Saturday, August 20, 2016

Explaining to my students why Computer Security is cost effective.  An insider copied and tried to sell customer data. 
There’s an update to an insider breach involving the Czech subsidiary of T-Mobile.
Telecompaper reports (subscription required) that the Czech data protection watchdog has fined T-Mobile CZK 3.6 million (approximately $150,000) for not having sufficient safeguards in place.


Nothing to prevent attacks?  More video recording to identify terrorists after they strike. 
Zeke Turner reports:
…. A country branded by its dictatorial past, when surveillance was both dreaded and commonplace, Germany has some of the world’s toughest privacy laws.  But after two attacks claimed by Islamic State and a mass shooting this summer, the government is pushing to recalibrate the balance between security and anonymity.
This month, German Interior Minister Thomas de Maizière introduced a raft of security proposals.
Read more on WSJ.


Perhaps our computer club could hack our LMS (preferably with an ax)
NBA holds its first hackathon -- should your company, too?
Companies large and small have already embraced the hackathon as a way to foster collaboration and innovation, and now the NBA has announced that it's jumping on board.
Scheduled to take place next month in New York, the NBA's first-ever event is open to undergraduate and graduate student statisticians, developers and engineers in the U.S. who are interested in building basketball analytics tools.  Participants will present their work to a panel of expert judges and an audience of NBA League Office and team personnel.
   Once considered a decidedly alternative approach, hackathons are becoming a mainstream corporate tool.  The obvious next question is, should your company get involved?
   There are actually two different kinds of hackathons: internal ones, where a company's own staff are the participants, and external ones, which are open to the public.


OH dear, is it Saturday already?
Hack Education Weekly News
   How often are students tasered at school?  We don’t know.  From the Huffington Post, a look at school police taser policies/practices and their effects on students: “Set to Stun.”
   Personalized CliffNotes” pretty much sums up the state of ed-tech in 2016.
   “‘Clickbait’-esque titles work for academic papers too,” says Boing Boing.
   Via The New York Times: “Last year’s law school graduates landed fewer jobs in private practice than any class in the last two decades, according to the National Association for Law Placement, which tracks developments in the legal profession.”

Friday, August 19, 2016

“We didn’t know how to secure our terminals until we were breached, then we immediately secured our terminals.”
Eddie Bauer Is Latest Retailer Infected With Data Breach Malware
Just days after hotel operator HEI said 20 of its hotels had been infected, Eddie Bauer said its 350-or-so stores in the U.S. and Canada had also been the victim of a malware attack.
Cleaning up the mess won’t be cheap—Eddie Bauer said Thursday that it had arranged for all customers who made purchases and returns during this period to get free identity protection services from Kroll for the next year.
   Eddie Bauer’s terminals were infected on various dates between January 2 and July 17 of this year.  Since it discovered the infection, it said, it has strengthened its security.
   “We have been working closely with the FBI, cybersecurity experts and payment card organizations, and want to assure our customers that we have fully identified and contained the incident and that no customers will be responsible for any fraudulent charges to their accounts.”


At least it’s not Pokémon!
Catalin Cimpanu reports:
Data breach index service LeakedSource has told Softpedia that it has received the full database and source of Leet.cc, a service for creating and running Minecraft Pocket Edition servers.
According to a LeakedSource spokesperson, the database includes records for 6,084,276 users that have signed up with Leet.cc.
For each user, the data included a username, a hashed password, the registration and last login dates, and a user ID.  For the vast majority of users, but not for all, there was also an email address associated with their account.
Read more on Softpedia.


Be careful if you use this to keep track of your kids!
Maker of web monitoring software can be sued, says court
The maker of so-called spyware program WebWatcher can be sued for violating state and federal wiretap laws, a U.S. appeals court has ruled, in a case that may have broader implications for online monitoring software and software as a service.
   Awareness pitches WebWatcher as monitoring software for parents and employers.  "All WebWatcher products install easily in 5 minutes or less, are undetectable (thus tamper proof) and all recorded data is sent to a secure web-based account which allows you to monitor kids and employees at your convenience from any computer," the company says.
   The case also may have implications for corporate monitoring of employees when those employees correspond with people outside the company, added Braden Perry, a regulatory and government investigations attorney with Kansas City-based Kennyhertz Perry.
"If services monitor in 'real-time' even with the employees’ consent, those that the employee corresponds with may have a cause of action," he said by email.  "This decision not only places potential liability on the individual using the service but the service itself."


Hands off?  That’s a new idea in government.  (I agree, but now I’m also suspicious!)
The US government’s fix for airlines’ tech problems is to do nothing
From the US to UK to India and elsewhere, technical failures have been plaguing the commercial aviation industry in recent years.  We’ve counted 24 major disruptions in the US since 2015.  Yet, the US Department of Transportation has no plans to try to regulate the industry into technical resiliency.
A spokesperson for the DOT told Quartz that the agency is of the opinion that the high cost of glitches is the only needed deterrent to prevent future outages.
   According to the DOT, the combined incentives to avoid losing revenue, keep performance metrics high and have happy customers are “likely a more effective incentive than detailed regulations concerning the carriers’ IT systems.” [How Adam Smith-like.  Bob]
   Other than systems that are directly related to aviation safety the department “does not inspect or regulate airlines’ IT systems,” according to the DOT’s statement.
Nonetheless, the issues have attracted the attention of members of the US Congress.  Two Senators, Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.), have sent letters to US airlines requesting information about what the carriers are doing to prevent future outages and how it deals with them when they do.

(Related) Another version of “hands-off?”  “We’re going to sanction them, but not really.”
U.S. Grants ZTE Another Extension of Trade-Sanctions Relief
The U.S. government extended a lifting of sanctions against ZTE Corp. for the second time, as the Chinese maker of telecommunications equipment works to repair its reputation after allegedly violating U.S. trade rules.
In a statement Thursday, the U.S. Commerce Department said its temporary sanctions relief will be extended to Nov. 28, which allows ZTE to continue working with U.S. suppliers.
   The U.S. Commerce Department added ZTE to its “Entity List,” a list of foreign groups or individuals that present risks to U.S. national security or foreign policy interests.
   But just two weeks after announcing its sanctions, the U.S. granted ZTE a temporary reprieve through June 30, saying that the temporary license it was granting ZTE would be renewable if the Chinese company cooperated fully.  In June, the U.S. government extended the temporary relief through Aug. 30.


Why?
Yik Yak completes a pivot away from anonymity with status messages and a feed of nearby users
In March, the college-centric social network Yik Yak took a step away from its origins in anonymity by asking users to create "handles" that they could optionally attach to their posts. Today the company is eliminating the last traces of anonymity from its app, requiring users to create handles that will be attached to their activity on Yik Yak.
   The result feels much more like a chat app than the Yik Yak of old, which served as a kind of (anonymous) community bulletin board for discussing in-jokes and campus events.  Droll and his co-founder, Brooks Buffington, positioned the new version of Yik Yak as a way to help its users feel more connected to the world around them.  But it’s also an acknowledgement of what founders of social networks have come to accept as a law of gravity: apps that don’t require users to establish a persistent identity are doomed to fail.  Secret, Ask.fm, Formspring — each app allowed users to post or send messages anonymously, and each saw an early spike in users only to fade when their novelty wore off.


Another technique for my Crypto students.
This algorithm can hide messages in dance music
It's long been known that secret messages can be included in music through techniques such as backmasking, but now a Polish researcher has developed an entirely new approach.  By subtly varying the tempo of a particular type of dance music, he's managed to encode information in a way that's completely inaudible to human listeners.
   His paper is now available online.

Thursday, August 18, 2016

If this is the Russians, what is their strategy?  Hackers don’t just brag about their achievements, because that forces the vulnerable companies to fix the holes in the systems.  Disclosing someone else’s hacking techniques suggests you have other techniques that are equally successful.  But I doubt the NSA would share first level tools with third parties, so what benefit do the Shadow Brokers gain? 
Cisco And Fortinet Confirm Flaws Exposed By Self-Proclaimed NSA Hackers
American firewall providers Cisco and Fortinet have issued warnings and fixes for bugs exposed by the Shadow Brokers, who claimed this weekend to have breached the Equation Group, believed to be an NSA operation.
Cisco and Fortinet had initially determined there was little of concern in the leak, but after researchers showed how the respective technologies could be exploited, the tech firms have taken action to protect customers.  That both have come forward adds further weight to the claims the Shadow Brokers’ leak really does contain information stolen from an NSA server, indicating the US intelligence agency was attacking American manufacturers’ security products without telling the companies.  And, as the files were dated between 2010 and 2013, the affected firewalls have been hackable for at least three years.


Innovative and depressing.  I see a future for this kid at any Internet company.
Steve Ragan reports:
Evan Robertson, age 10, took a science fair project and turned it into a valuable lesson in privacy earlier this month at rootz Asylum, a kids-only gathering at DEF CON where children can learn about security in a safe, encouraging environment.
Evan wanted to do something different for his school project.  He just wasn’t into volcanoes.
“I was thinking about a really cool project, I didn’t want to do normal stuff,” he explained in an interview with Salted Hash.
Instead, he asked his dad for ideas.  Several options were discussed, but eventually (at Evan’s insistence) the two decided to see if people cared about their privacy and security when connecting to public Wi-Fi.
Evan’s project required a Raspberry Pi, and the base kit ($75) included almost everything needed to prove his hypothesis.  He created a hotspot that would offer free internet access to anyone using the SSID of FREE PUBLIC WIFI, provided the user agrees to a horrendous Terms of Service (TOS).
For example:
“…You agree to allow your connecting device to be accessed and/or modified in any way by us, including but not limited to harvesting of personal information and authentication data, reading and responding to your emails, monitoring of your input and/or output, and “bricking” of your device…”
Read more on Salted Hash.


Interesting.  The data is available now, the tool will be available soon!
Researchers have presented the first-ever comprehensive analysis of third-party web tracking across three decades and a new tool, TrackingExcavator, which they developed to extract and analyze tracking behaviors on a given web page.  They saw a four-fold increase in third-party tracking on top sites from 1996 to 2016, and mapped the growing complexity of trackers stretching back decades.
Read more about the research out of U. of Washington on ScienceDaily.


Driving into the future?  My students could not believe that Uber was not making a profit. 
Uber’s first self-driving cars will start picking up passengers this month
It’s been a while since news broke in early 2015 that Uber was working on self-driving cars.  Earlier this year, the company openly admitted it was testing cars in Pittsburgh, but we haven’t heard much more over the last 18 months.
With Google, the self-driving car leader, slowly making progress with its autonomous cars, you’d be forgiven for thinking Uber’s efforts are far behind and barely visible in its frenemy‘s rearview mirror.
Well think again!
It turns out Uber has been making very rapid progress on its plan to replace its one million-plus drivers with computers.  Bad news if you’re an Uber driver…
In an interview with Bloomberg, CEO Travis Kalanick revealed that the company is preparing to add self-driving cars to its fleet of active drivers in Pittsburgh as soon as this month.

(Related) Apparently, Uber does not lead the race.
Helsinki has just sent its new self-driving buses onto regular roads
China may have its bizarre straddling bus, but Finland is also moving ahead with plans for a high-tech public transportation system.
We’re talking self-driving buses, with a couple of its specially designed box-shaped vehicles now tootling along regular roads in the country’s capital city of Helsinki.
It’s part of a month-long trial, but the fact that they’re now allowed to mix with regular traffic suggests it may not be too long before more of the buses hit the city’s streets as part of a permanent program.
   Helsinki’s new electric buses, which can carry up to 10 passengers, are the work of France-based EasyMile, which itself is a joint venture between French automaker Ligier and Indian robotics firm Robosoft.


Back to the future?
World’s largest aircraft just took flight. But, observers are stuck on what it looks like.
Just before twilight on Wednesday at Cardington Airfield in Bedfordshire, England, a giant airship took a buzzy first flight.  It was a brief victory lap for the largest aircraft on the planet.  The aircraft’s maiden voyage lasted for a half-an-hour as the jumbo ship — at 302 feet in length, that’s a fifth longer than the longest jet — circled the airfield.
The dirigible moved like a slow queenly wave, somewhat undercut by the fact the ship looks like, well, a butt.


Interesting.  It looks like a consistent 98% of applications are approved.  The people denied should certainly know better.  E.g. convicted felons. 
Background Checks for Firearm Transfers, 2013–2014 – Statistical Tables
by Sabrina I. Pacifici on Aug 17, 2016
Background Checks for Firearm Transfers, 2013–14 – Statistical Tables – Trent D. Buskirk, Ph.D., Regional Justice Information Service, Joseph M. Durso, Regional Justice Information Service, Ronald J. Frandsen, Regional Justice Information Service, Jennifer C. Karberg, Regional Justice Information Service, Allina D. Lee, Bureau of Justice Statistics, June 30, 2016. NCJ 249849.
“Describes background checks for firearm transfers conducted in 2014, including partial data for 2013, and presents estimates of firearm applications received and denied annually since the effective date of the Brady Act through 2014.  Tables provide data on the number of firearm transaction applications processed by the FBI and by state and local agencies, the number of applications denied, reasons for denial, and estimates of applications by jurisdiction and by each type of approval system.  State-level 2014 estimates are included for states with local checking agencies.  Data are from BJS’s Firearm Inquiry Statistics (FIST) program, which annually surveys state and local checking agencies to collect information on firearm background check activity and combines this information with FBI’s National Instant Criminal Background Check System (NICS) transaction data.”

Wednesday, August 17, 2016

The ever increasing dangers of an ever more connected world.
Special Report: Not so SWIFT - Bank messaging system slow to address weak points
More than a dozen current and former board directors and senior managers of SWIFT, the bank messaging system that helps transmit billions of dollars around the world every day, have told Reuters the organization for years suspected there were weaknesses in the way smaller banks used its messaging terminals – but did not address such vulnerabilities.
The sources said that until February, when hackers tried to steal nearly $1 billion dollars by breaking into the messaging system at Bangladesh's central bank, SWIFT had not regarded the security of customer terminals as a priority.  Top executives either did not receive information from member banks about specific attempts to hack the messaging network, or failed to spot those attempts themselves, the managers said.

(Related) Want our help getting your money back?  Drop the lawsuit.
BB no longer plans to sue Fed for heist
Bangladesh's central bank said it has reversed its plans to sue the Federal Reserve Bank of New York and the SWIFT money transfer network, and instead intends to seek their help recovering $81 million stolen by cyber thieves in February.


Which ‘society’ do we take our ‘norms’ from?
Joe Cadillic writes:
Unfortunately, student assessments have been going on since 1990, students across the country at grades 4, 8 and 12 are being given reading, mathematics, writing, science, U.S. history, geography assessments.
Indoctrinating students and assessing their mindset was a hallmark of Nazi Germany.  Our kids are being assessed from grade school through college.  This should scare the crap out of everyone, why is the mass media silent as our gov’t assesses kids?
Read more on MassPrivateI.
Joe and I have had a fascinating debate about the rest of his post.  We agree in principle that mindset assessments are just wrong for so many reasons, but we wound up in some gentle disagreement over the legality under federal laws.  I think that districts may be able to get away with these if they obtain prior parental consent.  I hope that if asked, parents do NOT consent, but that’s another story.
As I wrote to Joe in one of our exchanges today, I am actually all for academic assessments that can tell us whether children are ready for the next stage of curriculum or if they need additional rehearsal or remediation for.  I don’t want children being pushed through the system, and such assessments can be used by parents to argue for more help and services for their child.  But:
I draw the line at social-emotional assessments, which I think schools should ONLY be doing if: (1) they have empirically validated tools (which they generally don’t have) and (2) parental consent in advance, and (3) adequate data security and privacy protections (which they generally don’t have).
Go read Joe’s post and then reply either there or here to let us know what you think of this issue.


For my Architecture students.
Future Workforce Study 2016
by Sabrina I. Pacifici on Aug 16, 2016
“Dell and Intel have teamed up to create their newest Future Workforce Study 2016 which reveals how people around the world feel about how technology is shaping the workplace.  Collaborating with Penn Schoen Berland (PSB), a series of online interviews were conducted across seven target industries, with adults who work more than 35 hours a week.  With advancements in smart workplace technologies, the time is now to discover how your workforce is truly evolving and how to be future-ready.  Explore the key takeaways and download the full global study findings…”


Bot architecture?  Push content to interested “fans?”
Sports Illustrated Olympics bots now on Facebook, Slack
Sports Illustrated launched bots on Facebook Messenger, Telegram, and Slack today to share its coverage from the Rio 2016 Summer Olympics.
An additional bot will launch on Skype later this week.  A complete list can be found on the GameOn website.
“Every hour on the hour you are going to be pushed the top trending Sports Illustrated (SI) Olympics article, [based on] whatever SI is able to glean from their user data, but if there’s breaking news, immediate coverage on that will come in between the hours,” said Alex Beckman, CEO of sports chat company GameOn.  GameOn partnered with Sports Illustrated to create the bot.


Introducing my students to programming without teaching them programming languages?
Build A Mobile App With No Programming Knowledge With Codeless Apps
Plenty of people want to create their own smartphone apps, but don’t necessarily want to learn how to code.  These two positions are not necessarily contradictory, and it’s totally possible to build a basic mobile app by using a number of drag-and-drop tools.
   When researching this post, I was surprised at the sheer number of companies offering codeless app development platforms.  Just to rattle some names off the top of my head, there’s AppGyver’s Composer, Ionic Creator (which was formerly known as Codiqa), EachScape, and Shoutem.  Each of these products have one thing in common: they are aimed primarily at business users.


So how do we turn this into a business plan?
7 Interesting Stats on Modern Online Shopping Habits


How can you ignore a headline like this?
Video Job Interviews: Hiring for the Selfie Age
For job seekers looking to make a good first impression, a working webcam and a tidy room might be the new firm handshake.
First-round job interviews are the latest part of the hiring process to undergo digitization as companies use video interviews to cut recruiting costs and times. Cigna Corp. , Goldman Sachs Group Inc. and International Business Machines Corp. are among the employers now asking some applicants to log on to a website and submit video responses to interview questions in lieu of talking with a human.  The method has grown in recent years as nearly everyone has access to a laptop or smartphone with a front-facing camera, and companies say it is an efficient, fair and inexpensive way to process hundreds of applicants.


“In five years” has always been translated as “assuming a miracle.”
Ford to offer self-driving cars without steering wheels by 2021


This might be a good way to identify books you want to actually read!
These Videos Will Give You the Summary of Big Business Books in Just 4 Minutes
That Elon Musk biography and Peter Thiel's book on startups have been on your reading list for a while. Will you ever get to them?
For all you procrastinators, or for those who need a refresher, New York-based Board Studios has created a series of videos that summarize business books in four minutes.  In them, an artist's hands are seen taking notes while a narrator offers the gist of books such as Thiel's Zero to One, Elon Musk and Holacracy.

Tuesday, August 16, 2016

You don’t hack the NSA, but like anyone else, third party systems might be more vulnerable. 
NSA hacked? Top cyber weapons allegedly go up for auction
An anonymous group claims to have stolen hacking tools that might belong to the National Security Agency and is auctioning them off to the highest bidder.

It’s a pretty bold claim, but the hackers have offered sample files, and some security researchers say they appear to contain legitimate exploits.
The files were allegedly stolen from the Equation Group, a top cyberespionage team that may have links to the NSA.


Interesting how useful this would be for intelligence agencies.  It could flag anyone who contacts known terrorists, for example. 
Linux bug leaves 1.4 billion Android users vulnerable to hijacking attacks
An estimated 80 percent of Android phones contain a recently discovered vulnerability that allows attackers to terminate connections and, if the connections aren't encrypted, inject malicious code or content into the parties' communications, researchers from mobile security firm Lookout said Monday.
As Ars reported last Wednesday, the flaw first appeared in version 3.6 of the Linux operating system kernel, which was introduced in 2012.  In a blog post published Monday, Lookout researchers said that the Linux flaw appears to have been introduced into Android version 4.4 (aka KitKat) and remains present in all future versions, including the latest developer preview of Android Nougat.  That tally is based on the Android install base as reported by statistics provider Statista, and it would mean that about 1.4 billion Android devices, or about 80 percent of users, are vulnerable.
   The vulnerability makes it possible for anyone with an Internet connection to determine whether any two parties are communicating over a long-lived transport control protocol connection, such as those that serve Web mail, news feeds, or direct messages.  In the event the connections aren't encrypted, attackers can then inject malicious code or content into the traffic.  Even when the connection is encrypted, the attacker may still be able to determine a channel exists and terminate it.  The vulnerability is classified as CVE-2016-5696.

(Related) spying without a designed bug.
Three Surprising Ways Your Smartphone Can Be Used to Spy On You
   you might not know that your photos, Bluetooth, and even smartphone battery could be used to spy on you…


They can’t do it domestically, but they want to exercise the tools so they reach out to law enforcement in other countries? 
Australian Authorities Hacked Computers in the US
Australian authorities hacked Tor users in the US as part of a child pornography investigation, Motherboard has learned.
The contours of this previously-unreported hacking operation have come to light through recently-filed US court documents.  The case highlights how law enforcement around the world are increasingly pursuing targets overseas using hacking tools, raising legal questions around agencies’ reach.
In one case, Australian authorities remotely hacked a computer in Michigan to obtain the suspect’s IP address.
“I think that's problematic, because they've got no jurisdiction,” Greg Barns, an Australian barrister who practices criminal and human rights law who's also a former national president of the Australian Lawyers Alliance, told Motherboard in a phone call.
   “The person would have to have a link to the jurisdiction,” Barns, from Stawell Chambers, wrote in an email.
He added that authorities might be able to argue that because the site's owner was Australian, that gives them the greenlight to conduct overseas searches for other suspects.  At one point, The Love Zone server was also reportedly moved to Brisbane, giving Task Force Argos, the Queensland Police Service unit that took over the site, access to every private message on the site.
“But they can't simply wander around the world, assisting other law [enforcement], saying, ‘We're here to help,’” Barns said.


How are we ever going to keep up with all the hacks?
Thousands of Soros docs released by alleged Russian-backed hackers
Hackers believed to be backed by Russia this weekend publicly released more than 2,000 documents connected to billionaire Democratic donor George Soros and his Open Society Foundations.
The documents detail the ins and outs of Soros’s groups, which have funded a slew of public health, human rights and education programs around the globe, while also mounting opposition to hard-right conservatives in the U.S.


Interesting, but I would add a few more criteria.  (Maybe just tweaks to the wording?)  Similarity to recent hacks in the industry.  Missing “Best Practice” defense. 
Dan Munro had an interesting conversation with Jeff Williams of Contrast Security at BlackHat, which led to a draft scoring system for data breaches and corporate responses:
  1. Tone – Is the announcement apologetic and not blaming?  Does it acknowledge that there should have been better defenses and that the breach should have been detected and been able to stop the attack?
  2. Timeline – When was the initial break-in?  When was it discovered?  How long to disclose?
  3. Scope – What information was stolen and what control was lost?
  4. Size – How many people were affected? How many servers?
  5. Root Cause – What was the underlying vulnerability that was exploited?  What defenses are in place and how did the attack bypass the defenses?
  6. Discovery – Who discovered it?  Victims?  Security firm?  Why didn’t you know earlier?
  7. Remedy – Are you really making victims whole?  For how long? [Personal Health Information – PHI is literally lifelong]
  8. Future – What are going to do to prevent future/similar attacks?
  9. Blame – Did you state or imply that the attack was “sophisticated” or “advanced?” Did you provide any evidence of that?
  10. Oddities – Were there any oddities to the timeline not making sense – or details that stretch credulity?
Read more on Forbes.


How Big Brotherly of them.  Everyone should be as handicapped as the EUs’ telecoms? 
EU plans to extend some telecom rules to web-based providers
The European Union is planning to extend telecom rules covering security and confidentiality of communications to web services such as Microsoft's Skype and Facebook's WhatsApp which could restrict how they use encryption.
The rules currently only apply to telecoms providers such as Vodafone and Orange.
   "Unlike telcos, OTT (web-based) are global players that are allowed to commercially exploit the traffic data and the location data they collect," telecoms group Orange said in a response to the EU's public consultation on the reform proposals.
Under the existing "ePrivacy Directive", telecoms operators have to protect users' communications and ensure the security of their networks and may not keep customers' location and traffic data.


This is interesting.  Think it could become popular here in the US?
theguardian – Police to hire law firms to tackle cyber criminals in radical pilot project
by Sabrina I. Pacifici on Aug 15, 2016
Private law firms will be hired by police to pursue criminal suspects for profit, under a radical new scheme to target cyber criminals and fraudsters.  In a pilot project by the City of London police, the lead force on fraud in England and Wales, officers will pass details of suspects and cases to law firms, which will use civil courts to seize the money.  The force says the scheme is a way of more effectively tackling fraud – which is now the biggest type of crime, estimated to cost £193bn a year.  It is overwhelming police and the criminal justice system.  The experiment, which is backed by the government and being closely watched by other law enforcement agencies, is expected to lead to cases reaching civil courts this year or early next year.  Officers will use the private law firms to attempt to seize suspects’ assets.  If unsuccessful, police could decide to leave it at that or pursue the case themselves through the criminal courts…”


If you do gather data, is it the right data?
Are You Collecting the Right Data? Lessons from American Apparel
How many Facebook likes and Instagram followers does your company have?  How about memberships, or downloads?  As these numbers grow from hundreds to thousands to millions, you may assume that your business is riding high.  Apparently your customers love you, and there are many more to come.
But according to Thoryn Stephens, the chief digital officer at American Apparel, measurements like these can constitute what he calls “fake or false metrics.”  They may be distracting you from underlying problems, or untapped potential. Instead, businesses need to focus on “the true metrics that drive value,” he said at the recent Wharton Customer Analytics Initiative Conference.


We should be watching start-ups in India closely. 
India’s WhatsApp rival Hike raises $175M led by Tencent at a $1.4B valuation
India has a new tech unicorn. Hike, a four-year-old messaging app, today announced that it has closed $175 million in funding led by new investors Chinese internet giant Tencent and manufacturing firm Foxconn.  The Series D round values the company at $1.4 billion, founder and CEO Kavin Bharti Mittal confirmed to TechCrunch.
   Born out of a joint-venture between Bharti and SoftBank, Hike includes standard messaging app features you’d expect, alongside free voice calling and a few other twists.  It has put emphasis on local users with features that include a privacy option to hide chat messages, in case a nosey relative gets hold of your phone as can happen in India, and the ability to send messages via SMS to friends who aren’t using the Hike app, another foreseeable usecase in the country.
   “Every market has two messaging apps that do well,” [Not sure I’d agree with that.  Bob] he said in an interview with TechCrunch.  “There’s one that replaces SMS and one that does a lot more than that. Hike doesn’t even compete with WhatsApp today, it is used very actively in addition to other apps.”

(Related)  Same for Russia.
The Top 8 Russian Social Networks (And What Makes Them Great)
   This difference in social media use is of huge importance for brands who use social media sites for advertising, as it can completely change a marketing strategy that is used in other parts of the world. That aside, it’s also just interesting to see how online communication can differ in different parts of the world!


Another point of view on BitChain.  Not sure I like where this one is going.  (Not all Americans are evil.)
UNRISD – Development Finance: Can Bitcoin play a role in social finance?
by Sabrina I. Pacifici on Aug 15, 2016
The United Nations Research Institute for Social Development (UNRISD) – The United Nations Research Institute for Social Development has released a new paper that explores the potential for digital currency Bitcoin to facilitate what author Brett Scott describes as ‘truly empowering social and solidarity-based finance’.  “Bitcoin has been ambivalently received by many in international development circles,” the report states.  “Despite this, the question of whether Bitcoin can be harnessed to build [a] new means of solidarity-based finance remains unanswered.  This paper sketches out some key issues practitioners should consider when thinking about cryptocurrency technology.”


Amusing, but he has a point.  (Several, actually.)
The Big Tech Election Stories No One Else Is Covering
   In the case of both the Clinton email scandal and the DNC email leak -- not to mention the various whistle-blower events -- what interests me isn't what's been covered but what hasn't been covered.  I'll shine a light on some of the huge misses from a tech perspective.


If I know when the light will change, my self-driving car can time itself to hit the intersection at the full (legal) speed!
Audi Traffic Light Timer Tech Counts Down To Green, Further Enables Texting Road Warriors
   Traffic light information is an Audi PRIME feature and will allow vehicles to communicate with the infrastructure in select metropolitan areas throughout the United States.  The service connects to the internet via LTE to Traffic Technology Services servers.  The feature will inform drivers of how much time there is left until a light turns green.


Face to face with my students?  That’s another reason to never own a smartphone!
Google's new video-chatting app is finally here, but the best feature doesn't work for iPhone users
   The tech giant first announced the app, Google Duo, at Google IO in May.  It's a simple, one-to-one messaging app that doesn't come with a lot of fanfare — you simply scroll through your contacts to see who has the app, click, and connect.  But as Nick Fox, vice president of Google's communications division, told Business Insider, that was intentional.


Illustrating why Hillary thought she could not trust the State Department?

Monday, August 15, 2016

For my Computer Security students.
Report – Data Theft Rising Sharply, Insider Threats Cited as Leading Cause
by Sabrina I. Pacifici on Aug 14, 2016
New Ponemon Institute Report Finds Most Employees Have Too Much Access, Multiplying Damage When Accounts Are Compromised: August 2016”


Interesting that www.securityweek.com is down.
The proxy failed to connect to the web server, due to TCP connection timeout.


We have the technology so we might as well have to use it.
How states use facial recognition to sniff out driver's license fraud
   Deep learning makes it easy and cheap to scan millions of photos for duplicates and fraud, and since it doesn’t involve any extra data collection or access — you just need to find matching entries, not link them to an identity — privacy groups see it as one of the more benign forms of facial scanning.  Forty-three of the 50 states have used some form of that technology, with seven of those states adopting the system for driver’s licenses in the last three years.  (The holdouts are California, Missouri, Louisiana, Mississippi, Maine, New Hampshire, and Vermont.)


It will be interesting to see if the Aussies solve this or elect a government that can.  Thoughts for my Architecture students.  Another ‘industry’ using obsolete technology? 
Census 2016: A case study in the confluence of failure
With continuous cuts to its funding, alongside an arrogant, dispassionate attitude towards the community and a systems provider that couldn't get the simple things right, it's little wonder the 2016 Australian Census turned into an absolute debacle.
   "It's the government that have made cuts to ABS staff and the ABS budget.  It's the government that failed to explain the changes that were happening prior to Census night.  It's the government who said it was all going well."
In February last year, the Australian Bureau of Statistics (ABS) thought about moving to a 10-year Census cycle, such were its IT woes and need to save money after "efficiency dividends" were imposed on it by governments of both stripes.
Former chief statistician Brian Pink warned in the 2013 ABS annual report that ageing infrastructure and reduced budgets from the government had the potential to "seriously compromise" the agency's sustainability.  It also certainly did not help that Pink's role as chief statistician was left vacant for over a year.


For my Data Management students.  Last published 16,000 Internet years ago! 
Updated Circular A-130, Managing Information as a Strategic Resource
by Sabrina I. Pacifici on Aug 14, 2016
White House – OMB: [July 26, 2016] “the Office of Management and Budget (OMB) …releas[ed] an update to the Federal Government’s governing document for the management of Federal information resources: Circular A-130, Managing Information as a Strategic Resource.  The way we manage information technology (IT), security, data governance, and privacy has rapidly evolved since A-130 was last updated in 2000.  In today’s digital world, we are creating and collecting large volumes of data to carry out the Federal Government’s various missions to serve the American people.  This data is duplicated, stored, processed, analyzed, and transferred with ease.  As government continues to digitize, we must ensure we manage data to not only keep it secure, but also allow us to harness this information to provide the best possible service to our citizens.  [This] update to Circular A-130 gathers in one resource a wide range of policy updates for Federal agencies regarding cybersecurity, information governance, privacy, records management, open data, and acquisitions.  It also establishes general policy for IT planning and budgeting through governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources, and supporting infrastructure and services.  


Why use old technology, even if everyone else is? 
Google Fiber To Go Wireless? Underground Fiber Optic Cables Proving Too Expensive And Time-Consuming
The Google Fiber unit of Alphabet could be looking at going wireless, as the cost and time associated with installing underground fiber optic cables for the high-speed broadband internet service is slowing down the business.
   for most cases, Google Fiber is looking to use wireless technology to connect homes to the service as opposed to underground fiber optic cables.  In other cases, Google would be looking to lease existing fiber networks or ask the cities or power companies to build out the networks themselves.
Google Fiber, which looks to provide customers with up to 100 times the speed of typical broadband internet connections, is running into trouble with the so-called last mile, which is where the network is brought directly into the homes and buildings of the service's clients.  Getting through this last mile usually involves tearing up the streets and digging up nearby sidewalks, which is a huge burden in the construction of the network.  As such, the exploration on looking for a wireless solution to go over the last mile has started.


First secure the rights to the content, then find an appropriate delivery method?
Twitter and its live NFL games might be coming to Apple TV
Twitter is reportedly negotiating with Apple to bring the Twitter app to Apple TV — a move that would give the streaming platform's millions of users access to upcoming NFL games.  The talks have been reported by The New York Times as part of the social media platform's plans to broaden its appeal using live sports.  (NFL content is already available on Apple TV for paying NFL Game Pass subscribers, but games aren't live streamed in the US.)
Back in April, Twitter beat out rivals such as Facebook to secure the rights to live stream a number of NFL games, and has since signed similar deals with Wimbledon, the MLB, the NBA, and the NHL.


Isn’t this to be expected?  Who would want overnight delivery of 2X4s? 
Retail Results Will Show Amazon’s Effect
Do-it-yourself chains Home Depot Inc. and Lowe’s Cos. appear to have built a retail oasis mostly walled off from the reach of online behemoth Amazon.com Inc.
   Home Depot says just 25% of its business—smaller, easy-to-ship items like power drills and small hand tools—faces tough online competition.
That doesn’t mean either chain is immune to Amazon.  A UBS survey in June found that 11% of consumers planning a home improvement project themselves planned to buy something from Amazon.  That is far behind the 36% who said they planned to shop at Home Depot and the 21% at Lowe’s, but up from just 7% a few months back.  


It really does take time to learn how to use a new technology properly.
When Refrigeration was Controversial


For when my students want to get their geek on…
$5 Microcontrollers: Arduino, Raspberry Pi Zero, Or NodeMCU?

Sunday, August 14, 2016

Another phishing failure? 
Lauren Fedor reports:
Personal details and bank account information for employees of as many as 300 UK companies may have been compromised as part of a data breach at Sage, the UK software group.
[…]
On Friday, the Newcastle-based group notified around 200 of its current UK business customers that their information — including employee bank account details and salary information — may have been affected by a data breach.
Read more on Financial Times.
[From the article:
One person familiar with the situation told the Financial Times that a Sage employee’s internal login details were used to gain unauthorised access to protected data in recent weeks, prompting an investigation by the company.  The police and the Information Commissioners Office are understood to be involved in the investigation.


My students need to understand this so they can Architect it, govern it, secure it, and hack it.
Envisioning Bitcoin’s Technology at the Heart of Global Finance
A new report from the World Economic Forum predicts that the underlying technology introduced by the virtual currency Bitcoin will come to occupy a central place in the global financial system.
A report released Friday morning by the forum, a convening organization for the global elite, is one of the strongest endorsements yet for a new technology — the blockchain — that has become the talk of the financial industry, despite the shadowy origins of Bitcoin.
   Unlike existing financial ledgers or databases used by banks and other institutions, the blockchain is updated and maintained not by a single company or government.  Instead it is run by a network of users.  It’s akin to the way Wikipedia is maintained by users around the globe.
Initially, bank executives shied away from endorsing Bitcoin because it had been used for drugs and crime.  Now, however, many have focused on ways to create blockchains without using Bitcoins for transactions in any way.
This is attractive because blockchains — or “distributed ledgers,” as they are often described — could offer a new way to move money and track transactions across borders and other networks in a more secure, transparent and effective way than the current system.
   Most banks have already put together blockchain working groups and released research reports hailing the potentially transformative effect of the technology.
But few real-world uses of the blockchain have come to fruition


Interesting and depressing.
Updated in 2016, the Global Terrorism Database World Map
by Sabrina I. Pacifici on Aug 13, 2016
“Updated in 2016, the GTD World Map: 45 Years of Terrorism displays the concentration and intensity (combining fatalities and injuries) of terrorist attacks that occurred worldwide across 45 years of data.”


This could take longer to resolve than the 30-Years War!
Megaupload’s Dotcom to appeal U.S. forfeiture of assets ruling
   A three-judge panel of the 4th Circuit U.S. Court of Appeals ruled two to one on Friday that Dotcom could not recover his assets because by remaining outside the U.S., he was a fugitive, which disentitled him from using the resources to fight his case.
Dotcom’s lawyer Ira P. Rothken said his client would seek a review of the decision in front of the full bench and, if necessary, petition the Supreme Court.
“This opinion has the effect of eviscerating Kim Dotcom’s treaty rights by saying if you lawfully oppose extradition in New Zealand, the U.S. will still call you a fugitive and take all of your assets,” Rothken said in an email to Reuters received on Sunday.
   A New Zealand court ruled in December he could be extradited, but an appeal hearing has been set for later this month.
   In the Federal Court judgment, Chief Judge Roger L. Gregory wrote Dotcom and his co-defendants’ reasons for staying in New Zealand – because of jobs, businesses, and families – were “utterly unpersuasive.”


For my IT Governance class.
Maturity models can compel your leadership to action
   While not advocating any particular tool, the maturity-model assessment family in general is geared to a cybersecurity program assessment as opposed to a risk or a threat assessment.  Most models present a common set of industry-vetted, best practices in cybersecurity.  These may go even further, matching your status to industry maturity levels.
   Why go through all this work?  Maturity models can help you to paint a clear and compelling picture of the gap between threat and preparation -- not only for infrastructure defenders, but for your management when it’s time to request resources.


Perhaps a job at Walmart, students?  
By The Time Wal-Mart Catches Up With Amazon, There Will Be No Neighborhood Stores
Wal-Mart is getting serious about catching up with Amazon.  Very serious, forging the right partnerships and amassing the right talent and resources to compete effectively against the e-commerce leader.
   Wal-Mart has a reputation for paying very little compensation—barely above minimum wage — to its low-skill floor employees.  But it pays big bucks to recruit and retain talent for its eCommerce division, where starting salaries can be as high as $149,000 a year, according to a recent Glassdoor survey.


Our students put together portfolios and invite potential employers to come in and listen to their presentations.  Perhaps we should put together digital portfolios and allow global access via the Internet?
FreshGrade Offers Free Webinars About Digital Portfolios
FreshGrade is a digital portfolio platform that has quickly risen in popularity over the last eighteen months.  The learning slideshow feature in FreshGrade is one of the many features that has helped it become popular amongst teachers and students.
FreshGrade is offering a series of free webinars to help teachers learn more about creating and using digital portfolios in the new school year.  Obviously, the webinars will feature the tools in FreshGrade, but some of the concepts in the first two webinars could be applied to just about any digital portfolio tool.  The first two webinars are already available to watch on demand. The rest of the webinars start next week.  To watch the recorded webinars just visit this page, select a webinar, then complete the registration and the recording will be available to you almost instantly.
To learn about other digital portfolio tools, check out my free guide to digital portfolios.