Saturday, April 15, 2017

An interesting approach to security.
Can AI and ML slay the healthcare ransomware dragon?
It’s common knowledge that healthcare organizations are prime – and relatively easy – targets for ransomware attacks.  So it is no surprise that those attacks have become rampant in the past several years.  The term “low-hanging fruit” is frequently invoked.
But according to at least one report, and some experts, it doesn’t have to be that way. ICIT – the Institute for Critical Infrastructure Technology – contends in a recent whitepaper that the power of artificial intelligence and machine learning (AI/ML) can “crush the health sector’s ransomware pandemic.”
   The AI/ML model, Bathurst said, doesn’t need specific signatures.  “It’s very good at answering questions like: ‘Is this file going to potentially harm my computer if it’s allowed to execute?’  It doesn’t need one-to-one matches with signatures,” he said.
It is obvious that the healthcare sector needs better security.  One of the reasons it is such a popular target is that, as the report notes, the victims are more likely to pay, since, “every second a critical system remains inaccessible risks the lives of patients and the reputation of the institution.  Hospitals whose patients suffer as a result of deficiencies in their cyber-hygiene are subject to immense fines and lawsuits.”
   AI/ML can be three times the cost of anti-virus solutions, he said, “and healthcare organizations are already fighting for every budget dollar they have.
“If the average cost of a ransomware attack is $300 – which was reported by the ICIT in 2016 – why would I spend tens of thousands of dollars more per year to prevent that risk?  I’d need 30 or 40 successful attacks before the cost makes sense.”

   In fact, although we saw examples of companies using AI in computer-to-computer transactions such as in recommendation engines that suggest what a customer should buy next or when conducting online securities trading and media buying, we saw that IT was one of the largest adopters of AI.  And it wasn’t just to detect a hacker’s moves in the data center.  IT was using AI to resolve employees’ tech support problems, automate the work of putting new systems or enhancements into production, and make sure employees used technology from approved vendors.  Between 34% and 44% of global companies surveyed are using AI in in their IT departments in these four ways, monitoring huge volumes of machine-to-machine activities.
In stark contrast, very few of the companies we surveyed were using AI to eliminate jobs altogether.  For example, only 2% are using artificial intelligence to monitor internal legal compliance, and only 3% to detect procurement fraud (e.g., bribes and kickbacks).
What about the automation of the production line?  Whether assembling automobiles or insurance policies, only 7% of manufacturing and service companies are using AI to automate production activities.  Similarly, only 8% are using AI to allocate budgets across the company. Just 6% are using AI in pricing.

Making crime safe?  Social media for the anti-social? 
Move over darknet, WhatsApp is where India’s new digital black market is at
   groups offering items, mostly electronics, bought from ecommerce sites using stolen credit card details at heavily discounted prices.
Till some time ago, it was just the deep web or the darknet — which not everyone knows about and which is not easy to access — where contraband, porn, fake IDs, credit card details and other hacked user data were sold.
By moving to the chatting app, such illegal trade is becoming mainstream, allowing cybercriminals to reach out to India’s huge userbase of 200 million WhatsApp users.
What’s more, traders can be brazen in their dealings as they have no fear of being caught.  Data privacy laws and WhatsApp’s encryption policy make it next to impossible for cybercrime authorities to track such black markets.  The fact that most users on these groups sign up with virtual numbers — use-and-throw proxy numbers that can be generated using apps — makes it even more difficult.  India’s national encryption policy draft excludes WhatsApp users from the mandate of keeping a 90-day record of all their encrypted communications.

Will we even recognize when an AI makes a bad decision? 
The Dark Secret at the Heart of AI
No one really knows how the most advanced algorithms do what they do.  That could be a problem.
Last year, a strange self-driving car was released onto the quiet roads of Monmouth County, New Jersey.  The experimental vehicle, developed by researchers at the chip maker Nvidia, didn’t look different from other autonomous cars, but it was unlike anything demonstrated by Google, Tesla, or General Motors, and it showed the rising power of artificial intelligence.  The car didn’t follow a single instruction provided by an engineer or programmer.  Instead, it relied entirely on an algorithm that had taught itself to drive by watching a human do it.
Getting a car to drive this way was an impressive feat.  But it’s also a bit unsettling, since it isn’t completely clear how the car makes its decisions.  Information from the vehicle’s sensors goes straight into a huge network of artificial neurons that process the data and then deliver the commands required to operate the steering wheel, the brakes, and other systems.  The result seems to match the responses you’d expect from a human driver.  But what if one day it did something unexpected—crashed into a tree, or sat at a green light?  As things stand now, it might be difficult to find out why.  The system is so complicated that even the engineers who designed it may struggle to isolate the reason for any single action.  And you can’t ask it: there is no obvious way to design such a system so that it could always explain why it did what it did. [Not sure I agree with this.  Bob] 
   In 2015, a research group at Mount Sinai Hospital in New York was inspired to apply deep learning to the hospital’s vast database of patient records.  This data set features hundreds of variables on patients, drawn from their test results, doctor visits, and so on.  The resulting program, which the researchers named Deep Patient, was trained using data from about 700,000 individuals, and when tested on new records, it proved incredibly good at predicting disease.  Without any expert instruction, Deep Patient had discovered patterns hidden in the hospital data that seemed to indicate when people were on the way to a wide range of ailments, including cancer of the liver.  There are a lot of methods that are “pretty good” at predicting disease from a patient’s records, says Joel Dudley, who leads the Mount Sinai team. But, he adds, “this was just way better.”
At the same time, Deep Patient is a bit puzzling.  It appears to anticipate the onset of psychiatric disorders like schizophrenia surprisingly well.  But since schizophrenia is notoriously difficult for physicians to predict, Dudley wondered how this was possible.  He still doesn’t know.  The new tool offers no clue as to how it does this.  If something like Deep Patient is actually going to help doctors, it will ideally give them the rationale for its prediction, to reassure them that it is accurate and to justify, say, a change in the drugs someone is being prescribed.  “We can build these models,” Dudley says ruefully, “but we don’t know how they work.”

For my cable-cutting students.
   With those unfamiliar with Kodi, you can run it on your desktop, install the Android version from the Play Store, or even follow a workaround to get it running on your iOS gadget.
As for Kodi boxes, they are becoming increasingly common as people look to slash their cable bill or cut the cord completely.
   Formerly known as XMBC, Kodi is a free-to-use open source media player.  It acts as a single centralized hub for all your locally-saved entertainment.  It also lets you watch live TV thanks to its support for most well-known back-ends, including MediaPortal, MythTV, NextPVR, Tvheadend, and VDR.
   Is Kodi Illegal?
The answer is a resounding No.  Kodi is not illegal now and will almost certainly never become illegal in the future.
In simple terms, Kodi is nothing more than a media app.  When you install it on your device, it’s empty.  It’s nothing more than a shell waiting for you, the user, to populate it with content.  No add-ons come pre-packaged, and even if they did, there is no way the developers would release the app with the illegal ones baked in.
Kodi even has an official repository for add-ons.  Every single one of the add-ons you will find in it are entirely legal to download and use in every jurisdiction.

Many of my students use WhatsApp.
Using WhatsApp as a Private Store for your Documents and Notes
WhatsApp is more than just a messaging app.  Use the app to quick transfer files between computer and phone.  Or make it a private storehouse for your notes, voice memos, documents and more.

Friday, April 14, 2017

A tool for automotive “ransomware?” 
Flaws in Bosch Car Dongle Allow Hackers to Stop Engine
Vulnerabilities found by researchers in Bosch’s Drivelog Connect product can be exploited by hackers to inject malicious messages into a vehicle’s CAN bus.  The vendor has implemented some fixes and is working on adding more attack protections.
Bosch’s Drivelog Connect is a service that provides information about the condition of a vehicle, including potential defects, service deadlines, and data on fuel consumption and driving behavior.  The product includes a dongle called Drivelog Connector, which is connected to the car’s OBD2 diagnostics interface, and a mobile application that communicates with the dongle via Bluetooth.
Researchers at automotive cybersecurity firm Argus have identified some potentially serious vulnerabilities in the communications between the mobile app and the dongle.

“Why” might be an interesting question.  Has the risk doubled?  Has ISIS (et. al.) doubled in size? 
Microsoft says U.S. more than doubled its FISA requests
Microsoft said on Thursday it had received at least a thousand surveillance requests from the U.S. government that sought user content for foreign intelligence purposes during the first half of 2016.

(Related).  Do we assume schoolchildren are terrorists?  Do schools really want to assume the liability for missing something (like a suicide note) on the student’s phone? 
Nick Cahill reports:
Hampered by widespread resistance from civil rights groups, backers of a bill that would allow California teachers and principals to search students’ cellphones pulled their proposal Wednesday.
Brought by the Association of California School Administrators, Assembly Bill 165 seeks to exempt students from recently enacted digital privacy protections against warrantless cellphone and electronic device searches.  Critics warned the bill could “sledgehammer” the Fourth Amendment and open up millions of K-12 students to unfettered school and government searches.
“This bill has massive ramifications to the privacy of 6 million students and families,” said Nicole Ozer, of the American Civil Liberties Union of California.
Read more on Courthouse News.

Perspective on one industry?
Protenus has released their Breach Barometer report for March.  The report is based on 39 incidents that reportedly affected 1,519,521 patients’ records.
As noted in recent months, we’ve reached that unhappy stage where we are seeing an average of one or more breach disclosures every day.  If this just represented greater transparency, that would be great, but it may also represent an increase in the number of breaches.
On a positive note: almost all of the entities for whom we had date of breach or discovery and date of report reported their breaches within 60 days from date of discovery.  Protenus understandably wonders whether that could indicate that a recent $475,000 settlement between HHS and Presence Health over late notification might be getting entities more calendar-conscious.
Some breaches are still taking too long to discover, however, as three breaches that were first disclosed in March had gone undetected for more than one year.  Two of those three incidents involved insider-wrongdoing.
As in past months, insider breaches represented a significant percentage (44%) of all reported incidents, but did not account for the bulk of breached records.  As we have seen before, hacking accounted for a smaller percentage of incidents but a larger percentage of breached records.  This month, there were 11 reports to HHS submitted as “Hacking/IT incidents.”  Four of those entities specifically described their hacking incidents as ransomware incidents in their notifications.  A fifth entity declined to answer the question of whether their incident involved ransomware.  Several other entities reported “hacking” incidents, but did not respond to inquiries from this site requesting more information.

Who defines the targets?  Would the US, France, and Russia agree on what is fake?   
Facebook Is Cracking Down on Thousands of Fake Accounts in France
Facebook said on Thursday it is taking action against tens of thousands of fake accounts in France as the social network giant seeks to demonstrate it is doing more to halt the spread of spam as well as fake news, hoaxes and misinformation.
The Silicon Valley-based company is under intense pressure as governments across Europe threaten new laws unless Facebook moves quickly to remove extremist propaganda or other content illegal under existing regulation.
Social media sites including Twitter, Google's YouTube, and Facebook also are under scrutiny for their potential to be used to manipulate voters in national elections set to take place in France and Germany in coming months.
In a blog post, Facebook said it was taking action against 30,000 fake accounts in France, deleting them in some, but not all, cases.  It said its priority was to remove fake accounts with high volumes of posting activity and the biggest audiences.  [Fake accounts have real audiences?  Bob] 
   For example, the company said it is using automated detection to identify repeated posting of the same content or an increase in messages sent by such profiles.

Automating your protest?  What if this App is downloaded a million times? 
This Chrome extension blocks United Airlines from flight searches
United Airlines has been the topic of a pretty steady stream of bad press.  Following a viral video of a man forcibly removed from a United Airlines flight, somehow someone got stung by a scorpion on a United flight, and today DropUnited launched.
DropUnited is a Chrome extension that removes United Airlines flights from your flight searches.

Should I remove my doorbell?
Orin Kerr writes:
In Florida v. Jardines (2013), the U.S. Supreme Court held that a front porch is a Fourth Amendment protected area but that there is an “implied license” allowing the police to walk up to the front door and knock in at least some cases.  If the police are just coming to talk to the homeowner, the court concluded, that’s within the implied license and no Fourth Amendment search occurs.  Homeowners implicitly consent to people coming to knock on the door and talk to them; that’s why they have doorbells.  On the other hand, if the police are bringing a drug sniffing dog to smell for drugs, that is outside the implied license.  People don’t implicitly consent to people coming to search them, and bringing a drug-sniffing dog to the front porch is a clear objective sign that the officers intend to search them.  Coming to the front porch with a drug-sniffing dog is therefore a search, and the police ordinarily can’t do that without a warrant.
Now consider this question: How does Jardines apply when properties have “no trespassing” signs posted?
Read more on The Volokh Conspiracy.

Soon, everyone will have access to AI?
The Democratization of Machine Learning: What It Means for Tech Innovation
   The democratization of ML gives individuals and startups a chance to get their ideas off the ground and prove their concepts before raising the funds needed to scale.
But access to data is only one way in which ML is being democratized.  There is an effort underway to standardize and improve access across all layers of the machine learning stack, including specialized chipsets, scalable computing platforms, software frameworks, tools and ML algorithms.

(Related).  Something for my Computer Security students to ponder.
Cognitive computing and artificial intelligence (AI) are spawning what many are calling a new type of industrial revolution.  While both technologies refer to the same process, there is a slight nuance to each.  To be specific, cognitive uses a suite of many technologies that are designed to augment the cognitive capabilities of a human mind.  A cognitive system can perceive and infer, reason and learn.  We’re defining AI here as a broad term that loosely refers to computers that can perform tasks that once required human intelligence.  Because these systems can be trained to analyze and understand natural language, mimic human reasoning processes, and make decisions, businesses are increasingly deploying them to automate routine activities.  From self-driving cars to drones to automated business operations, this technology has the potential to enhance productivity, direct human talent on critical issues, accelerate innovation, and lower operating costs.
Yet, like any technology that is not properly managed and protected, cognitive systems that use humanoid robots and avatars — and less human labor — can also pose immense cybersecurity vulnerabilities for businesses, compromising their operations.  

Another billion dollar company none of my students have ever heard of…
Yext Joins $1B Club With Successful IPO, Continuing Software's Hot Market Run
Yext wasn't quite a unicorn as a private software company.  After its first day trading on the New York Stock Exchange, it's even better: a $1 billion public one instead.
   Yext is betting that it can become the leader in what its chief executive calls, somewhat grandly, "digital knowledge management."  With micro-services booming to help us find the answers to questions from where to eat, how to find the right expert for a problem or when a business opens, Yext wants to be the layer of common information that ensures a business's correct information is conveyed the same across Google, a phone app or over Siri and Alexa.

I find this interesting.
How Tight-knit and Individualistic Communities Adopt New Technologies Differently
   Sometimes tight-knit groups have an advantage; other times, they are actually at a disadvantage.  The difference comes down to the type of technology being spread.  Is it a “low threshold” technology that is valuable even without a large number of adopters, such as computers or agricultural innovations, or is it “high threshold,” like a messaging app, which needs lots of adopters at once?
   In Mexico, which consists of highly cohesive communities, 78 percent of the population used instant messaging apps in 2013 compared with just 23 percent of the U.S. population, which is ranked as one of the most individualistic societies.

Think this is boring?  Search for “Trump.”
DATO Capital – Database of private companies and directors
by Sabrina I. Pacifici on Apr 13, 2017

Something to get my students outside.
Explore National Parks for Free In Person or Online
Entry to national parks in the United States is free each of the next two weekends.  If there is a national park near you, go out and explore.  Bring your phone to take some pictures.  Otherwise put it down and take in the experience.  Better yet, skip the phone all together and use a good old camera to take some pictures.
If there aren't any national parks near you, you can still explore them through some nice online resources.  National Parks virtual tours are available in the Google Arts & Culture apps for Android and iOS.  If you have VR headsets available to you, take a look at Google Expeditions virtual tours of the "hidden treasures" of National Parks. 

Interesting!  Want to share new technology? $0.00  Want to complain about your grade?  $99.99 (and the answer will still be NO) 
   “We think money is a good proxy of saying ‘I really want to reach you’,” says Gupta.  Users set their own pricing for receiving messages (think something like $.50 or $1).  They also set what topics they’re interested in hearing about.  Messages about things you’re interested in are free for other users to send.  If someone wants to message you about something else, they’ll have to pay.  Money only exchanges hands when you respond.  You can take the cash for yourself, or choose to have it go directly to a charity like the ACLU or  You can also cap your inbox for the week, so you only receive 10 messages instead of 50.

Thursday, April 13, 2017

Turning your devices against you.  A prelude to SkyNet?
Burger King’s New TV Ad Will Trigger Your Google Devices Without Permission
Imagine sitting at home on your couch, watching television, and a rather innocuous advertisement from Burger King comes on.  A young male Burger King employee looks directly into the camera and tells you that 15 seconds isn't enough time to explain all the ingredients in the Whopper sandwich.  The camera pulls in close, and he says, "Okay Google, what is the Whopper burger?"
The Google Home device near your TV will then respond, "The Whopper is a burger, consisting of a flame-grilled patty made with 100% beef with no preservatives or fillers, topped with sliced tomatoes, onions, lettuce, pickles, ketchup, and mayonnaise, served on a sesame-seed bun."  That is the first sentence for the Wikipedia entry for the Whopper.
It is also an advanced (and a bit creepy) new twist in the future of advertising for brands like Burger King, which is a fast-food concept owned by Restaurant Brands.  Burger King says the new ad is a national campaign that will intentionally trigger the artificial intelligence technology of Google Home devices to search "Whopper Sandwich."

What does Jeff know that other retailers don’t? 
Bezos says Artificial Intelligence to fuel Amazon's success is embracing artificial intelligence to deliver goods more quickly, enhance its voice-activated Alexa assistant and create new tools sold to others through its cloud-computing division, Chief Executive Officer Jeff Bezos said in his annual shareholder letter.
Changes ushered in by artificial intelligence and machine learning will help the companies that embrace them and put up barriers for those who don’t, the world's second- richest man wrote in a 1,700-word letter released Wednesday.

Wednesday, April 12, 2017

“Oh yeah, it’s a really cheap and easy security upgrade.  We just never thought it was worth it before the hack.”  Hacked on Saturday, fixed by Tuesday. 
Hacked Dallas sirens get extra encryption to fend off future attacks
Dallas city officials have added extra encryption and other security measures to the outdoor warning sirens hacked early Saturday.
The hack also prompted the city to evaluate critical systems for potential vulnerabilities, City Manager T.C. Broadnax said in a statement late Monday. City officials are reviewing security for financial systems, a flood warning system, police-fire dispatch and the 911/311 system.

Is it now “cool” to claim you were hacked by Russia?  There is a difference between “We’ve been hacked” and “Russia change the election results.”  
Brexit vote site may have been hacked, MPs say in report
   "There is no evidence to suggest malign intervention.  We conducted a full review into the outage and have applied the lessons learned.  We will ensure these are applied for all future polls and online services."

(Related).  A real response to Russian hacking?  
EU, NATO countries kick off center to counter 'hybrid' threats
Several EU and NATO countries on Tuesday signed up to establish a center in Helsinki to research how to tackle tactics such as cyber attacks, propaganda and disinformation.
The United States, Britain, France, Germany, Sweden, Poland, Finland, Latvia and Lithuania signed the Memorandum of Understanding for the membership, and more countries are due to come on board in July.
   Finland last year voiced concern about what it sees as an intensifying propaganda attack against it by the Kremlin. Germany has also reported a rise in Russian disinformation campaigns and targeted cyber attacks.

An interesting legal tactic.
Anthem to data breach victims: Maybe the damages are your own darned fault
Insurance giant Anthem has effectively scared off possible victims of a 2015 data breach by asking to examine their personal computers for evidence that their own shoddy security was to blame for their information falling into the hands of criminals.
Some of the affected Anthem customers sued for damages they say resulted from the breach but then withdrew their suits after Anthem got a court order allowing the exams.
The examiners would be looking only for evidence that their credentials or other personal data had been stolen even before the Anthem hack ever took place, according to a blog by Chad Mandell, an attorney at LeClairRyan.
“If that proved to be true, it would call into question whether the plaintiffs’ alleged injuries had truly been caused by the Anthem hack,” he writes.  

Is this based on the discovery of potential terrorist or a need to be seen “doing something?”  Has anyone asked to see the results of these searches? 
The Steady Rise of Digital Border Searches
New statistics released Tuesday by U.S. Customs and Border Protection reveal that the rate of digital border searches is on pace to quadruple since 2015.  That means more and more travelers entering the U.S. are being asked to turn over their electronic devices to be analyzed.
The increase appears to have begun even before President Donald Trump’s promise to scrutinize incoming visitors with “extreme vetting” measures, some of which included stepping up digital surveillance.  And if Trump’s cabinet gets its way, the trend may accelerate further.  Earlier this year, John Kelly, the secretary of homeland security, told a House committee that foreign visitors should have to give up their online passwords and submit to social-media searches if they want to enter the United States.
In the last six months, nearly 15,000 travelers had one of their devices searched at the border.  Compare that to just 8,503 between October 2014 and October 2015, or 19,033 the following year.
   The agency says the steady increase in searches reflects “current threat information,” but a spokesperson wouldn’t elaborate on the specific reasons for the trend.  Asked for an example of the kind of cases that digital border searches help solve, the spokesperson pointed to a Vermont man who was arrested in February for allegedly having sex with a 13-year-old girl.  Border agents stopped the pair as they tried to enter the U.S. from Canada, and inspected the girl’s phone.  There, they found texts suggesting a sexual relationship with the 25-year-old man. 

Interesting article.  Devices that monitor an athlete could help extend his career or end it before it begins.
The Upcoming Privacy Battle Over Wearables in the NBA

Ah, does this mean that nonsense about taps on Trumps campaign headquarters might have some basis in fact?
FBI obtained FISA warrant to monitor Trump adviser Carter Page
The FBI obtained a secret court order last summer to monitor the communications [Wiretap?  Bob] of an adviser to presidential candidate Donald Trump, part of an investigation into possible links between Russia and the campaign, law enforcement and other U.S. officials said.

How many Twits read my Tweets? 
If you’re on Twitter, there’s a good chance you’re trying to get more followers, retweets, and favorites. Maybe you’re the social media marketer at a company.  Maybe you’re trying to a develop a personal brand. Or you just want to get some free stuff.
Whatever the reason, you want to get more traction — and Twitter analytics can help you get it.  Here’s why those analytics are so helpful, what you should look for, and how to find it.

(Related).  Question: Is there a market for Social Media advisors who can boost your following?  Is that a thing? 
These world leaders are killing it on Instagram: India’s Prime Minister, Trump, and the Pope
In recent years, President Obama was the undisputed Instagram champ among world leaders, with 13.9 million followers.  But with Obama shuffling off the stage, which global kingpin reigns supreme on the photo sharing app?
According to a study released today by PR firm Burson-Marsteller, it’s India’s Prime Minister Narendra Modi, with 6.8 million followers as of April 1.  Finishing a close second, but doing his best to Make Instagram Great Again, is President Donald Trump, with 6.3 million followers.  Burson-Marsteller notes that combined, those top two still have fewer followers than Obama.

No doubt I’ll add some of these to my RSS reader.
90 Active Blogs on Analytics, Big Data, Data Mining, Data Science, Machine Learning
by Sabrina I. Pacifici on Apr 11, 2017
Thuy T. Pham, U. of Sydney. “This post updates a previous very popular post 100 Active Blogs on Analytics, Big Data, Data Mining, Data Science, Machine Learning as of March 2016 (and 90+ blogs, 2015 version).  This year we removed 26 blog sites from the previous list that does not meet our active criterion: at least one blog in the last 3 months (since Oct 1, 2016).  We also added ten new relevant blogs to the list.  All blogs in this list are categorized into two groups: very active and moderately active.  The former often have several entries each month while the latter may only have one post for a few months recently.  We also separate blogs that do not involve much in technical discussions as in a Others group.  Within each group of blogs, we list in alphabetical order.  Blog overview is based on information as it have appeared on its URL as of 1-1-2017.”

I have a dream: My very own “anti-social” network!  Someplace to go all ‘Don Rickles’ on my students.   
Mastodon—The free software, decentralized Twitter competitor
   along comes Mastodon, which describes itself as the following:
"Mastodon is a free, open-source social network.  A decentralized alternative to commercial platforms, it avoids the risks of a single company monopolizing your communication.  Pick a server that you trust—whichever you choose, you can interact with everyone else.  Anyone can run their own Mastodon instance and participate in the social network seamlessly." 
Open source (and up on GitHub—using the AGPL license)

Something for the toolkit.  I’m so bad at drawing I never even try.  Should I?
Google's AutoDraw turns your clumsy scribbles into art
Google wants to help you get in touch with your inner Picasso.  Today, it's launching AutoDraw, a web-based tool that uses machine learning to turn your hamfisted doodling into art. 
   The app is free and it works on any phone, computer or tablet.  It's pretty straightforward: draw your best version of a cake, for example, and the auto suggestion tool will try to guess what that amorphous blob actually is.  Then, you can choose from a number of better looking cakes made by talented artists.  Or, if amorphous blob is actually what you were striving for, you can turn off the auto suggestions and doodle away.

Not many of my students are interested in chess.
The Sublime Moves Of America’s New Chess Champion

Tuesday, April 11, 2017

It looks like the Privacy Foundation has finalized its April 28th Seminar on Artificial Intelligence and Privacy (Privacy/AI interface).  You can find the Flyer, a map to the Law School at
For information and registration, contact: Ryan Allen 860 690 0068

The classic phishing techniques are the best.
— The list of entities reporting that employee W-2 data was acquired by phishing.–
Last year, this site compiled 145 W-2 phishing incidents before I somewhat waved a white flag in terms of trying to keep up, but as I started working on this year’s list, I found even more cases from 2016, bringing the 2016 list to 175 reports.
Let’s see how 2017 goes.  Expect reports to come in over the next months (not weeks, but months, and perhaps throughout the year).  Here’s the list I’ve got so far for 2017, and it will be updated as I become aware of new incidents.  Steve Ragan of Salted Hash has indicated that he will keep track, too, so do check his space also for additional information.  As of March 13, Steve estimates 120,000 affected for the 110 incidents we had as of that date.
[List of 143 companies follows.  Bob] 

An opportunity for my Computer Security students?
The way people tilt their smartphone 'can give away passwords and pins'
The way you tilt your mobile while you're using it could allow hackers to steal your pin numbers and passwords, according to new research.
Experts at Newcastle University analysed the movement of a smartphone as the keyboard was used.
They say they cracked four-digit pins with 70% accuracy on the first guess and 100% by the fifth guess.
The team of cyber-experts claim tech companies know about the problem but can't figure out what to do about it.
   "But because mobile apps and websites don't need to ask permission to access most of them, malicious programmes can covertly 'listen in' on your sensor data."
   "People were far more concerned about the camera and GPS than they were about the silent sensors."
The team said it was able to identify 25 different sensors which come as standard on most devices.

Evil hackers can’t turn your vacuum cleaning robot into the Terminator, but they could cause a bit of damage to your self-driving car. 
Robots: Lots of features, not much security
   But there is plenty of evidence that, like the billions of other connected devices that make up the Internet of Things (IoT), the growth of robot technology is coming with loads of features, but not much of a security blanket.
More evidence came in a report on home, business and industrial robots released last month by security research firm IOActive, which found that “most” of them lacked what experts generally call “basic security hygiene.”
Those included the predictable list: Insecure communication channels, critical information sent in cleartext or with weak encryption, no requirement for user names or passwords for some services, weak authentication in others, and a lack of sufficient authorization to protect critical functions such as software installation or updates.

All of which would allow, “anyone to remotely and easily hack the robots, … install software in these robots without permission and gain full control over them.”

Do they see his as the opportunity to invest they missed with Amazon or as a way to slow Amazon’s growth?
Microsoft, eBay, Tencent Invest $1.4 Billion in Amazon’s India Rival
Indian e-commerce startup Flipkart Group has raised $1.4 billion from Microsoft Corp., eBay Inc.  and Tencent Holdings Ltd, taking a hit to its valuation to raise the cash it needs to defend its home market from Inc.
Flipkart—which was started in 2007 by two former Amazon employees—said in a statement Monday that the new investment values the Bangalore company at $11.6 billion.  That allows Flipkart to retain its title as India’s most valuable startup but is still a step down from the $15 billion valuation it received during fundraising in 2015.

I think it is a bit thin, but then many PowerPoints are. 
Artificial Intelligence and Law: A Six Part Primer
by Sabrina I. Pacifici on Apr 10, 2017
Artificial Intelligence and Law: A Six Part Primer – Professor Daniel Martin Katz,  Chicago Kent College of Law (Updated Version 03.17.17) – PowerPoint Presentation – 271 slides.

Is it so strange that Social Media loves the anti-social? 
United Airlines Tumbles After Social-Media Storm Goes Global
United Continental Holdings Inc. tumbled early Tuesday as outrage on social media over the removal of a passenger from a flight spread across the globe.
The stock dropped as much as 6.3 percent before paring the loss and trading 2.7 percent lower at 7:27 a.m. in New York.

Perspective.  How can you reach teens with your advertisement?
76% of U.S. Teens Surveyed Using iPhones, 81% Plan to Purchase
The iPhone continues to be the most popular smartphone among teens, according to data gathered by investment firm Piper Jaffray in its most recent semiannual U.S. teen survey.
76 percent of teens surveyed own an iPhone, up from 69 percent in the spring of 2016, and the highest ownership level seen in the teen survey.  A record 81 percent of teens surveyed said they expect their next phone to be an iPhone, up from 75 percent a year ago.

Tesla (TSLA) Becomes U.S. Most Valuable Automaker, Passing GM
The California-based luxury electric vehicle company, which calls itself the “Quickest production car on earth,” has just outpaced General Motors (GM) in market value — something I told you a week ago was poised to happen.  Admittedly, I didn’t think it would come this quickly.
   The bigger story here is the enormous belief investors have placed in the promises Tesla CEO Elon Musk has made, which by contrast renders the slow-growing GM and Ford — despite dominating Tesla in total vehicle sales — to “used car” status.  Reuters noted that Tesla’s market cap — which peaked Monday at $51.105 billion — is now the equivalent to $102,000 for every car it plans to make in 2018, or $667,000 per car sold in 2016.  This compares to GM's market cap which is equivalent to $5,000 per car it sold in 2016.

It could happen here!
Here's the Fine Print On The Country's Biggest-Ever Free College Plan
New York State has passed legislation that would create the largest experiment in the country to offer free tuition at two- and four-year colleges.  The Excelsior Scholarship, approved over the weekend as part of the state budget, would cover full-time students in the State University of New York system, which totals 64 campuses and 1.3 million students.
   Students from families making up to $100,000 a year would be eligible in the program's first year, and by the third year that would increase to $125,000 a year.
It's a big step forward in a national trend: In the last decade, 85 states and municipalities have created similar scholarship programs, most of them for community college tuition.

Apparently, talk is cheap!
Raspberry Pi 3 gets Microsoft Cortana with Windows 10 Creators Update
   You will very soon be able to use Microsoft's Cortana voice assistant with the Raspberry Pi 3 and make cool devices that can accept voice commands.
   Users will also able to build smart devices using Raspberry Pi 3 that will be able to accept Cortana's commands.  But the devices will need to be based on Windows 10 IoT Core, not Linux-based OSes.

Monday, April 10, 2017

With or without rules, I suspect most countries are doing this already.  Without generally accepted ‘rules of war,’ we will likely see rapid escalation.
German Minister Seeks Rules to Attack Hackers on Foreign Soil
Germany is trying to beef up its cyber defense, after the interior minister called for rules that allow nations to attack foreign hackers targeting critical infrastructure.
   “We need international rules, but also in Germany, that besides protection and defense enable the tracing and also -- if needed -- the elimination of a foreign server,” De Maiziere told ARD in an interview Sunday.

To help my Computer Security students think about “Access.”  And a point to consider for any government health care system? 
Gah. Soooo many leaks and breaches are due to default settings that over-share.  How hard is it for software to set default settings to NOT share with everyone?  C’mon, folks. 
Sue Dunlevy reports:
THE private health records of Australians can be accessed by more than half a million people under the latest bungle with the $2.2 billion electronic My Health Record.
News Corp Australia has learned that the privacy settings on the government’s computerised My Health Record, which lists every medicine a patient takes and records every medical visit and procedure, are automatically set on “universal access”.
This means every registered health practitioner in the nation — 650,000 people — can view them, not just the family GP, unless the patient specifically requested to opt out.
Read more on The Daily Telegraph.

For my gamers…
GameStop Investigating Major Credit Card Breach Of Online Customer Data
   Security hound KrebsOnSecurity heard from two unnamed sources in the financial industry that they received alerts from a credit card processor indicating that GameStop was likely hacked sometime between mid-September 2016 and the first week of February 2017.  GameStop did not deny that its systems might have been breached, telling the security blog that it has hired a professional security firm to look into the matter.
   It is believed that hackers were able to obtain credit card numbers, expiration dates, names, addresses, and card verification values (CVV2 codes), which are those three-digit (usually) numbers found on the back of credit cards.
The hackers responsible may have used special software (malware) to record and transmit CVV2 codes before they get encrypted.  Otherwise, it would be difficult to obtain that data, as web retailers are now allowed to store CVV2 codes.

This whole process needs a re-think.
Hackers Infiltrate Dallas' 156-Siren Emergency Alert System With Annoying Results
   some crafty beings took advantage of the mobile emergency alert system to warn of, of all things, a zombie apocalypse.  It's hard to call an attack like that malicious, but what it proves is that if someone did want to send out a malicious message of some sort, this non-malicious message proved that it would be possible. 
   At this time, Dallas police have not been contacted about the issue, but the FCC has been.  Engineers are working to figure out just how this breach could have occurred, but it's currently believed that the attack was a local one, and not performed outside of the area, which will hopefully make it easier to track down.

Something to watch.
Alleged Russian hacker arrested in Spain at US request
An alleged Russian hacker has been detained in Spain at the request of American authorities, an arrest that set cybersecurity circles abuzz after a Russian broadcaster raised the possibility it was linked to the U.S. presidential election.
   Such arrests aren’t unusual — American authorities typically try to nab Russian cybercrime suspects abroad because of the difficulty involved in extraditing them from Russia — but Levashov’s arrest drew immediate attention after his wife told Russia’s RT broadcaster that he was linked to America’s 2016 election hacking.
    She said that when she spoke to her husband on the phone from the police station, he told her he was told that he had created a computer virus that was “linked to Trump’s election win.” [I think they mean SPAM.  Bob]

A lesson for my Computer Security students.  How does ignoring a problem make it go away?
Wells Fargo Board Says Leaders Shrugged Off Scandal, Then Hid It
Senior Wells Fargo & Co. managers failed to heed warnings of spreading sales abuses for more than a decade, treating thousands of fired employees as rogues, and then downplayed the mounting terminations as the board began raising questions.
That’s the picture painted by a panel of independent directors in a 113-page report after six months reviewing how branch workers opened legions of accounts without customer permission.
   their findings also prompted the board to claw back an additional $28 million from former Chief Executive Officer John Stumpf for allegedly reacting too slowly.

This will become more interesting as we start using more connected devices (e.g. Smart cars.)
When old technology broke, you could fix it yourself or get a guy down the road to do it for you.  If that failed, you could find a repair shop that would get the job done for much less than going straight to the manufacturer.  With newer products, those options are disappearing.  It is now often impossible to fix our own stuff.
This change was not accidental.  Companies deliberately design products to prevent us from finding replacement parts.  They don’t even make information available to repair shops.  Manufacturers have actively undermined our right to repair what we buy, and in doing so, they’ve called into question whether we truly own our purchases at all.  Increasingly, the answer is no.
This change places a financial burden on us, restricts market freedom, and does lasting damage to the environment.  In response, a growing number of people are demanding a change.  They are insisting that our right to repair be enshrined in law.

Perspective.  Computing ain’t cheap!
Tech’s High-Stakes Arms Race: Costly Data Centers
Top three cloud-computing firms have spent $31.5 billion in 2016 on capital expenses and leases

Perspective.  This is one of many failed IT projects. 
U.S. Immigration Agency Will Lose Millions Because It Can’t Process Visas Fast Enough
Lost amid the uproar over the Trump administration’s crackdown on undocumented immigrants is a change coming to the legal immigration system that’s expected to be costly for both U.S. companies and the government itself.
   The new wrinkle is that earlier this week USCIS suspended so-called “premium processing,” a program that allowed employers to pay extra to reduce visa wait times from as long as eight months to just two weeks.
Officials have depicted the temporary stoppage as the upshot of a “significant surge” in demand for expedited service, but, in reality, it appears to reflect the agency’s own mismanagement and waste.
According to USCIS records, congressional testimony and interviews with former agency officials, USCIS has plunged most of the expedited program’s revenues from the last eight years — some $2.3 billion — into a failed effort to digitize the larger immigration system, leaving inadequate resources to staff the H-1B portion that was its cash cow.
   Pausing expedited service is likely to cause delays for tens of thousands of applicants for new visas, mainly workers at universities or research organizations, as well as foreign doctors who receive H-1Bs in exchange for working in areas that are medically underserved, according to USCIS data.
It’ll also cost USCIS up to $100 million in lost fees, agency spokeswoman Carolyn Gwathmey acknowledged.

Governing like a billionaire?
Donald Trump's travel expenses in 10 weeks cost US taxpayers as much as Barack Obama spent in two years
Donald Trump’s trips to his luxury Florida resort have already cost the US taxpayer at least $24 million (£19.2 million) - roughly as much as Barack Obama spent on travel in the first two years of his presidency.
Mr Trump has spent seven weekends at Mar-a-Lago since taking office ten weeks ago.  It is estimated that each of these trips costs at least $3 million (£2.4 million), covering the President’s extensive security detail.

For my (pale, sickly) gamers.

Something to tease my geeks with…
These Hackathon Hustlers Make Their Living From Corporate Coding Contests

For my researching student.
Open Access Innovations Are Impacting Academic Publishing
by Sabrina I. Pacifici on Apr 9, 2017
Chronicle of Higher Education: “Open-access advocates have had several successes in the past few weeks.  The Bill & Melinda Gates Foundation started its own open-access publishing platform, which the European Commission may replicate.  And librarians attending the Association of College and Research Libraries conference in March were glad to hear that the Open Access Button, a tool that helps researchers gain free access to copies of articles, will be integrated into existing interlibrary-loan arrangements.  Another initiative, called Unpaywall, is a simple browser extension, but its creators, Jason Priem and Heather Piwowar, say it could help alter the status quo of scholarly publishing…  Like the Open Access Button, Unpaywall is open-source, nonprofit, and dedicated to improving access to scholarly research.  The button, devised in 2013, has a searchable database that comes into play when a user hits a paywall.  Unpaywall, by contrast, has focused on creating a browser extension.  “We want to do just one thing really well: instantly deliver legal, open-access, full text as you browse,” says Mr. Priem, who also started the altmetrics site Impactstory with Ms. Piwowar.  When an Unpaywall user lands on the page of a research article, the software scours thousands of institutional repositories, preprint servers, and websites like PubMed Central to see if an open-access copy of the article is available.  If it is, users can click a small green tab on the side of the screen to view a PDF.  we’re able to deliver an OA copy to users more than half the time,” says Mr. Priem…”

So my students can keep learning.
An RSS reader may be old-fashioned, but it’s still the best way to tame the information that bombards us every day — and Feedly is still one of the most popular RSS readers around.  Though it has Pro and Team plans with power features, you can still do a lot with a free Feedly account.