Saturday, November 19, 2016

Someone needs to take a Computer Security class. 
WXYZ reports:
Michigan State University is confirming that someone breached a database that contains around 400,000 records containing personal information.
The breach happened on November 13.
According to MSU, that information “included names, Social Security numbers, MSU identification numbers, and in some cases, date of birth of some current and former students and employees.  It did not contain passwords, financial, academic, contact, gift or health information.”
MSU says they have confirmed that 449 of records were accessed, before the records were taken offline within 24 hours of the breach.
Read more on WXYZ.
NBC reports that those affected include “faculty, staff and students who were employed by MSU between 1970 and November 13, 2016, or were students between 1991 and 2016.”

The joys of mismanagement never end.
Banking Regulator Imposes New Restrictions on Wells Fargo
The federal government has put Wells Fargo & Co. on a much tighter leash, requiring the firm’s banking unit to seek approval before making a wide range of business decisions, after a regulator revoked key portions of a two-month-old settlement in the company’s sales scandal.
   The bank is now banned from offering departing executives “golden parachute” payments, according to the statement from the Office of the Comptroller of the Currency, and it must get the OCC’s permission before it changes its business plans, hires or fires senior executives, or revamps its board of directors.

Well, that didn’t take long.
Joël Valenzuela reports:
The U.S. government is seeking the identity of Coinbase users for tax purposes, sparking fears that Bitcoin’s anonymity may be compromised.
According to a legal summons filed in the Northern California District Court, the U.S. Internal Revenue Service (IRS) seeks to identify several Coinbase users and their financial activity, based on evidence that they may have violated U.S. tax laws:
Read more on Cointelegraph.

“Just do it.  We can worry about that security and privacy stuff later.”  Another example of an organization that can’t hear warnings! 
Bay Sleep Clinic (BSC) has more than one dozen locations in California offering sleep medicine diagnostic services.  Their site advertises that BSC:
Provides monitoring during a complete sleep cycle in our fully equipped, comfortable setting.
That monitoring appears to include video monitoring of their patients who, after being wired up to monitors, attempt to sleep in one of their rooms.  Unfortunately, the video monitoring was viewable by anyone and everyone because BSC (or whoever was responsible for securing the system) did not properly secure one of its Axis cameras.  As a result, anyone could view one of their rooms on
Yesterday morning, was contacted by an individual who had discovered the problem but did not want to get involved in making any notification.  After verifying his report that there was a problem and that the IP address belonged to BSC, called BSC, but was only able to leave a message in their general voicemail system.  Getting no response after several hours, called again, playing voicemail lottery to try to get any person who might connect me with their HIPAA privacy officer.  Sadly, that call, too, ultimately went to another voicemail box.  Despite tagging the message as “urgent,” there was no call back.
This morning, sent an email to the clinic.  That may have done the trick, as the cam is now no longer viewable publicly. has no information indicating whether any other cameras of theirs were, or are, also viewable online. has yet to hear back from Bay Sleep Clinic, so we have no information as to how this happened, for how long patients were publicly viewable during their sleep studies, and whether BSC intends to notify its patients, the California Department of Public Health, and/or HHS.
This post will be updated if a response is received.
Update: received a call from BSC’s external counsel a little while ago.  Unless they decide to give me a formal statement, I will not try to summarize my entire conversation with their counsel, other than to note that he suggested that it was inappropriate or unethical to upload patient images, even redacted ones.  After giving it some thought, I decided to remove the redacted screenshots.  My intention is to inform and to improve security for patient data, not to add to others’ woes.

Amusing?  Depends where you live I guess.
Map: Social Media Monitoring by Police Departments, Cities, and Counties

One of the year’s top stories, according to my students.
   It’s not yet clear exactly what the issue was with the Galaxy Note 7.  The company has blamed “a very rare manufacturing process error” which caused the anode and cathode to come into contact.  Further investigations are underway.

Is this because customers should never get free services or because some campaign contributors don’t want to have to compete with this?
Dems question FCC on data-free apps
   Seven Democratic senators targeted the so-called "zero-rating" in a letter to FCC Chairman Tom Wheeler, warning of stifled innovation and other issues if the FCC doesn't act.
“Without proper oversight and enforcement action, zero-rating can discriminate against certain services, potentially distorting competition, stifling innovation, and hampering user choice and free speech,” they wrote.
“When ISPs, not the consumer, choose online winners and losers, the very core tenants of net neutrality could be disrupted," the letter added.

A challenge for my IT Governance students.  Nothing happens until the customer start to use your service. 
The Virtual Business Process: A Dilemma
The entire telecom industry is coming to terms with the reality that existing business models are changing dramatically in the virtualization era, but there are strong indications lately that this process is proving problematic for network operators and their vendors alike.
For example, John Isch, director of the Network and Voice practice for Orange Business Services in North America, mentioned in a radio show with our sister site Telco Transformation you can hear in its entirety here, that one of the challenges to the Orange network-as-a-service initiative is getting vendors to accept an on-demand pricing scheme for software licenses of the virtual network functions (VNFs) it delivers to customers.
   "In this new environment, I don't want the VNF provider to start charging me -- Orange -- for the use of that VNF until a customer turns it up," he said.  "When the customer pushes the button, that's when the VNF provider starts charging us and we start charging the customer.  If the customer turns it off, all that stops."  

Perspective.  Another look at a changing world.
How Platforms Will Disrupt the Future of Media and Entertainment
   To put this in context, more than 20 years ago, the only outlet for individuals to broadcast their own personal and local interests was to use public access television channels or write letters to newspaper editors.  But today, we hold a lot more power as broadcasters using digital outlets like Facebook Live, Twitter, Instagram and Snapchat.  And for good reason.  The old definition of broadcast and entertainment was simplistic: Content mainly came from the establishment and sent in one direction, to us.  But that reality is changing as the media and entertainment and industries are being turned upside down and outside in.

They’re serious?  Have we gone completely bonkers?  
TSA: Keep grandma’s gravy at home but the turducken can fly
From the TSA: “Gravy is sadly prohibited from carry-on bags unless you pack it in accordance with our liquid polices mentioned above.  You can also pack it in your checked baggage.”
Gravy as well as cranberry sauce for that matter fall under the sometimes mysterious “Liquid Rules” which basically states that you’re “allowed to take as many 3.4 ounce or smaller sized containers that will fit in one sealed, clear, quart-sized zip-top bag – and one bag per person.

Every Saturday…
Hack Education Weekly News
   Deregulation of for-profits is “likely,” Inside Higher Ed reports.
   Via Chalkbeat: “Flooded with questions after Trump win, Denver Public Schools produces immigration fact sheet.”
   Via “Queensland children as young as four will learn coding and robotics as a compulsory part of their education from next year.”
   Via Inside Higher Ed: “IBM picks Blackboard and Pearson to bring the technology behind the Watson computer to colleges and universities.”
   Via Politico: “The average incarcerated adult in the U.S. scores so low in the ability to understand and work with numbers – numeracy skills, in research parlance – that they lag behind the unemployed, according to a report released today by the National Center for Education Statistics.  The report looks at the educational background and work history of prison inmates.  It finds that greater percentages of incarcerated adults scored at the lowest levels of proficiency in literacy and numeracy skills when compared to the overall U.S. population.”

Friday, November 18, 2016

Conversion (turning your theft into cash) has always been the most difficult part of a crime.  Why only eight? 
Mobile carrier Three breached after huge customer database is broken into to steal phones
British telecoms company Three has suffered a security breach affecting a database containing information on 6 million customers.
The incident, first reported by The Telegraph, involved people logging into a customer database, upgrading customers' phones, then stealing the new handsets and reselling them.
At least eight handsets were stolen that way, though the exact number of customers affected is unclear.
While the number of customers affected appears to be low (judging by the number of handsets stolen), the suspects had access to a vast database of up to 6 million customers — two-thirds of Three's 9 million customer base.

Nothing truly egregious here, I just miss talking about Kim Dotcom.  Hard to believe he’s being quiet. 
Zack Whittaker reports:
A hacker group claims to have obtained source code and admin accounts for the file-sharing site, formerly owned by internet entrepreneur Kim Dotcom.
The hacker group, known as the Amn3s1a Team, told me by email that they had also obtained internal documents from the company’s servers, by exploiting an escalation of privilege vulnerability.
In total, there were seven email addresses that are said to be associated with administrative Mega accounts, thought to be the highest-level of access at the service.
Read more on ZDNet.

Say it ain’t so!  Have businesses in the US fallen so far that they have a strategy of fraud?  What is trust worth?  See the Volkswagen article, below. 
Office Depot Accused Of Pushing Bogus Malware Removal Services On Customers To Meet Sales Quotas
When services are provided for free, it's important to evaluate whether or not there's a major caveat that comes along with it.  According to an investigation by CBS News, the free "PC Health" checkup provided by Office Depot carries a big one: you could be encouraged to shell out money to fix a nonexistent problem.
If this sounds like a shady mechanic or cars salesman, it's essentially the same thing. Office Depot is accused of telling customers that there are serious issues on their PCs, such as installed malware, even when that's not the case, and can charge them upwards of $180 for the privilege of "removing" it.

This is why competitors are springing up!  
SWIFT has not seen its last 'bank robbery'
   “The SWIFT board of directors needs to arrive at the consensus that they must make changes to the messaging system and its security,” says Kellermann.  The financial institutions that use and support the SWIFT system will have to spend more money to add the needed security.
The amount of additional spending should not be crippling for the participating banks.  In the finance sector, the typical security budget is 8 percent of the overall budget, confirms Kellermann.  They need to spend more like 10 percent,” he says.
Part of the challenge in acquiring the added budget is that CISOs are still reporting to the CIOs and don’t have a separate budget; that’s a governance issue across the financial sector, explains Kellermann.

Loading up for next Quarter’s Computer Security class…
Tim Johnson reports:
The worldwide scourge of cybercrime afflicted 689 million people in the past year, or more than twice the population of the United States, a California anti-virus software maker reported Wednesday.
Yet those hit by cybercrime often remain complacent, even sharing their passwords with friends, says a survey from Norton by Symantec, the security software maker.
Read more on McClatchyDC.

Another (Internet of) Thing not to be trusted?
How Light Bulbs Watch You Buy Groceries
   If shoppers grant the store’s app access to their smartphone’s front-facing lens, the phone can watch for the lights and use the pulses to pinpoint its location.
   Location information is one of the most valuable types of data a retailer can gather from its customers, says Joseph Turow, a professor of communications at the University of Pennsylvania.  (I interviewed Turow about the future of retail surveillance last month.)  If a retailer knows where you spent most of your time inside of a store, it can follow up with discounts for a product you looked at but didn’t buy—either after you’ve left the store, to encourage a return trip, or even right as you’re lingering in the aisle, to nudge you to buy it now.  In the U.S., Target and Walmart are rumored to use lighting technology to locate smartphone-toting shoppers, but aren’t forthcoming about their plans.

It's easier than breaking the iPhone encryption…
iPhone Call Logs Easy Pickings on iCloud, Says Russian Security Firm
Russian digital forensics firm ElcomSoft on Thursday reported that Apple automatically uploads iPhone call logs to iCloud remote servers, and that users have no official way to disable this feature other than to completely switch off the iCloud drive.
The data uploaded could include a list of all calls made and received on an iOS device, as well as phone numbers, dates and times, and duration, the firm said.

(Related) …so, perhaps the Russians could provide the data Apple doesn’t want to? 
New York DA vs Apple encryption: 'We need new federal law to unlock 400 seized iPhones'
In a report released on Thursday at the launch of the Manhattan DA's new cyberlab, Vance revealed there are now over 400 locked iPhones sitting with New York County that could be used to investigate serious crimes if only Apple would or rather could help.
The full report can be found here.

Something for my geeks to elaborate on?  
Fake news on Facebook is a real problem. These college students came up with a fix in 36 hours.
   when De, an international second-year master’s student at the University of Massachusetts at Amherst, attended a hackathon at Princeton University this week with a simple prompt to develop a technology project in 36 hours, she suggested to her three teammates that they try to build an algorithm that authenticates what is real and what is fake on Facebook.
And they were able to do it.
   They’ve called it FiB.
Since the students developed it in only a day and a half (and have classes and schoolwork to worry about), they’ve released it as an “open-source project,” asking anyone with development experience to help them improve it.  The plugin is available for download to the public, but the demand was so great that their limited operation couldn’t handle it.

Should I believe that lying about emissions supported 23,000 jobs?  Of course not.  But not getting fined when you get caught probably did. 
Volkswagen to Cut 23,000 German Jobs as It Tries to Lift Profits
   As it seeks to recover from an emissions cheating scandal, Volkswagen is trying to reduce the cost of manufacturing cars that carry the VW badge, many of which are made in Germany by a work force that effectively controls the company and has resisted job cuts.  The plan would lead to savings of $3.9 billion a year, Volkswagen said on Friday.

My students tell me the same thing.  
Cadillac president: Self-driving cars ‘spell the demise of the traditional car industry’
Detroit grew rich and fat on the one-person, one-car ethos of the American Dream.  But new technologies for driving won’t just change how we get from A to B — they’ll also change how we pay for transportation.

(Related)  Even the little things change.
Volvo launches concierge app for on-demand refuelling, car washing and more
Volvo has announced the rollout of a new concierge service for its owners, which will make everyday chores such as topping up with fuel an on demand, smartphone activated service.
   Tap on a service, and an authorised technician gets a one-time-use digital key to access and start the car, so you don’t need to meet up and hand the keys over.
Once servicing is complete, the car can be delivered right back to the spot you left it, delivered straight to you, or parked somewhere else entirely, and the digital key locks the car before expiring.
“Imagine parking your car in the morning at work and when you head home your car has been serviced, cleaned and refuelled.  These are the kind of services we of want to deliver to our customers”, explains Bjorn Annwall, Volvo’s Senior Vice President of consumer experience.

Pew study: One-quarter of Americans part of 'gig economy'
Approximately one-quarter of Americans have taken part in the “gig economy” in the past year, according to a study released by Pew on Thursday.

(Related to that Related article) 

Of course, President Obama did not favor (huge campaign contributor) Google, any more than President Trump will un-friend (huge contributor to the other side) Google.  That would be wrong.
Trump looks poised to overturn Obama policies that favored Google
   Google had close ties with outgoing Democratic President Barack Obama’s administration, and its employees donated much more to defeated Democratic presidential candidate Hillary Clinton than to the Republican Trump.

Not all “free” data should be shared freely.  Another example of geo-fencing.
S Korea blocks Google export of map data
South Korea today rejected Google's request to export government-supplied data for its global mapping service, arguing it would make the country more vulnerable to attack by North Korea.
   Google argues that the South Korean law is outdated and unfairly restricts the company from providing a full range of mapping services, such as driving directions, public transit information and satellite maps.
The US tech giant backed up its complaint by claiming it could offer a wider range of services for isolated North Korea -- including driving directions from the capital Pyongyang to the country's main Yongbyon nuclear complex, and locations of the North's notorious labour camps.

An interesting claim.
Musk Says Tesla’s Solar Shingles Will Cost Less Than a Dumb Roof
   “So the basic proposition will be: Would you like a roof that looks better than a normal roof, lasts twice as long, costs less and—by the way—generates electricity?” Musk said.  “Why would you get anything else?”

Rather than give them gifts, I give them lists of the gifts someone else should buy them.

Damning with faint praise?
Python is one of the most polarizing languages in the programming world.  You either love it or you hate it, and you might even swing from one end to the other like a pendulum.  But regardless, Python is a language that’s hard to be ambivalent about.

Google added this to my Blog creation page.  Since I do not add “other cookies” I’m relying on Google to provide notice. 
To see the notice if you’re outside of the EU, view your blog and change the country code, for example or 
So, this blog would be found at :

Thursday, November 17, 2016

I have a student who plays with Raspberry Pi computers.  I’ll have him demo this to my Computer Security class in January.
$5 Device Can Hijack Your Computer And Steal Your Data
If you follow security news at all, you’ve seen Samy Kamkar’s name before.  He’s got a knack for building incredibly inexpensive gadgets that can inflict serious harm to electronic systems.  Hotel room locks. Cars.  Garage doors.  Cash registers.  If it has a digital pulse, Kamkar can probably hack it.
His latest creation is PoisonTap, a device he built using a $5 Raspberry Pi Zero that can hijack a computer and steal data from it.  All he has to do to make that happen is to shove it into a USB port.  What makes PoisonTap particularly frightening is that it can do what it does even if you’ve locked your computer and protected it with a password.
   PoisonTap works by tricking a computer into thinking it’s an ordinary network adapter.  Once it digs its claws into a system it can wreak all kinds of havoc, like stealing all the cookies that are stored on your computer.  That, Kamkar says, allows an attacker to break into a victim’s website accounts — even if they’re protected by two-factor authentication or accessed via an SSL connection.  It can also intercept network traffic and re-route requests.

As it has done in past months, Protenus has compiled a monthly report on health data breaches in the U.S. that were disclosed during October.  Their analyses are based on data and information provided by this site and blogger.
   Many of the incidents, but not all, were reported on this site and can be found by using the “search” function.
You can find Protenus’s Breach Barometer for October here.
And after you’ve read the report, also read HIStalk’s interview of Robert Lord, CEO of Protenus, as he really articulates the challenges beautifully, e.g.:

You’ve been looking at Facebook, now Facebook wants to look back?  
Facebook acquires facial image analysis startup FacioMetrics
Facebook has acquired FacioMetrics, a facial image analysis company, as it tries to give users new features to add special effects to photos and videos.
The technology developed by the startup also includes capabilities for face tracking and recognizing emotions, which could potentially open up other applications for Facebook.

Guidelines for the next campaign?  How do they know ‘engagement’ didn’t mean ‘look at this nonsense?” 
Viral Fake Election News Outperformed Real News On Facebook In Final Months Of The US Election
In the final three months of the US presidential campaign, the top-performing fake election news stories on Facebook generated more engagement than the top stories from major news outlets such as the New York Times, Washington Post, Huffington Post, NBC News, and others, a BuzzFeed News analysis has found.
During these critical months of the campaign, 20 top-performing false election stories from hoax sites and hyperpartisan blogs generated 8,711,000 shares, reactions, and comments on Facebook.
   For details on how we identified and analyzed the content, see the bottom of this post.  View our data here.)

About time.  Keep your friends close, and your enemies closer.
Microsoft joins The Linux Foundation as a Platinum member
At its Connect(); 2016 developer event in New York City today, Microsoft announced it is joining The Linux Foundation.  And the company isn’t joining just to say it did: Microsoft is joining at the Platinum level, the highest level of membership, which costs $500,000 annually.  John Gossman, architect on the Microsoft Azure team, will sit on the foundation’s Board of Directors and help underwrite projects.

How rude.  
Whatever you might have previously thought about the notion of President Barack Obama pardoning Chelsea Manning and Edward Snowden, the election of Donald Trump changes everything.  The stunning new reality, and the threat it poses to Americans and non-Americans, shifts and strengthens the case for Obama to take this extraordinary step before he departs: pardoning these two most visible critics for their illegal disclosures.  The rationale: to empower and embolden whistleblowers over the next four years and beyond.

Wednesday, November 16, 2016

IT Governance means you have to listen to voices outside the organization too.
And this, kids, is what happens when an entity keeps ignoring vulnerability reports from researchers or infosec folks.  In this case, an IT consultant, “N.T.R.,” hacked
“I wrote to the NIC several times pointing to the vulnerabilities and even called the civil supplies office warning them about a possible breach, but they ignored me.  I had no option but to make the information public in a Facebook post,” N.T.R., a native of Thiruvananthapuram, said from Tokyo.
Mazhar Faroqui reports that the
breach occurred last fortnight when an Indian man living in Tokyo hacked the Kerala government’s civil supplies department website and uploaded the sensitive information of all of Kerala’s 8,022,360 Public Distribution System (PDS) beneficiaries and their family members on Facebook.
The data reveals names, addresses, birth dates, gender, monthly incomes, electoral card details, consumer numbers of power and cooking gas connections.
Read more on XPRESS.

Could this be correct?  Twitter won’t give their tweets away, but you can buy access? 
The FBI just got its hands on data that Twitter wouldn’t give the CIA
The FBI has a new view into what’s happening on Twitter.  Last week, the bureau hired Dataminr, a Twitter-linked analytics firm, to provide an “advanced alerting tool” to over 200 users.  Twitter owns a 5 percent stake in Dataminr and provides it with exclusive access to the full “firehose” of live tweets, making it a valuable resource for anyone looking for illegal activity on the service.
   However, the FBI contract seems to violate a key clause in Twitter’s Developer Agreement, which specifically forbids using the provided data to "investigate, track or surveil Twitter’s users."
   In May, Twitter revoked CIA access to Dataminr, a move that was taken as part of a larger ban on US intelligence agencies using the product.  “Data is largely public,” Twitter said in a statement at the time, “and the U.S. government may review public accounts on its own, like any user could.”
In a statement to The Verge, Dataminr confirmed that the contract was genuine.  “A limited version of our breaking news alerting product is also available to the FBI [among other clients],” the statement reads.  “Dataminr is not a product that enables surveillance.”  The company declined to elaborate on how the current FBI contract differs from the previous contract with the CIA.

(Related) A follow-up and an introduction to a new database about you.
Joe Cadillic follows up on an article out of Seattle about how those who purchased pet food using a store loyalty card at their supermarket received reminders from the government about the requirement of pet licenses.  I had noted the Seattle Times editorial on the issue.
Joe writes, in part:
Direct mailing companies are using Webtrend’s, Infintity Platform to create a real-time worldwide database of everyone’s purchases.
What they’re really saying is, “we envision a world where” where they can spy on everyone and sell it to governments and companies.
  • All collected data is available for transfer immediately so you can integrate the most recent web behavior data with your customer profile.
  • Visitor-level records are transferred so that an individual’s online behaviors can be connected with his/her offline behaviors.
  • All data is encrypted for transfer to ensure data is secure between Webtrends and your on premise environment.
  • Large amounts of data are transferred quickly due to the power of the Hadoop ecosystem
  • Monitoring and restart services provide fault tolerance and ensure all data is delivered successfully.
Read more on MassPrivateI.

Marc Benioff says companies buy each other for the data, and the government isn’t doing anything about it
   Benioff said he pressed the Federal Trade Commission to review Microsoft’s LinkedIn deal for potential antitrust violations, but the agency decided not to investigate.  Benioff, of course, made his own play for LinkedIn but failed to reach a deal.
The European Commission, however, is looking into it.  Last month, the antitrust authority at the European Commission sent questionnaires to Microsoft’s competitors as they review the merger.
Benioff contends the acquisition is anticompetitive because Microsoft can hinder access to LinkedIn’s data, making it harder for competitors.

Even if they think there is no risk, should they have considered the users perceptions? 
Lorenzo Franceschi-Bicchierai reports:
What’s that song? On yo ur cellphone, the popular app Shazam is able to answer that question by listening for just a few seconds, as if it were magic.  On Apple’s computers, Shazam never turns the microphone off, even if you tell it to.
When a user of Shazam’s Mac app turns the app “OFF,” the app actually keeps the microphone on in the background.  For the security researcher who discovered that the mic is always on, it’s a bug that users should know about.  For Shazam, it’s just a feature that makes the app work better.
Read more on Motherboard.
h/t, Joe Cadillic
UPDATE: Shazam, responding to the publicity and concerns, is changing Shazam:
Even though we don’t recognize a meaningful risk, we want to make this configuration change to show that we care, and we pay attention, and we want them to feel good about using Shazam on their Mac.

Redundant repetition of our reiteration is our goal.  (Who writes these headlines?)
DHS: Securing Internet of Things a matter of homeland security
The Department of Homeland Security (DHS) has released guidelines for internet of things cybersecurity, the second federal agency to do so on Tuesday.
The DHS guide offers advice on improving security while products are being designed, risk management, supporting updates and general security mindfulness.

If at first you don’t succeed, lie, lie again?
US Navy Acknowledges Installing $600M In Software Without Paying, Denies Wrongdoing
   Starting back in 2011, the Department of Defense's US Navy worked with German company Bitmanagement to license 38 copies of its BS Contact Geo software, with the intent of giving the software a test run.  Later, that installation number burst to over 100,000, and ultimately reached a staggering 558,466.  The problem?  The DoD didn't want to pay for those excess licenses; only the original 38.

Only in California?  Somehow, I’ll fit this into my outsourcing lecture.
Laid-off IT workers fight University of California outsourcing
   Hatten-Milholin was among about 80 laid-off IT workers who held a rally on Tuesday, calling for an end to the university's outsourcing program.  The IT department workers, including permanent staff and contract employees, will be replaced by workers from HCL, an India-based IT services company.
   Experts who study IT outsourcing say the UCSF case is a rarity but could influence IT practices throughout higher education. 
   "I’ve never heard of a case where university workers were being forced to train replacements," Hira said.

Perspective.  I don’t think we understand this yet.
How the blockchain will radically transform the economy
Say hello to the decentralized economy — the blockchain is about to change everything.  In this lucid explainer of the complex (and confusing) technology, Bettina Warburg describes how the blockchain will eliminate the need for centralized institutions like banks or governments to facilitate trade, evolving age-old models of commerce and finance into something far more interesting: a distributed, transparent, autonomous system for exchanging value.

The future of campaigning.
Here’s How Facebook Actually Won Trump the Presidency
Mark Zuckerberg is trying hard to convince voters that Facebook had no nefarious role in this election.  But according to President-elect Donald Trump’s digital director Brad Parscale, the social media giant was massively influential—not because it was tipping the scales with fake news, but because it helped generate the bulk of the campaign’s $250 million in online fundraising.
   “Facebook and Twitter were the reason we won this thing,” he says. “Twitter for Mr. Trump. And Facebook for fundraising.”

Something to chat about…
Snapchat Parent Files for $25 Billion IPO
Snap Inc. has confidentially filed paperwork for an initial public offering that may value the popular messaging platform at as much as $25 billion, a major step toward what would be one of the highest-profile stock debuts in recent years.

For my students.  Hey, it can’t hurt!
Tech employers are turning to San Francisco-based startup CodeFights, which hosts online coding competitions for programmers, to find talented coders outside regular recruiting channels.

With my (non-existent) artistic ability, I could set Artificial Intelligence back 50 years!
Google Quick, Draw! Needs Your Doodles
   Google's Quick, Draw! AI experiment is an example of machine learning.  The user is tasked with drawing a wide range of doodles, for example, a snake, shoe, or elbow.  The neural network powering Quick, Draw! attempts to predict what you are drawing.  If the prediction matches the initial request, you are asked to draw another doodle.  For the user it's a fun distraction, but for the neural network it's an essential learning tool.

I’m sure New Balance is thrilled!  (I declare Neo-Nazis as permanent members of my Officially Stupid list.)
We live in crazy times: Neo-Nazis have declared New Balance the ‘Official Shoes of White People’

Strangely enough, it means I don’t have to post the truth if I believe something is true. 
Word of the Year 2016 is...
After much discussion, debate, and research, the Oxford Dictionaries Word of the Year 2016 is post-truth – an adjective defined as ‘relating to or denoting circumstances in which objective facts are less influential in shaping public opinion than appeals to emotion and personal belief’.

Tuesday, November 15, 2016

Anything that will attract an email recipient’s attention; targeting victims is merely one example.
OPM-Impersonating Spam Emails Distribute Locky Ransomware
   Recently, Locky’s operators decided to impersonate the US Office of Personnel Management in a new distribution campaign. 
The messages distributed as part of this spam campaign claim alleged “suspicious movements” in the victim’s bank account, supposedly detected by OPM.  The emails come with a ZIP archive attached, with JavaScript code packed inside.  The JavaScript is meant to download and run the Locky ransomware, similar to many other distribution campaigns.
According to PhishMe, because the emails in this campaign appear to have been sent by the OPM, they are likely to trick government workers and employees of government contractors.  Moreover, they are also highly likely to appeal to individuals who have been impacted by last year’s high-profile OPM breach.

Quis custodiet ipsos custodes?  Epic does?
EPIC has filed a FOIA lawsuit against the Federal Bureau of Investigation for information about the agency’s plans to transfer biometric data to the Department of Defense.  The FBI maintains one of the world’s largest biometric databases, known as the “Next Generation Identification” system, but the FBI has resisted maintaining privacy safeguards.  The Bureau previously proposed to exempt the database from many of the safeguards in the federal Privacy Act, which EPIC opposed.  Then EPIC, following a FOIA lawsuit, obtained documents that revealed an error rate up to 20% for facial recognition searches in the FBI database.  Now EPIC has filed an open government lawsuit to obtain a secret document that details the transfer of personal data in the FBI system to the Department of Defense.

Privacy made public.
Federal Privacy Council Online Law Library
by Sabrina I. Pacifici on Nov 14, 2016
“The Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf.
   The Law Library is a compilation of information about and links to select Federal laws related to the creation, collection, use, processing, storage, maintenance, dissemination, disclosure, and disposal of personally identifiable information (PII) by departments and agencies within the Federal Government.  The Law Library does not include all laws that are relevant to privacy or the management of PII in the Federal Government.  The Law Library only includes laws applicable to the Federal Government.

I wonder if this is more common in Washington and the surrounding area?
Matt Apuzzo and Michael S. Schmidt reports:
For about $50, you can get a smartphone with a high-definition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours.
Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages.  The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence.
Read more on the New York Times.

Never touch your touch screen without wearing Bob’s genuine non-latex gloves!  Only $29.95 a pair!  Guaranteed to fit any hand, even OJ’s!   
The Grime on Your Smartphone Can Reveal Your Secrets
   By taking just a quick swab of the chemical residue on a smartphone, scientists at the University of California, San Diego, could construct a lifestyle sketch of the phone's owner, including his or her diet, health status, locations visited and even preferred hygiene products.
The researchers said they see a range of possible uses for such an analysis, from criminal profiling and forensics to health studies that monitor a person's exposure to toxins or adherence to a medicine regimen.
   He said the technique can become more powerful as more molecules are added to the reference database, which his group has developed and expanded via crowdsourcing.  Dorrestein added that the researchers are interested in the molecules of the most common foods, clothing materials, carpets, wall paints and anything else people come into contact with.

Could this be easily spoofed?  It’s only a color ‘flag.’  Perhaps a customer name would be better insurance against hackers? 
Lyft Sees Cash in Dashboard Flash
   About the size of a remote control, Lyft’s new “Amp” device can display six different colors to passengers awaiting a ride.  Once a rider has entered the vehicle, an inward-facing LED screen can display a preset greeting, such as “Happy New Year.”
   The new device is a blunt instrument in the war with Uber to attract more drivers and passengers after Lyft’s chief rival rolled out an overhauled app earlier this month.  It could also be a savvy, albeit expensive, way for Lyft to get a piece of hardware into cars it doesn’t own, if, say, it one day wants to show advertising or anything else it might dream up.  

Dick Tracy technology is finally here!
WhatsApp Adds Video Calling to iOS, Android and Windows Phones
WhatsApp, the massively popular messaging app owned by Facebook Inc., is adding video calling to its smartphone app across three operating systems: Apple Inc.’s iOS, Alphabet Inc.’s Android and Microsoft Corp.’s Windows smartphone OS.
   Like Apple’s FaceTime and iMessage apps, WhatsApp offers a security feature called end-to-end encryption that’s turned on by default for text, voice and now video messaging.  End-to-end encryption means the transmission is encrypted even on WhatsApp’s own servers, so it would be equally obscured from hackers and government agencies, and would be hard for WhatsApp to divulge, even with a court order. [Nothing unique…  Bob]   

(Related)  When you feel someone gaining on you, release some new features!
You can now use Skype without an account
Microsoft is making Skype a little easier to use without the need for a full account.  While Skype has allowed group chats with guests, Microsoft is now enabling all of Skype's audio and video calling features to be used without an account.  Skype users can create a special conversation that link that can now be shared with anyone to enable messaging, voice / video calling, and screen sharing, all free without an account.
Skype without an account works on the web, and up to 300 people can participate in a Skype group chat, with up to 25 people on a voice or video call.

(Related) Why encryption is increasingly common.
Silencing the Messenger: Communication Apps Under Pressure
·         Internet freedom around the world declined in 2016 for the sixth consecutive year.
·         Two-thirds of all internet users – 67 percent – live in countries where criticism of the government, military, or ruling family are subject to censorship.
·         Social media users face unprecedented penalties, as authorities in 38 countries made arrests based on social media posts over the past year.  Globally, 27 percent of all internet users live in countries where people have been arrested for publishing, sharing, or merely “liking” content on Facebook.
·         Governments are increasingly going after messaging apps like WhatsApp and Telegram, which can spread information quickly and securely.

Mess with your paper money, drive people to e-money?
Paytm hits record 5 mn transactions a day
Buoyed by a sudden surge in demand for digital transaction, India’s largest mobile payments platform Paytm said it has touched a figure of five million payment transactions per day. 
Following the ban on Rs 500 and Rs 1,000 notes, mobile wallets, debit and credit cards, online money transfers have seen a rise of 200%, industry experts have observed.

Interesting.  Can Walmart control workers outside the store or in their homes?
Wal-Mart Tells Workers: Don’t Download Labor Group’s Chat App
Wal-Mart Stores Inc. is warning store workers not to download a smartphone app designed by OUR Walmart, an organization that advocates for higher pay and other benefits, as the battle between employers and labor groups increasingly shifts to social media.
The app, released on Android phones Monday, allows Wal-Mart store employees to chat among themselves and receive advice on workplace policies or legal rights, said leaders from OUR Walmart on a conference call.
Wal-Mart has instructed store managers to tell their employees that the app wasn’t made by the company and described it as a scheme to gather workers’ personal information, [Well, is it?  Bob] according to a document viewed by The Wall Street Journal.
   OUR Walmart developed the WorkIt app with Quadrant 2, a New York City-based software development company that has designed products for companies and activist organizations including the American Civil Liberties Union.
The app uses International Business Machines Corp.’s Watson artificial-intelligence technology to build a set of answers to employee questions over time, said Jason Van Anden, founder of Quadrant 2.  If Watson is stumped “there is a peer network of experts that will interact with the users,” said Mr. Van Anden.  

I wonder what took them so long?  You would think they would want to be seen as defenders of their sellers and buyers…
Amazon files its first-ever lawsuits against alleged sellers of counterfeit goods
   The suits, filed in King County Superior Court in Seattle, are believed to be the first time Amazon has sued third-party sellers over the alleged sale of counterfeit goods on its site.
In the past, Amazon itself has been sued by sellers who alleged that the company was partially responsible for enabling the sale of counterfeit goods infringing on their intellectual property.
Here are the lawsuits as filed by the company.

Like many of the second tier credit cards. 
Samsung Pay Rewards Program Brings Unprecedented Incentives For A Digital Wallet: Here's How It Works
   The new Samsung Pay rewards program, aptly named Samsung Rewards, offers various perks whenever users pay for stuff using the service online or at retail stores in the United States.
   The rewards program is pretty straightforward and easy to grasp, functioning in a way similar to regular banking cards that give users points whenever they make a purchase.  Buying more stuff with Samsung Pay earns more points, which can then be used toward bonuses such as other Samsung products, gift cards for select stores and a Visa prepaid card.

“Yeah we hate him, but now that he’s been elected…”
Here's what 40 internet companies want Trump to do
In July, 145 tech leaders called Donald Trump "a disaster for innovation."  But now that he's been elected president, some of those companies are trying to appeal to his good graces.
The Internet Association -- a group of 40 top internet companies including Airbnb, Amazon, Facebook, Google, LinkedIn, Netflix, Twitter, Uber and Yahoo -- issued an open letter on Monday that congratulates Donald Trump on his victory and offers a long list of policy positions they hope he'll consider during his time as president.

Perspective.  I too believe the perfect hamburger is more important than trivial matters like curing cancer or world peace.  
A Perfect Burger: The Holy Grail of Food Delivery
   With flourishes like truffle butter, veal jus, slabs of bacon and soft pretzel buns, fast-casual and higher-end restaurants have elevated the once humble burger to cult status.  But fancier ingredients also up the risks of a burger gone wrong, creating challenges for delivery services.
As food delivery services explode, so have burger cravings.  On GrubHub, one of the largest digital food delivery companies in the U.S., the average price per burger is $9.52 in New York, $9.44 in Los Angeles and $8.40 in Dallas, according to Stan Chia, the company’s senior vice president of operations.
   In the U.S., GrubHub says it sees hundreds of thousands of orders a month, while burgers were the second-most popular item in 2015, behind french fries, purchased on DoorDash, a delivery company that operates in several U.S. states.
And in London, burgers are the most-searched item on UberEATS, says Toussaint Wattinne, general manager of the delivery service app from transportation company Uber.  Deliveroo says burgers are among the top three cuisines in 90% of over 110 cities where it operates in Europe, Asia and Australia.

Does this mean they will ban The Onion?
Facebook Joins Google With Updated Policy Restricting Ads on Fake News Sites