Saturday, May 21, 2016
Something for my Ethical Hacking students to study very closely.
Now It’s Three: Ecuador Bank Hacked via Swift
A little-noticed lawsuit details a hacking attack similar to one that stole $81 million from Bangladesh’s central bank, saying cybercriminals stole about $9 million last year from a bank in Ecuador. The case suggests global bankers haven’t been sharing critical information to prevent such heists.
… In the January 2015 Ecuador hack, as with the Bangladesh case, hackers managed to get the bank’s codes for using Swift, the global bank messaging service, to procure funds from another bank, according to court papers.
A spokeswoman for Swift said Thursday that the network was never told of the earlier hack. “We need to be informed by customers of such frauds if they relate to our products and services, so that we can inform and support the wider community,” said spokeswoman Natasha de Teran. “We have been in touch with the bank concerned to get more information and are reminding customers of their obligations to share such information with us.’’
The Ecuadorean bank, Banco del Austro, filed a lawsuit in New York federal court this year, accusing Wells Fargo & Co. of failing to notice “red flags” in a dozen January 2015 transactions and to stop them before the thieves transferred about $12 million, most of it to banks in Hong Kong.
… According to that filing on behalf of Banco del Austro, or BDA, “For each of the unauthorized transfers, an unauthorized user, using the Internet, hacked into BDA’s computer system after hours using malware that allowed remote access, logged onto the Swift network purporting to be BDA, and redirected transactions to new beneficiaries with new amounts.”
Using that method, just before midnight on Jan. 14, 2015, a payment order made to a Miami company for less than $3,000 was altered to send $1.4 million to an account in Hong Kong, according to the court filing.
Let the lawsuits begin!
Worth re-visiting in light of the Supreme Court’s ruling in Spokeo v. Robins:
Consumers whose personal information was accessed in a cyberattack should not have to show someone stole their identities or ruined their credit to have standing to sue the hacked company, according to a friend-of-the-court brief filed in a federal appeals court.
Washington-based Electronic Privacy Information Center, or EPIC, asks the 3rd U.S. Circuit Court of Appeals to allow a class action against national payroll firm Paytime Inc. to move forward.
Read more on Legal Solutions Blog.
Previous coverage of the Paytime breach and updates linked from here.
(Related) I’m going to use that weed wacker bit.
Over on DataBreaches.net, I noted that there were already a few cases where defendants in data breach lawsuits were citing Spokeo v. Robins in seeking dismissal of the lawsuits.
Alison Frankel of Reuters subsequently blogged about the issue today, and mentioned yet a few more cases now rushing to the courts citing Spokeo. She writes:
It will be a long while until the lower courts decide who won Spokeo – but it is already clear that defendants in privacy class actions are going to wield the Supreme Court ruling like a weed wacker. In just the first few days after its issuance, the decision is already an issue in three privacy breach cases.
The three cases she cites involve Children’s National Health System (which I had also mentioned on DataBreaches.net), PayTime, and Conde Nast. If you include Barnes & Noble, which I had also cited today, that’s four cases so far.
Read more on Reuters.
I certainly would.
Defendants demand to see FBI's secret hacking tool
… Defendants have demanded to see details of the FBI's network investigative technique (NIT), the agency's name for the relatively recent hacking tool, in a handful of criminal cases, but the agency has refused to disclose the information.
… If the FBI shares the source code, its hacking tools may be compromised in future cases. But the U.S. Constitution's Sixth Amendment gives a defendant the right to confront his accusers and challenge their investigation.
Judge Robert Bryan of the U.S. District Court for the Western District of Washington wrestled with the competing interests in a case status order he issued in the U.S. v. Michaud case this week.
The defendant's request for the NIT source code "places this matter in an unusual position," Bryan wrote. "What should be done about it when, under these facts, the defense has a justifiable need for information in the hands of the government, but the government has a justifiable right not to turn the information over to the defense?"
… The FBI's strategy with NIT-aided investigations appears to involve hiding its use of hacking tools, and, in some cases, pressing for guilty pleas before defendants and their lawyers question the investigative techniques, said Nathan Freed Wessler, a staff attorney with the American Civil Liberties Union.
… "This is a classic example of the law not keeping up with technology," Goodnow said by email. "The law on the disclosure of source code is murky, at best."
… In addition, expect more defendants to challenge government hacking techniques, with their lawyers questioning whether the hacking exceeded the limits of a warrant, Goodnow added.
"When it comes to source code, defendants are going to argue that they have a constitutional right to explore whether the officer provided the judge with enough specificity about how evidence was being obtained and whether the obtained evidence is within the scope of that warrant," he said. "No code; no due process; no conviction -- at least that’s how the argument will go."
Just out of curiosity, why does the FBI need drone detection technology? Are they responsible for airport security? TSA can’t do the job?
The FAA has been testing the FBI's drone-detection system at JFK airport
… This week, the FAA said it had been conducting trials of a new drone-detection system built by the FBI, testing the technology at JFK airport in New York.
… That's about all we know though. It's not clear how successful the trials were, or what the FBI's drone-detection system consists of.
… Figuring out exactly how much of a threat drones are to commercial flights is also a tricky issue. Although reports from pilots of drones flying near airports and planes have gone up, some have suggested that at least part of this increase is due to objects being misidentified as drones. Last month, reports of a collision between a drone and an airplane in the UK turned out not to be true, with officials suggesting the object in question "may even have been a plastic bag."
If we never have the time to do things right, how is it that we always find the time to do things over?
Data Quality Should Be Everyone’s Job
All of us depend on data created elsewhere to do our work. In the face of errors, most people’s natural reaction is to correct such errors in the data they need — after all, when you’re dealing with a mountain of day-in, day-out demands, that seems the fastest, most efficient way to complete the task at hand. The problem is that finding and fixing flawed data soon becomes a permanent fixture. Writ large, it is expensive and time-consuming. Worst of all, it doesn’t work well: Too many errors leak through, rearing their ugly heads later on and leading to larger mistakes, bad decisions, and angry customers.
The alternative is to prevent errors at their sources, obviating the need to find and fix them. While this seems obvious enough, it simply doesn’t occur to most people.
No doubt Watson (The IBM tool to eliminate lawyers) will be listening.
Free Seminar – What Happens When Laws Become Open Data?
by Sabrina I. Pacifici on May 20, 2016
Center for Data Innovation – “Since President Obama’s first day in office, open data has been a major priority for the administration, and the United States has established itself as a world leader in open data. But until recently, legislative data—information about legislative activities, including bills and their status, lawmaker votes, committee meetings, public communications by members of Congress, lobbying information, and the products of legislative support agencies such as the Congressional Research Service—was rarely published as open data. This is changing. In late 2015, a bill was introduced to Congress to transform the Statutes at Large, the catalog of all laws enacted during a session of Congress, into freely accessible and machine readable open data. In February 2016, the Government Publishing Office began publishing bill status information in machine readable formats and making it available for bulk download. And in March 2016, the House and Senate introduced bills that would make Congressional Research Service reports publicly available. Like other types of open data, legislative data can serve as a platform for new products and services that enhance transparency, promote civic engagement, and fuel new business models. But open legislative data specifically offers unprecedented insight into the legislative process, making it easier than ever for the public to analyze legislative activities, monitor influence, and hold lawmakers accountable for their actions. Join the Center for Data Innovation for a panel discussion exploring the impact of open legislative data on the public and private sectors and identifying opportunities for both federal and state governments to better provide this data to unlock social and economic benefits.” [Via Kris Kasianovitz]
Tuesday, May 24, 2016, from 9:00-10:30 AM, 101 K Street NW, Suite 610, Washington, D.C., 20005.
U.S. Children On Average Receive Their Very First Smartphone At Age 10
… Would you believe that the average age a child is given their first phone is a mere 10.3 years old? Or how about the fact that 39% of kids aged 11.4 receive their first social media account?
I have been looking for something like this to serve as the basis for my spreadsheet class “funding your retirement” project.
Historical infographic maps returns of major asset classes over time
by Sabrina I. Pacifici on May 20, 2016
Chicago Booth CRSP (Center for Research in Security Prices) – “2016 the Big Picture illustrates the investment returns of major asset classes from 1926 onward. The animated chart will open at full screen.” [David vun Kannon]
We need a bigger 3D Printer…
3D Printed Electric Motorcycle from APWorks Looks Fragile, but It’s Deceptively Strong
If the University won’t allow us to use their servers…
10 Good Options for Creating Digital Portfolios - A PDF Handout
For the majority of readers of this blog the end of the school year is already here or will be here within a month. This is the time of year that I get a lot of requests for suggestions on digital portfolio tools. If you find yourself looking for a digital portfolio tool and or have colleagues asking for suggestions, take a look at the ten options featured in my PDF handout embedded below or grab the Google Docs copy.
The weekly silly.
Hack Education Weekly News
… “Colorado Education Commissioner Rich Crandall announced his resignation Thursday just four-and-a-half months into the job, shocking the state’s education community and roiling the state Department of Education as it embarks on a number of critical initiatives,” Chalkbeat Colorado reports.… Via KNN: “‘aisectmoocs.com’ launched as India’s largest free online open learning platform.” [Only India so far? Bob]
… Burlington College will close its doors, “citing longstanding financial woes,” according to The Chronicle of Higher Education. Here’s a different angle, via The Week: “Burlington College will close due to crushing debt incurred by Bernie Sanders’ wife, Jane Sanders.”
… Via the NiemanLab: “The Knight Foundation and Columbia University are partnering to launch a new organization focused on First Amendment research and litigation. Knight and Columbia will each commit $5 million in operating funds and $25 million in endowment funds (for an initial total of $60 million) to a new nonprofit affiliated with the university called the First Amendment Institute.”
… “Apple and Maine education officials are allowing school districts to trade in iPads for laptops after teachers and students say the computers are better for schoolwork,” according to The Sun Journal.
Friday, May 20, 2016
Gone already. I wanted this for our Ethical Hacking students and for the Computer Security club.
From the can-the-skids-be-far-behind dept.
Joseph Cox reports that “Phineas Fisher,” the anonymous individual also known as HackBack and GammaGroupPR, and who is reportedly responsible for the hack on Hacking Team, has released a tutorial video showing others how to attack police sites. I imagine the tutorial will not be up for long, but…
In this case, Phineas Fisher targeted a website of Sindicat De Mossos d’Esquadra (SME), or the Catalan police union. The data obtained, which was dumped by the hacker, appears to include names, bank details, and more personal details on police officers.
Most of the information, Phineas Fisher writes in the video’s description, is essentially public, but can be used to connect an officer to their badge number. The hacker also claimed to have temporarily defaced the police union’s Twitter account.
Read more on Motherboard.
I thought the FBI only shared this if police departments denied that it existed.
Julia Marsh reports:
The New York Civil Liberties Union is suing the NYPD for information because of privacy concerns over portable cell phone tracking devices called “Stingrays.”
In response to a previous request the NYPD has already said that cops have used Stingrays over 1,000 times since 2008 for investigations into robberies, drug cases and other legal matters.
The suit, filed in Manhattan Supreme Court Thursday, says the NYPD has no written policy governing the use of the “controversial, military grade [Really? Bob] technology” that has the “potential to implicate the privacy of countless innocent New Yorkers.”
Read more on NY Post.
Related: NYCLU v. NYPD verified petition
If we cut targeted advertising, do we also drop the search for Child Porn?
Lawsuit claims Facebook illegally scanned private messages
Facebook may have violated federal privacy laws by scanning private messages, according to a lawsuit certified for class action yesterday in Northern California District Court. The allegations center around Facebook's practice of scanning and logging URLs sent through the site's private messaging system. Those scans serve a number of purposes, including anti-malware protection and industry-standard searches for child pornography, but may also be used for marketing purposes.
The plaintiffs allege that Facebook routinely scans those URLs for advertising and other user-targeting data — and claim that by maintaining those records in a searchable form, Facebook is violating both the Electronic Communications Privacy Act and California Invasion of Privacy Act. Facebook disputes that private messages are scanned in bulk, and maintains the URL data is anonymized and only used in aggregate form.
An impartial record? Makes sense to me.
Federal Judge Says Internet Archive's Wayback Machine A Perfectly Legitimate Source Of Evidence
Those of us who dwell on the internet already know the Internet Archive's "Wayback Machine" is a useful source of evidence. For one, it showed that the bogus non-disparagement clause KlearGear used to go after an unhappy customer wasn't even in place when the customer ordered the product that never arrived.
It's useful to have ways of preserving web pages the way they are when we come across them, rather than the way some people would prefer we remember them, after vanishing away troublesome posts, policies, etc. Archive.is performs the same function. Screenshots are also useful, although tougher to verify by third parties.
So, it's heartening to see a federal judge arrive at the same conclusion, as Stephen Bykowski of the Trademark and Copyright Law blog reports.
The potential uses of the Wayback Machine in IP litigation are powerful and diverse. Historical versions of an opposing party’s website could contain useful admissions or, in the case of patent disputes, invalidating prior art. Date-stamped websites can also contain proof of past infringing use of copyrighted or trademarked content.
The latter example is exactly what happened in the case Marten Transport v. PlatForm Advertising, an ongoing case in the District of Kansas. The plaintiff, a trucking company, brought a trademark infringement suit against the defendant, a truck driver job posting website, alleging unauthorized use of the plaintiff’s trademark on the defendant’s website. To prove the defendant’s use of the trademark, the plaintiff intended to introduce at trial screenshots of defendant’s website taken from the Wayback Machine, along with authenticating deposition testimony from an employee of the Internet Archive.
The defendant tried to argue that the Internet Archive's pages weren't admissible because the Wayback Machine doesn't capture everything on the page or update every page from a website on the same date. The judge, after receiving testimony from an Internet Archive employee, disagreed. He found the site to a credible source of preserved evidence -- not just because it captures (for the most part) sites as they were on relevant dates but, more importantly, it does nothing to alter the purity of the preserved evidence.
[T]he fact that the Wayback Machine doesn’t capture everything that was on those sites does not bear on whether the things that were captured were in fact on those sites. There is no suggestion or evidence … that the Wayback Machine ever adds material to sites.
Further, the judge noted that the archived pages were from the defendant's own website and he'd offered no explanation as to why pages from his own site shouldn't be considered as evidence of alleged infringement.
It's nice to know that what many of us have considered an independently-verifiable source of evidence is also acceptable in federal courts. It's more than just a handy way to preserve idiotic statements and potentially-illegal customer service policies. It's also a resource for litigants who might find their opponents performing digital cleanups after a visit from a process server.
Is this the “Ping” or the “Pong?” I seem to have lost count.
Senators introduce bill to block expansion of FBI hacking authority
A small group of bipartisan senators introduced a bill Thursday that would block a pending judicial rule change allowing U.S. judges to issue search warrants for remote access to computers in any jurisdiction, even overseas, arguing the change would expand the FBI’s hacking authority.
The one-page legislation from Democratic Senator Ron Wyden and Republican Senator Rand Paul would undo the change, adopted by the U.S. Supreme Court in a private vote last month and without congressional involvement, to procedural rules governing the court system.
Tech Savvy: $127 Billion in Drone-Powered Business Applications
The commercial applications of drones: Big consulting firms don’t invest in little markets. So when a major player, like PwC, establishes a new global center of excellence around an emerging technology, like drones, it’s probably worth swooping in for a look.
If you do, you’ll find a new PwC report that pegs the commercial applications of “drone powered solutions” at more than $127 billion. That’s the current value of the business and labor — in sectors including infrastructure, transport, insurance, media and entertainment, telecommunication, agriculture, security, and mining — that could be supplanted by drone technology in the coming years.
Perspective. Engineering is the way to world domination?
Google's Tensor Processing Unit could advance Moore's Law 7 years into the future
… “TPUs deliver an order of magnitude higher performance per watt than all commercially available GPUs and FPGA,” said Google CEO Sundar Pichai during the company’s I/O developer conference on Wednesday.
TPUs have been a closely guarded secret of Google, but Pichai said the chips powered the AlphaGo computer that beat Lee Sedol, the world champion in the incredibly complicated game called Go.
Pichai didn’t go into details of the Tensor Processing Unit but the company did disclose a little more information in a blog posted on the same day as Pichai’s revelation.
For the first time, Google beat Apple in PC sales — and that's really bad news for Microsoft
Today, two very important things happened for the future of the PC as we know it.
First: For the first time ever, low-cost Google Chromebook laptops outsold Apple's Macs during the most recent quarter, analyst firm IDC tells The Verge.
… Second: those same Google Chromebooks are getting full access to Android's Google Play store, opening the door for those laptops to run a significant portion of the 1.5 million Android apps out in the wild.
I may make my students create videos.
theLearnia Offers a Good Way to Create Video Lessons
theLearnia is a free service that I reviewed about four years ago when it was primarily a social network built around video lessons. This week I took another look at theLearnia and learned that the site is now focused on helping teachers create video-based lessons.
On theLearnia you can create video lessons up to fifteen minutes in length. Your video lessons can be simple whiteboard style instructional videos or they can be videos based on slides that you either create on theLearnia or upload as PowerPoint files. I gave the service a try this afternoon. I simply uploaded a set of PowerPoint slides then hit the record button to narrate what was shown on my slides. theLearnia also provides tools for drawing on top of your slides and or writing additional text. Videos created on theLearnia are hosted for free and you can share your videos through typical social media channels and or by embedding your video into your blog or website. You can see my test video here.
theLearnia could be a good way for teachers who already have a bunch of PowerPoint slides to turn those slides into flipped video lessons.
Perhaps, instead of a university Blog…
How to Easily Start an Internet Radio Station – for Free!
… While you can start your own TV channel with YouTube, or launch a podcast and make it available on platforms like iTunes or Audioboom, setting up an actual Internet radio station is a bit tougher.
In fact, it could be argued that it might be slightly easier to turn a Raspberry Pi into an FM transmitter and broadcast that way (although be aware it may be illegal to do so in your territory).
Thursday, May 19, 2016
This (very brief) article sounds to me like a practice terror attack. Without details, how do we tell the difference? They can’t take off but landing is no problem? Don’t they communicate with planes attempting to land?
Planes grounded at Stockholm airports due to communication problem
No planes are allowed to take off from Stockholm airports and those in the air are being called down due to a network communication problem, the Air Traffic Authority said on Thursday.
"No planes are allowed to take off at the moment and we're taking down the planes in the air," said spokesman Per Froberg. "It's a network communications problem."
He declined to give further details.
Why do you think I’m teaching two sections of Computer Security every quarter?
SEC says cyber security biggest risk to financial system
Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks.
Banks around the world have been rattled by a $81 million cyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.
The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C.
The speed with which the industry is adopting encryption has accelerated since the FBI started pushing for access and demanding backdoors. Bad strategy, FBI.
New Google messaging app to offer optional end-to-end encryption
Google on Wednesday announced that its new messaging service, Allo, will offer end-to-end encryption.
That means that not even Google will be able to access the content of users’ messages, a position that echoes the robust privacy posture of Apple’s iMessage and Facebook’s WhatsApp.
In fact, Allo will use the same encryption protocol that WhatsApp uses — as well as the private messaging app Signal.
Looking at this as an IT manager, this is almost impossible to believe. You would have to make a real effort to eliminate all copies and then the original.
Looking at this as political a** covering, it was the plan from the beginning.
CIA allegedly destroyed sole copy of Senate torture report
by Sabrina I. Pacifici on May 18, 2016
The Independent: “The CIA inspector general’s office has said it “mistakenly” destroyed its only copy of a comprehensive Senate torture report, despite lawyers for the Justice Department assuring a federal judge that copies of the documents were being preserved. The erasure of the document by the spy agency’s internal watchdog was deemed an “inadvertent” foul-up by the inspector general, according to Yahoo News. One intelligence community source told Yahoo News, which first reported the development, that last summer CIA inspector general officials deleted an uploaded computer file with the report and then accidentally destroyed a disk that also contained the document. The 6,700-page report contains thousands of secret files about the CIA’s use of “enhanced” interrogation methods, including waterboarding, sleep deprivation and other aggressive interrogation techniques at “black site” prisons overseas. The full version of the report remains classified, but a 500-page executive summary was released to the public in 2014…”
Valerie Strauss reports:
Schools have become “soft targets” for companies trying to gather data and market to children because of the push in education to adopt new technology and in part because of the rise of computer-administered Common Core tests, according to a new annual report.
The report, titled “Learning to be Watched: Surveillance Culture at School” and published Tuesday by the National Center for Education Policy at the University of Colorado at Boulder, is the 18th annual report about schoolhouse commercialism trends.
Read more on Washington Post. https://www.washingtonpost.com/news/answer-sheet/wp/2016/05/17/schools-are-now-soft-targets-for-companies-to-collect-data-and-market-to-kids-report/
Think of it as a license plate reader for your face. I’m surprised that Facebook hasn’t already released one here. (I bet the FBI already has one that works on multiple social networks.)
Face recognition app taking Russia by storm may bring end to public anonymity
If the founders of a new face recognition app get their way, anonymity in public could soon be a thing of the past. FindFace, launched two months ago and currently taking Russia by storm, allows users to photograph people in a crowd and work out their identities, with 70% reliability.
It works by comparing photographs to profile pictures on Vkontakte, a social network popular in Russia and the former Soviet Union, with more than 200 million accounts. In future, the designers imagine a world where people walking past you on the street could find your social network profile by sneaking a photograph of you, and shops, advertisers and the police could pick your face out of crowds and track you down via social networks.
… Unlike other face recognition technology, their algorithm allows quick searches in big data sets. “Three million searches in a database of nearly 1bn photographs: that’s hundreds of trillions of comparisons, and all on four normal servers. With this algorithm, you can search through a billion photographs in less than a second from a normal computer,” said Kabakov, during an interview at the company’s modest central Moscow office. The app will give you the most likely match to the face that is uploaded, as well as 10 people it thinks look similar.
Perspective. Is this because Uber and Lyft are so good or because traditional taxis are so bad?
Uber and Lyft have built loyal following, survey finds
Americans who use ride-hailing apps believe the services are a positive force in the economy, and they should not be regulated like traditional taxis, according to a survey conducted by an independent research group.
The survey, released Wednesday by the Pew Research Center, suggests that companies operating in the sharing economy have created a loyal following among the relatively small slice of Americans who do business with them.
Re-architecting a legacy business model.
John Deere is plowing IoT into its farm equipment
John Deere is taking the Internet of Things out into the field by developing new technologies and embracing existing ones to boost the efficiency of prepping, planting, feeding and harvesting with the goal of improving per-acre crop yields.
These technologies include IoT sensors, wireless communications, cloud apps and even a steering-wheel replacement that guides precision passes across arable land, says Ron Zink, director of On-Board Applications in the company’s Intelligent Solutions Group.
… For example, iPads are a part of John Deere’s technology arsenal. The company created an iPad app with nine mapping layers that track what’s happening in the field. Users can set, for example, how many seeds are planted per acre, and precisely how far apart they are planted.
One mapping layer called singulation shows a groups of up to 10 seeds (the number distributed in 20 millisec) and shows on the iPad exactly where they are located and whether they are spaced properly, seed-by-seed, he says.
I see some very interesting homework in my student’s future.
Make Stunning Video Presentations with Spark Video from Adobe
… All you have to do import your photos, type some text, add your own voice narration and a stunning video is ready for uploading on to YouTube or Facebook.
… Adobe has quietly launched a new suite of web apps that, among other things, will let you use Adobe Voice inside your desktop browser. The suite, known as Adobe Spark, includes tools for creating video stories, magazine-style web pages and typography posters (think of Typorama but for the web).And the price is just right. $0.
To get started, go to spark.adobe.com and sign-in with your Facebook or Google Account. This is mandatory because all your work will be auto-saved under this account and will also be accessible on your iPad and iPhone.
I’ve heard of one of those.
Want to boost your salary? Learn Scala, Golang, or Python
… PayScale used its pay-tracking database to determine which job skills provide the largest average boost in pay, and presented the results in its 2016 Workforce-Skills Preparedness Report, "Leveling Up: How to Win in the Skills Economy."
Wednesday, May 18, 2016
“Well of course I locked the barn door. Then I carefully hung the key right there next to the lock. And yet, someone stole all my horses!”
Blue Ridge Surgery Center, an affiliate of Surgical Care Affiliates, has posted a breach notification to patients:
On March 17, 2016, BRSC learned that an employee’s encrypted work laptop had been stolen during a break-in at the employee’s residence that same day. The employee reported the theft to law enforcement and we immediately began our own investigation. Our investigation determined that the password was with the laptop at the time of the theft, and the laptop contained email files that may have included patients’ names, addresses, treatment information and health insurers’ names, identification numbers and in some instances, Social Security numbers.
We deeply regret any inconvenience this may cause our patients. To help prevent something like this from happening in the future, we have re-enforced training with all of our employees regarding securing passwords.
The incident is not yet up on HHS’s public breach tool and the total number affected has not yet been disclosed.
But how frustrating – to remember to deploy encryption and then to leave the password with the device. Of course, we don’t know if the level of encryption was sufficient to offer any safe harbor under state laws or HITECH (and a risk assessment would still need to be conducted), but yeah, re-train employees regularly….
What really happen here? Was the teacher “hacked” or did the student find or guess her password?
A junior high school student reportedly hacked into the email system of Gilbert Public Schools and sent inappropriate messages to other students.
District officials said the Highland Junior High student got access to the teacher’s login information and emailed messages to other students over the weekend.
Read more on The Arizona Republic.
And the FBI was called in…… why? Well, it turns out that the student reportedly sent x-rated images (aka porn).
[From the Arizona Republic article:
I have reported the crime to the Mesa Police Department and also the FBI since they are the ones who handle all internet fraud.
Have you been using LinkedIn for four or five years?
A hacker is trying to sell the account information, including emails and passwords, of 117 million LinkedIn users.
The hacker, who goes by the name “Peace,” told Motherboard that the data was stolen during the LinkedIn breach of 2012. At the time, only around 6.5 million encrypted passwords were posted online, and LinkedIn never clarified how many users were affected by that breach.
Turns out it was much worse than anybody thought.
Both Peace and the one of the people behind LeakedSource said that there are 167 million accounts in the hacked database. Of those, around 117 million have both emails and encrypted passwords.Read more on Motherboard.
…for targeting missiles?
MIT and Oxford researchers document availability of Twitter user location data
by Sabrina I. Pacifici on May 17, 2016
Larry Hardesty, MIT News Office May 17, 2016: “Researchers at MIT and Oxford University have shown that the location stamps on just a handful of Twitter posts — as few as eight over the course of a single day — can be enough to disclose the addresses of the poster’s home and workplace to a relatively low-tech snooper. The tweets themselves might be otherwise innocuous — links to funny videos, say, or comments on the news. The location information comes from geographic coordinates automatically associated with the tweets. Twitter’s location-reporting service is off by default, but many Twitter users choose to activate it. The new study is part of a more general project at MIT’s Internet Policy Research Initiative to help raise awareness about just how much privacy people may be giving up when they use social media.”
· Note – please see https://twitter.com/settings/security to manage settings and privacy.
Speaking of targeting missiles…
When to Trust Robots with Decisions, and When Not To
Because we need more devices listening to everything we say?
Google to Introduce Its Voice-Activated Home Device
Google will introduce its much-anticipated entry into the voice-activated home device market on Wednesday, according to people who spoke on the condition of anonymity.
Named Google Home, the device is a virtual agent that answers simple questions and carries out basic tasks. It is to be announced at Google’s annual developers’ conference in Silicon Valley.
Thinking about IT Architecture
Smartphones Rule the Internet
… In 2014, by several measures, total mobile Internet usage outpaced desktop Internet access. In Africa and Asia, people of all ages call smartphones—not laptops—the most important device they use to go online, according to a GlobalWebIndex survey last year. Worldwide, most people under age 34 say the same thing.
A look at the web’s most popular sites is similarly telling. More than half of Facebook’s roughly 1.7 billion monthly users visit the site exclusively from their smartphones—that’s 894 million mobile-only users each month, up from 581 million such users last year and 341 million mobile-only users in 2014, according to the company’s latest earnings report.
Google confirmed last year that more searches come from mobile devices than computers in 10 countries, including the United States. Over the holiday season, Amazon said more than 60 percent of shoppers used mobile. And Wikipedia, which recently revamped the way it tracks site traffic, says it’s getting more mobile than desktop visits to its English language site.
… Last month, the audience-tracking firm Nielsen found that smartphones are the most-used medium in the United States—beating out television, radio, and desktops, even though more Americans own TVs and radios than smartphones.
“Consumers carry their phones everywhere,” said Glenn Enoch, a vice president at Nielsen, in a statement about the findings. “High penetration plus portability and customized functionality have made them a staple of consumers’ media diet.”
(Related) Not “feature phones”
Microsoft is selling its feature phone business to Foxconn for $350 million
Microsoft is selling its feature phone business to FIH Mobile, a subsidiary of Foxconn, for $350 million.
… Nokia is now planning to license its brand to a newly created company called HMD global, which will produce and sell a range of Android smartphones and tablets.
This deal will only affect Microsoft's feature phone business, which is currently still using the Nokia brand for basic phones. Microsoft says it will continue to develop Windows 10 Mobile and support Lumia phones and Windows Phone devices from partners like Acer, Alcatel, HP, Trinity and VAIO.
Telling my students where to go?
Cyberstates 2016 Report
by Sabrina I. Pacifici on May 17, 2016
“CompTIA’s 17th annual Cyberstates is the definitive source for state-by-state analysis of the U.S. information technology industry and the tech workforce. The report quantifies the size and scope of the tech sector and tech occupations across multiple vectors, while providing context with time-series trending, economic impact, average wages, business establishment analysis, IT jobs postings, career opportunities, gender ratios, tech patents, and more. Moreover, Cyberstates helps to connect the dots with emerging trends. Cloud computing, big data, automation, IoT, cybersecurity, and social technologies will continue to reshape businesses large and small, driving innovation and digital business transformation across the U.S. economy. As with any sector-level report, there are varying interpretations of what constitutes the tech sector and the tech workforce. Some of this variance may be attributed to the objectives of the author. Is the goal to depict the broadest possible representation of STEM and digital economy fields, or a more narrowly defined technology subset? Is the goal to capture all possible knowledge workers, or a more narrowly defined technology subset? For the purposes of this report, CompTIA focuses on the more narrowly defined technology subset. See the methodology section for details of the specific NAICS codes and SOC codes CompTIA uses in its definitions of the tech sector and the tech workforce.”
I suspect we could build a non-profit here that gave free training to the survivors of the initial challenge. Would graduates of a program like that be just what employers want?
Coding school 42 plans to educate 10,000 students in Silicon Valley for free
… 42 welcomes all students between 18 and 30. After filling out your online application, the real challenge starts. The 42 team has created a computer science version of the Hunger Games. They call it the swimming pool because they want to see if you can swim by throwing you into the figurative pool. You and 1,000 others students face the same coding and logic challenges.
You only have 4 weeks, and you can code from Monday to Sunday, day and night. After these insanely intensive 4 weeks, the best students get to study at 42.
Not sure why I should run out and buy one.
Researchers Unveil Phone That Morphs Like a Rubix Cube
… a team made up of researchers from Purdue and three English universities may have just developed the world's first Rubix Cube smartphone. Dubbed "Cubimorph," the device has OLED touchscreens on each of its six faces and uses a hinge-mounted turntable mechanism to self-reconfigure in the user's hand.
Like a Rubix Cube, its faces are permanently connected so you can't lose one. The reconfiguration process is automatic thanks to the motorized turntables, which receive instructions from a computer running algorithms to determine how best to configure the faces based on what the user wants to do.
The idea behind the morphable prototype is to create what its designers call "programmable matter." The concept is similar to 3D printing, except instead of printing what you need, you shape your existing device into a form factor that can accomplish the task.
Perhaps an 8X10 foot poster in the library?
Learn How to Use The Confusing Apostrophe With this Quick Guide
In English, theres no more confusing (and useful) punctuation mark than the apostrophe. It let’s us shorten words. It let’s us show ownership . It even let’s us look stupid. Wait what?
Perhaps I should have looked at the guide below before I wrote this post, as a matter of fact… How many incorrect (or missing) apostrophe’s can you spot in this post?
Tuesday, May 17, 2016
That’s some escalation! One small bank to an entire country. What’s next?
Vietnam's Tien Phong Bank Victim of SWIFT-based Attack
Hanoi-based Tien Phong Bank (TPBank) released a statement late on Sunday saying that it had interrupted the attempted theft of approximately $1.1 million via fraudulent SWIFT messages. It would appear that the statement was in response to inquiries from Reuters, following clues in BAE System's Cyber Heist Attribution report published late last week.
BAE Systems said that it knew of a second attempted SWIFT fraud on a commercial bank in Vietnam using techniques similar to those used in the successful theft of $81 million from the Bangladesh Central Bank. BAE Systems conjectured that it was the same gang behind both attacks.
… According to Reuters, TPBank recognized suspicious SWIFT messages attempting to transfer $1.1 million and was able to prevent any loss by immediately contacting all involved parties.
… What isn't yet clear is whether TPBank discovered the attack independently or was warned by either BAE Systems or SWIFT. The published timings, however, suggest it was independent. Its own attack was towards the end of 2015, while the attack on the Bangladesh central bank and its disclosure happened in February 2016.
Apparently not much security to get past. I wonder if this was the weakest link, or merely the most obvious?
Ukranian Hacker Admits Stealing PR Newswire Press Releases
A Ukranian hacker pleaded guilty to stealing unpublished news releases that helped a criminal network make $30 million by trading on nonpublic information about corporate earnings.
… Prosecutors said that from February 2010 to November 2014, the hackers broke into computer networks at the three companies and stole draft releases that they shared with others who made stock trades in advance of the public dissemination of the corporate earnings. The hackers periodically moved among servers at the three companies as they were discovered and lost access to the releases.
The Intercept announces greater access to Snowden archive
by Sabrina I. Pacifici on May 16, 2016
Via The Intercept: The Intercept Is Broadening Access to the Snowden Archive. Here’s Why – “Today, The Intercept is announcing two innovations in how we report on and publish these materials. Both measures are designed to ensure that reporting on the archive continues in as expeditious and informative a manner as possible, in accordance with the agreements we entered into with our source about how these materials would be disclosed, a framework that he, and we, have publicly described on numerous occasions.
“SIDtoday is the internal newsletter for the NSA’s most important division, the Signals Intelligence Directorate. After editorial review, The Intercept is releasing nine years’ worth of newsletters in batches, starting with 2003. The agency’s spies explain a surprising amount about what they were doing, how they were doing it, and why.”
Never in the history of the world have males entering puberty ever found the female of the species interesting enough to snap pictures of… Sure, that’s why the most popular site in the world is named “go ogle”
Maybe it’s just selective attention, but it seems that there are more reports coming out of students taking problematic pictures of other students in public spaces of schools. In today’s news, Ryan Smith reports on a situation in Des Moines, Iowa:
Polk County authorities are investigating a scandalous blog featuring the backsides of multiple girls at Saydel High School.
School officials alerted the girls Thursday that their pictures showed up on a Tumblr page.
The school’s response does not sound as supportive of the victims as the students and their parents might hope:
Most of the pics show close ups of girls’ backsides in yoga pants. Some victims contacted KCCI upset that school officials had responded by criticizing their choice in clothing.
“Instead of putting blame where it should be, which is this little boy being a pervert, they are shaming little girls into thinking it’s their fault for wearing yoga pants,” said Dhabolt.
The district does not agree with the characterization of their response as unsupportive.
Read more on KCCI.
Do you think the district should handle this in-house as a student disciplinary issue, or do you think law enforcement should be involved? I vote for the former approach (in-house).
Somehow the “security by design” team missed this?
Graham Cluley reports:
A mix-up involving two databases allowed some users of a popular smart doorbell to view live footage from complete strangers’ front porches.
Earlier this month, Android Central began receiving reports from some Ring Doorbell Pro users that they could view video feeds that were not attached to their houses.
Read more on GrahamCluley.com.
Is “refusing to decrypt” a crime? Is he doing it at the advice of his lawyer? Should lawyers advise anyone in similar circumstances to comply with a decrypt order?
David Kravets reports:
US federal prosecutors urged a federal appeals court late Monday to keep a child-porn suspect behind bars—where he already has been for seven months—until he unlocks two hard drives that the government claims contain kid smut.
The suspect, a Philadelphia police sergeant relieved of his duties, has refused to unlock two hard drives and has been in jail ever since a judge’s order seven months ago—and after being found in contempt of court. The defendant can remain locked up until a judge lifts the contempt order.
The suspect has not been charged with any child-porn related crimes, yet he is imprisoned in Philadelphia’s Federal Detention Center for refusing to decrypt two drives encrypted with Apple’s FileVault software in a case that highlights the federal government’s war on encryption. A federal magistrate has ordered him imprisoned “until such time that he fully complies” with the decryption order. The man’s attorney, Federal Public Defender Keith Donoghue, is demanding that the appeals court immediately release his client from prison because he is being “held without charges.” (PDF)
Read more on Ars Technica.
What would happen if China did not understand the technology or just didn’t like it? Would we ever see these “executives” again?
China Quietly Targets U.S. Tech Companies in Security Reviews
Chinese authorities are quietly scrutinizing technology products sold in China by Apple and other big foreign companies, focusing on whether they pose potential security threats to the country and its consumers and opening up a new front in an already tense relationship with Washington over digital security.
Apple and other companies in recent months have been subjected to reviews that target encryption and the data storage of tech products, said people briefed on the reviews who spoke on the condition of anonymity. In the reviews, Chinese officials require executives or employees of the foreign tech companies to answer questions about the products in person, according to these people.
Now who would expect privacy at a bus stop. (Me, for one)
Jackie Ward reports:
Hidden microphones that are part of a clandestine government surveillance program that has been operating around the Bay Area has been exposed.
Imagine standing at a bus stop, talking to your friend and having your conversation recorded without you knowing. It happens all the time, and the FBI doesn’t even need a warrant to do it.
Federal agents are planting microphones to secretly record conversations.
Jeff Harp, a KPIX 5 security analyst and former FBI special agent said, “They put microphones under rocks, they put microphones in trees, they plant microphones in equipment. I mean, there’s microphones that are planted in places that people don’t think about, because that’s the intent!”
FBI agents hid microphones inside light fixtures and at a bus stop outside the Oakland Courthouse without a warrant to record conversations, between March 2010 and January 2011.
Federal authorities are trying to prove real estate investors in San Mateo and Alameda counties are guilty of bid rigging and fraud and used these recordings as evidence.
This is what I told my Computer Security class when we talked about encryption.
Stanford computer scientists show telephone metadata can reveal surprisingly sensitive personal information
Bjorn Carey of Stanford University writes:
Most people might not give telephone metadata – the numbers you dial, the length of your calls – a second thought. Some government officials probably view it as similarly trivial, which is why this information can be obtained without a warrant.
But a new analysis by Stanford computer scientists shows that it is possible to identify a person’s private information – such as health details – from metadata alone. Additionally, following metadata “hops” from one person’s communications can involve thousands of other people.
… The findings, reported today in the Proceedings of the National Academy of Sciences, provide the first empirical data on the privacy properties of telephone metadata.
… One of the government’s justifications for allowing law enforcement and national security agencies to access metadata without warrants is the underlying belief that it’s not sensitive information. This work shows that assumption is not true.
… The study, “Evaluating the privacy properties of telephone metadata”
Firefox’s market share is bigger than all Microsoft’s browsers combined
Firefox now has more desktop users than both Microsoft’s web browsers combined—but it’s a rivalry that is increasingly irrelevant as Google Chrome has almost twice the share of Firefox and Microsoft together.
The latest figures from Statcounter show that Microsoft Edge and Internet Explorer combined had a 15.5 percent share of worldwide desktop browser usage in April, a decline from 15.8 percent in March.
… Firefox’s share was just ahead of Microsoft’s, at 15.6 percent—but only by virtue of having declined more slowly, from 15.7 percent in March.
Chrome’s share just keeps on climbing, to 60.5 percent in April from 60.1 percent in March.
The only thing wrong with what politicians say is that they insist on saying it out loud.
Dust-up in West Virginia about Economic Justice
Politicians have a knack for making some of the dumbest statements. Hillary Clinton not only made one, but chose the worst place to utter it.
Saying, “...we’re going to put a lot of coal miners and coal companies out of business…” in a state that mines 10% of the nation’s output of the fossil fuel seems comparable to some of Donald Trump’s many foot-in-mouthisms.
The statement was taken out of context – Clinton did indicate her administration would help prepare coal miners for different careers – but specific solutions were neither offered nor alluded to beyond unspecified retraining.
This technology is ready. Is the insurance industry, law enforcement, etc. ready?
The Man Who Built Google’s First Self-Driving Car Is Now a Trucker
… The nation’s highways are slowly filling up with intelligent trucks. Silicon Valley start-up Peloton has carried out tens of thousands of miles of tests of its efficient platooning technologies in Texas and Utah, while Daimler has been conducting trials of semi-autonomous trucks in Nevada.
Otto, which came out of stealth today, is less interested in brand new trucks than in the estimated 4.3m big rigs already on American roads. Otto has already bought and retro-fitted three Volvo cabs with lidar, radar and cameras, and driven a handful of fully autonomous miles — without even a safety driver — on the highways of Nevada.
(Related) See cartoon number three for one more potential issue with self-driving cars.
Another “Sin Tax,” like the revenue from casinos and lottery. I have no doubt most states will follow the money.
Study Shows that States are Losing Billions by Not Legalizing Marijuana
A new study says federal and state governments are missing out on 28 billion dollars by not legalizing marijuana.
The study comes from the “Tax Foundation,” an independent think tank.
Experts say most of that revenue would be from tax on pot.
Critics worry legalizing marijuana could lead to more drug abuse and addiction.
But experts at the Tax Foundation say people who abuse marijuana do so regardless of whether or not it's legal.
Tools when I need them.
Great Tools for Creating Screencasts - A PDF Handout
This could be valuable. I’ll never miss the deadline to apply for tickets to the Great American Beer Festival again!
5 Awesome Event Calendars to Always Know What’s Coming Up
… A few event-tracking calendars will keep you updated about what’s happening across various topics. For example, knowing when the next episode is out can help you avoid Game of Thrones spoilers.
A new toy for my geeky friends.
Pint-Sized Raspberry Pi Zero Gains FPC Camera Connector, Keeps $5 Price
Oh, I want one! We could probably get plenty of funding to create a generalized version that could be taught to teach.
What happened when a professor built a chatbot to be his teaching assistant
To help with his class this spring, a Georgia Tech professor hired Jill Watson, a teaching assistant unlike any other in the world. Throughout the semester, she answered questions online for students, relieving the professor’s overworked teaching staff.
But, in fact, Jill Watson was an artificial intelligence bot.
Ashok Goel, a computer science professor, did not reveal Watson’s true identity to students until after they’d turned in their final exams.
… Now Goel is forming a business to bring the chatbot to the wider world of education. While he doesn’t foresee the chatbot replacing teaching assistants or professors, he expects the chatbot’s question-answering abilities to be an invaluable asset for massive online open courses, where students often drop out and generally don’t receive the chance to engage with a human instructor. With more human-like interaction, Goel expects online learning could become more appealing to students and lead to better educational outcomes.
… As Goel looked for a technology that could help, he settled on IBM Watson, which he had used for several other projects. Watson, an artificial intelligence system, was designed to answer questions, so it seemed like a strong fit.
To train the system to answer questions correctly, Goel fed it forum posts from the class’s previous semesters. This gave Jill an extensive background in common questions and how they should be answered.
… The system is only allowed to answer questions if it calculates that it is 97 percent or more confident in its answer. Goel found that was the threshold at which he could guarantee the system was accurate.
An App for my niece, “The Guitar Goddess”
Apple's new Music Memos app is instant gratification for musicians, backing band included
… This simple app is a new type of voice-memo recorder, built around capturing musical ideas, giving them a slight polish, and sending the best ones on to a more powerful music tool, such as Apple's own GarageBand or Logic Pro. It's completely free, and should be available on the App Store later today.
… It's what happens next that makes Music Memos stand out from a standard memo-recording app. If you recorded some acoustic guitar or piano, Music Memos analyses the audio input and attempts to chop your song demo into bars, in the appropriate time signature, and then adds chord labels.
Cut, fold, glue, watch. What could be easier?
YouTube for iOS Now Supports Google Cardboard
YouTube for iOS has been updated today with Google Cardboard support, allowing for all videos to be watched in VR mode on iPhone. The functionality was previously limited to the YouTube app on Android smartphones since November 2015.
I have got to try this with my students!