Thursday, March 16, 2017

Another phone system hit.  Last time it was AT&T that could not call 911.  Before that it was a link to an App that dialed 911 then hung up.
   The Mayor said anyone could run into trouble if there's a surge in calls, but the odds are worse for some cell phone customers.  "If you've got a T-Mobile phone service be very, very careful because you may not be able to get into 911," he said.
   The City of Dallas reported that T-Mobile phones were spontaneously dialing 911, a problem that has been reoccurring since November, tying up the call center for up to hours at a time.  At one point on Saturday, the city reported that 422 calls were on hold.

No culture of customer service at Samsung?
From the add-this-to-the-list-of-concerns-about-Samsung dept.
Matt Metzger writes:
About four months ago, I ordered a new TV directly from Samsung’s online store.  A few days later, I received a tracking link via email.
Reusing Tracking Numbers
When I first received the link, it showed an order that wasn’t my own. I assumed there was some sort of clerical error, but I was too busy at the time to contact Samsung about it.  When I checked back later in the day, there were now two orders showing at the link Samsung sent me — my own, and the other order.
Read more on Medium.  Matt not only identifies the scope of the problem – which goes beyond just the tracking info – and the risks, but he also includes Samsung’s totally-less-than-acceptable-and-pretty-outrageous response to his notification that they have a problem.
Whether the problem starts with Samsung or their shipper is irrelevant: it is Samsung customer data, and Samsung should damned well step up to the plate and get these problems addressed.  And until they do, if you don’t want all your personal information shared on the internet and indexed by Google, maybe you should think twice about ordering anything from them that requires shipment to your home.

If it had been packaged for sale, this database may now exist in several locations.
Millions of records leaked from huge US corporate database
Millions of records from a commercial corporate database have been leaked.
The database, about 52GB in size, contains just under 33.7 million unique email addresses and other contact information from employees of thousands of companies, representing a large portion of the US corporate population.
Dun & Bradstreet, a business services giant, confirmed that it owns the database, which it acquired as part of a 2015 deal to buy NetProspex for $125 million.
The purchased database contains dozens of fields, some including personal information such as names, job titles and functions, work email addresses, and phone numbers.
   The data is now searchable in Have I Been Pwned.
But it's not known exactly how the data was exposed, or who is to blame for the leak.

Lawyers are not security experts.  That’s not an excuse for being unsecure.
A senior barrister who failed to keep clients’ sensitive personal information secure has been fined £1,000 by the Information Commissioner’s Office (ICO).
Information belonging to up to 250 people, including vulnerable adults and children, was uploaded to the internet when the barrister’s husband updated software on the couple’s home computer.
Some 725 unencrypted documents, which were created and stored on the computer, were temporarily uploaded to an internet directory as a back up during the software upgrade.
They were visible to an internet search engine and some of the documents could be easily accessed through a simple search.
Six of those files contained confidential and highly sensitive information relating to people who were involved in proceedings in the Court of Protection and the Family Court.
Source: Information Commissioner’s Office

Update.  The Indictment of the Yahoo hackers.  These guys are from Russia and Canada.  I guess President Trump doesn’t understand the “virtual immigrant” problem. 
U.S. Charges Russian FSB Officers and Their Criminal Conspirators for Hacking Yahoo and Millions of Email Accounts

(Related).  On the other hand…  I’ll send this article to my Ethiopian student. 
John Ribeiro reports:
An appeals court has barred an Ethiopian-born U.S. citizen from filing a civil suit against the African country, which allegedly infected his computer with spyware and monitored his communications.
The U.S. Court of Appeals for the District of Columbia Circuit ruled Tuesday that foreign states are immune from suit in a U.S. court unless an exception to the Foreign Sovereign Immunities Act (FSIA) applies.
Read more on CSO Online.

For my Ethical Hackers.  See what can be done.
Pwn2Own 2017: Experts Hack Edge, Safari, Ubuntu
Bug bounty hunters have managed to hack Microsoft Edge, Safari, Ubuntu and Adobe Reader on the first day of the Pwn2Own 2017 competition taking place these days alongside the CanSecWest conference in Vancouver, Canada.
The prize pool for this year’s event is $1 million and 11 teams have signed up to hack products in four categories.  On the first day of the competition, participants earned a total of $233,000 for the exploits they disclosed.

Also for my Ethical Hacking students.  Includes some comments on Privacy. 
CRS – Dark Web
by Sabrina I. Pacifici on Mar 15, 2017
CRS report – Dark Web, Kristin Finklea, Specialist in Domestic Security. March 10, 2017. [via FAS]
[From the PDF: 
Surface Web.  The magnitude of the web is growing.  According to one estimate, there were 334.6 million Internet top-level domain names registered globally during the second quarter of 2016.10  This is a 12.9% increase from the number of domain names registered during the same period in 2015.11  As of February 2017, there were estimated to be more than 1.154 billion websites.12  As researchers have noted, however, these numbers “only hint at the size of the Web,” as numbers of users and websites are constantly fluctuating.13
Deep Web.  The Deep Web, as noted, cannot be accessed by traditional search engines because the content in this layer of the web is not indexed.  Information here is not “static and linked to other pages” as is information on the Surface Web.14  As researchers have noted, “[i]t’s almost impossible to measure the size of the Deep Web.  While some early estimates put the size of the Deep Web at 4,000–5,000 times larger than the surface web, the changing dynamic of how information is accessed and presented means that the Deep Web is growing exponentially and at a rate that defies quantification.”15
Dark Web.  Within the Deep Web, the Dark Web is also growing as new tools make it easier to navigate.16  Because individuals may access the Dark Web assuming little risk of detection, they may use this arena for a variety of legal and illegal activities.  It is unclear, however, how much of the Deep Web is taken up by Dark Web content and how much of the Dark Web is used for legal or illegal activities.

The UK has a strategy.  (And a Commissioner!)  What do we have?
From: Surveillance Camera Commissioner   First published:14 March 2017

A long post, but still nothing on those of us who are phone-less. 
Over the last few days, both ProPublica and the ACLU have published pieces on your rights in terms of Customs & Border Patrol searches. Reading both their articles, below, makes clear how complicated the situation can be for travellers. 

Yoicks!  Am I a journalist?
Court: FBI’s Secret Rules for Spying on Journalists Can Remain Secret
by Sabrina I. Pacifici on Mar 15, 2017
FindLaw – “In 2015, the Freedom of the Press Foundation sued the Department of Justice under the Freedom of Information Act in an attempt to force the DOJ to publish its rules for conducting warrantless spying on journalists in the United States.  The DOJ responded that it had supplied all of the documentation the Foundation requested, aside from information that fell under certain FOIA exceptions.  This week, a U.S. District judge in California ruled that the unpublished rules on media surveillance could remain unpublished, ending the Foundation’s lawsuit.”  A copy of the decision is here.”

Because they need it more than second class citizens, like me?
William Petroski reports:
The Iowa Senate approved a bill Wednesday providing for the confidentiality of personal information about Iowa law enforcement officers in an effort to protect their safety.
Sen. Dan Dawson, R-Council Bluffs, who is an Iowa Division of Criminal Investigation agent, said the legislation is a response to “numerous instances” over the years in which Iowa law enforcement officers and their families have expressed concerns about personal information being disclosed to individuals. [Gosh, why didn’t I think of that!  Bob]
Read more on Des Moines Register.

The pendulum swings again.
Matthew J. Siegel of Cozen O’Connor writes:
A split continued to develop in the federal courts last month as the Fourth Circuit denied Article III standing to the plaintiffs in a data breach case whose alleged injuries were limited to the increased risk of future identity theft and the cost of measures to protect against it.  The Fourth Circuit joins the First and Third Circuits in rejecting this theory as grounds for standing, finding it too great of a stretch. In contrast, the Sixth, Seventh and Ninth Circuits have all recognized in certain circumstances that, at the pleading stage, plaintiffs can establish an injury-in-fact based on possible future injury.
In the Fourth Circuit case, Beck v. McDonald, No. 15-1395 (4th Cir. Feb. 6, 2017), veterans in two consolidated cases alleged that the William Jennings Bryan Dorn Veterans Affairs Medical Center (Dorn VAMC), had violated the Privacy Act of 1974 and the Administrative Procedure Act (APA) after a laptop containing their unencrypted personal information, such as names, birthdates, and the last four digits of their social security numbers was stolen; and, in another case, four boxes of pathology reports containing confidential patient information went missing.  The plaintiffs sought declaratory relief and monetary damages under the Privacy Act, and broad injunctive relief under the APA, potentially placing the entire VA’s privacy program under judicial oversight.
Read more on Lexology.

Duopoly watch: Google and Facebook gobble up even more ad dollars
A new eMarketer study estimates Google and Facebook will continue to devour the $83 billion U.S. digital ad market, with Facebook growing to account for 1/3 of all display advertising and Google growing to take 78% of all search ad revenue this year.
Why it matters: Google and Facebook have an effective "duopoly" over digital ad revenue, eating up more than 90% of all new ad dollars.  eMarketer's new report reinforces the difficult position digital publishers are in to create revenue opportunities amid a scarce digital ad environment.  

Perspective.  Maybe there is something about holding a book.  Somehow, I doubt Amazon is too worried. 
Ebook sales continue to fall as younger generations drive appetite for print
Readers committed to physical books can give a sigh of relief, as new figures reveal that ebook sales are falling while sales of paper books are growing – and the shift is being driven by younger generations.
More than 360m books were sold in 2016 – a 2% jump in a year that saw UK consumers spend an extra 6%, or £100m, on books in print and ebook formats, according to findings by the industry research group Nielsen in its annual books and consumer survey.  The data also revealed good news for bricks-and-mortar bookshops, with a 4% rise in purchases across the UK.
While sales through shops increased 7% in 2016, ebook sales declined by 4%.

Amusing?  Who controls classification?  Background for student SciFi films? 
Physicist declassifies rescued nuclear test films
by Sabrina I. Pacifici on Mar 15, 2017
“The U.S. conducted 210 atmospheric nuclear tests between 1945 and 1962, with multiple cameras capturing each event at around 2,400 frames per second.  But in the decades since, around 10,000 of these films sat idle, scattered across the country in high-security vaults.  Not only were they gathering dust, the film material itself was slowly decomposing, bringing the data they contained to the brink of being lost forever.  For the past five years, Lawrence Livermore National Laboratory (LLNL) weapon physicist Greg Spriggs and a crack team of film experts, archivists and software developers have been on a mission to hunt down, scan, reanalyze and declassify these decomposing films.  The goals are to preserve the films’ content before it’s lost forever, and provide better data to the post-testing-era scientists who use computer codes to help certify that the aging U.S. nuclear deterrent remains safe, secure and effective.  To date, the team has located around 6,500 of the estimated 10,000 films created during atmospheric testing.  Around 4,200 films have been scanned, 400 to 500 have been reanalyzed and around 750 have been declassified.  An initial set of these declassified films — tests conducted by LLNL — were published today in an LLNL YouTube playlist (link is external).  These films are stunning – silent, black and white explosions that resonate in a way that drive home in the starkest terms the ramifications of the use of these weapons.

Power to the professors!  I have enough trouble with students who don’t understand those squiggly red lines under some words in their papers.  Now I can tell them to write right or I’ll sue? 
The ruling in this Maine labor dispute hinged on the omission of an Oxford comma
“For want of a comma, we have this case.”
Those words open Maine Circuit Judge David Barron’s opinion on a labor dispute between a dairy company and its delivery drivers.  The ruling from the First Circuit Court of Appeals, in favor of the drivers, hinged on the omission of an Oxford comma, also known as the “serial” comma, the “final comma in a list of things,” as Grammarly’s blog explains.
   The Appeals Court sided with the drivers, saying the absence of a comma created ambiguity and that when there is ambiguity, the court is bound to go with the purpose of the law, which was to make sure that employers were fair in the payment of overtime.

Could be useful, or a pain in the…
Facebook’s new ‘Town Hall’ feature helps you find and contact your government reps
In Facebook CEO Mark Zuckerberg’s nearly 6,000-word manifesto published last month, he laid out a number of global ambitions he had for the social network in the days ahead — including one where its users became more “civically-engaged” and voted more often.  Now it seems Facebook has taken its first steps toward making that possible, through a new feature it’s calling “Town Hall.”
This latest addition has just popped up on the “More” menu in Facebook’s mobile app, and offers a simple way for users to find and connect with their government representatives on a local, state and federal level.
To use Town Hall, you only have to enter your address — which Facebook says is not displayed or shared (though it doesn’t say it’s not “saved,” so be advised).  We understand this information will be used to power future civic engagement products, like finding a polling place or previewing a ballot.

For next Quarter’s spreadsheet students.
   A printed spreadsheet isn’t very useful at all compared to a digital document.  If you cut out your printer, you can take advantage of Windows 10’s handiest features, make your spreadsheet interactive, and take a copy of your file with you wherever you go.

I’ve got to ask my students how this would translate to the US. 
Rent Chickens, Sell the Eggs: Eye on Chinese Media

(Related).  Perhaps, like this? 
Lab-Grown Chicken Strips Could Change the Meat Industry Forever

No comments: