Saturday, August 27, 2016

“Where’s the sport in that?”  It must be election season again.  Would they change their minds if we tell them that Russia has already scanned their machines? 
Two swing states decline DHS security for voting machines
In August, DHS offered to help states thwart potential hacking amid cybersecurity concerns about just how easily a U.S. election could be manipulated.
Georgia and Pennsylvania, however, have opted out.  Instead, the two states will rely on their own systems to monitor potential election hacking, reports NextGov.

Mobile is more popular to hackers as well as advertisers.
Mobile Bank Heist: Hackers Target Your Phone
   Cyberthieves are using such so-called malware to steal banking credentials from unsuspecting consumers when they log on to their bank accounts via their mobile phones, according to law-enforcement officials and cybersecurity specialists.
It is difficult to quantify how much money has been stolen as a result of the mobile-phone malware, mostly because the thieves can access an account through any normal channel after they steal credentials through a phone.  Still, the prevalence of the malware is significant enough that it has caught the attention of the Federal Bureau of Investigation and U.S. banking regulators.
   The malware typically gets onto a phone when a user clicks on a text message from an unknown source or taps an advertisement on a website.  Once installed, it often lies dormant until the user opens a banking app.
   The Federal Reserve said earlier this year that 53% of smartphone users with bank accounts had used mobile banking in the previous 12 months, up from 43% in 2011.
   A recent study conducted by SAS and Javelin Strategy & Research found that fewer than one-third of smartphone owners use mobile antivirus or anti-malware software on their phones.

Another of those articles that impact all my students.
58 Percent of Small Businesses Already Have International Customers, Survey Finds
Small businesses are breaking barriers and going international, a new study by foreign exchange company USForex has found.
The survey shows 58 percent of small businesses already have international customers, while 72 percent plan to grow their international customer base by 2017.  About 96 percent of these small businesses, in fact, are confident about conducting business abroad.
Going global is no longer an option for successful small- and medium-sized businesses — it’s a strategic imperative,” said Karin Visnick, head of North America, USForex.

Would they do this to Uber drivers?  Will Taxi driver defect to Uber? 
From the Rutherford Institute:
A federal appeals court has upheld New York City’s program of warrantless and continuous GPS surveillance of taxi drivers, ruling that drivers are not protected by the Fourth Amendment’s bar on unreasonable searches and seizures when on the job.  The Rutherford Institute appealed to the Second Circuit Court of Appeals on behalf of taxi drivers who were being forced by government officials to attach GPS tracking devices to their taxis.
In a 2-1 decision, the Second Circuit held that taxi drivers do not have a protected privacy interest in the vehicles they drive.  The dissenting opinion, issued by Circuit Judge Rosemary S. Pooler, takes issue with the lower court’s premise that taxi drivers should be stripped of all Fourth Amendment protections.  Rebutting the view that the government’s surveillance is conspicuous, that taxis are not truly private property, and that the tracking system was installed pursuant to regulations, Pooler declared, “The physical invasion of a constitutionally protected area is no less actionable under the Fourth Amendment merely because it is conspicuous.  To hold otherwise would allow the government to conduct unreasonable searches merely by announcing them.”
Read more on the Rutherford Institute.

Is this the “best possible” solution?  What makes a single word ‘newsworthy?’ 
Facebook is trying to get rid of bias in Trending news by getting rid of humans
Facebook will no longer employ humans to write descriptions for items in its Trending section, which attracted controversy over allegations of political bias in May.  Topics appearing in the Trending section will now appear solely as a short phrase or single word, with an indication of the number of people discussing it on the social network.
Quartz confirmed from multiple sources that Facebook has laid off the entire editorial staff on the Trending team—15-18 workers contracted through a third party.  The Trending team will now be staffed entirely by engineers, who will work to check that topics and articles surfaced by the algorithms are newsworthy.

Will this change when Google starts sending users to news sites outside the EU?
Internet Companies May Have to Pay Publishers for News Under New EU Rules
News aggregators like Alphabet Inc. ’s Google news search may have to pay publishers to list snippets of articles on their websites under plans by the European Union’s executive body to update the bloc’s copyright rules.

Beware of falling peperoni!
Domino’s Gets Approval For Fresh Pizza Deliveries By Drone In New Zealand

Believe it or not, I do have discerning nerds in my classes. 
The discerning nerd's guide to Raspberry Pi hardware (2016 mid-year edition)
In my "Ultimate Guide to Raspberry Pi Operating Systems" (Part 1, Part 2, and Part 3) I listed pretty much every noteworthy operating system and OS variant available for the Raspberry Pi family of single board computers.  But what of the hardware all this OS goodness runs on?  It's not like there's just one Raspberry Pi board.  So, if you don't know your Model A from your Zero from your generation 3 Model B, this is the guide for you.
Also make sure you check out my 7 ways to make your IoT-connected Raspberry Pi smarter and 9 Raspberry Pi programming tools bundled with Raspbian, both of which are full of Raspberry Pi and Internet of Things goodness.

Saturday already?
Hack Education Weekly News
   “Members of Congress are in an unusual position as they demand an explanation for Mylan NV's 400 percent price hike for the EpiPen and focus attention squarely on its CEO: Heather Bresch,” Bloomberg reports.  Bresch, whose father is a senator from West Virginia, had successfully lobbied to have Epipens, which contain life-saving anti-allergy medication, be purchased by public schools.  Bresch had previously been involved in another education-related scandal when, in 2007, it was revealed she had been awarded an MBA by West Virginia University even though she’d only completed half of the required credits.
   “The University of Chicago is attacking academic freedom,” says New Republic’s Jeet Heer.  The school’s dean of students, has sent a letter to the freshman class saying that,
Our commitment to academic freedom means that we do not support so called “trigger warnings,” we do not cancel invited speakers because their topics might prove controversial, and we do not condone the creation of intellectual “safe spaces” where individuals can retreat from ideas and perspectives at odds with their own.
   I can’t think of anything I loathe more about back-to-school each year than the release of the Beloit College Mindset list.  Here’s the latest one for the Class of 2020.
   Bored with Pokemon Go?  Try this exciting new app to “catch ’em all” and participate in a mainstreaming of surveillance culture: a mobile app for finding bank robbers, built by the FBI.
   Via the BBC: “University hit 21 times in one year by ransomware.”  The university: Bournemouth, which apparently has a cybersecurity centre.

Friday, August 26, 2016

Very interesting, to me anyway.  If I can short a stock and then drive the price down, I better be able to make my information at least reasonably believable.  If I state that the claims are “absolutely untrue” I better not have any information that they might be.  Interesting area to debate. 
Matt Egan reports:
St. Jude Medical rejected claims made by a famous short seller on Thursday that the company’s pacemakers and other lifesaving devices are vulnerable to cyber attacks.
The allegations, made in a detailed 34-page report by Muddy Waters founder Carson Block, were enough to spook investors on Wall Street. St. Jude’s stock plummeted as much as 8% on Thursday.
St. Jude’s chief technology officer Phil Ebeling called the claims “absolutely untrue.”
Read more from CNN Money on WPTZ.

(Update) It’s even worse than I thought.  Was St. Jude’s lying? 
More on a situation I noted yesterday.  This approach to using/monetizing vulnerability discoveries is downright scary…. but will it work to improve security?  Here’s one of your must-reads for today.
Jordan Robertson and Michael Riley report:
When a team of hackers discovered that St. Jude Medical Inc.’s pacemakers and defibrillators had security vulnerabilities that could put lives at risk, they didn’t warn St. Jude.  Instead, the hackers, who work for cybersecurity startup MedSec, e-mailed Carson Block, who runs the Muddy Waters Capital LLC investment firm, in May.  They had a money-making proposal.
MedSec suggested an unprecedented partnership: The hackers would provide data proving the medical devices were life-threatening, with Block taking a short position against St. Jude.
MedSec is taking a path that some frustrated security experts believe is the only way to create fundamental change: find a way to impose significant monetary penalties on companies it believes are negligent when it comes to protecting consumers.  But the startup is doing so in ways that violate some of the most basic standards of ethical security research and in an industry where the stakes are especially high.
Read it all on Bloomberg.

Did I miss the memo?  Why would Homeland Security investigate this breach?  Is there some national security angle I’m missing?  Did North Korea do it for some reason?  Is this covered by some secret law? 
Jones website hack reveals stars’ tricky cyber landscape
The hateful hack of comedian Leslie Jones’ personal website reveals the tricky cyber landscape celebrities tread and the murky legal protections that exist for personal digital content.
While Jones’ supporters have been vocal with their outrage and Department of Homeland Security investigators are looking into the breach of Jones’ website that exposed intimate photos and personal documents
   Those who broke into Jones’ site and replaced its usual content with naked photos, a driver’s license and racist video are clearly breaking the law, said attorney Jonathan Steinsapir, but “trolling” a celebrity with sexist or racist posts online is not a crime.
   Most often, though, technology moves faster than the law.
“The availability of media now and how quickly information spreads — I don’t think the law has kept up with that,” said Steinsapir, who specializes in intellectual property and copyright law.
For example, once stolen photos are disseminated online, it’s not only tough to track who’s republishing them, it’s practically impossible to prosecute.
   And all the experts agree: Taking naked photos and storing them digitally is probably a bad idea. 

(Related?) What is they were given the information?  What is they had not been “celebrities?”
Ray W writes:
Aller Media, the owner of Danish gossip magazine Se & Hor, was fined 10 million kroner [approximately $1.5 million] – and the magazine’s former managing editor, Kim Bretov, and former news editor, Lise Bondesen, were each given suspended jail sentences –on Thursday for illegally buying the credit card information of celebrities.
Read more on CPH Post.

(Related) This is how we do it in the US.
I approve!
Michael O’Keeffe and Ginger Adams Otis report:
Giants defensive end Jason Pierre-Paul scored a big win Thursday in his invasion-of-privacy lawsuit against ESPN.
A Florida judge said Pierre-Paul can sue the sports news network and reporter Adam Schefter for posting his private medical records online for millions to see.
Read more on NY Daily News.  The NY Post also covers the ruling.

“We have the technology, therefore we must use it!” 
Joe Cadillic writes:
Police State America has devised a new way to track dissidents or person’s of interest, they’re calling it Pay-By-Plate.  Raytheon’s Pay-By-Plate system will allow police to “Hotlist” motorists across the country.
According to the Boston Globe, officials are working with the Executive Office of Public Safety and Security to draft a list of all situations that warrant “Hotlist” use.
Feds claim they’re only taking pictures of our license plates
image credit: Boston Globe
If you look closely at the above picture, you can see two surveillance cameras, one that takes a picture of the front of the vehicle, and one that’s aimed at the rear of the vehicle.  Raytheon’s Vigilant Solutions, ‘National Vehicle Location Service‘ cameras can identify drivers and passengers faces in “near real time”, flagging any ‘person of interest’.
Read more on MassPrivateI.

Blockchain explained in 19 minutes.  Another technology that removes intermediaries.
How the blockchain is changing money and business
What is the blockchain?  If you don't know, you should; if you do, chances are you still need some clarification on how it actually works.  Don Tapscott is here to help, demystifying this world-changing, trust-building technology which, he says, represents nothing less than the second generation of the internet and holds the potential to transform money, business, government and society.  

This is the field I’m sending my Ethical Hacking students out to conquer.
Startup Manipulated iPhone to Allow Government Spying, Report Says
Security researchers say a little-known Israeli startup exploited previously unknown bugs in Apple Inc. ’s smartphone software to help foreign governments spy on their citizens.
The researchers say the surveillance software was the work of NSO Group Technologies Ltd., which sells primarily to government agencies.  The researchers, at Citizen Lab, a group that investigates surveillance technology, and at mobile-security firm Lookout Inc., say they discovered the software in a link sent earlier this month to the phone of Ahmed Mansoor, a human-rights activist in the United Arab Emirates.
Their report sheds new light on the capabilities of private security companies to produce sophisticated software for state-sponsored spying.  It also suggests that the iOS operating system behind Apple’s iPhones isn't as impregnable as it appeared earlier this year, when the Federal Bureau of Investigation struggled for weeks and ultimately paid $1 million to unlock a phone tied to the San Bernardino terror attack.

A bit technical, but still an interesting read.
This week, the Office of the Director of National Intelligence declassified a Foreign Intelligence Surveillance Court of Review (FISCR) opinion that has important broad implications for privacy and warrantless surveillance.

For my Data Management and Data Architecture students.
How Data Skills Help Firms Create Social Media That Matters
   In her latest paper, “Data Analytics Skills and the Corporate Value of Social Media,” Wu analyzed a large sample of businesses to determine how they derived value from social media.

Eventually we may be able to automate this entire law enforcement thing.  You “register” your face and fingerprints to unlock your phone, anyone else is a crook!   
Apple's Patent Application Collects iPhone Thieves' Fingerprints and Selfies
The U.S. Patent and Trademark Office on Thursday published a patent application filed by Apple describing a method for the company to capture both a thief’s picture, video, and fingerprints from the Touch ID home button, among other identifying data.

This is rather sad actually.  None of the government entities were willing to put this into their budgets, so we need to force them to borrow money to do it? 
US chief information officer ups push to modernize government tech
The United States chief information officer on Thursday boosted his push for Congress to approve $3 billion in loans to modernize government technology.
Tony Scott emphasized the importance of a government-wide shift from obsolete technologies to more secure, cheaper, modern options, calling for the creation of the Information Technology Modernization Fund (ITMF).
   The ITMF, currently under debate in Congress, would provide $3.1 billion in loans for agencies to update technology.  The money would be repaid through the cost savings of using the more efficient technologies.

Advertising for the Pok√©mon generation?  Clearly, these ads will not reach me. 
Trump, Clinton boost Snapchat spending
Hillary Clinton and Donald Trump are both ramping up their campaign spending on Snapchat, according to a report from Bloomberg.

My IT Grad students just can’t believe that Uber is not profitable!
Uber reportedly lost at least $1.27 billion in first half of 2016
Ride-hailing giant Uber lost at least $1.27 billion before interest, taxes, depreciation and amortization in the first six months of 2016, Bloomberg reported on Thursday, citing people familiar with the matter.

What could my students do with this?
Facebook Gives Away Machine Vision Tools of the Future
Thanks to a form of AI called deep learning, computers are now really good at telling the difference between a dog and a cat.  But Facebook’s Artificial Intelligence Research (FAIR) lab wants to make machine vision far more useful, going well beyond digital parlor tricks.
FAIR research scientist Piotr Dollar says the first step lies in helping machines not just recognize that a particular thing appears in a photo—say, a cat or a chair or a gun—but spot each individual detail in a photo and understand where it sites in relation to everything else.  His team has built a set of tools that does just that.
   But Facebook isn’t actually using these particular machine vision tools yet.  As with FastText, a set of tools that could be used for spotting spam and clickbait that the company recently open source, the FAIR team opted to release its work to the public early, before it’s found a particular application at the company.

Introducing Amazon Vehicles, a Car Research Destination and Automotive Community
Amazon today announced Amazon Vehicles, a car research destination and automotive community that makes it easy for customers to get the information they need when shopping for vehicles, parts, and accessories.
   Customers can begin researching vehicles today at

My local library (Koelbel)  is having a big book sale starting Sept 8th.  On Sunday, you can buy a grocery bag full of books for $6.  I can see that this game might be worth $6 (or more) just to watch the kids play!
Belgians are hunting books, instead of Pokemon
Inspired by the success of Pokemon Go, a Belgian primary school headmaster has developed an online game for people to search for books instead of cartoon monsters, attracting tens of thousands of players in weeks.
While with Pokemon Go, players use a mobile device's GPS and camera to track virtual creatures around town, Aveline Gregoire's version is played through a Facebook group called "Chasseurs de livres" ("Book hunters").
Players post pictures and hints about where they have hidden a book and others go to hunt them down.  Once someone has finished reading a book, they "release" it back into the wild.
   Though it was only set up a few weeks ago, more than 40,000 people are already signed up to Gregoire's Facebook group.
The hidden tomes range from books for toddlers through to Stephen King horrors, placed around Belgian towns and countryside, often wrapped in clear plastic to keep off the rain.