Saturday, April 09, 2016

For debate in my Computer Security class. 
U.S. to Keep Pushing Apple to Unlock iPhone in New York Case
   The new filing shows that while the political heat surrounding the encryption issue may have dimmed with the end of the San Bernardino case, the government is pushing ahead with its legal strategy.  By continuing to fight the Brooklyn case, the Justice Department hopes to win one or more court rulings upholding its authority to compel companies like Apple to assist in investigations by opening devices or decrypting data.
Lawyers for Apple said they were disappointed but not surprised by the government’s move, and that the courts should be skeptical about the government’s claims of needing Apple’s help to open phones, given what happened in the San Bernardino case.  The Apple lawyers said they want government officials to provide much more detail about investigators’ efforts to open the New York phone.
An Apple lawyer said the company plans to try to force the government to answer specific questions about its phone-hacking efforts, including what companies and government agencies it has consulted with and what methods it has tried.  It wants officials to explain why they believe only Apple can open the phone.
   In the drug case, Magistrate Judge James Orenstein ruled that the U.S. didn’t have the authority to force Apple to help them access data on the phone.  The Justice Department wants Judge Brodie to review the issue.


Our continuing quest to replace lawyers with Siri, Cortana, or some other software based personal assistant.
ABA Journal – How artificial intelligence is transforming the legal profession
by Sabrina I. Pacifici on
Julie Sobowale: “…Artificial intelligence is changing the way lawyers think, the way they do business and the way they interact with clients.  Artificial intelligence is more than legal technology.  It is the next great hope that will revolutionize the legal profession.  Change can be brought on through pushing existing ideas.  What makes artificial intelligence stand out is the potential for a paradigm shift in how legal work is done.  AI, sometimes referred to as cognitive computing, refers to computers learning how to complete tasks traditionally done by humans.  The focus is on computers looking for patterns in data, carrying out tests to evaluate the data and finding results.  Chicago-based NexLP, which stands for next generation language processing, is creating new ways for lawyers to look at data…”


A resource for CJ students.
The Record – Your Guide to the Criminal Justice System
by Sabrina I. Pacifici on
The Marshall Project is a nonprofit news organization that focuses on the American criminal justice system.  Our mission is to create and sustain a sense of urgency about criminal justice in America.  We aim at all times for accuracy, fairness, and impartiality.  Our repertoire includes deep investigative projects, narratives and profiles that put a human face on criminal justice, explanatory and contextual pieces, along with guest commentary and voices from inside the system.  And we partner with a diverse array of media organizations to amplify our message… What are records?  Since 2014, The Marshall Project has been curating some of the best criminal justice reporting from around the web.  In these records you will find the most recent and the most authoritative articles on the topics, people and events that are shaping the criminal justice conversation.”  Users may search by subject or browse by topic.


Because I can never have enough tools.
FIRST LOOK: Vivaldi 1.0, the new web browser for the old school
   The team behind Vivaldi, including Opera browser co-creator Jon von Tetzchner, is hoping that their new browser’s blend of throwback functionality and modern tech will catch on. You can download Vivaldi here on Macs, Windows or Linux


Interesting resource.  You would think all youngsters know how the Internet works… 
Mozilla Releases an Interactive Web Literacy Map
I was recently contacted by the Mozilla Foundation with news about their recently released interactive guide to teaching web literacy.  Mozilla's interactive web literacy map is based on three main components of web literacy; reading, writing, and participating.  Each of those elements is linked to smaller, supporting components.  Clicking on any component of Mozilla's interactive web literacy map will lead you to a definition for that component.
Mozilla's web literacy map is a handy guide to basic definitions of web literacy and the map does a nice job of showing how all of the components are connected.  The real value of the web literacy map is found when you click into Mozilla's web literacy teaching activities.
Mozilla's web literacy teaching activities page contains eighteen sections offering dozens of lesson on everything from basic web literacy like protecting privacy on the web to advanced topics like writing Javascript.  There is even a section of lessons designed for teaching web literacy in classrooms in which not every student has access to a computer.
Applications for Education
Mozilla's web literacy teaching activities page offers lessons suitable for use with students of all ages.  Should find that the lessons are too difficult or too easy for your students go ahead and modify it to fit your needs.  Mozilla offers some tools that you can use in building and sharing your own web literacy learning activities.


This is interesting.  Let my students do all the work!
Snapchat Explained by Students to Teachers
Jenn Scheffer and her students at Burlington Public High School run a great tech help desk blog for teachers and students.  This week they tackled an app that is still a mystery to many educators, Snapchat.  I encourage any teacher, administrator, librarian, or parent who doesn't understand Snapchat to take some time to read the BPHS Help Desk blog post about Snapchat and watch the video overview of how it works.


Still amusing.
Hack Education Weekly News
   Via the Drinks Business blog: “Italy has drafted a bill that would see children as young as six take lessons in wine at primary school, with one hour a week dedicated to ‘wine culture and history’.”
   Inside Higher Ed reports that “Several civil liberties and academic freedom organizations have sent the U.S. Education Department a letter urging it to avoid decisions or policies that would punish colleges that do not ban Yik Yak.”
   According to the AP, “The state’s top education official says a computer glitch erased answers on about 14,220 standardized tests taken by Texas high school students.”
   Via htxt.africa: “City of Joburg wants to give 25 000 residents free access to online learning by June.” (That’s Johannesburg, South Africa, which is investing heavily in free WiFi at public libraries.)

Friday, April 08, 2016

Easy as writing an email. 
Cyber fraudsters reap $2.3 billion through email wire-transfer scams
Businesses have lost billions of dollars to fast-growing scams where fraudsters impersonate company executives in emails that order staff to transfer to accounts controlled by criminals, according to the U.S. Federal Bureau of Investigation.
Losses from these scams, which are known as “business email compromise,” totaled more than $2.3 billion from October 2013 through February of this year, the FBI said in an alert issued this week, citing reports to law enforcement agencies around the globe.


Interesting and probably legitimate request.
Matthew Renda reports:
A federal judge denied Anthem’s request for access to computers of former customers who accuse the insurance giant of failing to protect their personal information in an enormous data breach last year.
Anthem filed a motion seeking permission to access plaintiffs’ computers, smartphones and tablets to image and copy them to determine whether the data breach or embedded malware was responsible for the potential harm that could include identity theft and tax problems.
Read more on Courthouse News.
[From the article: 
"This was a state-sponsored cyber attack," Hogan said.  "The attackers were not selling their information to the deep and dark Web, where people buy Social Security numbers."
China is believed to be behind the cyber attack, though it has denied responsibility.


For my Computer Security students.  The cost of poor security?
The law firm of Bryan Cave has issued its 2016 Data Breach Litigation Report.  From their Executive Summary, some of their key findings:
  • 83 cases were filed during the Period.  This represents a nearly 25% decline in the quantity of cases filed as compared to the 2015 Data Breach Litigation Report (the “2015 Report”).
  • When multiple filings against single defendants are removed, there were only 21 unique defendants during the Period.  This indicates a continuation of the “lightning rod” effect noted in the 2015 Report, wherein plaintiffs’ attorneys are filing multiple cases against companies connected to the largest and most publicized breaches, and are not filing cases against the vast majority of other companies that experience data breaches.  As with the overall quantity of cases filed, the quantity of unique defendants also declined as compared to the 2015 Report; approximately 16% fewer unique defendants were named in litigation.
  • Approximately 5% of publicly reported data breaches led to class action litigation.
  • Unlike in previous years, the medical industry was disproportionately targeted by the plaintiffs’ bar.  While only 24% of publicly reported breaches related to the medical industry, nearly 33% of data breach class actions targeted medical or insurance providers.4 
Click here to read the full report.


For students writing papers in the 21st Century. 
7 Fascinating Ways Researchers Are Using Social Media


Keep current.
Mintz Levin has updated its convenient chart of state breach notification laws.  Read more here. I’ve already downloaded my copy of their updated chart to keep on my desktop.


I always wanted a Rembrandt (and we have 3D printers at school) 
A.I. just 3D-printed a brand-new Rembrandt, and it's shockingly good
   A new "Rembrandt" painting unveiled in Amsterdam is not the work of the Dutch master Rembrandt van Rijn at all, but rather the creation of a combination of technologies including facial recognition, A.I., and 3D printing.
Essentially, a deep-learning algorithm was trained on Rembrandt's 346 known paintings and then asked to produce a new one replicating the artist's subject matter and style.  Dubbed "The Next Rembrandt," the result is a portrait of a caucasian male, and it looks uncannily like a work by the Dutch master.


Ain’t technology wonderful?
'Keurig For Craft Beer' Maker Introduces Its Smart Wine Dispenser That Pours The Perfect Glass And Learns Your Palate

Thursday, April 07, 2016

I share this with my Ethical Hacking students. 
James Temperton and Matt Burgess report:
The front-end computer systems of Mossack Fonseca are outdated and riddled with security flaws, analysis has revealed.
The law firm at the centre of the Panama Papers hack has shown an “astonishing” disregard for security, according to one expert.  Amongst other lapses, Mossack Fonseca has failed to update its Outlook Web Access login since 2009 and not updated its client login portal since 2013.
Mossack Fonseca‘s client portal is also vulnerable to the DROWN attack, a security exploit that targets servers supporting the obsolete, insecure SSL v2 protocol.  The portal, which runs on the Drupal open source CMS, was last updated in August 2013, according to the site’s changelog.
Read more on Wired.


I also share this with my Ethical Hacking students.  They will probably make more money defending than attacking.  Probably.
Hackers Will Break Into Email, Social Media Accounts for Just $129
   Dell says almost any type of data or cybercriminal service is available for sale: credit card data, online banking accounts, malware, hacking services, tutorials, online payment accounts, hotel points, and the like.
According to Dell’s new report (PDF) on the underground hacker market, those interested in hiring a hacker to compromise a Gmail, Hotmail, or Yahoo account only have to pay $129 for the service.  Popular U.S. social media and Ukrainian email accounts are priced the same, popular Russian email accounts range between $65 and $103, while Russian social media accounts are priced higher, at $194.


Update.
Judge approves settlement in Sony Pictures hacking case
A judge on Wednesday approved a multimillion dollar settlement in a class-action lawsuit filed by former Sony Pictures Entertainment employees whose private information was stolen in a massive data breach.
The U.S. government blamed the hack on North Korea in an attempt to derail the release of the North Korean-focused comedy "The Interview."
U.S. District Judge R. Gary Klausner approved the agreement that gives roughly 437,000 people impacted by the breach identity theft protection from the time of the 2014 hack through 2017.
Under the deal, Sony agreed to provide identity theft protection - as well as an optional service that will cover up to $1 million in losses - and create a fund to cover any additional losses.


The next fight of the ignorant? 
Overnight Tech: Senators spar over WhatsApp encryption
Republican Sen. Tom Cotton (Ark.) was outraged by the move, saying that "the WhatsApp and Facebook decision to add end-to-end encryption to all of WhatsApp's services with no secure method to comply with valid search warrants continues a dangerous trend in the tech and data world."
"We cannot allow companies to purposefully design applications that make it impossible to comply with court orders," he continued.
"I strongly urge WhatsApp and Facebook to reevaluate their decision before they help facilitate another terrorist attack.
But Democratic Sen. Ron Wyden (Ore.) defended the company in his own letter.  "This is a significant step to strengthen online security for millions of people worldwide," Wyden said.  "While some continue to spread fear about modern technology, the fact is strong encryption is essential to Americans' individual security."

(Related)  Staying out of the mud?
Mark Hosenball and Dustin Volz report:
The White House is declining to offer public support for long-awaited legislation that would give federal judges clearer authority to order technology companies like Apple to help law enforcement crack encrypted data, according to sources familiar with the discussions.
The Obama administration’s refusal to either endorse or oppose legislation from Senators Richard Burr and Dianne Feinstein, the Republican chair and top Democrat respectively of the Senate Intelligence Committee, stems in part from ongoing divisions among various federal agencies over encryption, the sources said.
Read more on Reuters.


Interesting.  Are they sure? 
FBI says hack tool works only on iPhone 5c
   The tool does not work on the iPhone 5s or 6, so it addresses only a "narrow slice" of iPhones, Federal Bureau of Investigation director James Comey said late Wednesday at Kenyon College.
The government is considering whether it should disclose to Apple the flaw that aided the hack: "We just haven't decided yet," he said at the Ohio college's Center for the Study of American Democracy.


Europe is leading the way!
Platoons of autonomous trucks took a road trip across Europe
Six vehicle manufacturers just proved that self-driving trucks are perfectly capable of driving across a whole continent.  These companies, including Volvo and Daimler, participated in the European Truck Platooning challenge organized by the Dutch government.  "Truck platooning" is the term used when a fleet of autonomous trucks closely follow one another on the road.  Since the rigs behind the first ride in its slipstream, they tend to use less fuel and emit less carbon dioxide.
The self-driving rigs started their journey from different parts of Europe and ended in the Port of Rotterdam in the Netherlands.


The same formulas I use in my Spreadsheet Budgets.  Aren’t my students lucky?
Take the same finance class the NFL gives its players
The NFL held its second annual Personal Finance Camp for players from April 4 to 7 in Fort Lauderdale, Fla.  The first session, “Funding an Uncertain Lifespan,” was led by Patrick Kerney, who played in the NFL for 11 years and is now director of business development at National Fire & Casualty Investments.  After retiring from the league, he got his MBA at Columbia University and was the vice president of player benefits at the NFL.
Here’s the slideshow he used in the class, which focused on staying ahead of inflation and the importance of controlling what you can: Where you live, what you spend, what level of goods and services you purchase, and realizing the difference between what you want to buy and what you need to buy.


We don’t offer this as a class, yet.
How to Keep Up with the Trends on Social Media
Modern journalists always have an eye on social media to see which stories are trending and why.  Do you want to track social media trends like the professionals do?
Tracking trending topics on social media is beneficial for news-gathering, and can really help you learn more about topics you’re interested in.


Making my students more secure. 
The 5 Best Alternatives To Google Authenticator
I have been interested for quite some time now about the importance of two-factor authentication – 2FA – (or two-step authentication).
   you will need a good smartphone authentication app to generate the codes to get into your account.  Today, we will look at five possibilities.  Others have been tried, tested, and ultimately discarded; these survived the rigorous testing at O’Neill Labs, helped by my assistant, Beaker.


For the students in my spreadsheet class. 
Need to Learn Excel? 10 Experts Will Teach You for Free!
   In the past, we’ve recommended places where you can learn the basics of Excel.  With these basics covered, you’ll be able to use Excel’s main data storage, organization, and manipulation features.  We’ve also listed resources for figuring out Excel formulas, and the types of charts you should be using.
But if you want to take your knowledge even further, you’ll need reliable Excel specialists, who are willing to share their growing, in-depth knowledge of this program with you.
The following ten Excel gurus fit this description perfectly.  Each guru regularly publishes step-by-step tutorials that walk you through these more advanced Excel features that you could otherwise be wrestling with for weeks.


Stay current.
The Best Programming Newsletters for Every Kind of Developer
   The true value of a programming newsletter: the fact that it has been curated by someone who knows the topic inside and out.  This means you don’t have to waste your own precious time keeping up with hundreds of sites and sorting through the mess to find the occasional gems.
And the best part?  All of the following newsletters are free.

Wednesday, April 06, 2016

No details, but an interesting admission if true.

Mossack Fonseca: we were hacked

On April 4, the Panamanian law firm at the center of a huge scandal issued a statement saying, among other things, that the media has misrepresented what they do, that everything they do is perfectly aboveboard, and they regret – but are not responsible for – any clients who may have misused their services despite their due diligence.
Yesterday, Reuters reported that the law firm announced that they were the victim of an external hack, and have filed a complaint with state prosecutors.
“We rule out an inside job.  This is not a leak.  This is a hack,” Fonseca, 63, said at the company’s headquarters in Panama City’s business district.  “We have a theory and we are following it,” he added, without elaborating.
“We have already made the relevant complaints to the Attorney General’s office, and there is a government institution studying the issue,” he added, flanked by two press advisers.
Read more on Reuters..


A depressing example of management inaction for my Computer Security students.

Hackers broke into hospitals despite software flaw warnings

Tami Abdollah reports:
The hackers who seriously disrupted operations at a large hospital chain recently and held some data hostage broke into a computer server left vulnerable despite urgent public warnings since at least 2007 that it needed to be fixed with a simple update, The Associated Press has learned.
The hackers exploited design flaws that had persisted on the MedStar Health Inc. network, according to a person familiar with the investigation who spoke on condition of anonymity because this person was not authorized to discuss the findings publicly.  The flaws were in a JBoss application server supported by Red Hat Inc. and other organizations, the person said.
Read more on Yahoo! 


So far, it does not look like a high priority effort.
Eric Markowitz reports:
The story of how the FBI finally tracked down notorious fugitive Lynn Cozart, using its brand-new, $1 billion facial recognition system, seems tailor-made to disarm even the staunchest of skeptics.
[…]
According to unreleased FBI data provided to IBT in February, the agency had, as of February, processed a total of 77,136 suspect photos and sent police 9,303 “likely candidates” since 2011.  The FBI would not comment on how many of those cases led to an arrest.
In many ways, the FBI’s biometric program is an extension of the modern-day surveillance technologies that are making average citizens increasingly uncomfortable.
Read more on IBT. 


Soon, everyone will be getting a visit from the FBI. 
Why WhatsApp's Encryption Embrace Is a Landmark Event
The news that Facebook’s WhatsApp now supports encryption across all its apps is nothing short of seismic.
   For privacy advocates, this marks an enormous victory that few would have predicted would come so soon after Snowden’s revelations.
The problem was this: Generally speaking, good end-to-end encryption, where users rather than service providers hold the keys, is a pain to use.  Most people don’t adopt technologies that aren’t easy to use.
Encrypted email has been around for decades, and once it is set up, it’s not that tricky.  But setting it up requires a degree of technical knowledge that most people do not have.
Recently, encrypted-messaging apps have made the process of protected communications much simpler.  However, none of them has the immense reach of WhatsApp, and security experts are suspicious of the quality of the technology in some of them, or the fact that some default (Telegram) or occasionally switch (iMessage) to non-encrypted modes.


The answer is clearly “yes,” so how do I invest? 
Meet Africa’s First Tech ‘Unicorn’ — Are More to Come?
While tech “unicorns” coming out of Silicon Valley are starting to sound like a dime a dozen, the first tech unicorn to come out of Africa, Africa Internet Group (AIG), is causing a stir.  Growing into a unicorn — a privately held technology company valued at $1 billion or more — is a significant milestone for AIG, says Wharton management professor David Hsu.
“It’s a highly visible, symbolic and substantive marker,” Hsu notes.  “It shows that there’s enough by way of demand, as well as a platform that [AIG] is able to put in place to justify that marker.”

Tuesday, April 05, 2016

This is why I have two full sections of Computer Security.  And apparently there isn’t much competition in the government sector. 
Lorenzo Franceschi-Bicchierai reports:
The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.
The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years.
Read more on Motherboard.
[From the article: 
This group of “persistent cyber criminals” is especially persistent.  The group is none other than the “APT6” hacking group, according to sources within the antivirus and threat intelligence industry.  There isn’t much public literature about the group, other than a couple of old reports, but APT6, which stand for Advanced Persistent Threat 6, is a codename given to a group believed to be working for the Chinese government.  


Nothing learned from the first one?  Those who do not study history are doomed to repeat it. 
Trump's Hotel Chain 'Faces Credit Card System Breach' – Again
Republican presidential candidate Donald Trump's string of luxury hotel properties, The Trump Hotel Collection, appears to be dealing with the second breach of its credit card systems in a year, KrebsOnSecurity reported on Monday.
According to the website, sources "noticed a pattern of fraud on cards that were all used at multiple Trump hotel locations in the past two to three months


MakeUseOf is normally an App promoter.  When they say something is wrong, it might pay to listen. 
5 Reasons Your Kids Shouldn’t Use After School App
   playground gossip – moved into the 21st Century in November 2014 with the launch of the After School app on iOS and Android.
Ominously, the app’s tagline says it provides “Funny anonymous school news for confessions and compliments”.  That alone should be enough to set parents’ alarm bells ringing.


I agree, but we’re likely to get one anyway because that’s what bureaucracies do.
We Don’t Need a Whole New Regulatory Regime for Platforms Like Uber and Airbnb
   So far, the theory behind this laissez-fair regulatory approach — which many in Silicon Valley are happy to endorse — is that platform companies define new markets for which regulators were not prepared, and as such can’t be regulated in the same way as legacy companies.  We believe, however, that these businesses have not redefined industries in a fundamental way; instead they are “old wines in new bottles.”  They have more similarities than differences with traditional businesses, and should be regulated accordingly.


Will this result in more traffic accidents as people “stream and drive?” 
Twitter Said to Win NFL Deal for Thursday Streaming Rights
Twitter Inc., making a strategic push into online programming, won a deal to show Thursday night National Football League games online, a person familiar with the matter said.
The social-media company was said to be bidding against a slate of heavyweights including Verizon Communications Inc., Yahoo! Inc. and Amazon.com Inc.
   The NFL, aware that a growing number of households are comfortable streaming video over the Internet, is using the digital rights for Thursday night games to reach so-called cord-cutters, as former cable-TV subscribers are known.
   The league is using Thursday night games, which draw smaller audiences than the contests on Sundays and Mondays, to experiment with different kinds of media, distribution models and technologies.  By the time the NFL’s biggest broadcast contracts expire in 2021, it will be prepared to sell a broad array of digital rights -- and make more money.


Imagine the porn industry as a copyright test case.  (Any excuse to imagine porn will do)
The Hidden Economics of Porn
   Pinsker: A distinguishing feature of tube sites is that a lot of their stuff is actually taken from other places—it’s pirated content. Is that a fair generalization?
Tarrant: Yes, and it's a huge problem within the industry because it's stolen, basically, and the tube sites are aggregators of a bunch of different links and clips, and they are very often pirated or stolen.  So then the folks who made the content can go after them, and they do, but you have to have a lot of time and money and resources to stay on top of that.


Worth looking at.
Website Seeks to Make Government Data Easier to Sift Through
For years, the federal government, states and some cities have enthusiastically made vast troves of data open to the public.  Acres of paper records on demographics, public health, traffic patterns, energy consumption, family incomes and many other topics have been digitized and posted on the web.
This abundance of data can be a gold mine for discovery and insights, but finding the nuggets can be arduous, requiring special skills.
A project coming out of the M.I.T. Media Lab on Monday seeks to ease that challenge and to make the value of government data available to a wider audience.  The project, called Data USA, bills itself as “the most comprehensive visualization of U.S. public data.”  It is free, and its software code is open source, meaning that developers can build custom applications by adding other data.


Dilbert on communications?

Monday, April 04, 2016

Well, a kleptocracy should be good at laundering money. 
What the 'Panama papers' mean for Putin
The massive anonymous leak of financial documents on Sunday has left political experts contemplating what it could mean for Russia ahead of elections this year.
   Russia's president, Vladimir Putin, is not named in the documents, but there are allegations of a billion-dollar money-laundering ring controlled by a Russian bank that has links to associates of the Russian leader.  The International Consortium of Investigative Journalists (ICIJ), one of the teams that has been analyzing the data, told CNBC the papers show Putin's close aides were involved in a $2 billion money trail with offshore firms and banks.

(Related)         Also, another theft of “secure” information from a major law firm.   
The Guardian and partners analyze huge tranche of documents on offshore tax regimes
by Sabrina I. Pacifici on
“The hidden wealth of some of the world’s most prominent leaders, politicians and celebrities has been revealed by an unprecedented leak of millions of documents that show the myriad ways in which the rich can exploit secretive offshore tax regimes.  The Guardian, working with global partners, will set out details from the first tranche of what are being called “the Panama Papers”.  Journalists from more than 80 countries have been reviewing 11.5m files leaked from the database of Mossack Fonseca, the world’s fourth biggest offshore law firm…”


It could happen here. 
Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?
Seen online after a subsequently-deleted tweet called attention to it:
This paste with a link to a 6.6 GB file, purportedly containing clear-text information on 49,611,709 Turkish citizens, including the following details:
  • National Identifier (TC Kimlik No)
  • First Name
  • Last Name
  • Mother’s First Name
  • Father’s First Name
  • Gender
  • City of Birth
  • Date of Birth
  • ID Registration City and District
  • Full Address
An IP lookup places the IP in Iceland, with the owner as Flokinet Ehf, website: twistednetworks.net.
The hackers left a terse message:
Lesson to learn for Turkey:
Bit shifting isn’t encryption.
Index your database.  We had to fix your sloppy DB work.
Putting a hardcoded password on the UI hardly does anything for security.
Do something about Erdogan!  He is destroying your country beyond recognition.
Lessons for the US?  We really shouldn’t elect Trump, that guy sounds like he knows even less about running a country than Erdogan does.
The paste also contained the personal information on Erdogan and Davutoglu, which DataBreaches.net is not reproducing here.
DataBreaches.net did not download the massive database, and it’s not yet clear if these are old data from 2009 from a previous breach, a possibility raised by coverage of another leak noted on Daily Dot in February.  If anyone can confirm whether these are old data or new data, please let me know.


The law says she is wrong.  Should the law change?
Michael S. Rosenwald reports:
Alexandra Elbakyan is a highbrow pirate in hiding.
The 27-year-old graduate student from Kazakhstan is operating a searchable online database of nearly 50 million stolen scholarly journal articles, shattering the $10 billion-per-year paywall of academic publishers.
Elbakyan has kept herself beyond the reach of a federal judge who late last year issued an injunction against her site, noting that damages could total $150,000 per article — a sum that Applied and Computational Harmonic Analysis, a journal in her database, could help calculate.  But she is not hiding from responsibility.
Read more on Washington Post.
[From the article: 
Researchers sign over the copyright and provide their work, often taxpayer funded, free to publishers who then get other researchers to review the papers — also free.  The publishers then sell journal subscriptions — some titles cost more than $5,000 a year — back to universities and the federal government.  And if someone wants an article, that costs about $35, so that person is paying for the research and to read the results.
“That means that I, as a taxpayer, (am) paying for the research and paying again for the benefit of reading it,” a man who identified himself as John Dowd wrote to the White House Office of Science and Technology Policy as part of a forum on public access.  “This seems patently unfair.” [A pun and a possible solution in one?  Bob]

(Related) 

28% of Piracy Takedown Requests Are “Questionable”

   In 2008, the search engine received only a few dozen takedown notices during the entire year, but today it processes two million per day on average.
   This week, researchers from Columbia University’s American Assembly and Berkeley published an in-depth review of the current takedown regime, with one study zooming in on the millions of takedown requests Google receives every week.
Using data Google provides to the Lumen database, the researchers reviewed the accuracy of more than 108 million takedown requests. The vast majority of these, 99.8%, targeted Google’s web search.
According to the researchers their review shows that more 28% of all requests are “questionable.”  This includes the 4.2% of notices in which supposed infringing material is not listed on the reported URL.


Should make life easier for the court, but now congress will feel obligated to re-visit all those laws and regulations.
The Power Canons
by Sabrina I. Pacifici on Apr 3, 2016
Heinzerling, Lisa, The Power Canons (March 31, 2016). William & Mary Law Review, Vol. 58, Forthcoming. Available for download at SSRN: http://ssrn.com/abstract=2757770
With three recent decisions – UARG v. EPA, King v. Burwell, and Michigan v. EPA – the Supreme Court has embraced a new trio of canons of statutory interpretation.
When an agency charged with administering a long-existing statute asserts regulatory authority it has not previously used, in a matter having large economic and political significance, its interpretation will be met with skepticism.
When an agency charged with administering an ambiguous statutory provision answers a question of large economic and political significance, one central to the statutory regime, and the Court believes the agency is not an expert in the matter, the Court may ignore the agency’s interpretation altogether.
And when an agency charged with administering a statute interprets an ambiguous provision to permit the agency not to consider costs before deciding to regulate, the agency will likely lose as having acted unreasonably.
In each of these cases, the Court put Congress on notice that it would need to speak clearly if it wanted to give administrative agencies interpretive authority over certain kinds of decisions.


Maybe Hillary had a point?  (Perhaps security by dis-belief: “They can’t really be using Windows 3.1, can they?”) 
Technology Upgrades Get White House Out of the 20th Century
   Until very recently, West Wing aides were stuck in a sad and stunning state of technological inferiority: desktop computers from the last decade, black-and-white printers that could not do double-sided copies, aging BlackBerries (no iPhones), weak wireless Internet and desktop phones so old that few staff members knew how to program the speed-dial buttons.
On Air Force One, administration officials sent emails over an air-to-ground Internet connection that was often no better than dial-up modems from the mid-1990s.


I wonder if Apple or Microsoft or whoever would fund research to create a “Homework helper” (for Mom & Dad)  
Siri gets smarter with baseball-related questions
Indeed, as The Verge reports, Siri now seems able to access new data and resources when responding to questions about baseball.  “It can answer questions about more detailed statistics, according to Apple, including historical stats going back to the beginning of baseball records,” the publication explains.  It’s also possible to get career stats, and information on other leagues.  As before, in order to gain these insights from Siri, it’s as simple as holding the Home button and asking a question.  Those of you with Apple’s latest iPhones will even be able to use the hands-free “Hey Siri” command.

Sunday, April 03, 2016

Sadly, I think there are only two parties here in the US that would want to hire this guy.
How to Hack an Election
It was just before midnight when Enrique Peña Nieto declared victory as the newly elected president of Mexico.
   When Peña Nieto won, Sepúlveda began destroying evidence.  He drilled holes in flash drives, hard drives, and cell phones, fried their circuits in a microwave, then broke them to shards with a hammer.  He shredded documents and flushed them down the toilet and erased servers in Russia and Ukraine rented anonymously with Bitcoins.  He was dismantling what he says was a secret history of one of the dirtiest Latin American campaigns in recent memory.
For eight years, Sepúlveda, now 31, says he traveled the continent rigging major political campaigns.  With a budget of $600,000, the Peña Nieto job was by far his most complex.  He led a team of hackers that stole campaign strategies, manipulated social media to create false waves of enthusiasm and derision, and installed spyware in opposition offices, all to help Peña Nieto, a right-of-center candidate, eke out a victory.s


Local.  (Every politician claims their solution is the best, toughest, “most excellent,” etc. 
Shaun Boyd reports that State Rep. Alec Garnett and State Rep. Paul Lundeen have teamed up on a bipartisan student privacy bill that
would define “what is the data that’s being collected, who can see it, what can they do with it, who can they share it with and under what circumstances can it be shared, and how we protect it.
[…]
The bill would specifically prohibit companies from creating profiles, selling data or using it to target advertising. School districts would also be required to post which digital companies’ apps they are using in classrooms.
Read more on CBS.
The bill is HB16-1423, the “STUDENT DATA TRANSPARENCY AND SECURITY ACT.”  I’ve only skimmed it so far, but it does appear to have some strong provisions.


This is something I have not seen before.
Paper – Notice and Takedown in Everyday Practice
by Sabrina I. Pacifici on Apr 2, 2016
Urban, Jennifer M. and Karaganis, Joe and Schofield, Brianna L., Notice and Takedown in Everyday Practice (March 29, 2016). Available for download at SSRN: http://ssrn.com/abstract=2755628
“It has been nearly twenty years since section 512 of the Digital Millennium Copyright Act established the so-called notice and takedown process.  Despite its importance to copyright holders, online service providers, and Internet speakers, very little empirical research has been done on how effective section 512 is for addressing copyright infringement, spurring online service provider development, or providing due process for notice targets.  This report includes three studies that draw back the curtain on notice and takedown:
1.      using detailed surveys and interviews with more than three dozen respondents, the first study gathers information on how online service providers and rightsholders experience and practice notice and takedown on a day-to-day basis;
2.       the second study examines a random sample from over 100 million notices generated during a six-month period to see who is sending notices, why, and whether they are valid takedown requests; and
3.       the third study looks specifically at a subset of those notices that were sent to Google Image Search.
The findings suggest that whether notice and takedown “works” is highly dependent on who is using it and how it is practiced, though all respondents agreed that the Section 512 safe harbors remain fundamental to the online ecosystem.  Perhaps surprisingly in light of large-scale online infringement, a large portion of OSPs still receive relatively few notices and process them by hand.  For some major players, however, the scale of online infringement has led to automated, “bot”-based systems that leave little room for human review or discretion, and in a few cases notice and takedown has been abandoned in favor of techniques such as content filtering.  The second and third studies revealed surprisingly high percentages of notices of questionable validity, with mistakes made by both “bots” and humans.
The findings strongly suggest that the notice and takedown system is important, under strain, and that there is no “one size fits all” approach to improving it.  Based on the findings, we suggest a variety of reforms to law and practice.”


For my Computer Security students.
DLA Piper has released its 2016 resource on data protection laws around the world.  From the abstract:
More than ever it is crucial that organisations manage and safeguard personal information and address their risks and legal responsibilities in relation to processing personal data, to address the growing thicket of applicable data protection legislation.
A well‑constructed and comprehensive compliance program can solve these competing interests and is an important risk‑management tool.
This handbook sets out an overview of the key privacy and data protection laws and regulations across nearly 100 different jurisdictions and offers a primer to businesses as they consider this complex and increasingly important area of compliance.
DLA Piper’s global data protection and privacy team has the deep experience and international reach to help global businesses develop and implement practical compliance solutions to the myriad data protection laws that apply to global businesses.
They also include some tools like, “Data Privacy Scorebox” and “Cybertrak.”
Access the resource online, here, or download it.


Dang!  It’s like they wrote my final exam. 
50 Must-Have Features for Small-Business Websites (Infographic)


More to teach, but how useful? 
How Microsoft Is Automating Business Chores
   Most businesses still think of Microsoft Office as a collection of software for creating documents, crunching numbers, or managing meetings.  Slowly but surely, however, the software giant is transforming it into a hub for managing all kinds of business chores—from scheduling group meetings to electronic signatures more efficiently.
Want to arrange for an Uber car to pick you up after your last meeting of the day? There’s an Outlook calendar app that allows you to do just that.
   So far, scenarios such as these have mostly been imaginary but more illustrations of Microsoft’s master plan for business process automation and collaboration emerged Thursday during its annual developer conference in San Francisco.
   One example involves an application being developed by Starbucks.  The coffee chain is writing software that gathers data from Microsoft’s Outlook calendar system and uses that knowledge to arrange for food to be delivered to your meeting—it figures out when and where.


For the History buffs.
Try the Google Newspaper Archive to Locate Old Articles and Images
Earlier this week I shared the U.S. News Map which is a database of newspapers that displays search results on a map of the United States.  The U.S. News Map is limited to the years of 1836 to 1925 and is limited to U.S. newspapers.  The Google News Newspaper archive offers a larger selection of newspapers both in terms of years and geography.  In the Google News Newspaper archive you can search for a specific newspaper, search for article titles, or as demonstrated below you can search for a topic. 


A clear indication that the internet has “arrived?”  
AP Stylebook announces changes to use of Internet and Web
by Sabrina I. Pacifici on
Effective June 1, 2016 with the launch of the new AP Stylebook, the word internet will be written in lowercase.  Per another tweet – “Also, we will lowercase web in all instances – web page, the web, web browser – effective June 1.”