Saturday, March 25, 2017
I may ask my students to explain security on all the social media they use. Is this sufficient?
Facebook’s ubiquity makes it dangerous in so many ways. Aside from the threat of picking up malware, the ever-present risk of someone hacking your account — plus privacy issues from Facebook itself — mean you must be vigilant when using the service.
Thankfully, it only takes a few moments to make sure you’re not at risk for Facebook issues. Here are six easy ways to avoid becoming a victim on Facebook.
I don’t see much of a downside here if they do what they say they will do.
T-Mobile is rolling out scam warnings on incoming calls
T-Mobile is trying to help its subscribers dodge more spammy calls.
The carrier is going to begin warning subscribers when an incoming phone call appears to be from a scammer. If a scam call is detected, the caller ID will display as “Scam Likely,” giving subscribers a heads up before they answer or the chance to just ignore it outright.
T-Mobile will also let subscribers block all suspected scam calls so those calls never reach their phones in the first place. But subscribers will have to actively opt in to the blocking service, as there’s a chance the carrier could accidentally filter out legitimate numbers.
… T-Mobile says its service works by comparing phone numbers to a list of “tens of thousands” of known scammers. The database is constantly updated, the company says, by analyzing call patterns. So it sounds like T-Mobile might catch on to new scam numbers if it notices a bunch of subscribers immediately hanging up on a number they’ve never contacted before.
We’re still drawing the line between public and private.
Kelsi Loos reports:
A man charged with killing a Frederick County resident in an alleged MS-13 gang hit contended that police violated his rights when they seized his Facebook account and searched his apartment.
This month, Raul Ernesto Landaverde Giron joined co-defendants, other accused gang members. They asked the U.S. District Court of Maryland to disregard evidence collected from social media accounts, arguing that the Fourth Amendment protected the private communications against search and seizure.
Defense attorneys noted that the Maryland federal district court had not yet considered whether Facebook messages are protected under the law, but other federal courts had said private messages on the social media site are entitled to Fourth Amendment protection.
Read more on the Frederick News-Post.
There should be a “guide to paying for law school” and this should be in it.
There’s Money in Faxes—for Plaintiffs
In the annals of modern technology, the fax machine has nearly gone the way of the floppy disk.
But some enterprising plaintiffs’ attorneys are still turning faxes into money, using a decades-old federal statute aimed at protecting consumers from overzealous marketers.
The stakes are high: The law allows recipients of unwanted fax advertisements to recover at least $500 per message from a sender, an amount that can turn a proposed class-action lawsuit into a multimillion-dollar business threat.
Apparently, “Fake News” is anything you wish it to be. But (see yesterday’s blog) this is very much what Sloan said, except for the timeline.
Tech community "dumbfounded" by Mnuchin's dismissal of AI impact on jobs
Treasury Secretary Steve Mnuchin riled the tech community this morning when he told Axios' Mike Allen that displacement of jobs by artificial intelligence and automation is "not even on my radar screen" because the technology is "50-100 more years" away. Mnuchin also said he is "not worried at all" about robots displacing humans in the near future. "In fact, I'm optimistic."
… The annual survey, which had 64,000 developers participating worldwide in January and February, uncovered a wide range of experience levels. Thanks to online courses and coding boot camps, adults with little to no programming experience can now more easily transition to a career as a developer, Stack Overflow said. Slightly more than 50 percent of respondents had been coding professionally for about five years or fewer, while just 7.5 percent were coding for 20 years or more.
… If developers want to make the most money, the technology to learn worldwide is Clojure, a Lisp dialect for the JVM, the survey found. In the United States, Google's Go and Scala can yield the highest paychecks. "Globally, developers who use Clojure in their jobs have the highest average salary at $72,000," Stack Overflow said. Rust followed at $65,714. "In the U.S., developers who use Go as well as developers who use Scala are highest paid, with an average salary of $110,000."
[The survey: https://stackoverflow.com/insights/survey/2017/?utm_source=so-owned&utm_medium=hero&utm_campaign=dev-survey-2017&utm_content=hero-home
The last bastions have fallen.
The holiday is over: Amazon will collect sales taxes nationwide on April 1
Amazon, the online merchandise juggernaut, will collect sales taxes from all states with a sales tax starting April 1.
Tax-free shopping will be over as of next month in Hawaii, Idaho, Maine and New Mexico, the four remaining holdouts.
… After April, the only states in which Amazon won't collect taxes are Alaska, Delaware, Oregon, Montana and New Hampshire. These five states don't have sales levies.
For my next Statistics class.
3 ways to spot a bad statistic
Friday, March 24, 2017
Simple if not elegant. I wonder how many schools or companies have not noticed similar changes yet.
Lisa Gresci reports:
Coastal Carolina University continues to work to recover money that was stolen from the college in a phishing scam.
A release from CCU stated an individual who claimed to represent a company under contract with the university contacted its financial services via email and requested to change the company’s bank account information.
Thanks to quick action, university officials said they’ve recovered more than $564,000 of the more than $1 million taken. On campus, additional “cybercrime safeguards” will be installed to make sure nothing like this happens again.
Read more on WMBF.
Isn’t it strange that no one has noticed this until now? Makes me think that “offensive” was their target audience…
Advertisers Flee YouTube Over Offensive Ad Placements
I’ve been thinking about this. Actually, I asked my AI to think about this. It came to the same conclusion.
Will AI Create as Many Jobs as It Eliminates?
The threat that automation will eliminate a broad swath of jobs, across the world economy is now well established. As artificial intelligence (AI) systems become ever more sophisticated, another wave of job displacement will almost certainly occur.
It can be a distressing picture.
But here’s what we’ve been overlooking: Many new jobs will also be created — jobs that look nothing like those that exist today.
In Accenture’s global study of more than 1,000 large companies already using or testing AI and machine-learning systems, we identified the emergence of entire categories of new, uniquely human jobs. These roles are not replacing old ones. They are novel, requiring skills and training that have no precedents.
More specifically, our research reveals three new categories of AI-driven business and technology jobs. We label them trainers, explainers, and sustainers.
Interesting stuff. Another Chinese company crashes. Not the best way to encourage investment. Perhaps that is what is driving venture capital money to the US?
Huishan Dairy, Muddy Waters Target, Sinks 85% in Hong Kong
Shares of China Huishan Dairy Holdings Co. sank by a record 85 percent in Hong Kong before the company halted trading.
The sudden crash wiped out about $4.1 billion in market value. A record 779 million shares in the Shenyang-based company changed hands, the most on Hong Kong’s exchange.
… The move is also a vindication for Carson Block, whose Muddy Waters Capital LLC said in December it was shorting Huishan Dairy and the company was “worth close to zero.”
Perhaps a tool for my students.
Social Media Info Guide to Tumblr
by Sabrina I. Pacifici on Mar 23, 2017
The Social Media Information Blog Investigator’s Guide to Tumblr – “Founded in 2007, Tumblr is a microblogging and social networking website. The platform, which was acquired by Yahoo in 2013, allows users to share text, images, quotes, links, video, audio, and chats. Tumblr’s appeal is that it allows users to be creative and build independent content on a personalized page with little effort. How does Tumblr work? A large part of Tumblr’s appeal to its users is the simplicity and ubiquity of the features it offers. In fact, they claim on their website that “Tumblr is so easy to use that it’s hard to explain.” Despite that statement, we will give it a try anyway. Registering for Tumblr requires only a valid email address. After creating a username & password, users are provided a URL for their blog which is associated with “.tumblr.com.” Depending on how the user wishes to utilize Tumblr, they are now able to follow other users and post original content to their tumblelog. Social interactions between users may vary widely. While there is certainly overlap, most Tumblr users fall into one of two categories:
- Social Networking – These users are primarily interested in using Tumblr to curate content. Their usage is concentrated on interacting with other users and the content they’ve shared – commenting and connecting.
- Self-Publishing – These users value Tumblr’s low barrier to entry for microblogging. Their activities typically focus on publishing content to their personal pages.
Both categories of user share potentially valuable information on Tumblr. Investigators should be aware of the differences and temper their expectations based on which grouping their subject aligns themselves…”
Just a suggestion students. If you do this, be sure to shut off your phone before that job interview!
Thursday, March 23, 2017
This is a really bad idea. You do not want to get into a contest of skills with the world of hackers.
Proposed Legislation Would Give Legal Right to Hack Back
Hacking back is a perennial and contentious issue. Its latest instance comes in the form of a 'Discussion Draft' bill proposed by Representative Tom Graves (R-GA): The Active Cyber Defense Certainty Act. Graves claims it is gaining bipartisan support, and he expects to present it to the House of Representatives for vote within the next few months.
The Draft Bill (PDF) is an amendment to the Computer Fraud and Abuse Act (CFAA).
… It is discussed in detail and expanded in the study titled Into the Grey Zone: The Private Sector and Active Defense against Cyber Threats published by the George Washington University in October 2016.
… So, two immediate problems with allowing hacking back is that a lack of expertise could either compromise forensic evidence, or accidentally cause actual harm to the attackers' supposed computers. Without adequate expertise, the supposed servers might not even be the attackers' servers. "Because of (compromised) proxies," comments F-Secure's security advisor Sean Sullivan, "hacking back/active defense is complicated and it's quite unlikely that the US Congress would be able to properly define what should be allowed or not."
This would be interesting. “Cut off our hard currency with sanctions and we’ll just rob your banks?”
North Korea Said to Be Target of Inquiry Over $81 Million Cyberheist
Federal prosecutors are investigating North Korea’s possible role in the theft of $81 million from the central bank of Bangladesh in what security officials fear could be a new front in cyberwarfare.
The United States attorney’s office in Los Angeles has been examining the extent to which the North Korea government aided and abetted the bold heist in February 2016, according to a person briefed on the investigation who was not authorized to speak publicly.
… News of the criminal investigation into North Korea’s role in the Bangladesh bank attack was reported earlier on Wednesday by The Wall Street Journal. It was not clear whether any charges from the investigation were imminent.
JOHN MCCAIN: There's a 'crazy fat kid' running North Korea
I’ll have to find an article with more details, but the idea of government mandated minimum standards is interesting.
Dror Halavy reports:
The Knesset Law and Constitutional Committee has approved measures that will require companies and groups that collect data on Israelis to protect the information from hackers. The new rules, which supply specific criteria to organizations on the types of security needed, will apply equally to government and private sector organizations.
The measures are based on research done by the Justice Ministry, and recently completed at the behest of Justice Minister Ayelet Shaked. Under the measures, organizations will determine whether the data they hold is of low, medium, or high sensitivity for privacy; for example, medical information will be considered as part of the latter category, while membership in a store club might be listed in the former categories.
Each level of sensitivity will require more severe cyber-security strictures and standards. Organizations will have to apply specific approved solutions that meet standards described in the measures. Failure to do so could leave them subject to civil or criminal actions in the event of a security breach.
Read more on Hamodia.
Joe Cadillic writes:
Imagine driving down the road and being stopped by a Border Patrol agent for speeding. Imagine Border Patrol agents responding to domestic abuse calls at people’s homes. Imagine the Border Patrol responding to trespassing calls and detaining motorists with K-9’s.
You can stop imagining, because it’s happening in New York, Vermont, Maine and now New Hampshire. House Bill 1298 gives DHS’s Border Patrol agents police powers in NH.
Read more on MassPrivateI.
[From the article:
Americans can forget about DHS's 100 mile border zone inside the U.S., because now the Border
Patrol has arrest powers throughout entire states!
A boarder search going the other direction?
Mar. 20 – Cause of Action Institute (“CoA Institute”) today filed an amicus curiae brief in support of Defendant Hamza Kolsuz who in February, 2016 was arrested at a Virginia airport attempting to board a plane bound for Istanbul, Turkey.
… The brief states:
At the time of the search, neither Mr. Kolsuz nor his smartphone were in the process of crossing any border. The Government was not furthering any interest in prohibiting the entry or exit of contraband, enforcing currency control, levying duties or tariffs, or excluding travelers without the property documentation to enter the country…
The full brief is available here.
A different take. Why would this be illegal? Isn’t it similar to using a dashboard camera? They are looking at cars on a public road and using technology available at any high school (for measuring the speed of baseballs). The letter reads as if they were trespassing on state controlled land (the highway).
The state of Virginia is not happy that the Insurance Institute for Highway Safety (IIHS) set up speed cameras on Virginia highways without any authority to do so. State officials sent a warning letter to the industry lobbying group in October.
“We recently received a concern claiming your organization set up equipment on property controlled by the Virginia Department of Transportation (VDOT),” Northern Virginia District Administrator Helen Cuervo wrote. “In reviewing our records, it does not appear that your organization had a legal permit to do so.
Read more on TheNewspaper.com. So they get to keep the data they illegally obtained and then used to lobby for changes that would benefit their industry? They should be made to destroy the data.
If venture capital was easy to find, everyone would be entrepreneurs!
US Tech Startups’ China money spooks Pentagon
A new white paper commissioned by the US defense department says Beijing isn’t just investing in critical technologies at home, they are doing it in the US as well. The New York Times reports that some tech startups working on projects with military applications have received money from state-run Chinese firms. Lawmakers calling for stricter oversight of Chinese investments note that the scope of the interagency Committee on Foreign Investment in the US (Cfius) does not include smaller investments, such as those into tech startups. Despite the increased scrutiny, many firms say the Chinese investors are their only option.
Clearly, Tillerson does not like people looking over his shoulder. Apparently, they failed to inform the Records Retention people that he was using an alias. (But just for one year near the end of that period?)
Exxon admits it lost up to a year's worth of Rex Tillerson's 'Wayne Tracker' emails
Exxon Mobil lost up to a year's worth of emails sent by former CEO and current Secretary of State Rex Tillerson under the pseudonym "Wayne Tracker," court documents show.
Exxon is under investigation by New York State Attorney General Eric T. Schneiderman for allegedly misleading shareholders and investors about risk-management issues related to climate change.
Tillerson used the Wayne Tracker alias to communicate with Exxon officials about "risk-management issues related to climate change." Tillerson — whose middle name is Wayne — allegedly used the alias for a period of seven years, between 2008 and 2015, according to Schneiderman's office.
Wednesday, March 22, 2017
Same crime, different country. OR, learn crime from global news, act locally?
Ex-DBS Trader Gets Jail in Singapore's First Spoofing Case
A former trader at DBS Group Holdings Ltd.’s brokerage unit was sentenced to 16 weeks in jail after being convicted in Singapore’s first criminal spoofing case.
Dennis Tey Thean Yang, 33, was given the sentence on Wednesday. The former DBS Vickers Securities (Singapore) Pte broker had pleaded guilty to eight of 23 charges, including attempts to artificially move prices through fraudulent securities orders and misusing other people’s trading accounts without consent. He made a profit of S$30,239 ($21,572) from October 2012 to January 2013.
Has there been a breach? Has anyone notified account holders?
Joseph Cox reports:
A hacker or group of hackers is apparently trying to extort Apple over alleged access to a large cache of iCloud and other Apple email accounts.
The hackers, who identified themselves as ‘Turkish Crime Family’, demanded $75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data.
Read more on Motherboard.
A different type of extortion?
Microsoft Modifies Windows 10 for China’s Government
BEIJING—Microsoft Corp. has finished development of a Windows 10 version customized for Chinese government use, which could boost its China prospects after sales were hit by Beijing’s cybersecurity crackdown.
Microsoft declined to say how the software was modified, but in general China’s government is concerned about technology products that could contain hidden “back doors” to enable foreign surveillance.
Give a man a fish and you feed him for a day. Teach a man to phish and he can retire in luxury!
Lithuanian Man Arrested For Theft Of Over $100 Million In Fraudulent Email Compromise Scheme Against Multinational Internet Companies
Joon H. Kim, the Acting United States Attorney for the Southern District of New York, and William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced criminal charges against EVALDAS RIMASAUSKAS for orchestrating a fraudulent business email compromise scheme that induced two U.S.-based internet companies (the “Victim Companies”) to wire a total of over $100 million to bank accounts controlled by RIMASAUSKAS. RIMASAUSKAS was arrested late last week by authorities in Lithuania on the basis of a provisional arrest warrant.
… Acting U.S. Attorney Joon H. Kim said: “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control. This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals
Fragile. Something my Computer Security students will have to address.
Glitch at NYSE Arca hits hundreds of exchange traded funds
A technical problem at NYSE Arca, the Big Board’s listing venue for exchange traded funds, stymied the end of the trading day on Monday, hindering the closing auction for 341 securities, NYSE said on Tuesday.
In a letter to clients on Tuesday, NYSE attributed the problem to a new version of software. Trading on the exchange has recommenced normally.
… The latest glitch in the US market plumbing highlights how reliant trading has become on technology, forcing traders and investors to adapt to periodic technical problems.
We don’t need no stinking badges! Warrants!”
Border agents must obtain a warrant to search travelers’ phones, tablets, and laptops, which contain a vast trove of sensitive, highly personal information that is protected by the Fourth Amendment, the Electronic Frontier Foundation (EFF) told a federal appeals court yesterday.
Searches of devices at the border have more than doubled since the inauguration of President Trump—from nearly 25,000 in all of 2016, to 5,000 in February alone. This increase, along with the increasing number of people who carry these devices when they travel, has heightened awareness of the need for stronger privacy rights while crossing the U.S. border.
While the Fourth Amendment ordinarily requires law enforcement officials to get a warrant supported by probable cause before searching our property, in cases that predate the rise of digital devices, courts granted border agents the power to search our luggage without a warrant or any suspicion of wrongdoing.
But portable digital devices differ wildly from luggage or other physical items we carry with us to the airport because they provide access to the entirety of our private lives, EFF said in an amicus brieffiled at the U.S. Court of Appeals for the Fourth Circuit in the border search case U.S. v. Kolsuz.
… “The border isn’t a constitution-free zone,” said Adam Schwartz, EFF senior staff attorney.
For the brief: https://www.eff.org/document/us-v-kolsuz-eff-amicus-brief
For EFF’s new border guide: https://www.eff.org/wp/digital-privacy-us-border-2017
For EFF’s new border pocket guide: https://www.eff.org/document/eff-border-search-pocket-guide
For my Computer Forensics students. Obvious, wasn’t it?
iCloud may have doxxed a journalist’s Twitter attacker
In theory, it was the perfect setup: an anonymous Twitter account on a prepaid SIM card, bought with cash. With no credit card or other identifiable info tied to the account, there should have been no way to trace tweets back to a human.
But on Friday, after taking all those precautions, a man named John Rivello was arrested for sending seizure-inducing tweets to Newsweek journalist Kurt Eichenwald. The arrest came three months and a day after the initial incident, and a newly unsealed complaint reveals how police tracked the man down.
First, police sent a court order to Twitter, which agreed to hand over all its data on @jew_goldstein, the account that had sent the seizure-inducing image. But that data showed only a dummy email address, along with an IP address and phone numbers linking to a prepaid Tracfone. But since Tracfone didn’t have any subscriber information associated with the number, police were left with few leads.
The break came thanks to AT&T, which was supporting Tracfone’s SIM card. While AT&T didn’t have any directly identifying data, the company’s toll records showed that the SIM card had been used by an iPhone 6. That sent investigators looking for an iCloud account linked to the same number. After another search warrant to Apple, they got what they were looking for. According to the complaint, the number was linked to a five-year-old iCloud account owned by John Rivello of Salisbury, Maryland. A search of iMessages and photos in the account provided further evidence of Rivello’s interest in Eichenwald.
Is this a Trade Secret?
Matthew Renda reports:
A federal judge refused to sign off on a settlement between a class of email users and Google, sending the parties back to the drawing board to come up with a more detailed disclosure of how Google intercepts and uses emails for targeted advertising.
U.S. District Judge Lucy Koh issued the order Thursday, saying the class did not demand enough concessions from the tech giant its practice of scanning incoming and outgoing emails for information that it uses for targeted advertising.
Specifically, Koh wanted to see disclosures hosted on a website or somehow publicly disseminated that clearly spell out how Google intercepts, scans and uses the information from non-Gmail users.
Read more on Courthouse News.
“Fake News” in real time! Why wait for Journalist to publish the facts? Is this not a taste of things to come?
What Happens When the President Is a Publisher, Too?
… on Twitter, it’s possible to be sitting in a room full of your colleagues, surreptitiously scrolling on your mobile phone, and notice that, hey, whaddya know, President Donald Trump is tweeting again.
At a House Intelligence Committee hearing on Monday, Jim Himes decided to share some of those tweets with the men who were there being questioned—the FBI director James Comey and the NSA director Mike Rogers—along with the rest of the room, and the public.
Everyone Tweets, not just the President.
Twitter Suspends More Accounts Linked to 'Terrorism'
Twitter said Tuesday it suspended 376,890 accounts in the second half of 2016 for "promotion of terrorism," an increase of 60 percent over the prior six-month period.
The latest suspensions bring the total number of blocked accounts to 636,248 from August 2015, when Twitter stepped up efforts to curb "violent extremism," the company announced as part of its latest transparency report.
But, is it good for golf?
Costco vs. Acushnet: Who has the upper hand?
The burgeoning legal battle between Costco and Acushnet over the cult favorite Kirkland Signature ball is sounding more and more like a game of courthouse chicken.
But that can be an expensive game, with occasionally terminal consequences.
In layman’s terms, Costco’s suit for what’s called a declaratory judgment against Acushnet is essentially a preemptive strike, a lawsuit aiming to prevent a lawsuit. In actuality, it’s probably not going to work that way.
Disruption. Back in the day, small town grocery stores employed teens or (in my home town) the village idiot to deliver groceries. Are we returning to that time but now using ‘delivery services’ or robots?
Soon, You’ll Be Able to Get Costco Groceries Delivered in 50 Different Cities
Costco Wholesale is ramping up its home grocery delivery in a major way.
The bulk retailer is teaming up with Shipt, a startup delivery service, to make runs to Costco stores and bring orders back to customers' homes, moving further into one of most complex and costly fronts in the e-commerce wars while also building on Costco's delivery to business clients.
… Grocers are scrambling to find ways to offer home delivery as a way to win customers, despite a threat to already razor-thin margins. Delivery services like Instacart (which is doing a test with Costco), AmazonFresh, Google Express, and FreshDirect have proliferated, while some major chains like Kroger and Walmart have teamed up with services like Uber and Lyft on a test basis. Costco rival Sam's Club has focused its efforts on ramping up drive-by pick up at its stores.
Disruption. Firing the Marketing team is probably a good thing.
Meet Tinyclues Action™, the Revolutionary AI That Enables Marketers to Put Their Ideas into Action
… Put very simply, Tinyclues Action™ does three things very smartly. Firstly, it predicts ANY customer’s likelihood to buy ANY item (or brand, or category) in the next few days, even in the absence of a prior intent. This deep targeting capability outshines intent-driven rules (which rely on retargeting customers based on their past behavior and become ineffective after a few interactions.) Secondly, it gives instant feedback on the right volume or pressure to put behind a campaign. And thirdly, it offers intelligent planning capabilities which enable marketers to build a comprehensive marketing agenda over the next days and weeks, activating customers on all channels (email, mobile, social – even print), while making sure that everyone receives the best messages and that the overall plan is balanced and consistent. In other words, it combines intelligent targeting, intelligent pressure management and intelligent planning.
For more information, visit http://www.tinyclues.com.
Yet another Disruption!
How Facebook’s Big Bet on Video Could Change TV
Facebook is aggressively ramping up its video strategy, cultivating content whether it comes from users, advertisers or Hollywood, or is developed internally. With its nearly two billion monthly users, the social network could make a big dent in traditional TV and help usher in a major shift towards social TV, Wharton experts say.
… CEO Mark Zuckerberg is also tipping his hat to a fast-growing trend: Digital video viewing is exploding. According to Cisco Systems, video accounted for 60% of mobile data traffic in 2016 and should rise to 78% by 2021.
No more “Did too! Did not!”
… We’ve shared how web resources can help you stay updated on politics. Another great site that can help you make political decisions is VoteSmart. This completely bipartisan site holds a wealth of information for over 40,000 US politicians, both local and federal.
Type in your ZIP code or a politician’s name and you can check out their biography, recent votes, and positions on various issues. Rounding out their data set are ratings from various activist groups and recent speeches. You can also review their funding information, including top donors.