Saturday, June 25, 2016

This does not happen often.  Is there more here than has been reported?
Paul Gattis reports:
Gov. Robert Bentley has fired a high-ranking official in the state department of finance and placed a second on leave after concerns of a computer security breach emerged.
The breach came to light following an investigation by the Alabama Law Enforcement Agency, according to a letter Bentley wrote June 10 to the FBI.
Bentley has also requested that the FBI partner with the state of Alabama “to provide appropriate audit and investigative personnel to assist ALEA in determining the full scope” of the breach, according to the Bentley letter.
ALEA released the Bentley letter to on Friday as well as the termination letter to James Nolin, chief information officer in the finance department, of his “probationary state employment” and the letter advising Rex McDowell, assistant director of finance information/administrative services, that he has been placed on leave.

Another debate to follow?
Back in March, and due to a government redaction error, the world got confirmation that yes, Edward Snowden was the target of a controversial order and court battle involving Lavabit.  But it’s nice that the government has FINALLY ungagged Ladar Levison so that he can talk about the case.  Here’s his press release, issued today:
Alexandria, VA–Lavabit founder Ladar Levison can finally confirm that Edward Snowden was the target of the 2013 investigation, which led to the shutdown of the Lavabit email service.  The original case concerned law enforcement’s authority to compel the disclosure of an SSL/TLS private key, which belonged to Lavabit, and was used to protect the communications of all 410,000 customers, when only one of those customers was the subject of a criminal investigation.  After three years, and five separate attempts, the federal judge overseeing the case has granted Mr. Levison permission to speak freely about investigation.  The recently delivered court decision unseals the vast majority of the court filings, and releases Mr. Levison from the gag order, which has limited his ability to discuss the proceedings until now.
Mr. Levison has consistently relied on the First Amendment in his court filings, which sought to remove the gag orders entered against him.  He argued that such orders are an unconstitutional restraint against speech, and an afront to the democratic process.  He plans to use his newfound freedom to discuss the case during a planned presentation on Compelled Decryption at DEF CON 24 in Las Vegas, NV.
“One of the rights guaranteed to Americans, and a cornerstone for a functional democracy, is the freedom to speak the truth,” stated Mr. Levison in announcing the court decision.  “The First Amendment protects opinions, including those unfavorable to government, from injunctions against speech.  The gag orders in this case were a violation of that inalienable right.  No American should have to live for three years, gagged, with every word carefully weighed, when such opinions are concerned with such a public and controversial issue as state surveillance.  I believe the public only grants permission to be governed when it knows the means and methods its government uses to protect the body politic.  While I’m pleased that I can finally speak freely about the target of the investigation, I also know the fight to protect our collective freedom is far from over.  That is why I will continue to do everything within my power to protect our right to speak freely and privately.We must decide when speech is necessary.  Our rights must never be subject to the whims of those officials we seek to criticize.”
In order to continue the fight, Mr. Levison is forming the Lavabit Legal Defense Foundation (or “LavaLegal”), a non-profit organization founded to, among other things, protect service providers from becoming complicit in unconstitutional activities, and fight secret attempts aimed circumventing digital privacy or impinging upon the right of those involved to speak of the experience.  The foundation will be funded by donations from people and organizations all over the world that want to help protect digital privacy and bolster our collective defense against government overreach.  Donations can be accepted at the foundation’s page or through bitcoin donations at 1Bqqy3SxZ27ZUogEeiKHYqPsmFwuRTErMu.
For more information contact Lavabit founder Ladar Levison or Lavabit’s counsel, Jesse Binnall.

Great catch by Joseph Lorenzo Hall.  As seen in the Federal Register, DHS is proposing to amend forms that are used in travel arrival and departure records (Forms I-94 and I-94W) and Electronic System for Travel Authorization.  If they ask you nicely, will you tell them your Twitter handle and other social media usernames?  And how long before they stop making this “optional” and make it mandatory?
DHS proposes to add the following question to ESTA and to Form I-94W:
“Please enter information associated with your online presence—Provider/Platform—Social media identifier.”  It will be an optional data field to request social media identifiers to be used for vetting purposes, as well as applicant contact information.  Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.  Show citation box
Current Actions: This submission is being made to extend the expiration date with a change to the information collected as a result of adding a question about social media to ESTA and to Form I-94W, as described in the Abstract section of this document.  There are no changes to the burden hours or to the information collected on Form I-94, or the I-94 Web site.
More information here.  You have until August 22 to submit your comments, while I wait for Joe Cadillic’s head to explode in 3…. 2….

Good summary of tracking tools & techniques.
FTC Guidance – Online Tracking
by Sabrina I. Pacifici on Jun 24, 2016
FTC – Online Tracking: “Have you ever wondered why some online ads you see are targeted to your tastes and interests?  Or how websites remember your preferences from visit-to-visit or device-to-device?  The answer may be in the “cookies” – or in other online tracking methods like device fingerprinting and cross-device tracking.  Here are answers to some commonly asked questions about online tracking — how it works and how you can control it…”

Never make a change so big that it signals your strategy, but make a thousand small changes that achieve the same end.
China Tightens Internet Rules For Search Engines, Announces Fresh Regulations For Paid Ads
In what is being perceived as another attempt to tighten its control over the internet, China’s internet regulator on Saturday announced new rules that ban search engines from showing subversive information and obligate them to clearly identify paid results.
   In addition, search engines would also be required to censor “rumors, obscenities, pornography, violence, murder, terrorism and other illegal information” — regulations that the Chinese government claims are needed to safeguard the security of its citizens.

Does this mean that no one really knows who is immigrating? 
How Much To Access Government Data On Immigration? Only $173,775
A little more than a year ago, Quartz’s David Yanofsky did what many data reporters do every day: He submitted a Freedom of Information Act request for a set of statistics from a government agency.  Yanofsky wanted immigration statistics about who enters the country from the International Trade Administration, the only government agency that compiles comprehensive records of this kind.
The ITA got back to him and said that he was welcome to the data set — all he had to do was cut a check for $173,775.  After weeks of paperwork and haggling with the agency, Yanofsky is now suing to get access, and to make a larger statement about the importance of open data for journalists and residents alike.
On this week’s What’s The Point, Yanofsky discusses his lawsuit, what he thinks is in the data, and why the information costs $173,775, anyway.
Stream or download the full episode above, or subscribe using your favorite podcast app.

For my Architecture students.  This happened in “highly mobile” India.  Any lessons for the rest of the world?
Why India’s Leading Fashion E-tailer Abandoned Its App-only Strategy
Earlier this year, a K@W article titled “Can an App-only E-commerce Model Succeed in India?” looked at the pros and cons of adopting an app-only e-commerce strategy.  The debate was sparked by Myntra, India’s leading fashion e-tailer, which had announced in May of last year that it was going the app-only route.  It claimed to be the first big web-based e-tailer, not just in India but globally, to adopt an app-only model.
However, now Myntra has reversed that decision: On June 1, it relaunched its desktop website.

I predict an immediate market for “eye protecting anti-smartphone lenses!”  Let’s be the first to start a KickStarter project!
Smartphone-Induced Temporary Blindness: Using Your Phone Before Bed Could Cause Vision Problems
Smartphones were recently named one of the most important inventions of the 21st Century and they have changed how we live our lives in countless ways.  Now everything from ordering food, sending work emails, and speaking with friends and family across the world can be accomplished with a single device.  However, a new report suggests that there may be unsettling health consequences linked to excessive smartphone use: temporary blindness.
According to the report published in the New England Journal of Medicine, two women in England may be the first patients ever to be diagnosed with smartphone-induced blindness.  Both women reported having temporary vision difficulties in only one of their eyes.

Some of these are free.  Try them and see what you see. 
7 Notable Data Visualization Tools

These might enliven my PowerPoint presentations (if I used PowerPoint)
5 Sites to Download Famous Sounds from Movies, Games, & More
   As with most things, such sounds have a home on the Internet. In some nook or corner, you can find the perfect ding of a game you love, a short dialogue from your favourite geeky movies, the ignition sequence from NASA, and much more.
It can be turned into the perfect ringtone or notification tone.  It can punctuate the point you’re making in a heated argument online.  Here’s where to find the right sound…

Might be worth a shot.
   Starting today, university faculty in the United States who teach courses in computer science or related subjects can apply for free credits for their students to use across the full suite of Google Cloud Platform tools, like App Engine and the Cloud Machine Learning Platform.  These credits can be used any time during the 2016-17 academic year and give students access to the same tools and infrastructure used by Google engineers.

Every week; amusement.
Hack Education Weekly News
   Law Schools Are Going Online to Reach New Students,” says The New York Times.
   Via the AP: “New for-profit medical schools springing up across US.”
   “A computer for every LA Unified student would cost $311 million,” says the LA School Report (which seems significantly less than the $1.3 billion it agreed to pay Apple/Pearson for iPads, but what do I know).
   Google announces “Google Cloud Platform Education Grants for computer science.”
   “Examining ethical and privacy issues surrounding learning analyticsby Tony Bates.

Friday, June 24, 2016

Let me toss a monkey into your wrench; Will I be able to customize the programming of my self-driving car?  My Ethical Hacking students think so. 
Driverless Cars Should Kill Passengers To Save Lives - But Then People Won't Buy Them
People want driverless cars to act for the greater good in traffic collisions – but they don’t want to be in the cars when they do so.
In a series of surveys, researchers asked people whether autonomous vehicles (AVs) should swerve to avoid hitting a group of pedestrians, even if that meant killing the occupant of the car.  Most people gave the greater good answer, that saving many lives was better than saving one, but those people don’t want to be in a car that would make that choice.
   “Although people tend to agree that everyone would be better off if AVs were utilitarian (in the sense of minimizing the number of casualties on the road), these same people have a personal incentive to ride in AVs that will protect them at all costs,” the researchers said in a paper for Science magazine.

Something for my Computer Security students to consider.
U.S. court rules that FBI can hack into a computer without a warrant
A U.S. court has ruled that the FBI can hack into a computer without a warrant -- a move that is troubling privacy advocates.
The criminal case involves a child pornography site, Playpen, that had been accessible through Tor, a browser designed for anonymous web surfing.
The FBI, however, managed to take over the site in 2014, and then tracked down and arrested its members by hacking their computers.  This allowed law enforcement to secretly collect their IP addresses.
One of the arrested suspects has argued that the evidence against him had been unlawfully seized.  But a U.S. court in Virginia has ruled in favor of the FBI, according to court documents unsealed on Thursday.
   The suspect may have used Tor to keep his browsing anonymous, but his IP address still isn’t private information, the judge wrote in his ruling.  This is because the IP address is given out to third parties in order to access the Internet and even the Tor network.
Privacy advocacy group Electronic Frontier Foundation is opposed to this part of the ruling.
“The implications for the decision, if upheld, are staggering,” wrote Mark Rumold, an attorney with the group in a blog post.  Law enforcement could seize information from a person’s computer without a warrant, probable cause or any suspicion at all, he said.
   Morgan, however, said in his ruling that the rise of hacking has changed expectations about privacy.
 “For example, hacking is much more prevalent now than it was even nine years ago,” he said. “Now, it seems unreasonable to think that a computer connected to the Web is immune from invasion.”
As a result, Tor users “cannot reasonably expect” to be safe from hackers, he added.  The FBI also didn’t violate the Fourth Amendment of the U.S. Constitution by hacking into the suspect’s computer.  Law enforcement should be able to use cutting-edge technology to stop crimes done in secrecy, Morgan said.

(Related)  Why would this be different from any other evidence?
Mike Carter reports the latest development in the federal prosecution of Russian hacker Roman Seleznev:
A federal judge has refused to suppress key evidence in the pending trial of accused Russian mega-hacker Roman Seleznev.
U.S. District Judge Richard Jones said Seleznev’s accusations that federal agents tampered with his computer — and the dueling opinions of prosecution and defense experts about whether that occurred — should be considered by the jury in Seleznev’s upcoming federal trial.
Sure, because a jury of 12 citizens is perfectly equipped to consider testimony about evidence of computer tampering by the government.
Read more on Seattle Times.

(Related)  If no computer is safe, how do you secure government computers?
Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats
by Sabrina I. Pacifici on
Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats – by John P. Carlin, Harvard Law School National Security Journal. Volume 7, Issue 2:
“With increasing network intrusions affecting the U.S. government and American companies, and unsecured connectivity creating new vulnerabilities to cyber attacks, the United States is implementing a whole-of-government, all-tools approach to countering cyber threats.  This article discusses the role played by the Department of Justice within this government-wide effort, including its progress in attributing cyber activities to their source, and how attribution can be used to deter, disrupt, and defend against cyber threats.  In doing so, the article demonstrates the need for a continued commitment to and discussion around effective cyber security tools.”

For my Computer Security students.
KSN Report: Ransomware in 2014-2016 The evolution of the threat and its future
by Sabrina I. Pacifici on
Kaspersky Lab, June 22, 2016: “Ransomware is a type of malware that, upon infecting a device, blocks access to it or to some or all of the information stored on it.  In order to unlock either the device or the data, the user is required to pay a ransom, usually in bitcoins or another widely used e-currency.  This report covers the evolution of the threat over the last two years

Supply and demand.  Perhaps an auction App for tickets? 
Hamilton’s $849 Tickets Are Priced Too Low
Hoping to catch the smash Broadway hit Hamilton in the near future?  Good luck: Even as the anniversary of its opening approaches, there remains a frenzy to buy tickets.  The musical about founding father Alexander Hamilton recently won 11 Tony awards, including Best Musical, bolstering its list of accolades — which also include a Grammy Award and Pulitzer Prize.  Its level of acclaim has even reached the White House, with First Lady Michelle Obama proclaiming Hamilton is “the best piece of art in any form I have ever seen in my life.”  As a result, the producers of Hamilton are scrambling to find the right pricing strategy to handle demand.
What’s clear is that recent prices — starting at $549 for premium seats and $139 for regular seats — are significantly lower than what the public is willing to pay.  The result?  A paradise for scalpers.  The New York Times estimates scalpers earn up to $60 million annually from reselling Hamilton tickets.  Estimates of the average resale price hover around $1,000 per ticket.  Asking prices for future performances are even higher, routinely in the $3,000–$4,000 range and close to $10,000 per ticket for the last show before creator Lin-Manuel Miranda exits the cast next month.
To capitalize on this strong demand, Hamilton’s producers raised ticket prices for newly scheduled 2017 performances.  Now the top ticket price is $849 (for 200 premium tickets) and the remaining 1,075 regular seats range from $179–$199
   We’ve entered a new era, one where consumers understand market-based prices.  Consumers are surrounded by businesses in their daily lives — Uber, Disney, sports teams, Amazon — that blatantly flex prices to be in sync with demand.  It’s telling that in the rock concert industry, where musicians have been loath to raise prices out of fear of being accused of gouging fans, VIP prices are becoming the norm.

WhatsApp users are making 100 millions calls every day
WhatsApp users are now making more than 100 million voice calls every single day – over 1,100 calls per second.
That’s an impressive number, given the feature only finished rolling out to Android and iOS in April of last year.  Of course, plenty of those calls are from individuals who make multiple calls per day, but it still shows how quickly WhatsApp’s 1 billion users have jumped on the feature.
For comparison, Skype only has about 300 million active users per month, so it’s not a stretch to imagine WhatsApp has already surpassed the number of daily Skype calls (a figure Skype doesn’t make public).  Not bad, considering WhatsApp calling is 12 years younger.

A tool for my students?  Maybe when they add some useful channels. 
Instagram’s new video channels will help you geek out over your obsessions
Instagram wants you to watch more video.
The company is adding new topic-based video channels to the "explore" section of the app.  The channels, which will be labeled as "picked for you," will surface based on topics you may be interested in.
   The channels are algorithmically generated and curated by Instagram.  The company hasn't elaborated on how it determines which ones to show to each user, but we're guessing it's based on the same or similar factors that power the rest of Explore's recommendations, including the accounts you follow and posts you have liked in the past.

Instagram: lost in translation no longer
In keeping with other social media giants, Instagram has decided to offer automatic translation, which the photo- and video-sharing service says it will roll out over the coming month.
   With 80 percent of Instagram users now based outside the United States, the company is keen to banish any barriers that may hamper people’s ability to communicate.

Perspective.  I wonder if this will change how they campaign?  Or talk to constituents?
Live-streamed videos from House sit-in viewed on Facebook 3M times
Facebook live-streaming videos from House Democrats' sit-in on the floor were watched more than 3 million times, CEO Mark Zuckerberg said.
After official C-SPAN feeds from the House floor were cut off by House Republicans on Wednesday, Rep. Beto O’Rourke (D-Texas) began streaming the sit-in over the Facebook Live feature. Rep. Scott Peters (D-Calif.) was also streaming video from the floor via Periscope, and several other lawmakers streamed videos on social media.
   C-SPAN, which repeatedly noted that it had no control over the video stream from the House floor, began streaming from some of the lawmakers' social media feeds instead. There was often an alert on the C-SPAN screen that noted the "House cameras are not permitted to show sit-in."  
It was the first time C-SPAN had used social media to circumvent the standard House feeds. 
"When they turned the cameras off today, we found out there's an app for that,” Peters said as the sit-in continued late into Wednesday night.

Damn!  Missed another one.
Twilio stock closes at $28.53, jumping more than 90% in first day of trading

My students (some at least) have the talent, now all I have to do is convince them to try.
Khan Academy Announces a Talent Search
Do you enjoy making instructional videos for your students or the general public?  Can you break complex topics into small, digestible chunks for others to understand?  If so, you may be interested in entering the Khan Academy Talent Search contest.  The contest runs now through August 1, 2016.  Ten finalists will be chosen from all of the entries.  Each of those finalists will win $300.  The overall winner will receive $3000.  All finalists will be considered for a contract to produce content for Khan Academy.  Learn more about the Khan Academy Talent Search here or watch the video below.
Should you need ideas for an instructional video, check out the suggested topics list on Khan Academy.

Thursday, June 23, 2016

"Amateurs talk about tactics, but professionals study logistics."  It makes you wonder what could be more valuable than disrupting communications (and recruiting)?
US Military's Cyber Force Reluctant to Cut Internet in Syria
The US military is wary of cutting Internet connections to Islamic State strongholds such as Raqa in Syria, even though the Pentagon is waging cyber-war against the jihadists, officials said Wednesday.
   CYBERCOM deputy leader Lieutenant General Kevin McLaughlin said the Pentagon has gained important experience fighting the IS group online.
"It's given us the opportunity to learn and mature and kind of plow back in lessons learned in a real circumstance that it might have taken us several years to learn," McLaughlin told lawmakers.

For my Computer Security students.
Goodbye, Password. Banks Opt to Scan Fingers and Faces Instead.
   Millions of customers at Bank of America, JPMorgan Chase and Wells Fargo routinely use fingerprints to log into their bank accounts through their mobile phones.  This feature, which some of the largest banks have introduced in the last few months, is enabling a huge share of American banking customers to verify their identities with biometrics.  And millions more are expected to opt in as more phones incorporate fingerprint scans.
Other uses of biometrics are also coming online.  Wells Fargo lets some customers scan their eyes with their mobile phones to log into corporate accounts and wire millions of dollars.  Citigroup can help verify 800,000 of its credit card customers by their voices.  USAA, which provides insurance and banking services to members of the military and their families, identifies some of its customers through their facial contours.
Some of the moves reflect concern that so many hundreds of millions of email addresses, phone numbers, Social Security numbers and other personal identifiers have fallen into the hands of criminals, rendering those identifiers increasingly ineffective at protecting accounts.  And while thieves could eventually find ways to steal biometric data, banks are convinced they offer more protection.

(Related). Part of what banks are up against.
GozNym Trojan Targets Major US Banks
The GozNym banking Trojan has been observed targeting the customers of some of the largest financial institutions in the United States, IBM Security warned on Wednesday.
   In a redirection attack, the malware hijacks the victim’s browsing session and takes them to a fake website that looks exactly like the legitimate site.  On these phishing sites, victims are instructed to provide personal and financial information that cybercriminals can use to conduct fraud.
In GozNym’s case, the redirection attacks are designed to trick both users and security researchers.  The fake bank webpages are made to look like they are hosted on the targeted organization’s genuine URL and they even display the SSL certificate in the browser’s address bar.

Even as an avid science fiction fan, this seems farfetched and illogical.
Robots May Pay Taxes Under European Proposals
Robots in Europe may soon be given legal rights and considered “electronic persons,” following a draft report from the European Parliament that aims to address the rise of automated workers.
Under the plans, bosses would be required to pay social security on their robot workers’ behalf, as well as adhere to new taxation rules and legal liability frameworks.  
   Speculation surrounding how robots may evolve into advanced artificial intelligence machines in the future is also included in the report, which it warns may have severe consequences for humanity.
“Ultimately, there is a possibility that within the space of some decades artificial intelligence might surpass human intellectual capacity [I’d say that has already happened in at least one case…  Bob] 
The draft report.  [Note: This is a “.do” file.  Change the extension to “.PDF” to open it.  Bob]   

Misusing technology for fun and profit?
The Perils of Using Technology to Solve Other People's Problems
I found Shane Snow’s essay on prison reform — “How Soylent and Oculus Could Fix the Prison System” — through hate-linking.
Friends of mine hated the piece so much that normally-articulate people were at a loss for words.
   In Snow’s essay about prison reform, he identifies violence, and particularly prison rape, as the key problem to be solved, and offers a remedy that he believes will lead to cost savings for taxpayers as well: all prisoners should be incarcerated in solitary confinement, fed only Soylent meal replacement drink through slots in the wall, and all interpersonal interaction and rehabilitative services will be provided in Second Life using the Oculus Rift virtual reality system.

Blockchain, my students would do well to learn all about it.
Blockchain Payments Company Raises $60 Million for Push Into China
Circle Internet Financial Ltd., maker of an app that lets people send money to each other via bitcoin’s blockchain—the Internet network underlying the digital currency—says it is heading to China.
   Circle has already secured licenses in the U.S. and U.K. to swap dollars, pounds, euros and bitcoins via the Blockchain.

There must be an App to help shareholders dig out information like this.  If not, can we create one? 
How Bad Management Led to American Express' Costco Disaster
On Feb. 15, 2015, American Express CEO Ken Chenault announced that the company was walking away from its co-branded credit card partnership with Costco.  The market responded immediately, sending the stock down 6%.  This month, as Costco completes its transition to Visa, American Express' stock has continued its downward spiral.  Amex stock today is down over 21% since the announcement.
Blame for this fiasco is squarely on the shoulders of American Express management.  The company knowingly created large customer concentrations, ignored the risks of this overreliance, and ultimately erased over $40 billion in shareholder value as key customers walked away from the company over the last 18 months.
When American Express first disclosed the end of its Costco partnership last year, management told shareholders for the first time that 10% of the 112 million American Express cards in circulation were co-branded with Costco.  For a company of American Express' size and sophistication, that is a shocking concentration to have in any one customer.

Uber Data And Leaked Docs Provide A Look At How Much Uber Drivers Make
Uber says that its drivers are as much its customers as its passengers are, and that its ride-hail platform is a path to personal freedom and financial independence.  In 2013, the company told the Wall Street Journal that the “typical” Uber driver takes in more than $100,000 in annual gross fares.  (Uber now disputes this characterization.)
More recently, Uber chief adviser and board member David Plouffe has touted the ride-hail platform as a pathway to a modest, more attainable American dream.  But according to leaked internal price modeling data, and Uber’s own calculations provided to BuzzFeed News in response to that leak, drivers in some markets don’t take home much more than service workers at major chains like Walmart when it comes to net pay.
   Based on these calculations, it’s possible to estimate that Uber drivers in late 2015 earned approximately $13.17 per hour after expenses in the Denver market (which includes all of Colorado), $10.75 per hour after expenses in the Houston area, and $8.77 per hour after expenses in the Detroit market, less than any earnings figure previously released by the company.

Amazon leapfrogs to third biggest video streamer by traffic
   Amazon Video accounted for 4.3 percent of downstream internet traffic during peak evening viewing hours in North America, according to network equipment maker Sandvine in its twice-yearly Global Internet Phenomena Report Wednesday.
That's still far behind the 35.2 percent of traffic that Netflix gobbles up, and the 17.5 percent commanded by YouTube.  But Amazon's No. 3 ranking is a leap from eighth place a year ago.

This too seems to be a management error but it raises the question: Are chargers really cheap enough to add to disposable packaging?  What is next?  Wheaties chargers?
KFC India Debuts Takeout Box That Doubles As A Greasy, Craptastic Smartphone Charger
   KFC India has debuted a limited edition version of its 5-in-1 combo, which comes in what’s called a Watt a Box.  Besides the greasy chicken and sides that you’d usually find inside your meal box, there’s also a 6100 mAh power bank that can be used to recharged your Android smartphone or iPhone (both microUSB and Lightning cables are included).

For my geeky students?
Want to develop an app but have no expertise? Google now has a course for you
   The company on Wednesday launched an app-development course with online university Udacity, aimed specifically at the building of apps for its Android operating system.  The difference between this and other Google-approved programs is that this one is aimed at people with no previous development experience.
   The course outline says that it takes 165 hours to complete -- that's around 21 days of full-time study (for 8 hours per day).  It also adds that the "base salary" of an Android developer falls between $52,400 and $136,000 in the US.

(Related).  Perhaps we could create an App to run these Apps?
13 Ways to Earn Extra Money With Your Smartphone
Are Money-Making Apps Worth It?
The definition of “worth it” depends on what you’re expecting. For a college student or a stay-at-home parent, these apps may be the difference between living like a pauper or a king.
Here are three things to keep in mind:
1.      It’s pocket change at best.  Even if you sink in full-time hours, you won’t be earning a full-time income.  These apps can be used to fund hobbies or help you get out of debt, but that’s about it.
2.      Time-value is low.  Are you willing to spend 10 hours on your phone to earn $50?  For some people, an hour of leisure is worth more than that, even if the cash is low-effort.  Figure out how much one hour is worth to you before diving in.
3.      Payout thresholds.  Most apps require you to earn a certain amount of dollars before you can request a payout — and these thresholds can be as high as $50 or $100 sometimes.  That’s a big commitment, and many don’t make it that far.
If you’re still interested, great!  Here are some of the better ones we’ve found.  Even if you don’t like all of them, we’re sure you’ll find at least one or two that intrigue you.

Wednesday, June 22, 2016

Interesting on several levels.  Look at how politicians (not just the Clintons) deflect this and compare it to the really bad job Sony did when faced with a similar breach and disclosure.
Clinton Foundation Said to Be Breached by Russian Hackers
The Bill, Hillary and Chelsea Clinton Foundation was among the organizations breached by suspected Russian hackers in a dragnet of the U.S. political apparatus ahead of the November election, according to three people familiar with the matter.
The attacks on the foundation’s network, as well as those of the Democratic Party and Hillary Clinton’s presidential campaign, compound concerns about her digital security even as the FBI continues to investigate her use of a personal e-mail server while she was secretary of state.
Clinton Foundation officials said the organization hadn’t been notified of the breach and declined to comment further. [The whole world knows, but they “haven’t been notified.”  Bob] 
   Before the Democratic National Committee disclosed a major computer breach last week, U.S. officials informed both political parties and the presidential campaigns of Clinton, Donald Trump and Bernie Sanders that sophisticated hackers were attempting to penetrate their computers, according to a person familiar with the government investigation into the attacks.
The hackers in fact sought data from at least 4,000 individuals associated with U.S. politics -- party aides, advisers, lawyers and foundations -- for about seven months through mid-May, according to another person familiar with the investigations.
   The Republican Party and the Trump campaign have been mostly silent on the computer attacks.  In an earlier statement, Trump said the hack was a political ploy concocted by the Democrats.
   If the Democrats can show the hidden hand of Russian intelligence agencies, they believe that voter outrage will probably outweigh any embarrassing revelations, a person familiar with the party’s thinking said.
   Bloomberg News reported Friday that the hackers who hit the DNC and Clinton’s campaign burrowed much further into the U.S. political system than initially thought, sweeping in law firms, lobbyists, consultants, foundations and policy groups in a campaign that targeted thousands of Google e-mail accounts and lasted from October through mid-May.

There’s an App for that!
This Windows App Alerts You When Your Accounts Are Hacked
Unfortunately, data breaches are increasingly common these days, and even huge websites like LinkedIn are falling to hackers.
It’s important to know if you’ve had any of your accounts compromised, and we can attest that some websites that check your email address against known breaches are great tools to stay informed.
Sites like Have I Been Pwned? are great, but if you have to manually check it from time to time to know if you’ve been attacked, you might miss a critical notification.  The Windows 10 app Hacked?, powered by Have I Been Pwned? (HIBP?), will check your email address twice a day for breaches.
   If you’re not on Windows 10 yet, you can also use the main page of HIBP to regularly check for new breaches.  Just click the Notify me button at the top to get alerts, similar to the Modern app.

There’s nothing like a good debate to wake my students up!
The Federal Bureau of Investigation, the Department of Justice, and technology and internet companies have been waging a little-known war for years over how much information companies are obligated to hand over about customers during national security investigations — absent a court order.
In early June, when Yahoo disclosed three secret government requests for customer information — called national security letters — one of those requests revealed that the FBI might have been exceeding its authority by asking for email records, such as headers or browsing information, in addition to basic subscriber information.
While the revelation that the FBI kept asking for those records surprises some academics, lawmakers, and privacy advocates – national security attorneys and large technology companies have known about the problem for years, and have been arguing with FBI attorneys over what’s allowed and what’s not.

Revising the recently revised revisions to changed FAA rules.  These may be tentative.
FAA issues new commercial drone rules
by Sabrina I. Pacifici on
“The Federal Aviation Administration (FAA) is amending its regulations to adopt specific rules for the operation of small Unmanned Aircraft Systems (sUAS) in the National Airspace System (NAS) through a final rule.  These changes address the classification of sUAS, certification of sUAS remote pilots, and sUAS operational limitations.  This advisory circular (AC) provides guidance for conducting sUAS operations in the NAS in accordance with Title 14 of the Code of Federal Regulations (14 CFR) part 107.”

So, Microsoft just won, right? 
Microsoft invokes Supreme Court opinion in Ireland email case
   In a decision Monday in a separate case on the extraterritorial application of a provision of the Racketeer Influenced and Corrupt Organizations Act (RICO), the Supreme Court set out the ground rules for its analysis, pointing out that “absent clearly expressed congressional intent to the contrary, federal laws will be construed to have only domestic application.”  The court was applying a canon of statutory construction known as the presumption against extraterritoriality.
It stated that the “the question is not whether we think ‘Congress would have wanted’ a statute to apply to foreign conduct ‘if it had thought of the situation before the court,’ but whether Congress has affirmatively and unmistakably instructed that the statute will do so."

Something I can pull from for my next IT Governance class.  I’ll change the format, I don’t PowerPoint.
Looking Forward: Corporate Governance of the Successful 21st Century Company
by Sabrina I. Pacifici on
da Silveira, Alexandre Di Miceli, Looking Forward: Corporate Governance of the Successful 21st Century Company (Presentation Slides) (June 20, 2016).  Available for download at SSRN:
“This is a PPT presentation that discusses what is coming next on corporate governance (CG) and in which ways the successful business of the 21st century will differ from its successful 20th century counterpart.  The presentation is divided into five key messages:
1) This is a moment of lower trust in big business around the world due to successive financial crises, CG misconducts, and politically-related corruption scandals;
2) There is an increasingly criticism on the standard narrative for CG based on shareholder value maximization;
3) One of the few consensuses in this changing world is that stakeholders have increasingly higher expectations about the role of companies in society;
4) There is a new approach for CG and the successful business of the 21st century based on: ethical culture & intrinsic values, stakeholder orientation, and conscious capitalism; and,
5) There is growing evidence that adopting this new approach to CG pays off.”

Interesting, but we’ve been teaching these languages for decades. 
Half of the high-paying jobs in America now require this skill
If terms like SQL, Python and JavaScript aren’t on your radar, employers may not be interested in hiring you.
Roughly half of the jobs in the top income quartile — defined as those paying $57,000 or more per year — are in occupations that commonly require applicants to have at least some computer coding knowledge or skill, according to an analysis of 26 million U.S. online job postings released this month by job market analytics firm Burning Glass and computer science education firm Oracle Academy in Redwood City, Calif.  In simple terms, coders write the instructions that tell computers what to do; in-demand programming languages include SQL, Java, JavaScript, C# and Python.
   However, there is good news for those without coding skills: You can acquire these skills without having to study computer science in college — sometimes for free.  CodeAcademy is one of the better programs, according to technology magazine Wired (and its free), but there are plenty of others, including Girl Develop It and Udacity.

We have a 3D printer and I have a key to the room it’s locked in…
10 Educational Toys You Can 3D Print

Tuesday, June 21, 2016

An interesting article.  My concern, as a Computer Security manager would be that their hackers have found a less detectable method of hacking into my systems.  But that does not stop everyone involved (or not) from claiming success!
Chinese Curb Cyberattacks on U.S. Interests, Report Finds
Nine months after President Obama and President Xi Jinping of China agreed to a broad crackdown on cyberespionage aimed at curbing the theft of intellectual property, the first detailed study of Chinese hacking has found a sharp drop-off in almost daily raids on Silicon Valley firms, military contractors and other commercial targets.
But the study, conducted by the iSight intelligence unit of FireEye, a company that manages large network breaches, also concluded that the drop-off began a year before Mr. Obama and Mr. Xi announced their accord in the White House Rose Garden.  In a conclusion that is largely echoed by American intelligence officials, the study said the change is part of Mr. Xi’s broad effort to bring the Chinese military, which is considered one of the main sponsors of the attacks, further under his control.

Another “must have” surveillance App?  Do the people who buy these know what they are doing? 
The AI Dashcam App That Wants to Rate Every Driver in the World
If you’ve been out on the streets of Silicon Valley or New York City in the past nine months, there’s a good chance that your bad driving habits have already been profiled by Nexar.  This U.S.-Israeli startup is aiming to build what it calls “an air traffic control system” for driving, and has just raised an extra $10.5 million in venture capital financing.
Since Nexar launched its dashcam app last year, smartphones running it have captured, analyzed, and recorded over 5 million miles of driving in San Francisco, New York, and Tel Aviv.  The company’s algorithms have now automatically profiled the driving behavior of over 7 million cars, including more than 45 percent of all registered vehicles in the Bay Area, and over 30 percent of those in Manhattan.
Using the smartphone’s camera, machine vision, and AI algorithms, Nexar recognizes the license plates of the vehicles around it, and tracks their location, velocity, and trajectory.  If a car speeds past or performs an illegal maneuver like running a red light, that information is added to a profile in Nexar’s online database.  When another Nexar user’s phone later detects the same vehicle, it can flash up a warning to give it a wide berth.  (This feature will go live later this year.)
   Nexar estimates that if 1 percent of drivers use the app daily, it would take just one month to profile 99 percent of a city’s vehicles.  “We think that it’s a service to the community to know if you’re a crazy driver or not,” says Shir.
That community includes insurance companies, who Nexar suggests could save billions by cherry-picking only the best drivers to cover.

Security(?) at the cost of your privacy?  Was the Privacy Policy language deliberate?  What would you do with videos of someone’s home?  
From the not-exactly-a-glowing-review dept., SLC Security writes:
 Look familiar?  Well this device started showing up in all the big box retailers last year so we decided to give one a try.  Hooking the device up to a EVDO hotspot on Verizon was interesting at best.  During our testing we discovered that the device streams continuously back to Guardzilla (even if you don’t subscribe to their monitoring) all the time.  So this “security” device has some serious “privacy” issues.
Here’s the problem. Even when you don’t subscribe to the recording and playback features offered by Guardzilla the devices still stream to Guardzilla and we assume that the video is being stored otherwise why would you send it?  What tipped us off was the fact that the device uses nearly 1GB of bandwidth per day even when your not viewing the camera.  So basically your allowing Guardzilla to see into your protected space and to hear everything that goes on in this space because these devices are constantly streaming even when you are not using them. 
Read more on SLC Security.  In an update, they state that Guardzilla confirmed that that’s how the device operates.
I wonder what the FTC would say about all this.
[From the article:
The Guardzilla Privacy Policy:
Practecol takes reasonable efforts to ensure that your personal information is protected while you use the Services. [Not while you don’t?  Bob]
Oh and theres this line:
Also, video, audio, and other information received or recorded by your Guardzilla device may be stored on our servers or the servers of third parties.

Another surveillance technique?  (Beware of perverts/stalkers bearing gifts?)
Caleb Chen writes:
Over the weekend, the security community heard rumors about a potential issue with the NETGEAR Internet of Things wireless security camera.  A user reported to the privacy subreddit that after returning the device and not uninstalling the app or deleting an account, the user was still able to see camera footage from the new owner’s camera – a clear privacy breach.  The user accuses NETGEAR of having poorly planned out processes for change of ownership scenarios.  The reaction from the tech community lacked disbelief and sympathy.  Many others reported similar issues with brands other than NETGEAR.  In fact, there are websites that list all the world’s internet of things (IoT) cameras that are plugged in but not configured to keep the world out.
Read more on Privacy Online News.

“Hey!  We gotta do something!”  Don’t think, act! 
Invoking Orlando, Senate Republicans set up vote to expand FBI spying
U.S. Senate Majority Leader Mitch McConnell set up a vote late on Monday to expand the Federal Bureau of Investigation's authority to use a secretive surveillance order without a warrant to include email metadata and some browsing history information.
   Privacy advocates denounced the effort, saying it seeks to exploit a mass shooting in order to expand the government’s digital spying powers.
   The amendment would broaden the FBI’s authority to use so-called National Security Letters to include electronic communications transaction records such as time stamps of emails and the emails' senders and recipients.
The Obama administration for years has lobbied for a change to how NSLs can be used, after a 2008 legal memo from the Justice Department said the law limits them largely to phone billing records.  FBI Director James Comey has said the change essentially corrects a typo and is a top legislative priority for his agency.
   The amendment filed Monday would also make permanent a provision of the USA Patriot Act that allows the intelligence community to conduct surveillance on “lone wolf” suspects who do not have confirmed ties to a foreign terrorist group.  That provision, which the Justice Department said last year had never been used, is currently set to expire in December 2019.

(Related)  “They’re not letting us do what we want to do!” (say it with a whiney voice)  Or perhaps, “They’re child pornographers, they don’t have any rights!” 
Tim Cushing writes:
Another court handling an FBI Playpen case has handed down its decision on a motion to suppress.  Like other courts fielding prosecutions resulting from this massive investigation, it has found [PDF] that the FBI’s NIT (Network Investigative Technique) is invasive enough to be called a “search.” (via
The FBI must have felt its NIT deployment would be considered a search.  That’s why it obtained a warrant in the first place.  But it’s been frantically peddling “not a search” theories as court after court has declared its warrant invalid because the searches were performed outside of the issuing magistrate’s jurisdiction.
Read more on TechDirt.

This will be handy when (if) I start teaching the “Care and Feeding of the Social Media Beast”
Paper – Social Clicks: What and Who Gets Read on Twitter?
by Sabrina I. Pacifici on
Maksym Gabielkov, Arthi Ramachandran, Augustin Chaintreau, Arnaud Legout.  Social Clicks: What and Who Gets Read on Twitter?.  ACM SIGMETRICS / IFIP Performance 2016, Jun 2016, Antibes Juan-les-Pins, France. 2016.  Submitted on 13 Apr 2016.
“Online news domains increasingly rely on social media to drive traffic to their websites.  Yet we know surprisingly little about how a social media conversation mentioning an online article actually generates clicks.  Sharing behaviors, in contrast, have been fully or partially available and scrutinized over the years.  While this has led to multiple assumptions on the diffusion of information, each assumption was designed or validated while ignoring actual clicks.  We present a large scale, unbiased study of social clicks – that is also the first data of its kind – gathering a month of web visits to online resources that are located in 5 leading news domains and that are mentioned in the third largest social media by web referral (Twitter).  Our dataset amounts to 2.8 million shares, together responsible for 75 billion potential views on this social media, and 9.6 million actual clicks to 59,088 unique resources.  We design a reproducible methodology and carefully correct its biases.  As we prove, properties of clicks impact multiple aspects of information diffusion, all previously unknown.
(i) Secondary resources, that are not promoted through headlines and are responsible for the long tail of content popularity, generate more clicks both in absolute and relative terms.
(ii) Social media attention is actually long-lived, in contrast with temporal evolution estimated from shares or receptions.
(iii) The actual influence of an intermediary or a resource is poorly predicted by their share count, but we show how that prediction can be made more precise.”

At what point does Google cross the line into practicing medicine without a license?  Will these be linked to the nearest medical specialist along with a coupon that says, “Google sent me?”
Google Sharpens Search Results for ‘Skin Rash,’ ‘Tummy Ache’ and Other Symptoms
Google has a health problem. Its search results for medical symptoms aren’t very useful at best, and in many cases are alarmingly off base, frustrating patients and doctors alike.
The Alphabet Inc. -owned search giant says it has developed a cure.  On Monday, it rolled out a new feature called symptom search.
The next time you use the Google search app for iPhone and Android to look up something like “my tummy hurts,” “skin rash,” or “headache on one side,” you’ll see about a half-dozen digital cards you can swipe through right below the search box.  Each of these cards briefly describes a common health problem related to your search term.

Perspective.  Is this now a nation of crooks?
Google is being overloaded with DMCA takedown requests.  The company has seen the number of takedown notices from rightsholders quadruple over the past two years.  In 2016 alone, Google is projected to process over a billion reported pirate links, most of which will be scrubbed from its search index.
   Google now handles around three million “pirate” links every day.

Perspective.  Also, some tips on how to do business in India?
Amazon's Bold Indian Strategy
Amazon CEO Jeff Bezos recently announced an expansion of the company's investment in India to the tune of US$3 billion -- that was in addition to the $2 billion in investments it announced in 2014.
   "It appears that Amazon is seeking to build an infrastructure just for the India market, which is good strategy given the regulatory challenges of being a foreign entity and the different e-commerce environment," said Jim McGregor, principal analyst at Tirias Research.
   One of the world's fastest-growing e-commerce markets, India currently is dominated by firms like Flipkart, Snapdeal and Alibaba.
"India represents a rapidly expanding market with a growing middle class," Stratecast/Frost & Sullivan Program Manager Mike Jude told the E-Commerce Times.
Overall, the online retail market in India is only 2 percent of total retail sales in that country, according to Forrester Research.  However, growth in e-tailing is exploding, with the market expected to rise at a compound annual growth rate of 44 percent, starting last year, to reach $75 billion by 2020.

It’s good to be on the New York Times bestseller list!
E-Book Buyers to Start Receiving Credits on Tuesday as Part of Apple Price Fixing Settlement
Starting on Tuesday, June 21, U.S. customers who purchased e-books from Apple and other retailers like Amazon and Barnes & Noble will begin receiving payouts from the $450 million settlement Apple agreed to pay after being found guilty of conspiring to fix the prices of e-books.
Customers will be receiving a $6.93 credit for each book that was a New York Times bestseller, and a $1.57 credit for other e-books.  Customers eligible for credits include those who purchased e-books between April 1, 2010 and May 21, 2012.

“If’n them thar good ole boys kin do it, I reckon us’ns can do it too!”
Chattanooga mayor: Gigabit speed internet helped revive city
When Chattanooga Mayor Andy Berke describes his city's economic renewal, he points to the city’s fiber network as a significant source of its new vibrancy.
   A pioneer in municipal broadband, Chattanooga developed its fiber network in 2010 with $330 million, paid for with $105 million in federal funds and the rest from bonds.  The high-speed access led to direct and indirect economic gains and has been profitable.
   “Our fiber goes to each and every home,” Berke said.  “We can’t have digital gated communities.  If we do that we and only allow fiber to go to some parts of the city, some parts of the state, we will see technology widen the gulf between people as opposed to bridging it.

This is all the Harvard B School could come up with?
The 8 Digital Productivity Tools Everyone Should Adopt
I’m a super adopter.  I love trying out hundreds of new applications, social networks and devices every year.  But not everybody wants to live the thousand-app lifestyle.  For most people, the goal is to adopt the smallest number of tools necessary to work efficiently.  That’s why my friends and colleagues often ask me which technologies I regard as must-haves: the tools and tactics that will make a big impact on their productivity without spending a lot of time or money getting up and running.