Saturday, December 31, 2016

Several things in this article strike me as odd.  
Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say
A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.
While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid.  And it raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks.  
   Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems.  The firm said it took immediate action to isolate the laptop and alert federal authorities.
Friday night, Vermont Gov. Peter Shumlin (D) called on federal officials “to conduct a full and complete investigation of this incident and undertake remedies to ensure that this never happens again.” [Do the Feds have any responsibility (or capability) to fix problems like this?  Bob]

(Related).  I wanted to know when this happened, but all I could find was a note on their website that says they were notified by DHS on the 29th.  Sounds like a general advisory, not a “you have been hacked” notice.  Good on Burlington if that caused an immediate scan of their computers, but something still sounds “off” to me.   
Burlington Electric Department
On Thursday night, December 29th, the Burlington Electric Department was alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks.  We acted quickly to scan all computers in our system for the malware signature.  We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems.


Why it is good to have degrees in technology.
Wharton – Why the Coming Jobs Crisis Is Bigger Than You Think
by Sabrina I. Pacifici on Dec 30, 2016
Podcast and Transcript via Wharton – “The incoming Trump administration has made job creation a national priority . But here is a sobering prediction: No matter which political party holds the White House or Congress, over the next 25 years, 47% of jobs will likely be eliminated by technology and globalization, according to WorkingNation.  It’s a phenomenon called “structural unemployment” and it affects nearly all industries and even white-collar workers.  Venture capitalist Art Bilger founded WorkingNation to sound the alarm about the coming crisis and to spark discussions about potential solutions.  Bilger believes the nature of employment is fundamentally changing and cannot be reversed.  But workers, businesses and the government can prepare for it if they work together — starting with stepped up infrastructure spending that has bipartisan support.  He recently joined the Knowledge@Wharton Show, which airs on Sirius XM channel 111, to discuss his prescription for ameliorating the coming jobs crisis, and what his organization and others have tried so far.”


There’s an Office of Government Ethics?  Who knew? 
Email reveals Government Ethics director ordered tweets praising Trump
The director of the U.S. Office of Government Ethics personally ordered tweets praising President-elect Donald Trump for claims he would leave his business to avoid conflicts of interest.
In emails obtained through a Freedom of Information Act request by dozens of media organizations, agency director Walter M. Shaub asked for the tweets to be posted on the OGE’s official Twitter account, approving of the specific wording of each tweet.
   After the tweets, many initially speculated that the agency's account had been hacked.  A statement from the agency's spokesman confirmed that the tweets were legitimate.


Because once you are addicted, no amount of data is enough.
Facebook buys data on users' offline habits for better ads
At this point, it's well-known that Facebook is as much an advertising company as it is a social network.  The company is probably second only to Google in the data it collects on users, but the info we all share on the Facebook site just isn't enough.  A report from ProPublica published this week digs into the vast network of third-party data that Facebook can purchase to fill out what it knows about its users.  The fact that Facebook is buying data on its users isn't new -- the company first signed a deal with data broker Datalogix in 2012 -- but ProPublica's report nonetheless contains a lot of info on the visibility Facebook may have into your life.
   To be clear, the majority of the information that Facebook gathers comes directly from how its users interact with the site: ProPublica found that of the 29,000 categories Facebook provides to ad buyers, only 600 of them came from third-party data providers


Perspective.  Can we generalize from this for other industries?
BMW is one of the best car makers on the planet.  It is also thinking seriously about what digital transformation means for the car business.
   And yet BMW is still not making full use of digital business strategy – nor are any other car makers.
Consider: BMW charges €360 to unlock the ability to access the apps on the Connected Drive.  Some apps (e.g. Remote Services) cost €80 and others (e.g. Real Time Traffic Information) can be rented for €45 over 6 months.  If one spends a hefty amount of money on a new car, paying €80 or €45 for an app doesn’t seem too expensive, but needing to pay €360 to just activate the ability to download the apps seems totally wrong.


For my geeks.
Today, we’re going to look at two massive course bundles that you can name your own price to get.  Pay as little as a dollar, and you’ll get a few of the courses.  If you beat the average, you’ll get them all.
First, we have a bundle that’ll get you into the world of ethical hacking.  It features seven massive courses.  There’s also a bundle that’ll get you started writing code.  It features a staggering 10 courses on everything from JavaScript to Python!

(Ditto)
Cardboard is the simplest and most affordable way to try virtual reality today.  There’s already so much content for Android devices (it works on iPhone too), and it’s getting better all the time.


I need something like these for my students, but aimed a bit higher.
A Cute Video About Email Etiquette for Students
   One good example of this can be found in Emailing Your Teacher, With Captain Communicator.  The short video features two students demonstrating how to write an email to a teacher.  It's cute and well worth 90 seconds of your time.

Friday, December 30, 2016

For my Computer Security students.
Site documents biggest data breaches in history
by Sabrina I. Pacifici on Dec 29, 2016
Biggest data breaches in history – Dave Albaugh – Data breaches, 2004-2016 – “With a history of more than 5,000 data breaches over the last 12 years, it’s a safe bet that any electronic information relating to you is either at risk or has already been compromised at least once.  As James Comey, the director of the FBI puts it, “there are two kinds of companies.  Those that have been hacked and those that don’t know yet that they’ve been hacked.  Data breaches that leaked over 10 million records between 2004 and 2006.  Note that “records” is a loose term and does not necessarily refer to individual user accounts….”


Also: Computer Security related.  Do we ever learn?  
Woodrow Hartzog and Danielle Citron write about what we can learn from the recent settlement with Ashley Madison by the FTC and state attorneys general.
They discuss:
  • Privacy is for everyone
  • Harm from a data breach is about much more than identity theft
  • Privacy law and policy must confront the design of technologies
  • The FTC’s cooperation with state attorneys general and the Canadian government is a good thing for privacy enforcement
  • This is the first FTC complaint involving lying bots. There will be more.
Read their discussion of these points on Ars Technica.


For my Data Management students.
Tesla's autonomous-car efforts use big data no other carmaker has
In the automotive industry, Tesla is a leader in many respects—but it's hardly head-and-shoulders above the rest when it comes to self-driving cars.
The Silicon Valley automaker is developing fully autonomous cars, but it's part of a crowded field that includes many other automakers and a handful of rich tech companies as well.
Still, Tesla's technical approach may give it an advantage over its numerous competitors.
   Autopilot does not provide fully autonomous driving at present, but since Tesla began installing the system in its electric cars in late 2015, the system has delivered data on 1.3 billion miles of driving, according to Bloomberg.
This data is valuable because it allows Tesla's engineers to fine-tune the algorithms that control its cars' active-safety systems, which will underpin future full autonomy.
   Since the launch of Autopilot, Tesla has discussed "fleet learning" as a way to improve the system, and has set up a vast data funnel to enable that.
Even cars that are not equipped to use Autopilot transmit travel data back to Tesla, once the owner gives permission.
The 1.3-billion-mile figure quoted by Bloomberg includes miles driven in cars equipped with Autopilot even if it's switched off, because those cars transmit data on driver behavior just the same.
   Because its development efforts are linked to production cars in the hands of customers driving hundreds of thousands of miles a day, Tesla has access to substantially more data than competitors whose only data is from limited test programs in a few dozen prototype vehicles.
Since 2009, the Google self-driving cars have covered 2 million real-world miles with human overseers onboard, according to Morgan Stanley.


Interesting.  No hacking back?  Keep our abilities hidden until we need them? 
Obama Strikes Back at Russia for Election Hacking
President Obama struck back at Russia on Thursday for its efforts to influence the 2016 election, ejecting 35 suspected Russian intelligence operatives from the United States and imposing sanctions on Russia’s two leading intelligence services.
The administration also penalized four top officers of one of those services, the powerful military intelligence unit known as the G.R.U.

(Related). 
Vladimir Putin Won’t Expel U.S. Diplomats as Russian Foreign Minister Urged
In a head-spinning turn of events on Friday, President Vladimir V. Putin of Russia announced that he would not retaliate against the United States’ expulsion of Russian diplomats and new sanctions — hours after his foreign minister recommended doing just that.
Mr. Putin, apparently betting on improved relations with the next American president, said he would not eject 35 diplomats or close any diplomatic facilities, a proposed tit-for-tat response to actions taken by the Obama administration a day earlier.

(Related).  The Joint Analysis Report

(Related).  Even more…


Being the biggest does not mean you are the careful-est.  
Run-D.M.C. Sues Amazon, Walmart for More Than $50 Million Over Trademark Infringement
Run-D.M.C. has filed a lawsuit against Walmart, Amazon, Jet and a number of others for more than $50 million over alleged trademark infringement on products using the iconic hip-hop group's name and logo without permission. 
The suit was filed Thursday (Dec. 29) in New York and also names a number of the companies selling the products through those online marketplaces, as well as 20 John Does, saying they "trade on the goodwill of RUN-DMC."  It explains that some of the allegedly infringing products claim to be "RUN-DMC styled products" such as fedora hats and square-frame sunglasses that use the group's name in their title or description but not the logo.  Meanwhile, others more blatantly use the group's famous logo on shirts, purses, patches and other products.
   Last month, Amazon filed its first ever lawsuits against merchants selling counterfeit items on its marketplace. 


New term: “tweeter-in-chief”
WSJ – How to Tweet if You’re in Government and Not Donald Trump
by Sabrina I. Pacifici on Dec 29, 2016
How to Tweet if You’re in Government and Not Donald Trump: Write, Review, Edit, Seek Approval, Wait, Edit, (Maybe) Send (sub. re’d)by Aruna Viswanatha and Natalie Andrews: “In 2010, a top Justice Department official told the agency’s divisions they could set up Twitter accounts and he convened a ‘working group’ to provide guidance on what, when and how the agency could tweet.  They’re still working on it. President-elect Donald Trump is poised to become the first tweeter-in-chief, an executive comfortable making pronouncements on policy or companies with 140 characters.  He will assume control of a federal bureaucracy that tries very hard to do the exact opposite, one that muffles its social-media presence under pages of rules to avoid making waves…”


Perspective.  Podcast.
How Technology Shocked the Entertainment Industry
   We have online platforms like Netflix, which not only have become very powerful when it comes to content distribution, but they’re also now getting into content production.  They have deep financial pockets and the ability to know their consumers because they have consumer-specific data.  They know what people are watching, at what time, what they like, what they don’t like.  They’re using that information in both creating the content and distributing the content.
   How the labels and artists are making money is so different than 15 years ago.  Fifteen years ago, CDs made the money and concerts were the way you advertise the CDs.  Today, concerts make the money and CDs are a way to advertise concerts.  It’s literally a 360-degree change.

(Related). 
Old-Line Companies Like Wal-Mart and GM Acquire Taste for Tech Startups
In late 2015, a commuter-shuttle startup caught the attention of Ford Motor Co.executive John Casesa, who runs global strategy for the auto maker.  The startup, called Chariot, was growing fast and had an interesting crowdsourced reservation model, a staffer told him, suggesting a meeting.
One year and a $65 million deal later, the San Francisco van service is owned by the Detroit giant—part of an acquisition-fueled push into new areas as an uncertain and perhaps driverless future looms.
“We are in an era in our industry where M&A will be a frequently used instrument,” Mr. Casesa said.


Stuff for our programing students?  (Not for our Math students)
Great Ideas for Using Scratch in Elementary Math - Best of 2016
Last month I received an email from Jeffery Gordon in which he shared with me an online binary calculator that he created for his students.  When I asked him for more information about the calculator and what he was teaching in general, he shared another cool resource with me.  That resource is ScratchMath.
ScratchMath, written by Jeffery Gordon, is a free ebook filled with examples of using Scratch in elementary school math classes. The examples are Scratch models through which students can learn concepts dealing with place values, multiplication, and division. Each example includes the steps that need to be completed in Scratch to create models like a multiplication array, a divisibility checker, and factoring game.
For folks who are not familiar with Scratch, it is a free programming tool designed for students between the ages of eight and sixteen although it has been successfully used by younger and older students.  Scratch uses a visual interface that helps students see how the parts of a program fit together to create a final product.  Students create programs by dragging and dropping commands into a sequence.  Programs that students create can vary from simple animations to complex multiplayer games.  Visit the Scratch Educators page to learn more about how to use it in your classroom.


Keeping up.
OED New words list December 2016
by Sabrina I. Pacifici on Dec 29, 2016
Oxford English Dictionary – New words list December 2016 – List of new word entries [note – YouTuber is a new word that was added to the OED, joining Brexit and hackathon, among many others.
In addition to revised versions of Second Edition entries, these ranges contain the following new entries:


Another toy for my geeks?
Blynk is an Internet of Things (IoT) service designed to make remote control and reading sensor data from your devices as quick and easy as possible.  In this article we will cover exactly what Blynk is, how it works, and provide two short example projects on different uses of the service with NodeMCU and Raspberry Pi development boards.


A research tool for all my students.
New on LLRX – What is RSS and How to Use it Effectively
by Sabrina I. Pacifici on Dec 29, 2016
Via LLRXWhat is RSS and How to Use it Effectively – This guide by Pete Weiss – expert listserv manager, communication device integrator, and newswire publisher/editor – provides researchers with an overview of why you should use RSS, along with step by step examples of how to implement this application which should be part of your knowledge gathering and current awareness toolkit.

Thursday, December 29, 2016

Does this have a basis in the US Cyber Security strategy?  Apparently not.
Obama to Announce Retaliation Against Russia for Election Hacks
The Obama administration is thought to be finalizing its response to Russian interference in the 2016 election.  This could include any combination of economic sanctions, criminal indictments or a cyber response -- but the intention is to get something in place that cannot easily be rolled back by President-elect Donald Trump. [That seems rather petty.  Bob]  Details could be announced as early as this week.
Government agencies have concluded that Russia, likely with the personal direction of Vladimir Putin, were behind the DNC hacks earlier this year.  This is thought to be part of a wider 'disinformation' campaign designed to support Trump over Clinton.  Similar disinformation concerns have been raised in Germany over next year's German elections.
One of Obama's problems is that he has limited means to invoke retaliation at this stage of his presidency.  A 2015 executive order allows sanctions against people who harm computer systems that are part of the US critical infrastructure (CI) or seek to gain competitive advantage through the cybertheft of commercial information; but elections have not been considered part of the CI.

(Related).  On the other hand…
Video – How 60 ambiguous words gave the United States’ president unprecedented war power
by Sabrina I. Pacifici on Dec 28, 2016
‘The President is authorised to use all necessary and appropriate force against those nations, organisations, or persons he determines planned, authorised, committed, or aided the terrorist attacks that occurred on September 11, 2001, or harboured such organisations or persons, in order to prevent any future act of international terrorism against the United States by such nations, organisations or persons.’
“Written in haste and passed by the US Congress in the days after 11 September 2001, the ambiguously worded Authorisation for the Use of Military Force (AUMF) greatly expanded the war powers of the executive branch, granting US presidents the choice to bomb, raid, detain and monitor nation states and organisations around the world as they see fit.  Centred around an interview with Representative Barbara Lee, the sole member of congress to vote against the AUMF, War Authority examines how the authorisation’s vague language – invoked at least 18 times by the former president George W Bush, and at least 19 times by President Barack Obama – has shaped modern US foreign policy and affected people around the world.” Director: Matthew Palmer.

(Related).  Release of the information would reduce speculation of a political rather than logical “conclusion.” 
Intel agencies sued for records on Russian election interference
by Sabrina I. Pacifici on Dec 28, 2016
Follow-up to previous posting – Unreleased CIA assessment concludes Russia aided Trump – via The Hill – Lydia Wheeler, December 27, 2016:  “A lawsuit has been filed against the CIA, the FBI, the Department of Homeland Security and the Office of the Director of National Intelligence seeking records pertaining to Russia’s interference in the presidential election.  Journalist Jason Leopold and Ryan Shapiro, a Ph.D. candidate at the Massachusetts Institute of Technology (MIT), filed a lawsuit in the U.S. District Court for the District of Columbia on Monday asserting that the agencies have failed to comply with their request for documents under the Freedom of Information Act (FOIA).  Earlier this month, the CIA reportedly concluded in a secret assessment that Russia had intervened in the presidential election to help President-elect Donald Trump defeat Democratic nominee Hillary Clinton.  That assistance, officials believe, included the hacking of Democratic email accounts…”


Russia is a member of the OSCE.  Did they think they were being lied to or that OSCE was withholding information?  
DW reports:
The Organization for Security and Cooperation in Europe (OSCE) confirmed on Wednesday that it has been the target of a “major security information incident.”
The international security and human rights watchdog became aware of the security breach in November.  According to an OSCE spokesperson, the systems are now safe.
“We were given entirely new security systems and passwords,” she added.
Read more on DW.  And yes, the Russians have been blamed for this, too, by an “unnamed Western intelligence agency.”  It would be nice if the “unnamed Western intelligence agency” would respond to FOIA requests made by others for you know, records providing actual proof….


Something I could ask my Computer Security students to use when analyzing security breaches?  Sounds like fun to me!
FDA Releases Guidance for Medical Device Cybersecurity
The U.S. Food and Drug Administration (FDA) has released guidance on the postmarket management of cybersecurity for medical devices, encouraging manufacturers to implement security controls that cover products throughout their entire life cycle.
In 2014, the FDA released guidance for the premarket management of cybersecurity.  The recommendations include limiting access to trusted users via various authentication methods, ensuring that only authorized firmware and software can be installed, and implementing features for cyber incident detection, response and recovery.
The new guidance issued by the FDA focuses on managing cybersecurity risks after the devices have been deployed on a hospital’s network, a patient’s home network, or in a patient’s body.

(Related).  For example…
Add Desert Care Family & Sports Medicine in Casa Grande, Arizona to the list of health facilities who suffered a ransomware attack.  But what happened to them has resulted in my updating my worst breaches of 2016 list.
On December 20, the center notified HHS that 500 patients were being notified that their server had been infected in August 2016.  Of note, not only were the data on the server encrypted – including patient records – but Desert Care took the server to several IT specialists who were all reportedly unable to break the encryption.
“As a result,” their patient notification letter explains, “the server remains locked and encrypted by the ransom ware, and patient records are unavailable.”
They do not explain whether they paid the ransom, and if they didn’t, why they hadn’t once they determined that they could no longer access patient records.  And for the center to write that three months after a ransomware attack, “patient records are unavailable” raises several additional questions, including whether there had been any backup, and if so, what happened to it (and if there was no backup, why not)?
Information on the server included patient’s “full name date of birth, home address, account number, diagnosis, types of treatment information, disability codes, etc.”
To add to their regulatory woes, not only was the center unable to recover access to their patient records, but they were also unable to determine if patient records were exposed or acquired.
“We have not received any indication that the information on the server has been accessed or used by an unauthorized individual, but Desert Care cannot be sure of this, so it is providing you with this notice out of an abundance of caution,” they write.
DataBreaches.net sent an inquiry to the center asking whether they were subsequently able to determine what type of ransomware was involved, and whether they had any backup of their patient records, as their statement seems to suggest that there may be no backup that they could use to recover patient information.
This post will be updated if a response is received.


Insider trading or AI trading.  Will the SEC believe me when I claim superior Watson made me do it?
Unusual trading activity in Kate Spade ahead of headlines about potential sale
Minutes before Dow Jones reported that Kate Spade is exploring a sale of its business, one options trader purchased nearly 2,000 calls in the accessories label — resulting in a quick $320,000 profit.
According to CNBC "Fast Money Halftime Report" trader Jon Najarian, thousands of Kate Spade's call options were purchased at 12:23 p.m. ET Wednesday — roughly 10 minutes before headlines of a potential sale hit.
   When options activity spikes ahead of an announcement, it can indicate that someone had inside information.  Kate Spade has been under pressure to sell its business, after activist firm Caerus Investors suggested the company do so last month.


It’s not SciFi, it’s just Amazon!  These could also replace the Goodyear blimps at some future Superbowl. 
Amazon files patent for flying warehouse
Amazon has filed a patent for massive flying warehouses equipped with fleets of drones that deliver goods to key locations.
Carried by an airship, the warehouses would visit places Amazon expects demand for certain goods to boom.
It says one use could be near sporting events or festivals where they would sell food or souvenirs to spectators.
The patent also envisages a series of support vehicles that would be used to restock the flying structures.
Amazon air force
The filing significantly expands on Amazon's plans to use drones to make deliveries.  Earlier this month it made the first commercial delivery using a drone via a test scheme running in Cambridge.
In the documents detailing the scheme, Amazon said the combination of drones and flying warehouses, or "airborne fulfilment centres", would deliver goods much more quickly than those stationed at its ground-based warehouses.
Also, it said, the drones descending from the AFCs - which would cruise and hover at altitudes up to 45,000ft (14,000m) - would use almost no power as they glided down to make deliveries.
Many firms working on drones are struggling with ways to extend their relatively short range, which is typically dependent on the size of the battery they carry.
The patent lays out a comprehensive scheme for running a fleet of AFCs and drones.  It suggests smaller airships could act as shuttles taking drones, supplies and even workers to and from the larger AFCs.
   Amazon's patent was filed in late 2014 but has only now come to light thanks to analyst Zoe Leavitt from CB Insights who unearthed the documents.


Students ask about this all the time.
Learning to program may seem like a daunting task. Luckily, it’s not nearly as difficult as it seems. With a bevy of resources available both on and offline, dedicated communities, and experts to follow on social media, learning programming is much simpler than it used to be.


I know it’s unlikely, but my geeks might have missed one.  On the other hand, they research movies much more intensely than they do my homework assignments.


I’ve got lots of gamers.  I’m not sure how many developers I have.  Let’s find out!
Do you have an idea for a game that’s been brewing in your mind for years?  What if I told you that you could make that idea come to life, even if you have no game development experience?  These days, anyone can make a video game with a bit of elbow grease and perseverance.
Of course, that doesn’t mean game development is easy.  Not by a long shot.  Even something as simplistic as Flappy Bird or Tetris can take a lot of time and effort to make it look and feel good.  But thanks to free game development software tools, a game that might’ve required one year can now be made in six months or faster — sometimes without any code!
Note that this list is ordered by least complex to most complex.  The simpler free game development tools are easier to pick up but have limitations.  As you go down the list, you gain more flexibility at the cost of a greater learning curve.

Wednesday, December 28, 2016

Is security worth as much as legal expertise?  Should it be? 
3 Men Made Millions by Hacking Merger Lawyers, U.S. Says
Law firms that advise on mergers once had to worry about a rogue employee trading on deal tips. Now, they have to worry about hackers doing the same.
Federal prosecutors in Manhattan have charged three Chinese citizens with making more than $4 million by trading on information they got by hacking into some of the top merger-advising law firms in New York.  The three men targeted at least seven New York law firms to try to obtain information about deals in the works, according to an indictment unsealed on Tuesday.
   “This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world,” Preet Bharara, the United States attorney in Manhattan, said in a statement.  “You are and will be targets of cyberhacking because you have information valuable to would-be criminals.” [If not, why spend time & money to keep it?  Bob]
   “Law firms have been identified as the weakest link, and it is great to see the U.S. attorney taking an interest,” said Daniel Garrie, a law firm security consultant.
   The indictment and the S.E.C. complaint detailed a number of major deals in which confidential information had been retrieved.  [Should be simple to identify the law firms involved.  Bob] 
   They were extraordinarily active in pursuing information.  The indictment says that from March to September 2015, the three men “attempted to cause unauthorized access to the networks and servers of the targeted law firms on more than 100,000 occasions.”  [Probably automated, so not really a lot of effort.  Bob]


I’d call this ‘behind the times.’
Eric Auchard reports:
Major travel booking systems lack a proper way to authenticate air travelers, making it easy to hack the short code used on many boarding passes to alter flight details or steal sensitive personal data, security researchers warned on Tuesday.
Passenger Name Records (PNR) are used to store reservations with links to a traveler’s name, travel dates, itinerary, ticket details, phone and email contacts, travel agent, credit card numbers, seat number and baggage information.
The six-digit codes act as pincodes for locating travel records, albeit with vital differences that make them highly insecure compared with even the simple usernames and passwords that consumers use to access email or websites, the researchers said.
Read more on Reuters.
[From the article:
Travelers will never know who accessed their information, because PNR data is not logged, the researchers said.  Users have no option to secure these codes themselves because the credentials are arbitrarily assigned by airlines using the booking systems.


For my Computer Security students.  Attacks are not just in the ‘backoffice’ anymore. 
IBM Reports Significant Increase in ICS Attacks
The number of attacks aimed at industrial control systems (ICS) increased by 110 percent in 2016 compared to the previous year, according to data from IBM Managed Security Services.
The company has attributed this significant increase to brute force attacks on supervisory control and data acquisition (SCADA) systems.
Attackers apparently used a penetration testing framework made available on GitHub in January 2016.  The tool, named smod, can be used to conduct a security assessment of the Modbus serial communications protocol and it includes brute-force capabilities.


And so begins a new chapter of ‘robots as witnesses.’
Amazon Echo murder case amplifies the question of what ‘always on’ really means
Some people have wondered if smart speakers like Amazon’s Echo devices, or its closest contender, the Google Home, are constantly capturing audio data, rather than just listening when the right wake word is uttered.  Now a court case is bringing the issue to the fore, and it could potentially show whether that’s actually happening.
The case, involving the investigation of a homicide in Bentonville, Arkansas, was unearthed earlier today by The Information.  (Hat tip to ZDNet’s Zach Whittaker for subsequently locating the case’s documents.)
   And both Amazon and Google allow users to delete voice recordings.  But consumers can only take companies at their word when they say the devices absolutely do not record when they are muted and have not been triggered with a wake word.
   But, as The Information points out, the case is “due to go to trial” early in 2017.  That could shed more light on the data collection norms of this trendy type of technology.  (Coincidentally, today Amazon said that the Echo and smaller Echo Dot were “the best-selling products across Amazon this year.”)
This case may end up raising questions about how much audio smartphones, tablets, and even earphones that listen for “OK Google” or “Hey Siri” are actually recording.


Perspective.  Auto manufacturers are expanding their scope.  What makes driving easier?  What do drivers do that auto manufacturers can tie into? 
VW to Purchase PayByPhone For Undisclosed Sum
Volkswagen AG’s financing arm has acquired a Canadian mobile payments company, the latest move by a car maker investing heavily to compete in a mobility arms race that is heating up in the auto industry.
The German auto maker’s Volkswagen Financial Services AG will dish out an undisclosed sum to acquire PayByPhone, a Vancouver-based company that allows people to pay for certain parking spaces by mobile apps, phone calls or texts. PayByPhone, founded in 2000, says it processes $300 million in transactions annually.
   Volkswagen wants access to proven technology to connect a variety of commerce opportunities and vendors to the cabin of a car and passengers looking for easier payment methods.  Whereas it is difficult to earn even a 10% profit margin on the sale of a car, some analysts and startup entrepreneurs estimate the margins that auto makers could reap on the selling of access to car owners and their data could exceed 75%.
   Audi, one of a dozen brands operated by Volkswagen, in January pledged $28 million to Silvercar, a startup that lets its customers book rental cars using a mobile app.
There have been a flood of unrelated transactions in the auto industry as Ford Motor Co., Toyota Motor Corp., BMW AG and others place financial bets on small startups in an effort to outrun Silicon Valley tech giants that are trying to reinvent automobiles.


Implications for my students?  Could this happen here? 
New on LLRX – Copyright is Not Inevitable, Divine, or Natural Right
by Sabrina I. Pacifici on Dec 27, 2016
Via LLRX.comCopyright is Not Inevitable, Divine, or Natural RightKen Sawdon discusses the implications of copyright lawsuit that was settled in India which had been brought by several large textbook publishers against a photocopying services that created student coursepacks for educational purposes only.
[From the article: 
The Delhi High Court dismissed the case and held that coursepacks and photocopies of chapters from textbooks are not infringing copyright, whether created by the university or a third-party contractor, and do not require a license or permission.  Beyond the immense benefits to students and academics, the ruling had some interesting wording that gained attention online.
   The university pointed to the existing copyright exceptions and the fact that the materials were clearly being used for educational purposes, not meant for commercial exploitation.


Useful?
LC Guide to Law Online
by Sabrina I. Pacifici on Dec 27, 2016
The Guide to Law Online, prepared by the Law Library of Congress Public Services Division, is an annotated guide to sources of information on government and law available online.  It includes selected links to useful and reliable sites for legal information.
Select a Link:
The Guide to Law Online is an annotated compendium of Internet links; a portal of Internet sources of interest to legal researchers.  Although the Guide is selective, inclusion of a site by no means constitutes endorsement by the Law Library of Congress.”


For my students.  (It can’t hurt!)
   Start by changing your mindset.  If you believe that strategic thinking is only for senior executives, think again.  It can, and must, happen at every level of the organization; it’s one of those unwritten parts of all job descriptions.  Ignore this fact and you risk getting passed over for a promotion, or having your budget cut because your department’s strategic contribution is unclear.
Know: Observe and Seek Trends
Think: Ask the Tough Questions
Speak: Sound Strategic
Act: Make Time for Thinking and Embrace Conflict


Some background for my Data Management students.
Unlocking Big Data for Operational Intelligence

Tuesday, December 27, 2016

For my Facebook using students.
The tool is called Predictive World and the premise is simple: log in using your Facebook account and it will pull information based on your profile.  (You can choose the more anonymous route and only enter your age and gender, but your predictions will be less accurate.)
After everything is analyzed, you’ll be able to explore dozens of statistics and predictions, including your life expectancy, your risk of being murdered in the next decade, how likely you are to take career risks, and even your entrepreneurial potential.
All of this is a collaborative project between the University of Cambridge and Watch Dogs 2, a game that explores the dangers of an increasingly interconnected world.


For my Computer Security students.


I’ll have to ask my students how augmented reality improves chats.
How One Israeli Tech Start-Up Could Change Snapchat As We Know It
Snapchat, a California-based messaging app platform, is set to buy Israeli augmented reality start-up Cimagine Media.
Cimagine created a technology — True Markerless Augmented Reality — that allows users to preview furniture and appliances they wish to purchase by virtually placing the objects in their homes via a mobile app.
   Experts note that while Cimagine has impressive technologies, it is likely their employees’ skills that drew Snapchat’s attention.


I’ll start adding these to my AI file.  Someday I hope to write an AI servant to do this for me.
Apple Publishes Its First Artificial Intelligence Paper
Apple has published its very first AI paper on December 22. (The paper was submitted for publication on November 15.)  The paper describes a technique for how to improve the training of an algorithm's ability to recognize images using computer-generated images rather than real-world images.  [Because ‘real’ is so unpredictable.  Bob] 


For my students who had better be researching! 
Anatomy of Scholarly Information Behavior Patterns in Wake of Social Media
by Sabrina I. Pacifici on Dec 26, 2016
Anatomy of Scholarly Information Behavior Patterns in the Wake of Social Media. Hamed Alhoori, Richard Furuta, Mohammed Samaka, Edward A. Fox.
“As more scholarly content is being born digital or digitized, digital libraries are becoming increasingly vital to researchers leveraging scholarly big data for scientific discovery.  Given the abundance of scholarly products-especially in environments created by the advent of social networking services-little is known about international scholarly information needs, information-seeking behavior, or information use.  This paper aims to address these gaps by conducting an in-depth analysis of researchers in the United States and Qatar; learn about their research attitudes, practices, tactics, strategies, and expectations; and address the obstacles faced during research endeavors.  Based on this analysis, the study identifies and describes new behavior patterns on the part of researchers as they engage in the information-seeking process.  The analysis reveals that the use of academic social networks has remarkable effects on various scholarly activities.  Further, this study identifies differences between students and faculty members in regard to their use of academic social networks, and it identifies differences between researchers according to discipline.  The researchers who participated in the present study represent a range of disciplinary and cultural backgrounds.  However, the study reports a number of similarities in terms of the researchers’ scholarly activities.  Finally, the study illuminates some of the implications for the design of research platforms.”


For my Ethical Hacking students.
Public HTTP API for software developers to search geolocation of IP addresses
by Sabrina I. Pacifici on Dec 26, 2016
freegeoip.net provides a public HTTP API for software developers to search the geolocation of IP addresses.  It uses a database of IP addresses that are associated to cities along with other relevant information like time zone, latitude and longitude.  You’re allowed up to 10,000 queries per hour by default.  Once this limit is reached, all of your requests will result in HTTP 403, forbidden, until your quota is cleared.  The freegeoip web server is free and open source so if the public service limit is a problem for you, download it and run your own instance.”

(Related).  This is ‘deep web’ not ‘dark web.’  Mr. Zillman’s lists are always impressive!
New on LLRX – Deep Web Research and Discovery Resources 2017
by Sabrina I. Pacifici on Dec 26, 2016
Via LLRX.com – Deep Web Research and Discovery Resources 2017 – This report and guide by internet guru Marcus P. Zillman provides researchers with a comprehensive and wide ranging bibliography of “deep web” data, information, documents, code, papers, applications and cutting edge tools.  They may be used individually, in groups and in combination, as key drivers to build approaches and queries to harness knowledge and information services that create strategic, actionable results for your clients, users and customers, across all communities of best practice.

Monday, December 26, 2016

An interesting future awaits!
Regulating Software When Everything Has Software
by Sabrina I. Pacifici on Dec 25, 2016
Ohm, Paul and Reid, Blake Ellis, Regulating Software When Everything Has Software (November 16, 2016).  George Washington Law Review, Vol. 84, No. 6, 2016.  Available for download at SSRN: https://ssrn.com/abstract=2873751
“This Article identifies a profound, ongoing shift in the modern administrative state: from the regulation of things to the regulation of code.  This shift has and will continue to place previously isolated agencies in an increasing state of overlap, raising the likelihood of inconsistent regulations and putting seemingly disparate policy goals, like privacy, safety, environmental protection, and copyright enforcement, in tension.  This Article explores this problem through a series of case studies and articulates a taxonomy of code regulations to help place hardware-turned-code rules in context.  The Article considers the likely turf wars, regulatory thickets, and related dynamics that are likely to arise, and closes by considering the benefits of creating a new agency with some degree of centralized authority over software regulation issues.”


For my Computer Security students.
Free security tools to support cyber security efforts
There are more free information security tools out there than you can highlight with a fist full of whiteboard pointers.
   A few important categories include threat intelligence tools, tools to build security in during the development stage, penetration testers, and forensics tools.
Threat intelligence tools
Development tools
Penetration / PEN testers
Forensic tools


Perhaps I have a future as a Director?
Corporate boards aren't prepared for cyberattacks
Despite the scale and potential harm from such attacks, there's wide recognition that corporate leaders, especially boards of directors, aren't taking the necessary actions to defend their companies against such attacks.  It's not just a problem of finding the right cyber-defense tools and services, but also one of management awareness and security acumen at the highest level, namely corporate boards.
   "Some organizations do a better job than others, but those efforts are almost always led by CIOs, CISOs or business line managers and not by corporate boards, CEOs and executive management throughout government and the private sector," Litan added.
   The National Association of Corporate Directors (NACD) recently released a survey of more than 600 corporate board directors and professionals that found only 19% believe their boards have a high level of understanding of cybersecurity risks.  That's an improvement from 11% in a similar poll conducted a year earlier.
The survey also found that 59% of respondents find it challenging to oversee cyber risk.


Another of those (somewhat) useful or interesting things that come at year-end.
17 incredibly useful Google products and services you didn't know existed