Saturday, October 08, 2016
Why bother with this? Perhaps because they know of some serious problems that have not been made public yet?
U.S. lays blame on Russian government for election-related hacking
… U.S. intelligence agencies are confident Russia was responsible, the Department of Homeland Security and the Office of the Director of National Intelligence said in a statement on Friday.
They paid more than a million dollars, and the hack only worked on one phone? Will they pay a million for every brand and model they want to hack?
The FBI Is Trying To Force Its Way Into Another Locked iPhone
The battle between the FBI and locked phones is far from over. The FBI is currently trying to crack into another locked iPhone that once belonged to a now deceased terrorist. The iPhone in question belonged to Dahir Adan, who stabbed ten people in a Minnesota mall before a police officer shot and killed him. ISIS has claimed credit for the attack over social media.
… The FBI is currently investigating as much of Adan’s electronic footprint as possible. The FBI has so far plowed through 780 gigabytes of data from multiple computers and mobile devices. Thorton remarked, “We are conducting an extensive review of his social media and other online activity”. It remains to be seen whether the FBI will also pressure Apple to unlock Adan’s iPhone.
“Cost v. Benefit” is not a government concept.
Joe Cadillic writes:
Malls and retailers across America, are working with DHS to install facial recognition cameras and license plate readers everywhere. DHS is working with malls and retailers to identify people with criminal records and scan their license plates to see if a shopper is on DHS’s terrorist watch list.
New York City is installing facial recognition cameras at bridge crossings and tunnel entrances
Read more of his post on MassPrivateI.
My students say no, but what do they know?
Should Self-Driving Cars Be Mandatory?
TGIS (I teach on Friday)
Hack Education Weekly News
… AllAfrica reports that the Kenyan government will begin distributing some 1.2 million laptops to all public primary schools.
… Via Inside Higher Ed: “Smartphone Explodes in Rowan College Classroom.” The phone was not a Samsung Galaxy Note 7, which have been recalled because of battery explosions, but an iPhone 6 Plus.… “Deloitte Publishes 2016 Digital Education Survey,” says Edsurge.
Friday, October 07, 2016
Starting on a cheerful note…
The Global Economic Damage of Internet Blackouts
Last weekend, cellphones across Iraq lit up with the same text message. “Dear subscriber,” the message read in Arabic. “On instructions from the Ministry of Communications, internet access will be cut off every day between October 1 and 8, from 6 to 9 a.m. These instructions were issued to every internet service provider.”
The scheduled blackouts coincided with the third round of national placement exams for sixth graders in Iraq; the blackouts are intended to keep students from cheating. The country has made a habit of interrupting internet access nationwide during the exams: I wrote about another episode in detail earlier this year.
Intentional, government-instigated internet blackouts are becoming more and more common. And when governments choose to shut off the internet—if not to prevent cheating, then to stifle political protests, as in Egypt in 2011 or in Gabon just this month, or ostensibly to fight terrorism, as in Iraq in 2014—the downtime can have far-ranging consequences. It prevents citizens connecting with the rest of the world. It can make it difficult to request emergency services. If a country’s already experiencing unrest, it can give cover to serious human-rights abuses.
The type of government that’s willing to darken the internet for hours or even days on end may not be particularly moved by the free-speech or human-rights implications of a blackout. But it’s difficult to ignore the side effects detailed in a new report from Brookings, which studies the widespread damage even a short hiccup in connectivity can deal to a country’s economy.
A technique hackers could use to increase the impact of data they release. In this case they might change the result of some drug tests. If they release huge volumes of the private emails of presidential candidates, what might they change?
Russian Hackers May Have Manipulated Leaked WADA Data
In a statement published Wednesday, October 5, the World Anti-Doping Agency (WADA) provided an update on investigations into the August Fancy Bear hack and data leak in September. FireEye/Mandiant has been employed to do the forensic investigation. As of Oct. 5, the investigation is 90% complete and has found no evidence of any additional compromise.
The statement also suggests that some of the leaked data may have been manipulated by the hackers before public release. "It should also be noted," says WADA, "that in the course of its investigation, WADA has determined that not all data released by Fancy Bear (in its PDF documents) accurately reflects ADAMS data.
A starting point.
Online or on paper, get the latest FTC identity theft info
by Sabrina I. Pacifici on Oct 6, 2016
“Looking for information on dealing with identity theft? The FTC has new and revised identity theft publications that reflect features of IdentityTheft.gov that make it easier to report and recover from identity theft. Here’s what’s hot off the presses:
My students had a couple of interesting questions on Wednesday. Did Yahoo know about the hack or not? Would it make a difference to Verizon?
Verizon is pushing for a $1 billion discount off its pending $4.8 billion agreement to buy Yahoo, several sources told The Post exclusively.
The request comes on the heels of the web giant getting bludgeoned by bad news in the past few days.
Yahoo revealed two weeks ago that it had been hacked in 2014 and that users names and passwords for 500 million accounts were swiped.
Then, earlier this week, it was learned that Yahoo had been ordered by a secret Foreign Intelligence Surveillance Court to scan emails for terrorist signatures.
“In the last day we’ve heard that Tim [Armstong] is getting cold feet. He’s pretty upset about the lack of disclosure and he’s saying can we get out of this or can we reduce the price?” said a source familiar with Verizon’s thinking.
Surely all my students know how to do this already?
How to Create Google Alerts
In one of yesterday's posts I mentioned using Google Alerts to track a topic on the web. A few hours after I published that post I was asked for clarification about how to create a Google Alert. In the following video I demonstrate how to create a Google Alert.
(Related) Do they know about all of these?
The internet is the go-to destination for students desperate to get ahead on their homework. However, many students aren’t using some of the best resources that the internet has to offer.
Something for my nephew?
Duolingo’s chatbots help you learn a new language
Thursday, October 06, 2016
Very timely since the Privacy Foundation’s topic on October 28 is Encryption and Privacy! (See the details at: http://www.law.du.edu/index.php/privacy-foundation )
CRS – Encryption: Frequently Asked Questions
by Sabrina I. Pacifici on Oct 5, 2016
Encryption: Frequently Asked Questions, Chris Jaikaran, Analyst in Cybersecurity Policy. September 28, 2016.
“Encryption is a process to secure information from unwanted access or use. Encryption uses the art of cryptography to change information which can be read (plaintext) and make it so that it cannot be read (ciphertext). Decryption uses the same art of cryptography to change that ciphertext back to plaintext. Encryption takes five elements to work: plaintexts, keys, encryption methods, decryption methods, and ciphertexts. Data that are in a state of being stored or in a state of being sent are eligible for encryption. However, data that are in a state of being processed—that is being generated, altered, or otherwise used—are unable to be encrypted and remain in plaintext and vulnerable to unauthorized access.”
As someone who has made “configuration errors” I can sympathize. There are ways [Best Practices] which significantly reduce the probability of introducing those errors into your network.
Level 3 blames huge network outage on unspecified configuration error
… Here's the statement issued by the Broomfield, Colo., service provider:
Wednesday, October 05, 2016
I’ve reported on ShotSpotter before, but Joe Cadillic wants you to look at the involvement of GE and its implications for everyone’s privacy. Joe writes:
Soon, spying street lights equipped with ShotSpotter microphones will be in every city and town, that’s because GE lighting and ShotSpotter (SST) are working together to spy on everyone.
Last year, GE and SST announced they’re combining forces to put SST surveillance devices into street lights.
A memorandum of understanding between GE Lighting and SST, Inc., developer of the ShotSpotter crime detection and location suite, lays ground to embedding sophisticated SST technology into GE’s intelligent LED street lights.
“We’ve entered an era where lighting is so much more than illumination,” says Rick Freeman, Global Product General Manager, Intelligent Devices, GE Lighting. “
Read more on MassPrivateI.
Encryption, the new “gotta have?”
You Can All Finally Encrypt Facebook Messenger, So Do It
Last spring WhatsApp pushed out code adding a new layer of security to a billion users’ apps, creating the largest end-to-end encrypted messaging network in history. Now WhatsApp’s parent company Facebook has finally given people who use its other massively popular chat app the chance to catch up.
New insulin pump flaws highlight security risks from medical devices
Medical device manufacturer Animas, a subsidiary of Johnson & Johnson, is warning diabetic patients who use its OneTouch Ping insulin pumps about security issues that could allow hackers to deliver unauthorized doses of insulin.
The vulnerabilities were discovered by Jay Radcliffe, a security researcher at Rapid7 who is a Type I diabetic and user of the pump. The flaws primarily stem from a lack of encryption in the communication between the device's two parts: the insulin pump itself and the meter-remote that monitors blood sugar levels and remotely tells the pump how much insulin to administer.
Strange on many levels. This was last year, not a decade ago. The government was looking for “specific information?” How did they “demand” this support?
Yahoo secretly scanned customer emails for U.S. intelligence, sources say
Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.
The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.
Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.
I wonder if this would improve my feedback to students? Can it filter all those words I’d rather not have in writing?
New on LLRX – Yes, Dragon NaturallySpeaking has been worth the trouble for faster writing
by Sabrina I. Pacifici on Oct 4, 2016
Via LLRX.com – Yes, Dragon NaturallySpeaking has been worth the trouble for faster writing – David H. Rothman writes about the multiple uses of voice recognition software from the perspective of an expert writer, speaker and typist. Rothman also advises readers on the requisite microphone and boom to enhance the use of voice recognition technology.
Could be a good way to group videos for my students.
How to Make YouTube Playlists with a Google Spreadsheet
A couple of YouTube videos, some simple Google formulas and a Google Spreadsheet – that’s all you need to quickly create a YouTube playlist. It will be an anonymous playlist, not connected to your YouTube channel, and may be a good way to bunch together multiple videos for easy sharing on WhatsApp, Twitter or an email newsletter.
Reminder to self:
When I read a piece of business writing, whether it’s a proposal, a report, or a simple email, I’m turned off by people who have invested more energy trying to sound smart than in trying to be smart. Ideally, I’d like to read communications where I don’t notice the writing at all. The best writing is so transparent that it doesn’t obscure the underlying message. You can achieve that in your writing by investing in great content and then stripping away anything that detracts from it.
How do you make your content great? Before crafting a single sentence, you determine the purpose and desired outcome of your communication. You go beyond the facts and information you’re transmitting and push yourself to clarify what you want your audience to think, to feel, and to do after they’ve read your message.
I might have a few students who should enter this contest!
Ladies and gentlemen: it’s time to start your spreadsheets, fine-tune those formulas, and ready yourself for the inaugural Excel World Championship! That’s right — the world’s favorite spreadsheet software now has a Microsoft-sponsored competition, complete with a grand prize for the overall winner.
Excel World Championship entrants will be tested in several key Excel areas. They’ll be competing for “a trip to Seattle, USA and a meeting with Excel Product Leads to provide feedback on the next features added to Excel.” And of course, the title of “Excel World Champion” will be bestowed upon the eventual winner. Add that to your letterhead!
… Competition Dates and Entry Requirements
If your interest has been sufficiently piqued, take note of the competition start and end dates.
Round 1 “Trials” — October 3 00:00 UTC to October 9 23:59 UTC
Round 2 “Qualifying Heat” — October 12 00:00 UTC to October 21 23:59 UTC
Round 3 “Semi-Finals” — October 26 00:00 UTC to November 2 23:59 UTC
Round 4 “Finals” — November 18 00:00 UTC to November 18 23:59 UTC
The first two rounds are open to everyone. After round two, all entries will be graded on the criteria detailed in the following section.
get rid of get jobs for my students.
Tuesday, October 04, 2016
For my Ethical Hacking student “tool kit.”
We’ve all been tempted to use public Wi-Fi: it’s free, saves on your data allowance, and is always helpful in speeding up loading times.
You might love public Wi-Fi — but so do hackers.
Here are just a few ways cybercriminals can get access to your private data and potentially steal your identity and what you can do to protect yourself.
… Because your mailbox is encrypted, the ProtonMail staff have zero access, never mind the NSA. ProtonMail will ask you for your mailbox decryption key after you have initially logged in. You won’t be able to access your mailbox until you have entered both sets of credentials.
At least my Blog has a few readers…
TN Note: The intelligence community keeps saying that they are not collecting random data on American Citizens and incidents like this keep popping up proving that they are brazen liars. Remember that DHS is not isolated from the rest of the intelligence community; rather, it reports directly to the Director of National Intelligence for everything it does, including line-item budget approval. Thus, the DHS vacuuming of social media an intentional policy from the very top.
Neal Ungerleider reports:
At a Congressional hearing this morning that veered into contentious arguments and cringe-worthy moments, the Department of Homeland Security (DHS) spilled the beans on their social media monitoring project.
DHS Chief Privacy Office Mary Ellen Callahan and Director of Operations Coordination and Planning Richard Chavez appeared to be deliberately stonewalling Congress on the depth, ubiquity, goals, and technical capabilities of the agency’s social media surveillance. At other times, they appeared to be themselves unsure about their own project’s ultimate goals and uses. But one thing is for sure: If you’re the first person to tweet about a news story, or if you’re a community activist who makes public Facebook posts—DHS will have your personal information.
Read more on Technocracy News.
My students don’t understand what a new “Cloud” datacenter costs.
Microsoft expands Azure data centers to France, launches trust offensive vs AWS, Google
… Microsoft announced it would build its first Azure data center in France this year, as part of a $3 billion investment that it has made to build its cloud services in Europe.
The arguments continue. I guess you don’t need to be certain the data is kept by the people who get the subpoena. Does it impact my Governance class?
Subpoenas and Gag Orders Show Government Overreach, Tech Companies Argue
It has been six months since the Justice Department backed off on demands that Apple help the F.B.I. break the security of a locked iPhone.
But the government has not given up the fight with the tech industry. Open Whisper Systems, a maker of a widely used encryption app called Signal, received a subpoena in the first half of the year for subscriber information and other details associated with two phone numbers that came up in a federal grand jury investigation in Virginia.
The subpoena arrived with a court order that said Open Whisper Systems was not allowed to tell anyone about the information request for one year.
… The documents released last week show that the government asked Open Whisper Systems to turn over data associated with two telephone numbers, including web browsing histories and data stored in the tracking “cookies” of the web browsers attached to those accounts. But one of Signal’s biggest draws is that it does not collect most of that information.
“The Signal service was designed to minimize the data we retain,” said Moxie Marlinspike, the founder of Open Whisper Systems. Mr. Marlinspike said Signal uses a technology called end-to-end encryption that kept the service from gaining access to the contents of its users’ messages. The company also does not store information on those with whom its users are communicating.
Census Data Visualization Gallery
by Sabrina I. Pacifici on Oct 3, 2016
“Data Visualization Gallery. A weekly exploration of Census data. The Census Bureau is working to increase our use of visualization in making data available to the public, and this gallery is an early part of that effort. The first posted visualizations will pertain largely to historical population data, building on prior work done to portray historical changes in the growth and redistribution of the U.S. population. For later visualizations, the topics will expand beyond decennial census data to include the full breadth of Census Bureau data sets and subject areas, from household and family dynamics, to migration and geographic mobility, to economic indicators.”
This also looks like fun.
… Hologram for Rainmeter renders 3D models — using the OBJ file type — as point clouds. Point clouds are transparent 3D objects created by placing points at distinct coordinates. The coordinates used are dictated by the face (underlying shape) vertices in a 3D object.
Apps are out. Bots are in.
Monday, October 03, 2016
For my IT Governance students: Can we design an election system that works?
The Computer Voting Revolution Is Already Crappy, Buggy, and Obsolete
Suddenly (after a few decades) we are learning how to use “new” technologies!
Why Deep Learning Is Suddenly Changing Your Life
Over the past four years, readers have doubtlessly noticed quantum leaps in the quality of a wide range of everyday technologies.
Most obviously, the speech-recognition functions on our smartphones work much better than they used to.
… Machine translation and other forms of language processing have also become far more convincing
… Then there are the advances in image recognition.
Rather than raise my taxes to pay for a parking lot, they raise my taxes to pay Uber to drive commuters to the train? Either way I get no benefit from my tax dollar.
How Uber Plans To Conquer The Suburbs
With a pilot program in Summit, New Jersey, the ride-hail giant is looking to replace commuter parking lots.
Summit, New Jersey, a bedroom community to New York City, will begin subsidizing Uber rides for residents traveling to and from the local train station starting Monday — a move the town initiated to avoid building a new parking lot, a multimillion-dollar effort
Oh look! Lawyers have value!
When it comes to game hacks, never underestimate the value of a lawyer power up
Although Pokémon Go’s popularity continues to wane, the mobile game’s recent battle with PokéVision – the third-party Pokémon locator site – provides us with an important lesson on how the “game hack” can be a major threat to a game developers’ business and a high risk endeavor with significant legal consequences for game hack developers.
The innocent cheat codes of the Nintendo 64 era are child’s play compared to the highly sophisticated bots and game hacks of today’s mobile and online gaming era
… For those considering making a living out of creating “game hacks” – proceed with caution. Creating a game hack exposes creators to significant legal risks. Recent lawsuits show that one simple game hack bot for a game with a monthly service fee can yield a lawsuit with over a dozen viable legal claims and the potential to permanently shut down the “game hack” business.
Will this spread to other large tech companies for similar reasons?
Exclusive: EU wants Google to stop anti-competitive Android practices, fine expected
EU antitrust regulators plan to order Alphabet's (GOOGL.O) Google to stop paying financial incentives to smartphone makers to pre-install Google Search exclusively on their devices and warned the company of a large fine, an EU document showed.
The document, running to more than 150 pages, was sent to complainants last week for feedback.
… The regulators also want to prevent Google from forcing smartphone makers to pre-install its proprietary apps if this restricts their ability to use competing operating systems based on Android.
All that stuff that no one reads until after the event?
National Security Archive Cyber Vault Project Library
Beta Edition, via the National Security Archive – “The Cyber Library contains all primary-source materials gathered by the Project across the full range of cyber security issues. New materials will be added on a regular basis. The [content] isting is chronological. To search for specific items, use [the search engine provided].
Oh goody. Now I can watch all the political ads I might have missed.
Political TV Ad Archive
Via Internet Archive – “The Political TV Ad Archive collects political ads in the 2016 election. In addition to tracking airings across key primary states, the collection includes ads that may air elsewhere or exclusively on social media.” Searchable by sponsor, keyword or candidate.
For my students.
Open Culture – Master List of 1,200 Free Courses From Top Universities
“For the past ten years, we’ve been busy rummaging around the internet and adding courses to an ever-growing list of Free Online Courses, which now features 1,200+ courses from top universities. Let’s give you the quick overview: The list lets you download audio & video lectures from schools like Stanford, Yale, MIT, Oxford and Harvard. Generally, the courses can be accessed via YouTube, iTunes or university web sites, and you can listen to the lectures anytime, anywhere, on your computer or smart phone. We haven’t done a precise calculation, but there’s about 40,000 hours of free audio & video lectures here. Enough to keep you busy for a very long time.”