Sunday, December 31, 2017
Looks like everyone is on vacation.
Not everyone sees it this way.
More on a case and opinion previously noted on this site. It’s a useful short version or recap for those who didn’t follow the case. Max Miller reports:
A trio of Wyoming Supreme Court decision released Dec. 19 have established an avenue for plaintiffs to collect damages for privacy invasion in the Cowboy State for the first time.
In the cases, Casper area residents Steve Winn, Audrey Kinion and Gretchen Howard had separately filed suit against defendant Aaron’s Sales and Leasing, franchised by Aspen Way Entertainment, Inc.
The rent-to-own company had invaded their privacy, the plaintiffs asserted, by renting them laptop computers which came with software pre-installed to track physical location, monitor key-strokes, capture screen shots and remotely activate the devices’ webcams.
Read more on Cody Enterprise.
[From the article:
First in Natrona County Circuit Court, and then in Wyoming’s Seventh District Court before judge Catherine Wilking, Aspen Way argued successfully that Wyoming law recognizes no such right to privacy and therefore the consumers lacked standing to sue.
The Supreme Court decision reverses those findings, and sends the cases back to Circuit Court for further adjudication.
The decision, written by Justice William Hill, due to retire in February, finds that many other jurisdictions recognize a right to privacy even in the absence of specific legislation codifying such a right.
Anything here suggest they won’t keep doing it?
What Russian Journalists Uncovered About Russian Election Meddling
Saturday, December 30, 2017
So that’s what a Nigerian Prince looks like!
‘Nigerian prince’ email scammer arrested in Slidell
A 67-year-old Slidell man who served as a go-between for an international team of scammers running a “Nigerian prince” email scheme has been arrested after an 18-month investigation.
Michael Neu, who is neither Nigerian nor a prince, has been charged with 269 counts of wire fraud and money laundering.
Neu helped shuttle fraudulently obtained money to his co-conspirators, some of whom actually do live in Nigeria, according to the Slidell Police Department.
The ubiquitous scheme, which begins when an email is sent to an unsuspecting recipient the scammers claim has been named as the beneficiary in a will, is designed to collect personal information that is then used to steal money and identities online.
There is some good stuff here. Not everyone responds this way.
Jason’s Deli (www.jasonsdeli.com) is a family owned business known for high-quality food and catering services for over 40 years. It is headquartered in Texas and operates or franchises 266 restaurants in 28 states, with a reputation for award-winning quality and a strong relationship with our customers.
On Friday, Dec. 22, 2017, our company was notified by payment processors – the organizations that manage the electronic connections between Jason’s Deli locations and payment card issuers – that MasterCard security personnel had informed it that a large quantity of payment card information had appeared for sale on the “dark web,” and that an analysis of the data indicated that at least a portion of the data may have come from various Jason’s Deli locations.
Jason’s Deli’s management immediately activated our response plan, [No one mentions that they actually have a plan, perhaps because they do not? Bob] including engagement of a leading threat response team, involvement of other forensic experts, and cooperation with law enforcement. Among the questions that investigators are working to determine is whether in fact a breach took place, and if so, to determine its scope, the method employed, and whether there is any continuing breach or vulnerability.
… Customers or financial institutions with any questions should contact firstname.lastname@example.org or 409-838-1976.
… We appreciate the dedication of our employees and others who are working during their Christmas break to respond to this matter and protect our customers, and we thank them and their families for their sacrifice. Most importantly, we appreciate the trust our customers place in us, and we regret any inconvenience that some may experience, especially during the holidays. Thank you for your support and understanding.
Nice of them to thank the employees like that.
If this is confirmed as a breach of their system, this would not be the first time. In September, 2010, this site reported on a malware incident involving them.
A couple are new to me! But then, I haven’t taught websites in years.
… The best thing about online HTML editors is that they run directly in your web browser. Your web browser is the best and most relevant tool for processing and rendering HTML code. That is, after all, its entire purpose and reason for being.
Which means that your web browser is best-equipped for real-time previews of HTML. When you write web markup in a standalone editor like Notepad or TextEdit, you have to save changes to a file, then load the file in your web browser, then review it, then switch back to the editor for more changes, rinse and repeat. It’s a clunky and cumbersome process.
An online HTML editor can dynamically refresh itself as you write and change the markup. There is no need to flip back and forth between windows. You tweak the HTML on one side, the changes automatically occur on the other side.
Be careful what you Tweet for. If you make Jeff Bezos angry, he may initiate a hostile takeover bid for the Post Office.
Cheap Amazon shipping leaves the Postal Service ‘dumber and poorer,’ Trump says
President Trump on Friday called for the U.S. Postal Service to raise the shipping rates that it charges Amazon.com, the online retailer, in a deal that he said disadvantages the federal agency.
… It's just the latest in a series of digs by the president at Amazon, whose chief executive, Jeffrey P. Bezos, owns The Washington Post.
Coming soon to a supermarket near you?
Kroger’s mobile scanning tech will cut checkout lines in 2018
Kroger plans to expand use of technology that enables customers to scan products as they’re put into the shopping cart, eliminating the need to stand in traditional checkout lines.
… The customer then pays at a self-checkout destination, greatly reducing the wait time since the items have already been scanned (and potentially bagged).
Friday, December 29, 2017
Any election in any country (if connected to the Internet at any point) is hackable.
Why the 2018 Midterms Are So Vulnerable to Hackers
The first primary of the 2018 midterm elections, in Texas, is barely eight weeks away. It’s time to ask: Will the Russian government deploy “active measures” of the kind it used in 2016? Is it possible that a wave of disinformation on Facebook and Twitter could nudge the results of a tight congressional race in, say, Virginia or Nevada? Will hackers infiltrate low-budget campaigns in Pennsylvania and Nebraska, and leak their e-mails to the public? Will the news media and voters take the bait?
By most accounts, the answer is likely to be yes—and, for several reasons, the election may prove to be as vulnerable, or more so, than the 2016 race that brought Donald Trump to the White House.
The future, for my Computer Security students.
Key trends shaping technology in 2017
Oil just got a bit more expensive. Interesting that the Treasury released the satellite images. Didn’t know they had spy satellites. It was South Korean oil, which must have made the South even madder!
South Korea seizes ship it claims transferred oil to North Korea
South Korea has seized a Hong Kong-registered ship that allegedly transferred oil to a North Korean vessel in violation of United Nations sanctions.
The South Korean Foreign Ministry said the Lighthouse Winmore left the port of Yeosu in South Korea carrying refined oil which was then transferred to a North Korean ship in international waters on October 19.
The US Treasury Department released satellite imagery in November of two ships allegedly performing an illegal ship-to-ship transfer in international waters on the same day.
A good summary of the Statistical tools in Excel.
Global Warming! Global Warming! Perhaps it is not ‘settled science.’
Earth Might Go Through a Mini Ice Age During the Next Decades (Study)
At the moment, the main worry of the environmentalists is the constantly increasing temperatures. However, a team of researchers from Northumbria University discovered that a wave of coldness might soon hit our planet. This means it’s possible that Earth might pass through a mini ice age period, when main rivers could get frozen.
To reach this conclusion, the researchers have performed a simulation of how the magnetic waves of the Sun will evolve for the next decades. Judging from the results, it seems the global temperatures on our planet might start going down in 2021. It’s not the first time when something like this would happen, so researchers know what to expect.
The sudden drop of temperatures would lead to a mini ice age, also called the Maunder minimum. This is a reference to a previous cold period which occurred between 1646 and 1715, when famous rivers, like Thames flowing through London, ended up frozen.
Thursday, December 28, 2017
A 2017 overview for my Computer Security students.
For my geeks.
Something for my niece, AKA the guitar goddess.
Wednesday, December 27, 2017
Something for my Computer Security students to ponder. How do you check third party source code?
FBI Software For Analyzing Fingerprints Contains Russian-Made Code, Whistleblowers Say
In a secret deal, a French company purchased code from a Kremlin-connected firm, incorporated it into its own software, and hid its existence from the FBI, according to documents and two whistleblowers. The allegations raise concerns that Russian hackers could compromise law enforcement computer systems.
… Cybersecurity experts said the danger of using the Russian-made code couldn’t be assessed without examining the code itself.
How will they do this? Lots of “fake news?”
Vietnam unveils 10,000-strong cyber unit to combat 'wrong views'
HANOI (Reuters) - Vietnam has unveiled a new, 10,000-strong military cyber warfare unit to counter “wrong” views on the Internet, media reported, amid a widening crackdown on critics of the one-party state.
… The number of staff compares with the 6,000 reportedly employed by North Korea. However, the general’s comments suggest its force may be focused largely on domestic internet users whereas North Korea is internationally focused because the internet is not available to the public at large.
… Cyber security firm FireEye Inc said Vietnam had “built up considerable cyber espionage capabilities in a region with relatively weak defenses”.
… “Cyber espionage is increasingly attractive to nation states, in part because it can provide access to a significant amount of information with a modest investment, plausible deniability and limited risk,” he added.
Interesting. Too much data?
The Library of Congress will no longer archive every tweet
The Library of Congress just announced some changes to its long-running plan to archive all of Twitter. On December 31st, 2017, it will stop archiving all tweets and instead choose certain tweets to archive on a “very selective basis,” Gizmodo reports. The decision was announced in a recently published white paper that reads “the tweets collected and archived will be thematic and event-based, including events such as elections, or themes of ongoing national interest, e.g. public policy.”
The LOC first announced its plans to create a single searchable archive of every public tweet more than seven years ago, but the project has stalled for a few years. In 2013, the organization published a white paper attributing the delay to budget issues and a lack of software. Twitter’s terms of agreement also prohibits “substantial proportions” of its website from being made downloadable.
By 2016, the archive still hadn’t launched. At the time, The Atlantic reported that no engineers had been assigned to the project, which was massive and messy. And as the number of tweets posted daily grew from 55 million in 2010 to 500 million in 2012, the project grew even more unwieldy, according to The Atlantic.
In this month’s white paper, the LOC attributes the decision to narrow the project’s scope to the fact that “the nature of Twitter has changed over time.” As Gizmodo points out, the LOC also had only been collecting text, which renders a large number of tweets with photo and video essentially worthless to the archive.
This is a joke, right? Please?
Seen on Twitter:
My aunt got a google home for Xmas & she already has “Alexa”. This morning we were messing around with the google home and asked, “okay google what do you think of Alexa” and it answered “I like her blue light” and from across the room Alexa turned on and said “thanks”. im scared
You can read more of the thread that tweet started here.
So, at some point, I may need a phone or one of those wrist band fitness thingies to pay?
Is it legal for a business in US to refuse cash as a form of payment?
Board of Governors of the Federal Reserve System: Is it legal for a business in the United States to refuse cash as a form of payment? [Useful information – I generally pay with cash and have increasingly encountered the response – we take credit/debit cards or you can use an app]
“Section 31 U.S.C. 5103, entitled “Legal tender,” states: “United States coins and currency [including Federal reserve notes and circulating notes of Federal reserve banks and national banks] are legal tender for all debts, public charges, taxes, and dues.” This statute means that all United States money as identified above is a valid and legal offer of payment for debts when tendered to a creditor. There is, however, no Federal statute mandating that a private business, a person, or an organization must accept currency or coins as payment for goods or services. Private businesses are free to develop their own policies on whether to accept cash unless there is a state law which says otherwise.”
See also The New York Times – Cash Might Be King, but They Don’t Care. [h/t Pete Weiss]
Another trend I’m not following. Not sure if that’s because I don’t care or just because I’m old. I’m going with “don’t care.”
The Echo Dot was the best-selling product on all of Amazon this holiday season
...and it looks like I’m still using another obsolete technology. Dang!
The Rise and Fall of the Blog
New York Times writer Nicholas Kristof was one of the first to start blogging for one of the most well-known media companies in the world. Yet on December 8th, he declared his blog was being shut down, writing, “we’ve decided that the world has moved on from blogs—so this is the last post here.”
The death knell of blogs might seem surprising to anyone who was around during their heyday. Back in 2008, Daniel W. Drezner and Henry Farrell wrote in Public Choice, “Blogs appear to be a staple of political commentary, legal analysis, celebrity gossip, and high school angst.” A Mother Jones writer who “flat out declared, ‘I hate blogs’…also admitted, ‘I gorge myself on these hundreds of pieces of commentary like so much candy.'”
Blogs exploded in popularity fast. According to Drezner and Farrell, in 1999, there were an estimated 50 blogs dotted around the internet. By 2007, a blog tracker theorized there were around seventy million.
Tuesday, December 26, 2017
This is a Data Management issue that I find a bit confusing. Probably make for a good paper topic!
Europe’s banks brace for a huge overhaul that throws open the doors to their data
Banks have long been at an advantage when it comes to data on their customers.
From current accounts to credit cards, established lenders have access to vast amounts of information that financial technology (fintech) competitors could only dream of.
In Europe, that could all be about to change.
On January 8, banks operating in the European Union will be forced to open up their customer data to third party firms — that is, when customers give consent. [Is downloading an App proof of consent? Bob]
EU lawmakers hope that the introduction of the revised Payment Services Directive (PSD2) will give non-banking firms the chance to compete with banks in the payments business and give consumers more choice over financial products and services.
… Banks will be required to build application programming interfaces (APIs) — sets of code that give third parties secure access to their back-end data.
… Some believe that tech giants such as Facebook, Amazon and IBM could be primed to disrupt banking, especially once lenders are forced to open their data vaults to tech firms.
… "All financial services products are just data. So companies that are very good at managing data are advantaged in this space. I would also say that once you get into an open banking world, when you don't actually have to be a bank and you can manage a big balance sheet and have all the regulation that goes with it, it changes the game."
Another issue for my Data Management students. Can you play a VHS tape? What about a vinyl record? A wire recording?
Paper – Metadata Provenance and Vulnerability
Metadata Provenance and Vulnerability. Timothy Robert Hart and Denise de Vries, Information Technology and Libraries (ITAL). Vol 36, No 4 (2017). doi: 10.6017/ital.v36i4.10146
“The preservation of digital objects has become an urgent task in recent years as it has been realised that digital media have a short life span. The pace of technological change makes accessing these media increasingly difficult. Digital preservation is primarily accomplished by main methods, migration and emulation. Migration has been proven to be a lossy method for many types of digital objects. Emulation is much more complex; however, it allows preserved digital objects to be rendered in their original format, which is especially important for complex types such as those comprising multiple dynamic files. Both methods rely on good metadata to maintain change history or construct an accurate representation of the required system environment. In this paper, we present our findings that show the vulnerability of metadata and how easily they can be lost and corrupted by everyday use. Furthermore, this paper aspires to raise awareness and to emphasise the necessity of caution and expertise when handling digital data by highlighting the importance of provenance metadata.”
Monday, December 25, 2017
A question for my Data Management class. How could such an obvious error get out?
Erie woman receives $284 billion electric bill
… Her online statement was quickly fixed to the correct amount: $284.46.
Mark Durbin, a spokesman for Penelec’s parent company First Energy, said he doesn’t know how the error occurred but obviously a decimal point was accidentally moved.
Should cities be forbidden by law from denying me an alternative route?
… With services like Google Maps, Waze and Apple Maps suggesting shortcuts for commuters through the narrow, hilly streets of Leonia, N.J., the borough has decided to fight back against congestion that its leaders say has reached crisis proportions.
In mid-January, the borough’s police force will close 60 streets to all drivers aside from residents and people employed in the borough during the morning and afternoon rush periods, effectively taking most of the town out of circulation for the popular traffic apps — and for everyone else, for that matter.
The truth emerges at last!
You'd better watch out,
You'd better not cry,
You'd better not pout;
I'm telling you why.
Santa Claus is tapping
You'd better not cry,
You'd better not pout;
I'm telling you why.
Santa Claus is tapping
He's bugging your room,
He's reading your mail,
He's keeping a file
And running a tail.
Santa Claus is tapping
He's reading your mail,
He's keeping a file
And running a tail.
Santa Claus is tapping
He hears you in the bedroom,
Surveills you out of doors,
And if that doesn't get the goods,
Then he'll use provocateurs.
Surveills you out of doors,
And if that doesn't get the goods,
Then he'll use provocateurs.
So–you mustn't assume
That you are secure.
On Christmas Eve
He'll kick in your door.
Santa Claus is tapping
That you are secure.
On Christmas Eve
He'll kick in your door.
Santa Claus is tapping
You learn something new every day. And I grew up only a couple of miles upstream from Washington Crossing NJ.
How a painting of George Washington crossing the Delaware on Christmas went 19th-century viral
… After its German tour, the first version of “Washington Crossing the Delaware” ended up in the Bremen art museum. In an odd twist of fate, it was destroyed by Allied bombing during World War II.
Sunday, December 24, 2017
CPA’s in San Jose. Why so sneaky?
(I should have remembered to anticipate press releases after 3 pm on the Friday of a big holiday weekend. Here’s another one:)
On November 27, 2017, Veyna & Forschino (V&F) encountered suspicious activity on one company email account. V&F immediately began investigating the matter and contacted its local IT firm who disabled access. Further, V&F hired a specialized forensic IT firm to assist in the investigation.
On December 8, 2017, the specialized third party forensic IT firm determined that there was unauthorized access between November 6, 2017 and November 24, 2017 to one company computer workstation through a remote desktop application. In addition to the one email account, the specialized third party forensic IT firm determined that specific electronic files and V&F’s 2016 tax preparation software folder was accessed.
Information included individuals’ name, date of birth, telephone number(s), address, Social Security number, all employment (W-2) information, 1099 information (including account number if provided to V&F), and direct deposit bank account information (including account number and routing information if provided to V&F). Each individual may have been impacted differently.
… Protecting your information is incredibly important to V&F. In addition to the above, V&F notified all three consumer reporting bureaus, law enforcement, and the applicable state agencies, and they are reviewing security policies and procedures to ensure all appropriate steps are taken.
SOURCE Veyna & Forschino
Something to read over the holidays?
A New History of the Second World War
… temperance and Fascism do not mix, and the outsized ambitions of the Axis powers put them on a collision course with the massive geographical, managerial, and logistical advantages possessed by the Allies, which, Hanson suggests, they should have known would be insurmountable.
The Axis powers fell prey to their own mythmaking: they were adept at creating narratives that made exceedingly unlikely victories seem not just plausible but inevitable.
Saturday, December 23, 2017
Apparently reporters now take the holidays off. Just like the President?
An interesting choice. Facebook remembers anything you followed, but not what you saw?
Here’s how to check if you interacted with Russian propaganda on Facebook during the 2016 election
Facebook has rolled out its new hub to help some users figure out if they interacted with Russian propaganda during the 2016 U.S. presidential election.
The social giant’s tool — available here, through its Help Center — specifically allows users to see if they followed or “Liked” any pages and accounts set up by Kremlin-backed trolls on either Facebook or Instagram.
Over the course of the 2016 election, Facebook estimates that roughly 140 million users may have seen Russian propaganda in their News Feeds or on Instagram. Much of that content sought to sow social and political unrest around divisive issues like race, religion and LGBT rights.
But only a small slice of those 140 million affected users can actually take advantage of Facebook’s new tool, which it first previewed in November. That’s because the portal only aids those who directly followed one of the accounts or pages set up by Russian sources on Instagram and Facebook. It does not help users who may have simply seen Kremlin-sponsored content because their friends “Liked” it and it subsequently appeared in their own News Feeds.
Friday, December 22, 2017
Once upon a time, this would have been considered a huge breach.
Nissan Canada Informs 1.1 Million Customers of Data Breach
Nissan Canada revealed on Thursday that the personal information of some customers may have been compromised as a result of a data breach discovered by the company on December 11.
The incident affects individuals who have financed their vehicles through Nissan Canada Finance (NCF) and INFINITI Financial Services Canada. The exact number of impacted customers has yet to be determined, but Nissan is notifying all 1.13 million current and past customers.
Plodding through the muddle?
Intelligence Committee Outlines UK's Offensive and Defensive Cyber Posture
The UK Intelligence and Security Committee, which has oversight of the UK intelligence community, published its 2016-2017 annual report (PDF) on Wednesday. With the rider that the report was written prior to April 2017, but delayed in publication, it provides insight into the UK perspective on global cyber threats. Its discussion includes commentary on nation state adversaries, the potential impact of the Trump administration on UKUSA, and the effect of Brexit on GCHQ operations.
The primary cyber threats are perceived to come from state actors, organized criminals and terrorist groups.
I guess I see no problem with this as long as it is, “Is this the guy we’re looking for? No? Delete all records of this scan.” Unfortunately, that’s not how it will work.
Ron Nixon reports:
A new report concludes that a Department of Homeland Security pilot program improperly gathers data on Americans when it requires passengers embarking on foreign flights to undergo facial recognition scans to ensure they haven’t overstayed visas.
The report, released on Thursday by researchers at the Center on Privacy and Technology at Georgetown University’s law school, called the system an invasive surveillance tool that the department had installed at nearly a dozen airports without going through a required federal rule-making process.
Read more on The New York Times.
[From the Report:
… DHS should not be scanning the faces of Americans as they depart on international flights—but DHS is doing it anyway.
… CBP recommends that its partners delete the matching results within 14 days . . . . However, once the images are shared with CBP, the airline or airport authority, along with their approved integrator or vendor, may choose to retain the newly-captured photos consistent with their contractual relationship with the traveler.
Is North Korea a naughty boy or a criminal? Why are we debating this question?
WannaCry and the International Law of Cyberspace
… Assuming that the ransomware attacks were attributable to North Korea, a topic discussed below, the question is whether the operation breached any international law obligations North Korea owed another State, such that it constituted an “internationally wrongful act.” In cases involving States, the international law rules most likely to be violated are the prohibition on the use of force, the prohibition on intervention into other States’ internal or external affairs, the obligation to respect the sovereignty of other States, and the obligation to exercise due diligence.
… The WannaCry attacks raise an interesting question of law that is not fully resolved in the cyber context. The extent to which the attacks were directed at particular entities is unclear. But, assuming for the sake of discussion that the attacks were indiscriminate, could they nevertheless qualify as uses of force vis-à-vis States that might have suffered qualifying consequences? In our view, they could, so long as the nature of the consequences was foreseeable, even if the attacker may not have known precisely where they would manifest. We hasten to add that this issue remains unresolved.
We could probably do better. Would you trust a courtroom designed and managed by Facebook?
New York State Courts Announce High-Tech Courtrooms
National Center for State Courts – “A state-of-the-art courtroom designed to speed the progress of complex commercial cases is now up and running in Westchester County Supreme Court’s Commercial Division, which serves as a forum for the resolution of complicated business disputes. The Division’s Integrated Courtroom Technology (ICT) part, located in Westchester County’s Supreme and County Courthouse in White Plains, has been specially outfitted to ease the handling of complex commercial cases, with such features as:
Atech-based evidence system that enhances the presentation of evidence, permitting attorneys to display physical and electronic evidence-and witnesses to annotate the evidence-in a controlled fashion to all court participants
Wireless internet access for all courtroom participants, including secure wi-fi access for judges with state-issued “smart” tablets and laptops
Advanced acoustical elements to ensure proper sound levels throughout the courtroom, including assistive-listening aids for hearing-impaired individuals
Real-time court reporting capabilities for instantaneous voice-to-text transcription•Advanced audio-recording equipment
Audio-visual conferencing capabilities
The White Plains ICT part seamlessly incorporates multiple high-tech components in a modular, user-friendly platform designed to ensure full access to all court participants. The New York Courts’ first ICT part opened in Westchester, in Yonkers Family Court in 2016. The new White Plains high-tech courtroom is the latest in a series of technological advances introduced over the years by the New York State Supreme Court’s Commercial Division, which in addition to Westchester County operates in Albany, Kings, Nassau, New York, Onondaga and Queens counties and in the State’s Seventh Judicial District and Eighth Judicial District….”
YouTube Now Clocks Over 100 Million Hours Watch-Time on TVs per Day
YouTube is now seeing over 100 million hours of watch time on living room devices every single day. The new data point was revealed by Google CEO Sundar Pichai during the company’s Q3 2017 earnings call Thursday, where executives also once again called out the video service as a major revenue driver. “YouTube continues to see phenomenal growth,” said Pichai.
This was the first time Google specifically referenced the total watch time on smart TVs and other living room devices. Earlier this year, the company revealed that it now sees more than 1 billion hours of watch time across all devices.
This means that viewing on TV is accounting for roughly 10 percent of all YouTube watch time. The company previously said that more than half of its views come from mobile devices.
Perspective. “Ye Olde Internet”
Newly discovered map shows what internet looked like in 1973
What the Entire Internet Looked Like in 1973: An Old Map Gets Found in a Pile of Research Papers – “Modern “maps” of the internet can indeed look like sprawling clusters of star systems, pulsing with light and color. But the “weird combination of physical and conceptual things,” Betsy Mason remarks at Wired, results in such an abstract entity that it can be visually illustrated with an almost unlimited number of graphic techniques to represent its hundreds of millions of users. When the internet began as ARPANET in the late sixties, it included a total of four locations, all within a few hundred miles of each other on the West Coast of the United States. (See a sketch of the first four “nodes” from 1969 here.) By 1973, the number of nodes had grown from U.C.L.A, the Stanford Research Institute, U.C. Santa Barbara, and the University of Utah to include locations all over the Midwest and East Coast, from Harvard to Case Western Reserve University to the Carnegie Mellon School of Computer Science in Pittsburgh, where David Newbury’s father worked (and still works). Among his father’s papers, Newbury found the map above from May of ’73, showing what seemed like tremendous growth in only a few short years…”
For our Java students?
The real downside of technology?
Thursday, December 21, 2017
The Secret Service should be concerned. This would also allow tracking of the President’s limo in real time.
Romanian hackers infiltrated 65% of DC's outdoor surveillance cameras
Two Romanian hackers infiltrated nearly two-thirds of the outdoor surveillance cameras in Washington, DC, as part of an extortion scheme, according to federal court documents.
In a criminal complaint filed last week in the US District Court for the District of Columbia, the US government alleges that the two Romanian hackers operating outside the United States infiltrated 65% of the outdoor surveillance cameras operated by DC city police — that's 123 cameras out of 187 in the city. The alleged hacking occurred during a four-day period in early January.
The hacking suspects, Mihai Alexandru Isvanca and Eveline Cismaru, are also accused of using the computers behind the surveillance cameras to distribute ransomware through spam emails, according to an affidavit by Secret Service agent James Graham in support of the government's criminal complaint.
You can opt-out of getting notices, but Facebook sill knows.
Facebook's New Facial Recognition Feature Is Unnerving Privacy Experts (and Maybe You Too)
In its newest feature, announced on Tuesday, social media giant Facebook disclosed that it can now let you know when a photo of you has been posted – even if you don't get tagged in the photo. Since new facial recognition technology is currently being added to devices and applications everywhere – Apple's iPhone X is the perfect example here – it comes as no great surprise that Facebook would be next to incorporate some kind of facial scanning in its own platform.
The new feature is meant to act as a control measure for one's image, ultimately, as users can now pinpoint exactly where and how they show up, all across social media. Although this is the first official announcement that the company is moving more intensely towards facial technology -- and perhaps farther away from previous forms of individual security as it skews more towards control over one's presence – facial recognition has long been a part of Facebook's platform.
“Of course this has noting to do with Net Neutrality. We raise prices because we hold a monopoly in Houston. The Net Neutrality raises come later, when the alternative is degraded access to Facebook.”
Comcast, DirecTV, Dish all raising rates in January
Comcast has told its customers in the Houston area that it will be raising rates for many of its cable TV and internet products, starting with their January 2018 bill.
… Dish TV also plans increases next month, according to Multichannel News, which covers the cable TV industry.
… The Comcast and Dish hikes come just days after the Federal Communications Commission voted along party lines to repeal net neutrality rules. (The AT&T/DirecTV hike was announced Dec. 6.) Mark Vena, an analyst with Moor Insights & Strategy, said while the hikes may not be related to the FCC's action, it doesn't look good.
"The timing is auspicious, I'll say that," Vena said. "Given the monumental announcement the FCC just made, it is just odd to me that they would do this in the wake of it."
Vena said that while cable and internet providers do indeed face increasing costs, "this is not the kind of Christmas present people want."
Wednesday, December 20, 2017
Unless something bigger happens, this is probably the breach I’ll talk about in my first Computer Security class. Not just another case of: “The default is ‘Public’ and we forgot to change it.” Amazon has changed the default to “Specified users only.” These bozos changed it to, “Anyone with a free Amazon Web Services Account!”
Massive leak exposes data on 123 million US households
… Though no names were exposed, the data set included 248 different data fields covering a wide variety of specific personal information, including address, age, gender, education, occupation and marital status. Other fields included mortgage and financial information, phone numbers and number of children in the household.
"From home addresses and contact information, to mortgage ownership and financial histories, to very specific analysis of purchasing behavior, the exposed data constitutes a remarkably invasive glimpse into the lives of American consumers," UpGuard researchers Chris Vickery and Dan O'Sullivan wrote in their analysis.
… The repository contained massive data sets belonging to Alteryx partner Experian, a consumer credit reporting agency that competes with Equifax, and the US Census Bureau, researchers said.
(Related). More details…
… While the Census data consists entirely of publicly accessible statistics and information, Experian’s ConsumerView marketing database, a product sold to other enterprises, contains a mix of public details and more sensitive data. Taken together, the exposed data reveals billions of personally identifying details and data points about virtually every American household.
… While, in the words of Experian, “protecting consumers is our top priority,” the accumulation of this data in “compliance with legal guidelines,” only to then see it left downloadable on the public internet, exposes affected consumers to large-scale misuse of their information - whether through spamming and unwanted direct marketing, organized fraud techniques like “phantom debt collection,” or through the use of personal details for identity theft and security verification.
… On October 6, 2017, UpGuard Director of Cyber Risk Research Chris Vickery discovered an Amazon Web Services S3cloud storage bucket located at the subdomain “alteryxdownload” containing sensitive consumer information. While the default security setting for S3 buckets would allow only specifically authorized users to access the contents, this bucket was configured via permission settings to allow any AWS “Authenticated Users” to download its stored data. In practical terms, an AWS “authenticated user” is “any user that has an Amazon AWS account,” a base that already numbers over a million users; registration for such an account is free. Simply put, one dummy sign-up for an AWS account, using a freshly created email address, is all that was necessary to gain access to this bucket’s contents.
… While the spreadsheet uses anonymized record IDs to identify households, the other information in the fields - as well as another spreadsheet in the bucket, to be discussed shortly - are sufficiently detailed as to be not merely often identifying, but with a high degree of specificity.
[A very long list of fields follows this paragraph. Bob]
Good News: The threat from North Korea is temporarily reduced. Bad News: Angering the “little fat guy” might result in an attack like the one on Sony.
U.S. says Facebook and Microsoft disabled North Korean cyber threats
Facebook Inc and Microsoft Corp disabled a number of North Korean cyber threats last week, a White House official said on Tuesday, as the United States publicly blamed Pyongyang for a May cyber attack that crippled hospitals, banks and other companies.
Australia, Canada, Others Blame North Korea for WannaCry Attack
The United States is not the only country to officially accuse North Korea this week of being behind the WannaCry ransomware campaign. Canada, Japan, Australia and New Zealand have also blamed Pyongyang for the attack.
The U.K. accused North Korea in late October, and the other Five Eyes countries and Japan have now done the same.
Three Questions on the WannaCry Attribution to North Korea
… Nonetheless, the attribution raises several important questions.
1. Where’s the evidence?
2. What should be the respective roles of the government and private companies?
3. Did North Korea violate international law?
If any of my Computer Security students admit to using one of these passwords, they immediately fail the course.
An excellent example of a social media “Oopsie!”
Elon Musk accidentally tweets his private phone number
Energy and transport entrepreneur Elon Musk accidentally tweeted his private phone number to his 16.7 million followers on Tuesday.
The Telsa and SpaceX CEO divulged the number in what was meant to be a message to John Carmack, head of technology at virtual reality firm Oculus.
"Do you have a sec to talk? My cell is ..." Mr Musk wrote.
Social media monitoring? We don’t offer that class, yet. (Had some training on similar topics last night though.)
The People Who Read Your Airline Tweets
… Nowadays, people have gotten used to having back-and-forths with customer service representatives. In any given hour, JetBlue makes public contact with 10, 15, 20 different people. American Airlines receives 4500 mentions an hour, 70 to 80 percent of them on Twitter. Both companies staff their social teams with long-time employees who are familiar with the airlines’ systems. Both hire internally out of the “reservations” team, so they know how to rebook flights and make things happen. At American, the average social-media customer-support person has been at the company for 17 years.
Every major airline has a team like this. Southwest runs what it calls a “Listening Center.” American Airlines calls it their “social-media hub” in Fort Worth, Texas. Alaska has a “social care” team in Seattle that responds to the average tweet for help in two minutes and 34 seconds, according to a report by Conversocial.
“We settled on this, so it’s a new law?”
Cory L. Andrews of Washington Legal Foundation has an OpEd that begins:
The Federal Trade Commission (FTC) has developed a well-known penchant for using individually negotiated settlement agreements and consent decrees to announce for the first time what qualifies as “unfair” or “deceptive” conduct under the FTC Act. In the data-privacy arena, FTC views these enforcement actions (and the resulting consent decrees) as a source of “common law” that places the business community on sufficient notice of what data-security practices § 5 of the FTC Act requires.
The U.S. District Court for the Western District of Washington recently ratified that view in a controversial ruling, Veridian Credit Union v. Eddie Bauer. The case arose following a 2016 cyberattack on Eddie Bauer’s network that compromised customers’ payment-card data. Veridian Credit Union, whose cardholders had their data stolen after shopping at Eddie Bauer, brought suit under Washington’s Consumer Protection Act (CPA), which like § 5 of the FTC Act also allows courts to award treble damages to private plaintiffs who are injured by “unfair” or “deceptive” acts. Veridian alleged that Eddie Bauer’s failure to adopt data-security measures that FTC has required in other cases constitutes an “unfair” practice under the Washington CPA.
Read more on Forbes.
The concerns raised in this piece will sound familiar to those who have followed the LabMD case and/or the academic scholarship of Dan Solove and Woodrow Hartzog, who have written extensively about the consent decrees as a source of “common law.”
I suppose I will need to explain the “Streisand Effect” to my Computer Security students.
So I’m not sure whether to tag this as “shoot the messenger” or an attack on press freedom – or maybe both, but MANX Radio reports:
The firm at the centre of the Paradise Papers says it’s pursuing legal action against those who made allegations.
Appleby, which has a large office in Douglas, had millions of confidential files leaked earlier this year, sparking a global debate about tax ethics.
Many of them surrounded the affairs of wealthy individuals operating in the Isle of Man.
There has been speculation over the legality of the data leak since it went public in November – and now Appleby has formally hit back, saying it is ‘obliged’ to file proceedings against the UK outlets who broke many of the stories.
I know that press rules are different in the UK and other areas than they are here, but I’d love to know exactly what law(s) Appleby alleges have been violated – are they claiming that the news outlets violated law by simply receiving/possessing the leaked documents?
Bosses have demanded The Guardian and the BBC hand over the documents they’ve seen and used in investigations.
Oh my. I don’t know how that works elsewhere, but over here, there would certainly be vigorous resistance to any such demand.
The firm is also seeking damages, claiming there was ‘no public interest’ in any of the stories published.
Did the public read the stories and discuss them? Did they seek more coverage? And if so, was their interest just idle curiosity or was there something meaningful to the public about revelations in the news reports?
Both media outlets have vowed to defend themselves in any future proceedings.
I wonder if Appleby’s has heard of the Streisand Effect. I just don’t see this litigation really helping them.
Interesting. Could the state of Colorado do the same?
High-speed broadband to be legal right for UK homes and businesses
Government says internet providers will be legally obliged from 2020 to meet user requests for speeds of at least 10Mbps
Here come the drones
December 19, 2017 – 8% of Americans say they own a drone, while more than half have seen one in operation: “Drones are catching on as consumer goods. As of mid-2017, 8% of Americans say they own a drone and 59% say they have seen one in action, according to a Pew Research Center survey. But while drones – that is, aircraft without on-board human pilots – are more prevalent than they were a few years ago, many have reservations about where and under what circumstances their use should be allowed. The survey shows modest differences in rates of ownership by gender and age. Slightly more men (11%) than women (6%) say they own a drone, as do more people ages 18 to 49 (12%) compared with those 50 and older (4%).
The report reveals that 73 percent of respondents were subscribed to pay-TV this year, which is 'down from 76 per cent last year and 79 per cent the year before,' according to the survey conducted by PricewaterhouseCoopers.
Another shocking part of the survey finds that a whopping 82 per cent of sports watchers admit they would 'end or trim their pay-TV subscription if they no longer needed it to access live sports.'
As we expand our use of the “flipped classroom” these become more useful. Ans not just on Chromebooks.
Seven Ways to Create Screencasts on Chromebooks
With the addition of Screencast-O-Matic there are now seven tools that teachers and students can use to create screencast videos on their Chromebooks.
If you missed yesterday's news, Screencast-O-Matic is currently offering a public beta of their Chrome app. To use Screencast-O-Matic on your Chromebook you will need to go to this page while on your Chromebook, click launch recorder, install the Chrome app when prompted, and then start recording your screen. Screencast-O-Matic on a Chromebook will let you record for up to fifteen minutes per video. You can include your own narration as well as sounds from your Chromebook in your screencasts. Completed videos can be saved to Chromebook or saved directly to Google Drive.
Loom is a free screencasting tool that works on Chromebooks, Macs, and Windows computers. Loom is a Chrome extension. With Loom installed you can record your desktop, an individual tab, and or your webcam. That means that you could use Loom to just record a webcam video on a Chromebook. Of course, this also means that you can use Loom to record your webcam while also recording your desktop. Loom recordings can be up to ten minutes long. A completed recording can be shared via social media and email. You can also download your recordings as MP4 files to upload to YouTube or any other video hosting service.
Soapbox is a free tool from Wistia that makes it easy to create great screencast videos on a Chromebook or any computer that is using the Chrome web browser. With Soapbox installed in the Chrome web browser you can quickly record your screen and your webcam at the same time. The most distinguishing feature of Soapbox is that you can have your video transition from your screen to your webcam to a combination of the two. Soapbox includes some simple editing tools for zooming in on an area of your screen and calling attention to specific parts of your screen.
ViewedIt is a free Chrome extension that makes it quick and easy to create and share screencast videos. With the extension installed you can record your entire screen or just one window tab. ViewedIt will let you record yourself with your webcam too. The best part of ViewedIt is that you can track who watches your video. To record on ViewedIt you simply have to click the extension icon then choose what you want to record. When you're done recording your video is automatically stored on ViewedIt. From ViewedIt you can share your video via email and social media. If you choose to share via email, you will be able to track who watched your video.
Nimbus Screenshot is my favorite tool on this list because of its ease of installation and it is the only tool on this list that provided a customizable countdown timer. I like the countdown timer because it gives me a few seconds to prepare to start talking over my screencast. The other tools just started recording the second that I hit the record button. Nimbus Screenshot was also the easiest to install and configure on my Chromebook. Screencasts recorded with Nimbus Screenshot can be saved to your local drive or to an online Nimbus account. I usually choose to save to my local drive then upload to my YouTube channel. You can also save to your local drive then send it to Google Drive or another online storage service.
CaptureCast lets you record your webcam while recording your screen which you cannot do with the Nimbus tool. You can choose to record your screen, your screen and your webcam, or just your screen or just your webcam. CaptureCast gives you three options for recording definition. So if you're on a slower network you can choose a lower resolution recording to save processing time. CaptureCast lets you save a recording locally or send it to YouTube or to Vimeo.
Screencastify might have the most name recognition in this list, but I don't like it as much as some other tech bloggers like it. The set-up process asks a lot questions that could confuse new users. The free version limits recordings to ten minutes and puts a watermark on the recording. On the upside, there is an option to upload directly to YouTube.
Since Math is a prerequisite for any of the programming classes, this could become useful too.
ADA Project - An Open Multimedia Mathematics Textbook
ADA Project is a great resource being developed by a mathematics teacher named Sam Powell. The ADA Project is an open multimedia mathematics textbook that covers everything from basic arithmetic through calculus.
When you visit the ADA Project's homescreen you can choose a category then choose a topic. Within each topic you will find a set of sample problems. Each sample problem is accompanied by a link to reveal the answer, the solution, a video about the solution, and a link to a discussion forum. Take a look at this set of long division problems to get a sense of how the ADA Project works.
Teachers are invited to contribute to the ADA Project's development by submitting problems, solutions, videos, and discussions. You can submit one or all four of those pieces for inclusion in the ADA Project. The submission form is found here.
Although it is off to a great start, the ADA Project is still a work in progress. At this point it will make a good supplement to the textbook and other reference materials that you use in your mathematics lessons.
The ADA Project will get better through the contributions of other mathematics teachers who make submissions to it.
Tuesday, December 19, 2017
Another failure to change the defaults.
California Voter Data Stolen from Insecure MongoDB Database
An improperly secured MongoDB database has provided cybercriminals with the possibility to steal information on the entire voting population of California, Kromtech security researchers reported.
The information was taken from an unprotected instance of a MongoDB database that was exposed to the Internet, meaning that anyone connected to the web could have accessed, viewed, or edited the database’s content.
Named 'cool_db', the database contained two collections, one being a manually crafted set of voter registration data for a local district, while the other apparently including data on the voting population from the entire state of California: a total of 19,264,123 records.
Bob Diachenko, head of communications, Kromtech Security Center, explains that the security firm was “unable to identify the owner of the database or conduct a detailed analysis.” It appears that the database has been erased by cybercriminals who dropped a ransom note demanding 0.2 Bitcoin for the data.
Given the presence of said ransom note, the incident is believed to be related to the MongoDB ransack campaign that resulted in tens of thousands of databases being erased in January 2017. Similar attacks were observed in September as well, when MongoDB decided to implement new data security measures.
… Kromtech's security researchers haven’t determined who compiled the voter database but believe that a political action committee might have been behind it, given the unofficial name the repository had.
… The researchers note that the database has been taken down after being initially discovered in early December. The Secretary of State of California was aware of the leak and “looking into it,” Diachenko said.
Smarter criminals will be monitoring Police social media accounts.
Australia Police Accidentally Broadcast Arrest Plans on Social Media
Australian police accidentally broadcast on social media details of an operation to arrest a suspected North Korean agent -- three days before he was taken into custody, media reported Wednesday.
The Sydney-based man, described by authorities as a "loyal agent of North Korea", was arrested on Saturday and charged with trying to sell missile parts and technology on the black market to raise money for Pyongyang in breach of international sanctions.
But a minute of conversation about the case between federal police officers, including the timing of the arrest, was broadcast on Periscope Wednesday and linked to on Twitter, The West Australian reported Tuesday.
The newspaper said it had listened to the discussion, which included a suggestion that officers are "not going in all guns blazing, it's only half-a-dozen people and a forensic van".
The paper added that while the tweet was deleted, the broadcast remained live—and was watched by 40 people – before it was also removed after the publication alerted federal police.
… Federal police confirmed part of a conversation was mistakenly broadcast via its Periscope account while "testing a piece of social media broadcasting equipment". [This is another reason why you should NEVER test with live data. Bob]
For my Computer Security students, who understand that “official” isn’t always the same as “true.”
It’s Official: North Korea Is Behind WannaCry
Cybersecurity isn’t easy, but simple principles still apply. Accountability is one, cooperation another. They are the cornerstones of security and resilience in any society. In furtherance of both, and after careful investigation, the U.S. today publicly attributes the massive “WannaCry” cyberattack to North Korea.
Another topic for my Computer Security class.
Normative Challenges of Identification in the Internet of Things: Privacy, Profiling, Discrimination, and the GDPR
Wachter, Sandra, Normative Challenges of Identification in the Internet of Things: Privacy, Profiling, Discrimination, and the GDPR (December 6, 2017). Available at SSRN: https://ssrn.com/abstract=3083554
“In the Internet of Things (IoT), identification and access control technologies provide essential infrastructure to link data between a user’s devices with unique identities, and provide seamless and linked up services. At the same time, profiling methods based on linked records can reveal unexpected details about users’ identity and private life, which can conflict with privacy rights and lead to economic, social, and other forms of discriminatory treatment. A balance must be struck between identification and access control required for the IoT to function and user rights to privacy and identity. Striking this balance is not an easy task because of weaknesses in cybersecurity and anonymisation techniques. The EU General Data Protection Regulation (GDPR), set to come into force in May 2018, may provide essential guidance to achieve a fair balance between the interests of IoT providers and users. Through a review of academic and policy literature, this paper maps the inherit tension between privacy and identifiability in the IoT. It focuses on four challenges: (1) profiling, inference, and discrimination; (2) control and context-sensitive sharing of identity; (3) consent and uncertainty; and (4) honesty, trust, and transparency. The paper will then examine the extent to which several standards defined in the GDPR will provide meaningful protection for privacy and control over identity for users of IoT. The paper concludes that in order to minimise the privacy impact of the conflicts between data protection principles and identification in the IoT, GDPR standards urgently require further specification and implementation into the design and deployment of IoT technologies.”
(Related). And here’s why that is important.
Cybersecurity can cause organizational migraines. In 2016, breaches cost businesses nearly $4 billion and exposed an average of 24,000 records per incident. In 2017, the number of breaches is anticipated to rise by 36%. The constant drumbeat of threats and attacks is becoming so mainstream that businesses are expected to invest more than $93 billion in cyber defenses by 2018. Even Congress is acting more quickly to pass laws that will — hopefully — improve the situation.
Despite increased spending and innovation in the cybersecurity market, there is every indication that the situation will only worsen. The number of unmanaged devices being introduced onto networks daily is increasing by orders of magnitude, with Gartner predicting there will be 20 billion in use by 2020. Traditional security solutions will not be effective in addressing these devices or in protecting them from hackers, which should be a red flag, as attacks on IoT devices were up 280% in the first part of 2017. In fact, Gartner anticipates a third of all attacks will target shadow IT and IoT by 2020.
This new threat landscape is changing the security game. Executives who are preparing to handle future cybersecurity challenges with the same mindset and tools that they’ve been using all along are setting themselves up for continued failure.
The government goes to Facebook (and other social media) because “That’s where the data is!”
Governments are asking Facebook for a lot more user account data
The number of user data requests Facebook received from governments around the world in first half of 2017 reached an all time high of 78,890, up 21 percent on the 64,279 requests it received in the second half of 2016.
The social network revealed the figure in its Transparency Report covering January to June 2017. Previously it was called the Government Requests Report, but it's since been renamed as it now also includes data regarding intellectual property requests.
The largest source of user data requests came from the US, where the government served Facebook 32,716 requests for data from 52,280 accounts.
Might be an interesting topic for a Data Management paper.
The Supreme Court Should Heed Friendly Advice on Microsoft Ireland
A slew of interesting amicus briefs were filed in the Microsoft Ireland case last week. They include independent briefs (meaning not for either party) by the United Kingdom, Ireland, European Commission (EC) and more. Not surprisingly, 36 state governments also filed in support of the United States, reminding the court of the many difficulties faced in accessing sought-after evidence that have resulted from the Second Circuit ruling, and urging reversal as a result.
Of the many issues raised, one of the most interesting – and still unresolved – is the question as to whether and in what situations a decision in favor of the U.S. government will generate a conflict of laws. The issue is at the heart of the Irish government and EC briefs. It is also raised in the brief of the New Zealand Privacy Commissioner. But despite the extensive amount of ink spent on the matter, the answers remain murky – as is the reality. The actual answer: It depends.
Given that reality, the e-Discovery Institute’s brief is particularly notable – and one that I hope that Court takes into account.
Monopoly is getting harder to define.
Germany Says Facebook Abuses Market Dominance to Collect Data
Germany’s top antitrust enforcer opened a new front against big tech firms on Tuesday when it said the way Facebook Inc. harvests user data constitutes an abuse of market dominance.
In what lawyers call a novel use of competition law, Germany’s Federal Cartel Office published preliminary investigative findings Tuesday that accuse Facebook of abusing its power as the dominant social network in Germany to strong-arm users into allowing it to collect data about them from third-party sources, like websites with “like” buttons.
(Related) What social media is really “dominant?”
Snapchat is still the network of choice for U.S. teens — and Instagram is Facebook’s best shot at catching up
Some good news for Snap: Despite its sluggish business and slumping stock price, Snapchat still dominates among teenagers, a core demographic that represents the future wave of internet consumers and what they care about.
RBC Capital published the latest update to its regular social media survey this week, and a few things stood out — especially in the battle over teenagers, where Snapchat, Instagram and Facebook are all fighting for the next generation’s attention.
So, could there be Trump videos in our future?
Bloomberg’s TicToc 24/7 news channel launches as Twitter doubles down on live video
… Starting at 8 a.m. on the East Coast, Bloomberg begins broadcasting TicToc, a 24/7 news channel that exists solely on Twitter.
The landing page for TicToc marries a video livestream with a curated Twitter stream. In essence, it combines the second-screen experience many have hacked together over the years as they watch big events like the Super Bowl or the Oscars. Live TV viewing has long been one of Twitter’s most popular use cases, and over the past year the company has sought to integrate that experience into its platform.
Something to amuse my geeky friends.
Paper Signals - Build Physical Objects to Control With Your Voice
Paper Signals is a neat resource produced by Google that could prove to be a fun way to provide students with hands-on programming experience. Paper Signals is a set of templates that students can follow to program physical objects to respond to voice commands.
There are some physical products that you will need to have on hand in order to use Paper Signals. You may already have the necessary items in your school. First, you'll need a printer to print a template (you'll be folding and cutting paper). Second, you're going to need a small circuit board, some wires/ cables, and a bit of glue. If you don't want to source those items yourself, you can buy a little kit for less than $25.
Learn more about Paper Signals in the video embedded below.
Just like social media users?
Because this is important enough to catch the attention of one of the best statistics websites? No, it’s important because I’m a fan.
… I consulted the most comprehensive archival material related to “Star Wars.” No, not the archives of Jocasta Nu in the heart of the Jedi Temple. I’m talking about Wookieepedia, one of the best-maintained databases on anything and everything Star Wars. We pulled the color of every lightsaber described in “Star Wars”1 — that’s the chart you see above. That comes out to 132 unique lightsabers with a known blade color. (Even Darksaber.)