Saturday, July 23, 2016

Any leak is a good leak? 
D.B. Hebbard reports:
If WikiLeaks wanted to cause itself irreparable damage, it could not have done worse than to publish a huge dump of emails, some of which contain personal information such as passport or social security numbers, or credit card information.
The organization, which usually gets support from the tech and liberal media, is getting hammered for its poor judgement.  Also, the source of the emails is also controversial as the hack may involve a Russian hacker.
The 19,252 emails come from the in-boxes of seven DNC employees, including Communications Director Luis Miranda and National Finance Director Jordan Kaplan, but a search of several known names deeper inside the organization turned up nothing (which show you just how easy it is to run up the number of emails coming and going through an organization).
Read more on PoliMedia. As Mike Wehner succinctly describes on the Daily Dot:
Most of the donor notifications includes the name, address, phone number, email address, occupation, payment type, and partial account numbers of the donor.  The emails even include the IP address that the donation was sent from, along with the type of computer and browser that was being used at the time.
The source being a Russian hacker wouldn’t concern me, but the dumping of data without screening to redact some PII does, and this is not the first time WikiLeaks has done this.  We saw it with Sony hack email dump, and we’ve seen it with other data dumps.
I understand that there are those who want to get stolen or hacked data of political import out there.  But perhaps they might consider using a more responsible organization and system such as REVEAL (formerly known as the Center for Investigative Reporting).

Yet another breach where a simple Google search found the vulnerability.
Hacker steals 1.6 million accounts from top mobile game's forum
A hacker has targeted the official forum for popular mobile game "Clash of Kings," making off with close to 1.6 million accounts.
The hack was carried out on July 14 by a hacker, who wants to remain nameless, and a copy of the leaked database was provided to breach notification site, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data.
In a sample given to ZDNet, the database contains (among other things) usernames, email addresses, IP addresses (which can often determine the user's location), device identifiers, as well as Facebook data and access tokens (if the user signed in with their social account).  Passwords stored in the database are hashed and salted.
   The hack took advantage of the company's lax approach to user security, such as failing to use basic HTTPS website encryption.

The hacker exploited a known weakness in the forum's software, an older version of vBulletin, which dates back to late 2013.  The version in question is vulnerable to a number of serious security flaws, which can be exploited with tools found readily online.
One of the LeakedSource members told me that the hacker actively sought out sites running vulnerable, out-of-date forum software, using a technique known as "Google dorking," which uses search engines to find sites running potentially vulnerable software and insecure configurations.
The "Clash of Kings" forum was one of the largest that shows up in the search.
"At this point, any unpatched vBulletin 4 forum with over 100,000 users is probably hacked," the member said.

Update.  How would this have been handled in the US?  Still think only governments can wage cyberwar? 
Martin Evans reports:
A teenage computer hacker who shutdown government networks across the world and sent bomb threats to US airlines from his bedroom, has walked free from court.
The 16-year-old from Plympton in Devon, began hacking the sites of organisations and governments he disagreed with when he was just 14.
Using a laptop computer in his bedroom, the schoolboy, who cannot be named for legal reasons, caused chaos targeting Iraq’s ministry of foreign of affairs, the department of agriculture in Thailand and China’s security ministry.
He also crashed computers in the Japanese town of Taiji, where an annual dolphin hunt takes place, and launched a cyber-attack the SeaWorld theme park in Florida almost half a million pounds.
Read more on The Telegraph.

Privacy is a victim of a drive by?
Joe Cadillic writes:
DHS and the Dept., of Transportation are using ‘Bluetooth detectors‘ to spy on motorists and pedestrians.
Beginning in late 2007 the University of Maryland, with support from the Maryland SHA, developed an anonymous probe technique to monitor the travel time on highways and arterials based on signals available from the pointtopoint networking protocol commonly referred to as Bluetooth.
If you guessed DHS, is involved in Bluetooth spying, give your self a gold star.  Click herehere here to find out more.
According to motorists probably have no idea the government (DHS) is secretly reading information on their cell phones, tablets, headphones.
Read more on MassPrivateI.
[From the article:
The DOT admits Bluetooth detectors can be used to identify anyone...

This could be amusing.
Judge Orders Yahoo to Explain How It Recovered ‘Deleted’ Emails in Drugs Case
A judge has ordered Yahoo to present a witness and provide documents explaining how the company handles supposedly deleted emails.
The move comes in the appeal case of a drug trafficker who was convicted, in part, because of emails Yahoo provided to law enforcement that conspirators believed had been deleted.
Defense lawyers in the case claim that six months of deleted emails were recovered—something which Yahoo's policies state is not possible.  The defense therefore speculates that the emails may have instead been collected by real-time interception or an NSA surveillance program.
United States Magistrate Judge Maria-Elena James, from a San Francisco court, granted the defense's motion for discovery in an order filed on Wednesday.
The case revolves around Russell Knaggs, from Yorkshire, England, and a single Yahoo mail account.  In 2009, Knaggs orchestrated a plan to import five tonnes of cocaine from South America.  At the time, Knaggs was already serving a 16-year prison sentence for another drug crime.
As part of the operation, a collaborator in Colombia would log into the email account “” and write a draft email.  An accomplice based in Europe would then read the message, delete it from both the “draft” and “trash” folders, and write his own draft, in an effort not to leave behind any messages that could later be read by law enforcement.
The defense alleges there should have been nothing for law enforcement to find
Sukhdev Thumber, a solicitor representing Knaggs in the UK proceedings, previously told Motherboard that the pair would sometimes simply remove the text in the draft with the backspace key, rather than deleting the email.  Knaggs didn't actually use the account himself.

WWPD (What will Putin do?)  If Google more powerful than the FSB? 
Shaun Waterman reports:
U.S.-based tech giants appear set to silently ignore new Russian laws requiring them to hand over encryption keys for internet communications to state security agencies, those tracking the issue tell FedScoop.
Only two encryption providers appear to have publicly responded to the new legislation, known as “Yarovaya law,” after the hardline lawmaker responsible for drafting it.  One virtual private network provider, Private Internet Access, announced they were leaving Russia, while another, NordVPN, doubled down on their presence there, according to interviews and public statements.
Read more on FedScoop.

Never say clearly what you can interpret however you want later? 
Civil Rights Office Issues Ransomware Guidance
   Ransomware attacks have risen from about 1,000 a day last year to 4,000 a day this year, Symantec has reported.
Many of those attacks are for small change, but some of the larger ones have been directed at healthcare providers.
   The U.S. Health and Human Services Department's Office for Civil Rights, which enforces compliance with the Health Insurance Portability and Accountability Act, better known as "HIPAA," has released new guidance for healthcare organizations on ransomware
   "This OCR guidance clearly says that chances are that if you're infected with ransomware, it's likely a reportable breach unless there are mitigating circumstances," Kim said.  "Healthcare organizations know now that if ransomware encrypts PHI (protected health information), it's likely you'll have to report it." [A clear and unequivocal “maybe.”  Bob]
   The guidance can be found at:

(Related)  Make a rule that is more like a suggestion.  “We don’t really want to block all those calls from politicians…” 
FCC chief pushes phone companies to offer free robocall blocking
The chairman of the Federal Communications Commission on Friday told phone companies that they should start providing free technology for their customers to block robocalls and spam texts.
“I strongly urge you to offer your customers robust call blocking at no cost,” Chairman Tom Wheeler wrote in letters to companies providing both wireless and wired phone service, urging them to move immediately “to ensure consumers have the tools necessary to block these unwanted calls.”

For my Computer Security students.
Auto makers' ISAC out with cyber best practices guide
The Information Sharing and Analysis Council for the motor vehicle industry published a set of cybersecurity best practices Thursday.
The Auto-ISAC guidance recommends a fairly standard set of precautions — baking in security at the earliest stages of software development; standardized risk management procedures; proactive network defenses; and incident response planning, among others.
"It's a high-level document," said Jon Allen, a principal at Booz Allen Hamilton and acting executive director of the Auto-ISAC. 
He said there would be more detailed "playbooks," bearing down on individual areas such as risk management.  "This is what the industry needs to focus on as it prepares the playbooks," he said.

When your Wikipedia page is likely to be analyzed, bring in the professional obfuscators?
Is Wikipedia Foreshadowing Clinton's Vice-Presidential Pick?
   Tom Vilsack, the U.S. Secretary of Agriculture and one of two candidates on Clinton’s reported shortlist, saw about 30 edits to his page this week.  Most of them were just to clean up information already on his page, and they came from registered Wikipedia users.
The Wikipedia page of Virginia Senator Tim Kaine, on the other hand, has seen 62 edits on Friday alone.  There have been almost 90 edits over the past week.  Many of them originate from a user called Neutrality, a longtime Wikipedia editor who has made more than 110,000 edits to the encyclopedia.  Other minor edits come from two IP addresses not associated with Wikipedia users, appearing to originate respectively from Hicksville, New York, and the borough of Queens in New York City.  Another user registered as a Wikipedia editor (and thus impossible to geographically track) added paragraphs about Kaine’s experience as mayor of Richmond and his energy policies.
In short, Kaine’s page has seen significantly more Wikipedia edits than any other candidate’s.

More on the hottest thing since the last hot thing?
'Pokémon GO' Claims Twice The Daily Use Of Facebook, Most First-Week Downloads On iOS
I had taken a break reporting on Pokémon GO simply because I didn’t think the statistics could get any more staggering.  Clearly I was wrong!  Pokémon GO isn’t going to topple Facebook’s massive user base any time soon, but it has snagged quite the user engagement victory.  On a daily basis, the insanely popular app from Niantic Labs is being used twice as much as the Facebook app on Android.  This is honestly something I thought would be inconceivable in a world where we’re tethered to our phones and addicted to social media updates.
A new report gathered from 7Park Data — pulled from a multi-million panel of anonymous U.S. Android users – shows that during its first week, Pokémon GO users spent 75 minutes per day playing, versus only 35 minutes on the Facebook app.  Beyond that, there’s another statistic that may give YouTube and Snapchat executives pause.  When comparing daily usage the week before and the week after Pokémon GO’s release, 7Park Data discovered that Niantic’s hit caused daily usage for said apps to drop by 9% and 18%, respectively.

(Related)  It looks far too complicated for me.
A beginner's guide: How to play 'Pokémon Go'

The older I get, the less concerned I am about looking foolish.
Modobag Lets You Zoom Around Airports While People Point and Laugh
   The Modobag isn't available yet, but you can pre-order one via its Indiegogo campaign for the very high price of $995.  Did I mention the luggage's companion app will cost $69? Oh, and just one other small issue: you'll look like a total tool as you tool around the terminal.

I look forward to this, every Saturday.
Hack Education Weekly News
   Via The Chicago Tribune: “Gov. Bruce Rauner once told some of Chicago‘s wealthiest and most influential civic leaders that half of Chicago Public Schools’ teachers ‘are virtually illiterate’ and half of the city’s principals are ‘incompetent,’ according to emails Mayor Rahm Emanuel’s administration released Thursday under a court order.”
   Amazon announced that it is partnering with Wells Fargo to offer student loans – Amazon Prime Student subscribers will be eligible for half a percentage point reduction on their interest rate for private student loans.  (As I’ve stated elsewhere, private student loans and the expansion of “fintech” into education is one of the most important ed-tech trends to watch, although you wouldn’t know if it you only read those ed-tech publications that downplay VCs’ interest in the private loan market.)  Here’s Inside Higher Ed on the news, which notes that consumer advocates are concerned about the offering.  No surprise, as last year the CFPB investigated the bank’s student loan practices.  As US News & World Reports reports, “Wells Fargo, one of the largest private student loan lenders that services more than 1 million borrowers, received the fourth most complaints out of all private student loan servicers, according to a 2015 report from the Consumer Financial Protection Bureau.”  
   Via The Washington Post: “Pokémon Go sparks concern about children’s privacy.”
   “What Could Go Wrong With Asking Teachers To Monitor Kids for ‘Extremist’ Beliefs?” asks the ACLU.

Friday, July 22, 2016

Perspective.  Do you think it might be true in the US also?
Crime in UK Now Most Likely to be Cyber Crime
There were nearly six million fraud and cyber crimes committed in the UK in the 12 months to March 2016, according to the latest figures from the Office for National Statistics (ONS).  This is the first year that such cyber crimes have been included in the ONS statistics, so it is not possible to consider overall trends -- nevertheless, it suggests that approximately half of all UK crime is now cyber-related.
   The ONS figures suggest that there were 2 million computer misuse incidents; more than two-thirds of which were virus related, with the remainder involving unauthorized access to personal information (including hacking). 51% of fraud incidents are now cyber-related.
   The extent of this criminal move into online crime means that people are now six times more likely to be a victim of plastic card fraud than a victim of theft from the person, and around 17 times more likely than robbery.
   Earlier this month, the UK's National Crime Agency (NCA) released its Cyber Crime Assessment 2016, which argues that criminal capability is outpacing industry's ability to defend against attacks, and suggests that "only by working together across law enforcement and the private sector can we successfully reduce the threat to the UK from cyber crime."

Is this really that shocking?  Will my Ethical Hacking students be able to do it to living victims? 
Police Request For 3D-Printed Fingers To Unlock A Murder Victim's Smartphone
   According to a Fusion report, authorities approached Michigan State University professor Anil Jain last month with the request to create 3D-printed replica of a dead man's fingers
   The police had copies of the murder victim's fingerprints that were taken while he was alive, as he was previously arrested.  The fingerprint scans were forwarded to Jain and Sunpreet Arora, his PhD student, who used the scans to create the 3D-printed replica of all ten digits of the murder victim.
While the thumb and index fingers are the most commonly used ones to create the fingerprint lock on devices, all ten digits were created just to be sure they have the one that will unlock the smartphone.

Jousting at windmills?
EFF Files Lawsuit Challenging DMCA’s Restrictions on Security Researchers
   The lawsuit asks the court to strike down the highly contentious Section 1201 of the DMCA that restricts the reverse engineering of systems which protects copyrighted material such as films, audio and computer code.

The world according to Bezos?
Amazon Is Now Offering Discounted Student Loans as a Prime Perk
Amazon is taking its nickname—the Everything Store—quite seriously.
On Thursday, the e-commerce behemoth and bank Wells Fargo announced a partnership to supply some Amazon customers with student loans.
The bank will give a new interest rate discount—0.5%—to borrowers who are members of Amazon Prime Student, a subscription-based service for college students that costs half the price of regular Amazon Prime.

The world according to Zuckerberg.  Still a long way from deployment.
Facebook’s Giant Internet-Beaming Drone Finally Takes Flight
   a little past six o’clock, a truck taxied down the runway, pulling Aquila on a massive metal dolly stretched out behind it.
Aquila is the flying drone Zuckerberg and company are designing to provide Internet access in remote parts of the world.  It’s made of carbon fiber, and it tops the wingspan of a 737.  As the truck reached full speed, the drone’s on-board autopilot computer clipped the straps that held the aircraft to the dolly, and Aquila rose into the sky.  Guiding itself via that same computer, the drone flew for a good 96 minutes in the restricted airspace of the Yuma Proving Ground before landing in the desert on its styrofoam skids—Aquila’s first successful flight.

Perspective.  The modern way to know your economy is in trouble?
McDonald's stops selling Big Mac in Venezuela due to bread shortage
   Shortages of everything from rice to toilet paper have worsened over the past several months in Venezuela, with reports of looting and protests on the rise.  Venezuela's economy will contract 10 percent in 2016, according to the International Monetary Fund, with inflation accelerating to around 700 percent.

Clearly, I have not been taking Pokémon seriously enough!  
The $105 Billion Enterprise Market for Pokémon Go

Alternative learning technologies…
15 Top-Notch Podcasts for Programmers & Software Developers
   For maximum enjoyment, we recommend using one of the many high-quality podcast apps available on Android, on iOS/iPad, and even on Linux.  Once you have one set up, scroll on down and check some of these out!  [Useful, even if you don’t have a smartphone.  Bob] 

Thursday, July 21, 2016

Are the French overreacting or merely the first to react?
Windows 10 personal data collection is excessive, French privacy watchdog warns
Windows 10 breaches French law by collecting too much personal information from users and failing to secure it adequately, according to the French National Data Protection Commission (CNIL).
Some of the privacy failings identified can be remedied by users willing to delve deep into the Windows 10 settings, but one of the commission's gripes is that better privacy should be the default setting, not one users must fight for.
CNIL served Microsoft with a formal notice on June 30, giving it three months to comply with the law, but only made it public on Wednesday.

The next Kim Dotcom?
   The 30-year-old Artem Vaulin, from Ukraine, was arrested today in Poland from where the United States has requested his extradition.
In a criminal complaint filed in U.S. District Court in Chicago, the alleged owner is charged with conspiracy to commit criminal copyright infringement, conspiracy to commit money laundering, and two counts of criminal copyright infringement.
   The complaint further reveals that the feds posed as an advertiser, which revealed a bank account associated with the site.
It also shows that Apple handed over personal details of Vaulin after the investigator cross-referenced an IP-address used for an iTunes transaction with an IP-address that was used to login to KAT’s Facebook account.
   Commenting on the announcement, Assistant Attorney General Caldwell said that KickassTorrents helped to distribute over $1 billion in pirated files.

Perspective.  Isn’t it bad enough that we have to sort through the tweets of twits to find anything useful on the Internet?  Now my students can create hours and hours of video of paint drying?  And they can comment on it while it does! 
Facebook users can now live stream for up to 4 hours

Perspective.  It seems strange that a business model that started in the mid 1400’s with Thurn and Taxis has suddenly met its end with an App. 
Uber dominates Q2 business travel as taxis see 51% decline in past 2 years
Uber continues to be viewed favorably by U.S. business travelers in Q2 2016, according to a new study released by online travel and expense management service provider Certify.  Overall, ride-hailing services are becoming the preferred ground transportation method, a further signal that incumbent options like taxis are no longer getting the job done.  In fact, taxi ridership has gone down 51 percent nationwide since 2014.
Analyzing more than 10 million business travel receipts and expenses, Certify also sees that not only are taxis being displaced, but car rentals are, as well.  Travelers perhaps feel it’s less economical and more burdensome to wait in line to rent a car than to summon an ad hoc personal driver right on their mobile device and never have to worry about parking, filling up on gas, or buying insurance.

Perspective.  A rising tide lifts all boats?  Sometimes it’s good just to take your commission. 
Forget Nintendo, 'Pokémon Go' could be worth billions of dollars to Apple
We already know that Pokémon Go has caught the attention of the business world, with the value of Nintendo more than doubling thanks to its interest in the game. 
It doesn't stop there.
The app could be worth a Wailord-sized $3 billion in revenue to Apple, thanks to the cut of any money the company takes from companies that operate in its app store.
   Apple takes a 30 percent cut of money spent on apps through its iOS devices.  That's proving to be a lucrative deal, with Apple enjoying growth in China and emerging markets — which could push revenue from iOS past $100 billion by 2020.

How crazy is the craze?
   Given that Apple’s total App Store revenue last year was $20B, suggesting that it may see $3B from a single game – even over a two-year period – seems a little out there.  But with in-app purchases reaching as high as $150, who knows how many people out there have completely lost their minds – and TNW has collated plenty of evidence.
In New York, a 28-year-old man crashed into a tree playing the game, while two others fell 50ft off a cliff in San Diego.  Across the pond in the UK, four teenagers had to be rescued from a mine after getting lost in the complex for more than five hours.  Police in Northern Ireland had to explicitly tell players, ‘But there’s a Zubat in there’ is NOT an excuse for breaking into someone’s house.
Distracted drivers are crashing into Police cars:
And making emergency calls to Police to report stolen Pokémon.  Oh, and players in Bosnia had to be told not to wander into minefields …

(Related) Congress is always crazy.  Is this their only concern?  Do they play while wandering around Washington DC?
Lawmakers question Pokemon Go's impact on data usage
Lawmakers on Wednesday asked the company that makes hit game "Pokemon Go" what they were doing to make sure players don’t run up high mobile data charges using the application.
The letter to Niantic CEO John Hanke was signed by the top Democrat on the House Energy and Commerce Committee, Rep. Frank Pallone Jr. (N.J.), as well as Rep. Jan Schakowsky (D-Ill.) and Rep. Diana DeGette (D-Colo.).
"In addition to issues related to the game being played inappropriate locations, safety, and privacy, recent reports suggest that playing Pokemon Go could exhaust a consumer’s available monthly mobile data,” they wrote.
   The letter comes despite the fact that some have argued the program does not use up particularly large amounts of wireless data.  Certain mobile apps are already considered data-intensive, including social media apps and streaming music products.

My Data Management students had a hard time figuring out why they bought them.  Perhaps this article will help.
Unilever's CEO on why he bought Dollar Shave Club for a reported $1 billion

Free?  I like Free.

Wednesday, July 20, 2016

For my Computer Security class.  Control the panic! 
Pokemon GO is down today: here’s what to do
   Today Pokemon GO is down.  Niantic's servers have been hammered into submission and they're working frantically to return the entire grid back to full power.  One of the places I go to find this information out - one of my confirmation points on the public end of the spectrum, is over at Is Pokemon GO Down or Not.  This is a website run on an engine created by the folks at DataDog.
According to a DataDog representative, they're currently working on an alert system so that people will be able to subscribe to the service to get emails (or something like that) in the near future.

Small, but eventually they could add up to big money.
Data Breach Hits 140 Cicis Restaurants
Texas-based pizza restaurant chain CiCi’s, recently rebranded as Cicis, informed customers on Tuesday that their payment card information may have been stolen by malware installed on point-of-sale systems at some locations.
The company said it launched an investigation in March 2016, after some of its restaurants reported problems with PoS systems.  Cicis’ PoS vendor soon discovered malware at some locations, which led to a forensic analysis conducted by a cybersecurity firm.
   While in most cases the attackers gained access to PoS systems in March 2016, some restaurants in Florida, Mississippi, North Carolina, Ohio, Tennessee and Texas had been breached since mid-2015.
   Earlier this month, fast food restaurant chain Wendy’s informed customers that a recent breach impacted more than 1,000 of its locations.  The company initially reported that only 300 franchised restaurants had been affected.
Fast-casual restaurant chain Noodles & Company has also suffered a data breach.  The company said cybercriminals planted PoS malware at a majority of its 500 restaurants.

(Related)  If you haven’t seen how quickly you can install a skimmer, watch this video for about 30 seconds…
Raw Video: Men Place Card Skimmer on ATM Store Machine!

Remember, “sports” is a business.
Jeremy Kirk reports:
A former St. Louis Cardinals scouting director has been sentenced to 46 months in federal prison for illegally peeking at a player-drafting database for the Houston Astros – a hefty term for a distinctly unique hacking case.
Christopher Correa, 36, was accused of illegally accessing Ground Control, a cloud-based database that held the Houston team’s most critical observations on potential players, and an Astros email account.  He pleaded guilty in January in federal court in Houston to five counts of unauthorized access to a protected computer.
The case is unique because of the stiff sentence Correa received.
Read more on BankInfoSecurity.

For my Computer Security students.
6 Free Cyber Security Courses That’ll Keep You Safe Online
   I’ve compiled a list of 6 free cyber and information security courses you can take, right now, to boost your awareness of your online surroundings.  Each course is designed for self-learning MOOCs (Massively Open Online Courses), and come with active communities and lecturers you can direct questions towards.

Easy to do, hard to justify?
Brazil judge briefly blocks WhatsApp over criminal case
A Brazilian judge briefly blocked Facebook Inc's WhatsApp messaging service on Tuesday for failing to cooperate in a criminal investigation, before the nation's top court overturned the measure in the third such incident since December.

Demonstrating the even government can grasp the obvious, they just can’t implement it. 
National Privacy Research Strategy outlines US privacy research agenda
by Sabrina I. Pacifici on Jul 19, 2016
Via FTC:  “The White House recently released the first ever United States “National Privacy Research Strategy,” which identifies priorities for privacy research funded by the Federal government.  While focused on government, the strategy is also intended to spur similar private sector efforts.  I participated in the working group that developed the strategy and am excited to see it published.  The NPRS makes the case for why privacy research is important.  It calls for funding for privacy research, coordination across government agencies, and mechanisms to facilitate the alignment of privacy research with real-world requirements.  The NPRS outlines seven national privacy research priorities and provides a set of research questions in support of each priority…”

Someone must have really irritated the powers that be in Washington.  I would have said this was a given, since 501(c)3 status has never been denied before and the Democrats are in power.  Is this a personal shot at Hillary? 
Turned down by the IRS, Philly's DNC host committee goes for Plan B
The IRS has turned down the long-running effort by the Democratic convention's Philadelphia host committee to win a tax exemption.
Word of the decision, a setback for efforts to raise the last of the $60 million needed to help pay for the July 25 to 28 convention, came Friday from its adviser, David L. Cohen.
When the decision came - and why - is less clear.  Cohen would say only that the IRS "recently" turned down the application for tax-exempt status under section 501(c)3 of the tax code, which the committee had sought for more than a year.

Once again I missed the boat.  Who knew that “shaving tools by mail” was worth a billion dollars.  
Unilever Purchases Dollar Shave Club For $1 Billion In One Of The Largest Tech Deals Of The Year
   The acquisition of Dollar Shave Club, which was founded by Michael Dubin in 2011, is a standout deal in what has been a quiet year for technology and online commerce companies.  While the company was not profitable, it recorded $152 million in revenue in 2015 and was on track to do more than $200 million in sales this year.
   The company said that it has 3.2 million members who have subscriptions for products including shaving razors, skin care products and daily wipes.

(Related)  Perhaps this explains why it’s worth a billion?
Dollar Shave Club: How Michael Dubin Created A Massively Successful Company and Re-Defined CPG
   I believed (still do!), in the age of social media, brands must become direct-to-consumer in order to know their own customers.
   I knew that subscription is a business model that only actually works for a select few product categories, and that churn rates must be very low (well under 5% monthly) in order for subscription businesses to succeed at scale.  I believed it was possible to use asymmetric marketing to injure existing incumbents who overly depend on broadcast advertising and distribute only through retailers.

(Related)  Anything to help understand the customer. 
Macy's Teams With IBM Watson For AI-Powered Mobile Shopping Assistant
Macy’s is set to launch an in-store shopping assistant powered by artificial intelligence thanks to a new tie-up with IBM Watson via developer partner and intelligent engagement platform, Satisfi.
Macy’s On Call, as it’s called, is a cognitive mobile web tool that will help shoppers get information as they navigate 10 of the retail company’s stores around the US during this pilot stage.
Customers are able to input questions in natural language regarding things like where specific products, departments, and brands are located, to what services and facilities can be found in a particular store.  In return, they receive customised relevant responses.  The initiative is based on the idea that consumers are increasingly likely to turn to their smartphones than they are a store associate for help when out at physical retail.

I hated Assembler back in the mainframe only days, I still hate it.  (But it may be the best tool for the job.) 
IoT spurs surprise surge in assembly language popularity
Assembly language, a reliable staple of low-level programming, has taken a backseat to the multitude of higher-level, easier-to-use languages that have emerged over the years.  But it is making a comeback, thanks to IoT (the internet of things) and embedded computing.
This month's Tiobe index, which gauges language popularity based on a formula examining internet searches, has assembly returning to its top 10 for the second time this year, with a 10th-place slotting.  It also reached the top 10 in January.

Tuesday, July 19, 2016

How Big Brotherly.
Google: Government requests for user data hit all-time high in second half of 2015
Government requests for user data from Google hit an all-time high in the second half of 2015, the internet company revealed on Monday.
Through July to December 2015, governments from around the globe made 40,677 requests, impacting as many as 81,311 user accounts.  That's an 18 percent spike from the first half of 2015, when government requests for data impacted 68,908 users.
By far and away, the most requests came from the United States, which made 12,523 data requests for this reporting period.  The requests impacted 27,157 users or accounts.

I'm shocked, shocked to find that gambling is going on here!” Captain Renault in Casablanca.
I'm shocked, shocked to find that obfuscation is going on here!”
FBI accused of using outdated IT to foil FOIA requests
   Ryan Shapiro, a national security researcher and Ph.D. candidate at MIT, has been studying the Freedom of Information Act for years with a particular focus on noncompliance by government agencies.  He already has multiple FOIA lawsuits in motion against the FBI, and earlier this month he filed a new one.
In it, he describes numerous attempts to obtain information over the past two years, and the FBI's frequent response that it can't locate what he's looking for.
"When it comes to FOIA, the FBI is simply not operating in good faith," Shapiro said via email.  "Since the passage of the Freedom of Information Act, the FBI has viewed efforts to force bureau compliance with FOIA as a security threat."

The FBI has established "countless means" of foiling FOIA requests, he alleges, including a process by which searches fail "by design."
In particular, the FBI typically conducts FOIA searches in the "universal index" portion of its legacy Automated Case Support system, which was deployed in 1995.  Because of the limitations of that technology, those searches frequently produce no results, he says.
Furthermore, despite the existence of two much better search applications within ACS -- along with newer search technologies implemented since then -- the FBI "almost always refuses" to use those more modern systems on the grounds that they're no more likely to produce results, and that using them would be "unduly burdensome and seriously wasteful of FBI resources," Shapiro says.
"The FBI’s assertion is akin to suggesting that a search of a limited and arbitrarily produced card catalogue at a vast library is as likely to locate book pages containing a specified search term as a full text search of a database containing digitized versions of all the books in that library," Shapiro said.  "Simply, the FBI’s assertion is absurd."

(Related)  …because this is what we expect!
The US Customer Experience Index, 2016
by Sabrina I. Pacifici on Jul 18, 2016
NextGov: “For the federal government, there was really nowhere to go but up in the latest Customer Experience Index released by Forrester Research.  Yet, despite a better score this time around, the government still finished dead last – as it did last year – among 21 industries assessed by Forrester.”

For my Data Management students.  How would you do it? 
Microsoft to host Boeing’s airline data in the cloud
   Boeing said its applications deliver digital navigation information to nearly 13,000 aircraft daily, and help airlines reduce crew scheduling costs and fuel utilization.  The applications also track real-time data on more than 3,800 planes around the globe to monitor operational performance, fuel use, and maintenance needs.

You can learn to use social media from the strangest people.
Pew: Trump's social media posts get more attention than rivals'
Presumptive Republican presidential nominee Donald Trump’s social media posts attract far more attention than those of Democratic candidate Hillary Clinton or her former rival, Sen. Bernie Sanders (I-Vt.), according to a study released Monday.
The Pew Research Center found that Trump’s Facebook posts received an average of 76,885 reactions, compared to Clinton’s 12,537.  Sanders, whose rise was buoyed by an intense Facebook fan base, only received an average of 31,830 reactions to his Facebook posts.
Trump also outpaced the Democrats in shares and comments.
That trend held true on Twitter as well.  The billionaire's bombastic tweets were retweeted an average of 5,947 times.  Clinton's were retweeted an average of 1,581 times, while Sanders’s were retweeted 2,463 times.

Perspective.  The first hard drive in the IBM PC XT (1983) was a 10 MB Seagate.  This is one million times larger.
Seagate unveils hard drives with up to 10TB capacity

Monday, July 18, 2016

Buying into the market?  Why would the US need to approve a China-Norway deal? 
Chinese $1.2 billion takeover of Norway's Opera fails, pursues alternative deal
A Chinese consortium's $1.24 billion takeover of Norwegian online browser and advertising firm Opera Software has collapsed after the deal failed to win regulatory approval by a July 15 deadline, Opera said on Monday, sending its shares to a seven-month low.
Instead, the Kunqi consortium, which includes search and security business Qihoo 360 Technology Co and Beijing Kunlun Tech Co, a distributor of online and mobile games, will take over certain parts of Opera's consumer business for $600 million, Opera said in a statement.
The original deal had needed the approval of the Chinese and U.S. authorities.  Opera did not say whether approval from China, the United States, or both, was lacking.
   The Kunqi consortium now plans to acquire Opera's browser business, both for mobile phones and desktop computers, the performance and privacy apps section of the company as well as its technology licensing business and its stake in Chinese joint venture nHorizon, Opera said.

My Data Management students will need to understand this; therefore, I need to understand it.
Wall Street is obsessed with this technology — but a big group of investors is missing out
Blockchain could be a real game changer for the financial-services industry, and big Wall Street banks and stock exchanges are trying to work out how to make the technology work.
But one big subset of Wall Street — big asset-management companies — is watching from the sidelines.  That could be "a mistake," according to a joint report by JPMorgan and Oliver Wyman released on Wednesday.
   Blockchain, in a nutshell, allows banks and investors to share data through what's called a distributed ledger.  The alternative — which is how things are done today — is that every bank, investor, exchange, and trader keep their own records.  So adopting the technology would cut down on a huge amount of so-called back-office expenses at firms that have huge staffs working just to keep records up-to-date.
And it would reduce the possibility that the data can be tampered with.

IBM Pushes Blockchain into the Supply Chain
IBM’s new service will help companies test online ledger technology to track high-value goods as they move through supply chains

Something for my graduate students to consider?
How Many of These Meeting Etiquette Rules Do You Follow?

Why everyone wants VR?

Sunday, July 17, 2016

Trivial as such things go, but highly visible!
Oh No! Pokémon GO Servers Down From Poodle Corp DDOS Attack
   Hacker group PoodleCorp announced on Twitter today that they were responsible for this Tangela tragedy via a DDoS attack.
The hacker group tweeted, “PokemonGo #Offline #PoodleCorp”.  Pokémon trainers around the world demanded to know why PoodleCorp would be so cruel.
   Ofer Gayer, product manager for DDoS at Imperva for the Incapsula product line noted that online games such as Pokémon GO are subject to latency and availability issues and therefore are ideal targets for DDoS attacks.  A DDoS is an attempt to make an online service unavailable by overwhelming it with traffic from multiple attack points and devices.
   This hack, combined with the fact that Pokémon GO was just released in an additional twenty-six countries, crashed Nintendo servers hard,

One way around the Microsoft ruling.  Moving to a world government?  Moving to a world of Big Brother? 
U.S. to Allow Foreigners to Serve Warrants on U.S. Internet Firms
The Obama administration is working on a series of agreements with foreign governments that would allow them for the first time to serve U.S. technology companies with warrants for email searches and wiretaps—a move that is already stirring debates over privacy, security, crime and terrorism.
   Word of the plans came one day after a federal appeals court ruled that federal warrants couldn’t be used to search data held overseas by Microsoft Corp. , dealing the agency a major legal defeat.
The court’s decision in favor of Microsoft could prove to be a major barrier to the Obama administration’s proposed new rules to share data with other nations in criminal and terrorism probes, which would be sharply at odds with the ruling. It might lead some companies to reconfigure their networks to route customer data away from the U.S., putting it out of the reach of federal investigators if the administration’s plan fails.
The Justice Department has indicated it is considering appealing the Microsoft ruling to the Supreme Court.
   Under the proposed agreements described by Mr. Wiegmann, foreign investigators would be able to serve a warrant directly on a U.S. firm to see a suspect’s stored emails or intercept their messages in real time, as long as the surveillance didn’t involve U.S. citizens or residents. [On both ends of the connection?  Bob]
Such deals would also give U.S. investigators reciprocal authority to search data in other countries.

We are living an “Animal House” world.  That’s how “Double Secret Probation” works!
Lindsay Whitehurst of AP reports:
The National Security Agency asked a judge Thursday to dismiss a lawsuit from a former Salt Lake City mayor who says the agency conducted a mass warrantless surveillance program during the 2002 Winter Olympics.
The NSA argues the claims are implausible speculation about a program that may never have existed, but the government faced pointed questions from U.S. District Judge Robert Shelby.
“These plaintiffs allege willful, intentional, unlawful conduct in violation of constitutional rights by our elected representatives at the highest levels and by our government,” Shelby said.  A courtroom might be the only place where the matter can be addressed, he said.
Read more on KSL.
[From the article:
"They have not denied these allegations.  They just somehow say they are implausible," he said.
The lawsuit filed in August alleges the NSA collected the contents of text messages and emails and metadata about every phone call in the Salt Lake City area before and during the Games that took place less than six months after the attacks on Sept. 11, 2001.

Nothing new, but a quick summary in slides.  I’ll list a few…
6 high-tech ways thieves can steal connected cars
Car cloning
“Car cloning” is an advanced form of vehicle theft, where savvy thieves create and install a fake vehicle identification number (VIN) for a stolen vehicle, allowing it to go unnoticed in plain sight.  This method is primarily used to take high-end luxury vehicles and sell them overseas for profit, remaining undetected.  Hackers can then use the purloined VINs to alter ownership forms, or to create false new documents to hide a stolen car’s true identity.
Vehicle-enabled ransom
One growing and increasingly lucrative type of cybercrime is the use of ransomware, where inserted malware encrypts digital data and instructs a victim to pay the criminal a ransom to restore the decrypted information.  With the emergence of the connected car and vehicles being used as WiFi hot spots, vehicle-enabled ransomware is a predictable next step for hackers, exploiting this new avenue to commit digital “kidnapping”.  For example, in the near future, they could easily break into a vehicle, disable the engine and brakes, and demand bitcoin to restore the car to its functional state.
Scanner boxes as smart keys
Connected vehicle thieves have begun carrying scanner boxes, or devices that can exploit the electronic system utilized by key fobs.  These criminals can then unlock, and even start, a vehicle without even touching the key.  Once the key comes in close enough range to the scanner box and is compromised.  This problem has been particularly noted in Washington state.

Perspective.  Insight?
Cyberpower Crushes Coup
   The guide book to running a coup is still Luttwak’s Coup d’État, but it needs to be revised to reflect the use of cyberpower.  In the same vein, people who talk about cyberpower need to understand what it actually is (hint: it isn’t a stockpile of exploits, it’s the ability to create and maintain advantage.)

Explaining my students?
4 charts that prove that today’s 30-year-olds are NOT adults

How can I not pass this along?
Made with Code
Time for Emoji Equality
Until now, emoji representing women haven’t been, well…representative.
Let’s change that.  Google is working to make sure emoji include a wider range of female professions.  And now, we’re inviting you to join the movement by coding your own.

Dilbert neatly summarizes research on the Internet.