Friday, July 21, 2017
Vulnerabilities are where you find them. On the Internet of Things, they don’t have to look like computers.
Selena Larson reports:
Hackers attempted to steal data from a North American casino through a fish tank connected to the internet, according to a report from security firm Darktrace.
Despite extra security precautions set up on the fish tank, hackers still managed to compromise the tank to send data to a device in Finland before the threat was discovered and stopped.
“Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network,” Justin Feir, director for cyber intelligence and analysis at Darktrace, explained to CNN Tech.
Read more on CNN Tech.
More for my students to read.
Defenders Gaining on Attackers, But Attacks Becoming More Destructive: Cisco
Cisco's just-released Midyear Cybersecurity Report (PDF) draws on the accumulated work of the Cisco Security Research members. The result shows some improvement in industry's security posture, but warns about the accelerating pace of change and sophistication in the global cyber threat landscape.
Improvements can be demonstrated by the mean 'time to detect.' When monitoring first began in November 2015, this stood at 39 hours; but it narrowed to about 3.5 hours in the period from November 2016 to May 2017.
“We’re your government. We’re here to help you!”
Morgan Chalfant reports:
A breach of a Kansas Department of Commerce system exposed more than 5 million Social Security numbers to hackers, according to a report from a local news outlet.
The Kansas News Service obtained information through a public records request that revealed that roughly 5.5 million Social Security numbers from individuals in 10 states were accessed in the data breach in March.
The data is managed by a division of the department called America’s Job Link Alliance-TS that helps job seekers across 16 states find employment.
Read more on The Hill.
May have some implications, but likely to be offset by the difficulty in proving that any government actions are intended to benefit citizens.
Michael Breslin, Christian Henel, Jon Neiditz, and Gunjan Talati of Kilpatrick Townsend & Stockton LLP write:
The United States District Court for the District of Columbia recently endorsed private citizens bringing data breach claims directly against a government contractor where the contractor failed adequately to safeguard the citizens’ personal information. In McDowell v. CGI Federal Inc., No. 15-1157, 2017 WL 2392423 (D.D.C. June 1, 2017), the district court ruled a private party can survive a contractor’s motion to dismiss by claiming to be an “intended beneficiary” of terms commonly found in government contracts involving the storage or transmission of sensitive consumer information. This ruling potentially expands class action liability exposure for government contractors who receive consumers’ personal information during the course of performing government contracts.
Read more on JDSupra.
“Hey! They’re crooks! Why should they have any privacy!” (See the next article)
Adam Klasfeld reports:
With the Supreme Court bracing to decide whether the government needs a warrant to track cellphone location data, a New York federal judge behind one famous case involving mass surveillance answered that question in the negative.
The setback for privacy rights came in the case of Pedro Serrano, a New Yorker charged with hoarding 122 cartridges of ammunition and a bulletproof vest in his apartment in East Harlem.
Read more on Courthouse News.
[From the article:
“It is almost as if cell phone users must relinquish some privacy interests — at least related to their location — as a prerequisite to using a device so embedded in everyday life,” Pauley wrote in an eight-page ruling. “But current Fourth Amendment jurisprudence affords no privacy interest in records created by a third party based on information voluntarily provided.”
For all my students.
Paper – ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy
Solove, Daniel J., ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy. San Diego Law Review, Vol. 44, p. 745, 2007; GWU Law School Public Law Research Paper No. 289. Available at SSRN: https://ssrn.com/abstract=998565
“In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the nothing to hide argument. When asked about government surveillance and data mining, many people respond by declaring: “I’ve got nothing to hide.” According to the nothing to hide argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The nothing to hide argument and its variants are quite prevalent, and thus are worth addressing. In this essay, Solove critiques the nothing to hide argument and exposes its faulty underpinnings.”
For my students. This is the world you will have to endure. In New York (and New Jersey) things frequently “fall off the truck.”
Comptroller: New York City Schools Are Poor at Tracking Technology
New York City Comptroller Scott Stringer demanded the city school system fix the way its keeps track of its computers, saying Wednesday that auditors inspecting a small sample of buildings couldn’t find nearly 2,000 desktops, laptops and tablets that were supposed to be there.
The comptroller’s charges repeated claims he made against the Department of Education in December 2014. Both times, the department countered that the audit’s methodology was deeply flawed.
The Founding Fathers were clearly ‘gamers.’
Judge Rules Milwaukee Flouted U.S. Constitution in Response to 'Pokemon Go' Craze
Life, liberty and the pursuit of pokemon. Not quite the ideals the United States were founded upon, but close enough. On Thursday, a Wisconsin federal judge issued a preliminary injunction barring Milwaukee from enforcing an ordinance that was adopted in reaction to 2016's Pokemon Go phenomenon. The ruling from the court is that the ordinance likely violates the First Amendment.
City officials were aghast at large numbers of individuals playing Pokemon Go who visited parks, littered, trampled grass and flowers, and stayed past park hours. It cost the city tens of thousands of dollars in additional law enforcement and park maintenance services. So in January, the Midwestern city decided to require permits for virtual and location-based augmented reality games. Companies releasing games were told to go through a process that reviews the "appropriateness of the application," submit a "certificate of insurance" in the amount of $1 million of general liability coverage, and potentially pay other fees as well.
We can’t allow that to happen, so I want to create a fund to invest in AI start-ups. Send me money and I’ll look for worthy investments.
China announces goal of leadership in artificial intelligence by 2030
China's government has announced a goal of becoming a global leader inin just over a decade, putting political muscle behind growing investment by Chinese companies in developing self-driving cars and other advances.
Communist leaders see AI as key to making China an "economic power," said a Cabinet statement on Thursday. It calls for developing skills and research and educational resources to achieve "major breakthroughs" by 2025 and make China a world leader by 2030.
How to sneak spies into proximity to the President.
During ‘Made in America Week,’ President Trump’s Mar-a-Lago Club applies to hire 70 foreign workers
President Trump's Mar-a-Lago Club in Florida has asked permission to hire 70 foreign workers this fall, attesting — in the middle of the White House's “Made in America Week” — that it cannot find qualified Americans to serve as cooks, waiters and housekeepers.
Impact out of proportion to the actual size of the deal? Can Amazon enter a market in a small way?
Amazon's latest assault wipes $12.5 billion off Home Depot, other appliance-seller stocks
… The market cap loss in Home Depot, Lowe's, Whirlpool and Best Buy was about $12.5 billion by the end of the day, after falling to more than $13 billion. Amazon stock was up slightly, and Sears closed up about 10 percent.
This blogger writes for K-12 teachers. Many posts (like this one) assume all students have smartphones.
DIY VR Viewer
Expeditions is the mobile app that allows users to experience virtual reality tours when they place their phones into virtual reality viewers like the Google Cardboard viewers. If you can't buy VR viewers for your classroom or you just like DIY projects, it is possible to make your own VR viewer with just a few common materials. YouTube "celebrity" Roman UrsuHack offers the following video that provides an overview of making your own VR viewer.
The template that Roman UrsuHack follows in the video can be found here (link opens a PDF).
Clearly, I have biases. I read this as, “Twits of Congress…”
Tweets of Congress: Output from 1000+ accounts for any given day
Data Driven Jounalism – “Tweets of Congress is a project collating the daily Twitter output of both houses of the United States Congress, encompassing the accounts of members, political parties, committees and caucuses (around 1,070 accounts in total). There are two components to the project: a backend app for data collection and serialization and a frontend Github-hosted site offering JSON datasets for given days. The App – The backend app, the Congressional Tweet Automator, is a light NodeJS program backed by a Redis data store for tracking tweets and users. The app uses the Twit and Github modules, respectively, for interfacing with the Twitter and Github APIs. There are also some utility functions to track time and the like…”