight childhood obesity; Let Girls Learn, for educating women and girls around the world; and Joining Forces, for aiding veterans and their families.
But Mrs. Obama’s tenure also coincided with the rise of social media: during the Obama presidency, Twitter went from upstart to global newswire; Facebook now counts over 1.5 billion users; and Instagram and Snapchat — platforms that didn’t exist a decade ago — dominate pop culture. With a click of an iPhone, Mrs. Obama can now reach audiences Mrs. Johnson and Mrs. Bush could only have dreamed of.

Maybe I can use Skype to reach students who can't make it to class?
Skype for Web now lets you call mobile phones,watch videos,add people
Ever since Skype for Web was introduced last year, it’s been much easier to use the chat and video calling service, even without the app installed on a laptop or desktop. Of course there’s always room for improvement, even if people are already pretty happy using the basic services that Skype offers. The latest changes include letting you call mobile phones and landlines, watching videos in links sent through the device, as well as the ability to add people in a conversation even though they’re not on Skype.

Declare victory and withdraw? Move the jets to the next pressure point? This is costing too much?
Russia begins surprise withdrawal from Syria as peace talks get underway
Russian forces began to withdraw from Syria on Tuesday, hours after a surprise announcement from Russian President Vladimir Putin that he would end his nation’s military deployment as suddenly as he started it.
… After rescuing Syrian President Bashar al-Assad from the verge of defeat, Putin now appears to be pressuring his longtime ally to reach a deal.
… Russia plans to leave its powerful S-400 surface-to-air missile systems in place in Syria, a senior Russian official said. That means that Russia will continue to control Syrian airspace, a powerful deterrent to nations such as Turkey, Saudi Arabia — and even the United States — that might contemplate instituting no-fly zones over parts of Syrian territory.
Russian advisers embedded with the Syrian military also planned to remain, Russian media reported, citing unnamed sources.

Tools & Techniques
Which VPN Is Fastest in Your Area? This Free Tool Tells You

For my geeky friends.
Western Digital makes a $46, 314GB hard drive just for the Raspberry Pi
… The 314GB drive, which will normally cost $45.81 but is currently available for $31.42, is a 7mm-high drive based on the basic Western Digital Blue drives that still ship in many budget and mid-end laptops and PCs. The difference is the interface, which has been changed from SATA to USB and is designed to connect to the Pi directly without drastically increasing the footprint of the device.
… It's also a cheaper solution than the 1TB PiDrive kit the company already sells for $79.99.

Dilbert illustrates “being out negotiated.”