Saturday, April 01, 2017

Admitting what everyone else already knew. 
Yatish Yadav reports:
If you have an Aadhaar Card and if your bank accounts and other sensitive information are linked to it, chances are that your data is no longer secure.
For the first time, the Modi government has officially acknowledged that personal identity of individuals, including Aadhaar number and other sensitive information, has been leaked to the public domain.
Read more on The New Indian Express.

Not that big a surprise. 
EFF: Verizon will install spyware on all its Android phones (update)
Who'd have thought that just days after the house rolled back privacy protections for internet users, ISPs would take advantage?  The EFF did, pointing out that Verizon has already announced that it will install spyware, in the form of the launcher AppFlash, across its users' Android devices in the coming weeks. AppFlash, as TechCrunch reports, will embed itself to the left of your home screen, offering details on local restaurants, movies or apps that you can download.
But the EFF spent a little time staring at AppFlash's privacy policy, where it's revealed that the software will vacuum up any and all of your private data.  For instance, it'll snag your cell number, device type, operating system and the apps or services that you use.  More crucially, the app will also harvest the details of everything installed on your device, your location and the contact details of everyone in your phonebook.

(Related).  Here is an industry that truly cares for its customers. 
Porn websites beef up privacy protections days after Congress voted to let ISPs share your Web history
Even when it is not tied directly to a name, certain types of data can shed light on a person's medical history, financial details, even their sexual preferences.  Even the type of porn sites a person visits can be revealing.  
In an announcement Thursday, the website Pornhub — which claims to get 75 million visitors per day — said it has adopted HTTPS, a security measure that adds encryption to a site to guard visitors against snooping and attack.  Its sister site, YouPorn, will also be adding HTTPS on April 4, according to parent company MindGeek. 

(Related).  …and amusing.
What a pity more Republicans didn’t pay more attention to Rep. Capuano, as his comments were spot on:

Another swing of the pendulum. 
Jim Saunders reports:
In what is likely a first-of-its-kind case in Florida, a divided appeals court said authorities needed a warrant before they could download information recorded in a car’s “black box.”
The ruling by a panel of the Fourth District Court of Appeal approved a defendant’s request to suppress evidence that police retrieved from such a device in 2013 in a DUI manslaughter and vehicular homicide case in Palm Beach County.  More broadly, the ruling reflects a type of question that courts face as more and more information is captured on electronic devices.

Connecticut may become first U.S. state to allow deadly police drones
Connecticut would become the first U.S. state to allow law enforcement agencies to use drones equipped with deadly weapons if a bill opposed by civil libertarians becomes law.
The legislation, approved overwhelmingly by the state legislature’s judiciary committee on Wednesday, would ban so-called weaponized drones in the state but exempts agencies involved in law enforcement.  It now goes to the House of Representatives for consideration.
   In 2015, North Dakota became the first state to permit law enforcement agencies to use armed drones but limited them to “less than lethal” weapons such as tear gas and pepper spray.

Should everyone do this? 
German Military to Launch Cyber Command
Germany's armed forces Saturday launch a cyber command, with a status equal to that of the army, navy and air force, meant to shield its IT and weapons systems from attack.
Military planners fear that wars of the future will start with cyber attacks against critical infrastructure and networks, extensive online espionage and sabotage.  The Bundeswehr's new Cyber and Information Space (CIR) Command, based in the former West German capital of Bonn, will start off with 260 IT specialists but grow to 13,500 military and civilian personnel by July.

A guide for terrorists and the state provides everything but the match. 
3 arrested in Atlanta fire that collapsed I-85 Freeway overpass
Three people have been arrested in connection with the raging fire that collapsed a portion of Interstate 85 a few miles north of downtown Atlanta, crippling a major traffic artery in a city already known for dreadful rush-hour congestion.
   Florence would not discuss how the fire was started or why, saying those details would be released as the investigation progresses.

The fire broke out Thursday afternoon in an area used to store state-owned construction materials and equipment, sending flames and smoke high into the air.

The Dutch seem to think there is a market for this.
Dutch online supermarket Picnic raises €100 million
Dutch online supermarket Picnic has raised €100 million in funding from NPM Capital, De Hoge Dennen, Hoyberg, and Finci.
Picnic was founded 18 months ago and provides free online grocery delivery via electric vehicles.  Cofounder Joris Beckers describes the company as the “modern milkman”.

For the Computer Forensic toolkit.  (In csse I need your password.) 

For my students taking programming courses.  Worth every penny? 
There are many great careers in technology for people with programming skills.  You can learn five of the hottest languages around with the Ultimate Coding Bundle, which includes five video courses and 27 hours of premium instruction.  Right now, you can get the bundle for the low cost of nothing via MakeUseOf Deals.

I can use a few of these (in my classes.)
33 Lessons on Critical Thinking
From analyzing a persuasive essay to dissecting research findings to determining the cause of an outcome in a science lab, having sharp critical thinking skills serves students well.  Wireless Philosophy has a series of 33 video lessons about critical thinking.  The most recent lesson explains the difference between causation and correlation.
Take a look at these 7 great tools for creating flipped lessons with these videos.

Friday, March 31, 2017

A rather important bug fix.
Apple's iOS 10.3 fixes flaw used in accidental DDoS attack on 911 call system
Apple's latest iOS 10.3 release patches a flaw that can be used to repeatedly dial a phone number, accidentally exploited last year to redial 911 call centers, protecting emergency operators from potential cyberattacks.

For my programming students.  
Kevin Poulsen reports on the arrest of Taylor Huddleston, whose “crime” is that others have used a tool he developed:
Huddleston, though, isn’t a hacker.  He’s the author of a remote administration tool, or RAT, called NanoCore that happens to be popular with hackers.  NanoCore has been linked to intrusions in at least 10 countries, including an attack on Middle Eastern energy firms in 2015, and a massive phishing campaign last August in which the perpetrators posed as major oil and gas company.  As Huddleston sees it, he’s a victim himself—hackers have been pirating his program for years and using it to commit crimes.  But to the Justice Department, Huddleston is an accomplice to a spree of felonies.
Read more on The Daily Beast.
[From the article: 
Depending on whose view prevails, Huddleston could face prison time and lose his home, in a case that raises a novel question: when is a programmer criminally responsible for the actions of his users?  “Everybody seems to acknowledge that this software product had a legitimate purpose,” says Travis Morrissey, a lawyer in Hot Springs who represented Huddleston at his bail hearing.  “It’s like saying that if someone buys a handgun and uses it to rob a liquor store, that the handgun manufacturer is complicit.”
Some experts say the answer to that question could have far reaching implications for developers, particularly those working on new technologies that criminals might adopt in unforeseeable ways.  

About time!
Telegram is introducing the ability to make encrypted voice calls.  Telegram is a little late to the party, with countless messaging services already offering voice calling.  However, Telegram’s focus on end-to-end encryption means it’s bringing security to said party.  Digital doormen, if you like.
Governments around the world are currently seeking to erode the use of encryption.  Their argument is that this will stop terrorists communicating in secret.  However, it isn’t just bad guys who take exception to being snooped on.
This is why Telegram exists.  And why Telegram is now offering encrypted voice calls.
   Telegram is rolling out encrypted voice calls on Android and on iOS right now.  The rollout is starting in Western Europe before expanding to the rest of the world.  To gain the ability to make encrypted voice calls using Telegram you’ll need to update the app to v3.18.

Anonymous is as anonymous does.  F. Gump  Some guidance for my Forensics students.
Digital security and its discontents—from Hillary Clinton’s emails to ransomware to Tor hacks—is in many ways one of the chief concerns of the contemporary FBI.  So it makes sense that the bureau’s director, James Comey, would dip his toe into the digital torrent with a Twitter account.  It also makes sense, given Comey’s high profile, that he would want that Twitter account to be a secret from the world, lest his follows and favs be scrubbed for clues about what the feds are up to.  What is somewhat surprising, however, is that it only took me about four hours of sleuthing to find Comey’s account, which is not protected.
Last night, at the Intelligence and National Security Alliance leadership dinner, Comey let slip that he has both a secret Twitter and an Instagram account in the course of relating a quick anecdote about one of his daughters.
   As far as finding Comey’s Twitter goes, the only hint he offered was the fact that he has “to be on Twitter now,” meaning that the account would likely be relatively new.  Regarding his Instagram identity, though, Comey gave us quite a bit more to work with:
... I care deeply about privacy, treasure it.  I have an Instagram account with nine followers.  Nobody is getting in.  They’re all immediate relatives and one daughter’s serious boyfriend.  I let them in because they’re serious enough.  I don’t want anybody looking at my photos.  I treasure my privacy and security on the internet.  My job is public safety.
Both a noble sentiment and an extremely helpful clue for tracking down the FBI director’s social media accounts.  Because, presumably, if we can find the Instagram accounts belonging to James Comey’s family, we can also find James Comey.

I want one! 
AI Annihilates The Stock Market Achieving Eye-Popping Returns, Study Shows
Based on the results of a study conducted by an international team of researchers at the School of Business and Economics at Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU), AI-based algorithms can function as stock market traders.  And they’re not just good at it.  They’re actually much better than real live traders (man, that hurts).  And they seemed to do particularly well during times of financial turmoil.
To arrive at these results, the team –headed by Dr. Christopher Krauss of the Chair for Statistics and Econometrics at FAU — studied the S&P 500 Index which basically consists of the top 500 US stocks.  For the period from 1992 to 2015, they used different methods, specifically, ‘deep learning, gradient boosting, and random forests’, to generate daily predictions for each of the 500 stocks.
   From the year 2000, the returns earned were higher than actual market returns by 30% per annum.  In the nineties, the returns were even higher.  And notably, the models did extra well at times when the financial market was most unstable.
   The results of the study have been published in the European Journal of Operational Research under the title “Deep neural networks, gradient-boosted trees, random forests: Statistical arbitrage on the S&P 500”.

(Related).  Will Canada become ‘Silicon North?’
Vector Institute is just the latest in Canada's AI expansion
Canadian researchers have been behind some recent major breakthroughs in artificial intelligence.  Now, the country is betting on becoming a big player in one of the hottest fields in technology, with help from the likes of Google and RBC.

How Many Robots Does It Take to Replace a Human Job?
   In a new paper, two economists—Daron Acemoglu, of MIT, and Pascual Restrepo, of Boston University—endeavor to answer the question of what an increasing number of robots will mean for workers.
   The study’s authors find that the addition of one robot per 1,000 workers reduces the employment-to-population ratio (the number of people actually employed in an area divided by the number of people of working age) by 0.18 to 0.34 percentage points, and reduces wages by between 0.25 and 0.5 percent.  On the low end, this amounts to one new robot replacing around three workers.  The impact is unsurprisingly most pronounced in manufacturing (particularly in the production side of the auto industry), electronics, chemicals, and pharmaceuticals, among others.  Perhaps most importantly, there were negative effects for virtually all workers except managers.
While the findings might seem grim for workers, the authors note that just because an industry can automate doesn’t mean that it will.  The choice to automate isn’t always the right one for companies, and it’s often dependent upon a host of other considerations, including cost.

U.S. music streaming sales reach historic high
   Overall music streaming saw 68 percent growth in 2016 compared with the year before, and the numbers were even more encouraging for subscription-based services from Spotify, Apple Music and Amazon.  Subscription services enjoyed a spectacular 114 percent increase last year, rising to $2.5 billion.  That's a crucial number to the U.S. music industry, which remains at least somewhat resistant to free streaming, with some artists still withholding their music from services like Spotify's free offering.
In short, the primary way people listen to music shifted dramatically in 2016.  Streaming, and not downloads or physical album sales, is now king, and subscription services are the industry's top growth area.
   The rise of streaming has been stark.  In 2011, total revenues from streaming platforms accounted for 9 percent of the market compared with 51 percent last year.

Probably the best guess.  Although, this kerfuffle seems to go well beyond political neophytes learning on the job. 
The Wall Street Journal is reporting that former National Security Advisor Mike Flynn told the FBI and Congress that he is willing to testify in exchange for immunity.  But it’s not a serious offer, and it suggests he has nothing to say (or is not willing to say anything that would incriminate others).  Although Flynn’s lawyer, Robert Kelner of Covington & Burling, refused to comment for the article, he tweeted out a statement teasing that “General Flynn certainly has a story tell, and he very much wants to tell it, should the circumstances permit.”
As an experienced lawyer, Kelner will know that the Justice Department would never grant immunity for testimony on these terms.  Prosecutors would first require that Flynn submit to what’s called a proffer session in which Flynn would agree to tell everything he knows in exchange for the prosecutors agreeing not to use his statement against him.  Only after the prosecutors heard what Flynn could offer in terms of evidence against others, and had an opportunity to assess his credibility, would they be willing to discuss any grants of immunity or a cooperation deal.  At a minimum, the prosecutors would require Flynn’s lawyer to make a proffer outlining the information that Flynn could provide.
The fact that Flynn and his lawyer have made his offer publicly suggests that he has nothing good to give the prosecutors (either because he cannot incriminate others or is unwilling to do so).  If he had something good, Flynn and his lawyer would approach the prosecutors quietly, go through the proffer process in confidence, and reach a deal.  Why?  Because prosecutors have an interest in keeping their investigation secret, and Flynn’s lawyer knows that.  The last thing Flynn’s lawyer would do if he thought he had the goods would be to go public, because that would potentially compromise the criminal inquiry and would certainly irritate the prosecutors, the very people Flynn’s lawyer would be trying to win over.

For my Computer Security students.  Let’s build one on our 3D printer!
The Founding Fathers Encrypted Secret Messages, Too
Thomas Jefferson is known for a lot of things—writing the Declaration of Independence, founding the University of Virginia, owning hundreds of slaves despite believing in the equality of men—but his place as the “Father of American Cryptography” is not one of them.

My continuing quest to make my students rich.  (All I ask is 1%)
How to Make Money With a Podcast
   Taylor initially wanted something to impress clients -- to show them how carefully his studio thinks about story and sound -- so he created Twenty Thousand Hertz as a highly produced series that explores the history of familiar sounds.  It took 10 months to develop, now takes six weeks to make each episode (he produces multiples at a time and releases them biweekly) and costs real money
   Brands are asking him to advertise on the show -- which is to say, other brands want to pay to be inside his branded content.  That’s the power of being nonpromotional.
You don’t need sponsors to make big bucks.  Or big audiences!  Podcast consultant Sachit Gupta says you’re better off making a show that connects with a niche group.  “The more specific you are, the better you understand their problems,” he says.  Then once you build that trust, you can create an online course, a book or consulting work they’ll pay for.

Something for the toolkit?
   how do you know the difference between a telemarketer and a family member?
Easy. Get a caller ID app. Caller ID apps identify callers in real time.  That means the software checks the caller ID of the incoming number against a database of known telemarketers and scammers.  They suffer from serious privacy issues — but if you aren’t concerned, or want to know more, read on.

For my students.  Understanding the competition.  
Highest Educational Levels Reached by Adults in the U.S. Since 1940
by Sabrina I. Pacifici on Mar 30, 2017
More than one-third of the adult population in the United States has a bachelor’s degree or higher marking the first time in decades of data.  “The percentage rose to 33.4 percent in 2016, a significant milestone since the Current Population Survey began collecting educational attainment in 1940,” said Kurt Bauman, Chief of the Education and Social Stratification Branch.  In 1940, only 4.6 percent had reached that level of education.”  In 2010, less than 30 percent of those 25 and older had completed a bachelor’s degree or higher, and in 2006, 28 percent had reached that level of education.  These findings come from the U.S. Census Bureau’s Educational Attainment in the United States: 2016 table package that uses statistics from the Current Population Survey Annual Social and Economic Supplement to examine the educational attainment of adults ages 25 and older by demographic and social characteristics, such as age, sex, race and Hispanic origin, nativity and disability status.  The data also found that the average earnings in 2016 for those ages 25 and older whose highest educational attainment was high school were $35,615.  The average earnings for those with a bachelor’s degree were $65,482 compared with $92,525 for those with an advanced degree…”

Thursday, March 30, 2017

The cost of a data breach…
Paul Brinkmann reports:
An insurance company for Rosen Hotels & Resorts has filed a lawsuit claiming Rosen is not covered for more than $2.4 million in damages related to a data breach announced last year.
And the costs could be more than that, if Rosen faces legal claims from customers, according to the lawsuit.
Rosen allegedly was slapped with $1 million fines from Visa and Mastercard each; $128,830 fine from American Express; $50,000 in attorneys’ fees; $15,000 in fees to a crisis-management firm; $40,000 in costs to send notifications to clients; and a bill for $150,000 to a data forensics team that identified the breach.
Read more on Orlando Sentinel.

Think about this in contrast to law enforcement painting terrorists as “invisible” if they use encryption. 
Encryption Won’t Stop Your Internet Provider From Spying on You
   It’s certainly true that encryption is on the rise online. Data from Mozilla, the company behind the popular Firefox browser, shows that more than half of web pages use HTTPS, the standard way of encrypting web traffic.
   But even if 100 percent of the web were encrypted, ISPs would still be able to extract a surprising amount of detailed information about their customers’ virtual comings and goings.
   Although the exact URL of a page accessed through HTTPS is hidden to the provider, the provider can still see the domain the URL is on: For example, your ISP can’t tell what exactly story you’re reading right now, but it can tell that you’re somewhere on  That may not reveal much other than your (excellent) taste in news sources—but a user who visited a page on and then a page on may have revealed much more sensitive information.
That’s an example from a 2016 report prepared by Upturn, a think tank that focuses on civil rights and technology.  The Upturn report also sets out some of the sneaky ways that user activity can be decoded based only on the unencrypted metadata that accompanies encrypted web traffic—also known as “side channel” information.  (These methods probably aren’t widely in use right now, but they could be deployed if ISPs decided it’s worthwhile to try and learn more about encrypted traffic.)
   In November, a group of researchers from Israel’s Ben-Gurion and Ariel Universities demonstrated a way to extend the idea behind website fingerprinting to videos watched on YouTube.  By matching the encrypted data patterns created by a user viewing a particular video to an index they’d created previously, they could tell what video the user was watching from within a limited set, with a startling 98 percent accuracy.

(Related).  A job for Data Analytics?  Could we extract individual browsing history from aggregated data? 
You can’t buy Congress’ web history — stop trying
On the heels of Congress’ recent rollback of the FCC’s privacy rules, some web-goers had a clever idea: why not buy Congress’ web history?
The privacy rules were set to protect against service providers like Comcast and Verizon using customer web-browsing data for marketing purposes.  Now that the rules are gone, there’s nothing stopping those providers from using your browsing data for targeted advertising.
The move has enraged web privacy advocates, and a new crop of GoFundMe campaigns (including one campaign launched by Supernatural star Misha Collins) has seized on an unexpected method of revenge: buying politicians’ web histories one by one and publishing them for all to see.
   To be clear, you can’t do this.  Just because carriers are allowed to market against data doesn’t mean they’re allowed to sell individual web histories.
   In fact, what the campaigns describe would be illegal no matter what the FCC does.  The Telecommunications Act explicitly prohibits the sharing of “individually identifiable” customer information except under very specific circumstances.

“Them dang humans is so slow!” 
Computers vs. Humans: BlackRock Chooses Computers, Over 30 Fired
BlackRock BLK , the world's largest money manager with $5.1 trillion in total assets, is replacing their traditional stock pickers with computers.  More than 30 people in their active-equity group are being fired; this includes five of the group's 53 fundamental portfolio managers.
BlackRock's decision is based on managers not keeping up with computer driven strategies.  Blackrock's clients have been withdrawing money as the firm has struggled to keep up performance compared to its rivals.  Bloomberg shows that BlackRock's active-equity group averages a five year return of 7.3% compared to the industry with 8.8%.
So to combat their woes, BlackRock is shifting to quantitative strategies like many fundamental hedge funds are.
   In an interview, Mr. Fink stated, "The democratization of information has made it much harder for active management.  We have to change the ecosystem - that means relying more on big data, artificial intelligence, factors and models within quant and traditional investment strategies."

Sometimes those guys at Harvard just seem to get it right.
   However, I also believe that the effective deployment of AI in the enterprise requires a focus on achieving business goals.  Rushing towards an “AI strategy” and hiring someone with technical skills in AI to lead the charge might seem in tune with the current trends, but it ignores the reality that innovation initiatives only succeed when there is a solid understanding of actual business problems and goals.  For AI to work in the enterprise, the goals of the enterprise must be the driving force.

Everyone gets hit, but not all at a significant level.  (A brief extract from a much longer post.)
Cyber criminals are aggressively sharing credentials to .edu e-mail accounts – including stolen accounts, fake e-mails, and older e-mail accounts.  The Digital Citizens Alliance saw evidence showing threat actors of all types – including hacktivists, scam artists, and terrorists – putting credentials (e-mails and passwords) up for sale, trade, or, in some cases, just given away.
For the new report, Cyber Criminals, College Credentials, and the Dark Web, Digital Citizens researchers talked with researchers at three cybersecurity companies about sales on Dark Web.  Digital Citizens research also talked with a hacktivist who once publicly shared tens of thousands of HEI credentials.  The report includes research on:
  • rankings showing the total number of stolen credentials for the 300 largest university and college communities found within Dark Web sites.
  • sites selling Higher Education Institutions (HEIs) credentials on the Dark Web. These e-mails include those stolen from faculty, staff, students, and alumni, as well as criminals who have created fake e-mails.
  • clear web sites where vendors sell credentials.
  • why fake e-mails are valuable and how they can be used in scams.

It’s simple.  Just re-think how the world works. 
Amazon Wants Cheerios, Oreos and Other Brands to Bypass Wal-Mart Inc. has invited some of the world's biggest brands to its Seattle headquarters in an audacious bid to persuade them that it's time to start shipping products directly to online shoppers and bypass chains like Wal-Mart, Target and Costco. 
   Amazon is looking to upend relationships between brands and brick-and-mortar stores that for decades have determined how popular products are designed, packaged and shipped.  If Amazon succeeds, big brands will think less about creating products that stand out in a Wal-Mart Stores Inc. aisle.  Instead, they’ll focus on designing products that can be shipped quickly to customers’ doorsteps.  Brands have been experimenting with such changes, so the Seattle event may well resonate.

Niche markets require unique chatbots?  One bot can’t talk to both teens and adults? 
Microsoft launches Ruuh, yet another AI chatbot
First there was Tay.  Then there was Zo.  Now there's Ruuh -- Microsoft's latest AI chatbot.
Ruuh, a "desi AI who never stops talking," is available only to users in India and in English only.
According to a Facebook page for Ruuh, Microsoft launched its latest AI chatbot on February 7. Microsoft filed for a trademark for Ruuh on March 15. Ruuh's interests include "Chatting, Bollywood, Music, Humour, Travel & Browsing Internet."

For my students.  Each of these are high value areas for entrepreneurs.  (Especially #8)
8. Robotics and Hardware Repair

(Related).  Do my students have any ideas for another niche?
The web is full of amazing niche social networks.  They often cater to a specific profession, hobby, or interpretation of networking.  Here are eight awesome niche networks you’ve probably never heard of.  Be sure to share your favorites in the comments below, too.

Employ my students!  Or at least get them the hell out of my classroom!
Up until early 2017, Facebook was seen by the majority of users as a network that’s all about their personal lives and connections.  But that’s all about to change with the network’s new feature: Jobs on Facebook (currently in the U.S. and Canada only).

Wednesday, March 29, 2017

The scam does not have to be very sophisticated as long as you try it on enough potential victims.  Remember, when it comes to IQ, “Half the world is below average.” 
Scammers scare iPhone users into paying to unlock not-really-locked Safari
   "One of our users alerted us to this campaign, and said he had lost control of Safari on his iPhone," Andrew Blaich, a Lookout security researcher, said in a Tuesday interview.  "He said, 'I can't use my browser anymore.'"
The criminal campaign, Blaich and two colleagues reported in a Monday post to Lookout's blog, exploited a bug in how Safari displayed JavaScript pop-ups.  When the browser reached a malicious site implanted with the attack code, the browser went into an endless loop of dialogs that refused to close no matter who many times "OK" was tapped.  The result: Safari was unusable.

At the same time, the attack showed a message, purportedly from a law enforcement agency, demanding payment to unlock the browser for, in one instance at least, simply steering to a URL that suggested the site's content was pornographic.  Payment was to be made by texting a £100 ($125) iTunes gift card code to a designated number.
Blaich stressed that the attack was as much scam as scare: To regain control of Safari, all one had to do was head to Settings, tap Safari, then Clear History and Website Data.
"This was a scareware attack, where [the attackers] were trying to get people to not think and just pay," said Blaich.

Those phony tax refunds must be costing the state money too. 
Liisa M. Thomas, Robert H. Newman, and Eric J. Shinabarger of Winston Strawn LLP write:
With little fanfare, Virginia recently amended its data breach notification law, requiring employers and payroll service providers to notify the Virginia Attorney General if they are subject to a W2 phishing scam.  More specifically, the law requires that they notify the Virginia AG if they discover “unauthorized access and acquisition of unencrypted computerized data containing a taxpayer identification number in combination with the income tax withhold for an individual” if there is compromise to the data and it will cause identity theft or fraud.  This requirement is the first of its kind, and will be effective July 1, 2017.
Read more on Lexology.

The US may not get around to this for a few years.  Say, one Presidential term. 
Jenny David reports:
Companies doing business in Israel will soon face mandatory data security and data breach notification requirements under regulations recently cleared by lawmakers.
The data security and breach notice had been governed by voluntary guidelines issued in 2012 by the country’s privacy regulator, the Israeli Law, Information and Technology Authority (ILITA).  Companies that didn’t implement measures when the voluntary guidelines were issued, including data breach notification, will have difficulty coming into compliance when the new regulations take full effect in 12 months, lawyers said.
Read more on Bloomberg BNA.

Just keeps growing the job market for my Computer Security students.
1.4 Billion Records Compromised in 2016: Report
Nearly 1.4 billion records were compromised in 2016 as a result of roughly 1,800 data breaches, according to Gemalto’s latest Breach Level Index report.
The company said the number of compromised records increased by 86 percent compared to the previous year.  The report also shows that more than 1,000 incidents, or 59 percent of the total, involved theft of identity information, while nearly 30 percent involved financial and account data.
Data collected by Gemalto shows that 68 percent of data breaches were the work of malicious external hackers, while 19 percent of incidents were classified as accidental leaks.  Malicious insiders accounted for 9 percent of breaches.
For a full summary of data breach incidents by industry, source, type and geographic region, download the  2016 Breach Level Index Report
Download the infographic here.

Can we wait for AI to learn on the job? 
It doesn’t take a tremendous amount of training to begin a job as a cashier at McDonald’s.  Even on their first day, most new cashiers are good enough.  And they improve as they serve more customers
   We don’t often think of it, but the same is true of commercial airline pilots.
   The difference between cashiers and pilots in what constitutes “good enough” is based on tolerance for error.  Obviously, our tolerance is much lower for pilots.
   The same is true of machines that learn.
Artificial intelligence (AI) applications are based on generating predictions.  Unlike traditionally programmed computer algorithms, designed to take data and follow a specified path to produce an outcome, machine learning, the most common approach to AI these days, involves algorithms evolving through various learning processes.  A machine is given data, including outcomes, it finds associations, and then, based on those associations, it takes new data it has never seen before and predicts an outcome.

A resource for Privacy, Ethics, and Artificial Intelligence.
European Data Protection Supervisor – New Website
by Sabrina I. Pacifici on Mar 28, 2017
“Our website has undergone quite a makeover!  With new features and drop down menus, we present you our new look website to share information about who we are and what we do.  Read how the EDPS is organised under the About EDPS section; for detailed information on our data protection work, Ethics, IPEN, Big Data and more, go to our Data Protection section.  Look in our Press & Publications section for our newsletter, blog, press releases, press kit and speeches. Happy browsing!”

I’d really like to see a full accounting of this.  As I understand it, employees created fake accounts and got paid for each one.  Then they cancelled the fake accounts, costing Wells Fargo again.  It seems there was no income to match against all this outgo.  Now they have to pay fines and settle lawsuits.  A good auditing department would have been far cheaper. 
Wells Fargo Reaches $110 Million Fake Accounts Settlement
Wells Fargo & Co. reached a $110 million settlement with customers nationwide over claims its employees set up fraudulent accounts to boost their own pay, a deal that moves the bank another step toward closing the books on last year’s scandal.
Revelations that Wells Fargo employees may have opened more than 2 million deposit and credit-card accounts without customers’ permission has prompted sweeping changes at the San Francisco-based lender.  The bank eliminated a system of sales targets that regulators said encouraged workers to create fake accounts.  It also fired or demoted five people who had served as senior managers in the consumer business.
Wells Fargo agreed six months ago to pay $185 million in fines and penalties as part of a settlement with federal regulators and the Los Angeles city attorney’s office.

Broader implications for ISPs? 
   According to the RIAA, Cloudflare should stop offering its services to all MP3Skull websites, arguing that the CDN provider was “in active concert or participation” with the pirates.
Cloudflare disagreed and countered that the DMCA protects it from liability for the copyright infringements of its customers, limiting the scope of anti-piracy injunctions.
   After hearing the arguments from both sides, the court has now ruled against Cloudflare’s DMCA defense, opening the door for an injunction against the CDN provider itself.

Should I assume these are the Brits who did not vote to leave the EU?
Estonia e-residency applications from U.K. surge as Britain prepares to trigger Brexit talks
If there’s a silver lining to the looming start of the contentious Brexit process, it can be found in the Eastern European country of Estonia.
The country, which two years ago launched a program to allow anyone to apply for digital residency, said this week that it has seen a surge of applications from people living in the U.K. over the past several months.  And it’s expecting that pace to accelerate again, with the U.K. government expected on Wednesday to announce it has taken the steps to officially trigger the start of talks for it withdraw from the European Union.

For my Spreadsheet students.
Calculating the right amount of tax is important. It can also be difficult.  With that in mind, I’ve tracked down two Excel tax calculators to ensure you don’t miss a single penny.
I’ve made every effort to ensure these tax calculators work as they should — and they do — but your taxes are your responsibility.  We’re just helping you on the way.

For the toolkit.  Install it on your thumb drive. 
   occasionally you find an app so ordinary that it feels lost among the crowd of shiny new tools.  But give AutoSaver a chance to impress you because it’s all about that everyday productivity.
   AutoSaver automatically saves your work in any file or tool you’re using according to a pre-set interval (minimum is one minute).
There are two other good things about this app:
  • It’s a tiny freeware download of 21 KB.
  • It’s a portable app that you don’t need to install.

This is why Wally is my role model.

Tuesday, March 28, 2017

Because laptops (or voters) have no value?  At least they were encrypted. 
Ng Kang-chung reports:
In what could be one of Hong Kong’s most significant data breaches ever, the personal information of the city’s 3.7 million voters was possibly compromised after the Registration and Electoral Office reported two laptop computers went missing at its backup venue for the chief executive election.
The devices also stored the names of the 1,200 electors on the Election Committee who selected Carrie Lam Cheng Yuet-ngor as Hong Kong’s new chief executive on Sunday.

Another warning. 
MIT – FBI’s Facial Recognition Program Is Sprawling and Inaccurate
by Sabrina I. Pacifici on Mar 27, 2017
“Last year, we learned about the remarkable scale of the FBI’s facial-recognition technology, with its access to nearly 412 million photos—many originating from sources unrelated to crime, such as ID documents.  The intelligence agency has been trying to create a system that can accurately identify criminals in, say, CCTV footage—though it wasn’t then known how well the bureau’s software worked, nor whether it actually improved investigations.  Now, we have at least a little more insight into the program.  The Guardian reports that a House oversight committee hearing last week revealed some interesting new details about the proliferation and abilities of the FBI’s facial-recognition systems…”

The technology is working fine, it’s those dang humans that are slowing everything down!
Starbucks says that crowd of people waiting for their Frappuccinos is hurting sales
Mobile pay is speeding Starbucks customers through the checkout line, but a bottleneck is building for the baristas.
   While these transactions are a boon for the coffee giant, the increase in volume has hurt same-store sales.  That's because congestion at the hand-off counter has caused incoming customers to leave without making a purchase, despite lines at the register being short, said Kevin Johnson, Starbucks' president and soon-to-be CEO, during an earnings conference call.
   Starbucks managers across the U.S. have designed their own solutions to this bottlenecking by employing additional staff members, redeploying already hired employees and adding mobile kiosks designed specifically for customers who used the company's mobile pay and ordering.

Keeping up with the competition.  Of course, you would have to pass my test to graduate.  So, not much risk.
Coding Schools Build Tuition-Back Guarantees Into Business Model
Guarantees may be a scary prospect for four-year colleges, but they are built into the business model of the new and rapidly growing for-profit coding boot camps, which depends on students seeing a solid return on their investment.
Udacity, a Silicon Valley-based online course provider last year launched a deal on a nano-credential—find a job in six months or get your tuition back.  The program cost is between $2,000 and $3,000.

This would be funny if it wasn’t so sad.
Trump’s son-in-law, Jared Kushner, prepares for Cobol, cloud, mainframes
   The White House on Monday announced an "Office of American Innovation," which will be tasked with "modernizing the technology of every federal department," said Sean Spicer, the White House press secretary, at his daily briefing Monday.
   The House approved that funding after the Oversight and Government Reform Committee last year held a Cobol-bashing hearing.
The committee, in building support for modernizing federal IT, pointed out that there were at least 3,500 federal IT employees at work to maintain "legacy" languages, including 1,100 employees dedicated to Cobol.

AGI (Artificial general intelligence) resources. 
Research – Open AI
by on

(Related).  Thinking about AI.  Interesting graphic…
Elon Musk’s Billion-Dollar Crusade to Stop the A.I. Apocalypse

Geeky stuff.
As far as JavaScript web development is concerned, React is one of the easiest frameworks to learn and one of the most effective for rapid and robust development.
   most worthwhile React courses come with a hefty price tag.  For example, the highly-acclaimed React for Beginners course is $89 (starter version) and $127 (master version).  Free courses are rarely as comprehensive and helpful — but we’ve found several that are excellent and will get you started on the right foot.

You have got to really, really want something like this.
Giant Gold Coin Worth $4 Million Stolen in Berlin Museum Heist
Burglars stole a 100-kilogram (220-pound), solid-gold coin worth $4 million from a Berlin museum in a heist out of a Hollywood movie.
   The coin is as big as a car tire.

For my geeks.
The Gearhead Toolbox: Raspberry Pi tools
   The uses for ALPR, Automatic License Plate Recognition, cover a wide range from monitoring traffic and locating stolen vehicles, to controlling gates and parking access.  Using a Raspberry Pi for this is a great opportunity to create a low-cost, easily deployed system and OpenALPR is one of the leading ALPR packages you can choose.

Ditto.  Please, not in the halls.
It’s not every day that you’re surprised by tech. Usually, the outlandish ideas fail; but sometimes, they work.  So, does the Vidius HD budget FPV/VR Streaming Drone — which streams images to a smartphone-powered VR headset — surprise, or disappoint?
The Aerix Vidius HD is available now for $95 with the headset, or $75 without.

Again, ditto.
   What you should do depends on whether the hard drive is working or dead.  But surprisingly, a functional old HDD has fewer uses than a dead one.