Saturday, May 13, 2017

This is a big one, people.  Remember, this is old software.  Interesting that this appears to be an offensive weapon.  I wonder if ISIS grabbed a copy?  I’m going to recommend that we raise tuition in the Computer Security program.  (And I want a raise!) 
Stolen U.S. spy agency tool used to launch global cyberattack
A global cyberattack leveraging hacking tools widely believed by researchers to have been developed by the U.S. National Security Agency hit international shipper FedEx, disrupted Britain’s health system and infected computers in nearly 100 countries on Friday.
Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access.  Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.
Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.
The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.

'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
   The switch was hardcoded into the malware in case the creator wanted to stop it spreading.  This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.
“I saw it wasn’t registered and thought, ‘I think I’ll have that’,” he is reported as saying.  The purchase cost him $10.69.  Immediately, the domain name was registering thousands of connections every second.

Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware

(Related).  Microsoft fixes.
Customer Guidance for WannaCrypt attacks
   This blog spells out the steps every individual and business should take to stay protected.  Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.  Customers running Windows 10 were not targeted by the attack today.

To encourage my Computer Security students.  (and depress Security managers) 
Cybersecurity market research: Top 15 statistics for 2017
1.      Global cybersecurity spending is predicted to exceed $1 trillion cumulatively over the next five years, from 2017 to 2021.
2.      Cybercrime damage costs are predicted to reach $6 trillion globally by 2021, up from $3 trillion in 2015.
3.      There are 1 million cybersecurity job openings in 2017, and that is projected to exceed 1.5 million by 2019.
4.      The cybersecurity unemployment rate remains at zero percent in 2017 (same as 2016). 
5.      The security awareness training market is predicted to reach $10 billion annually by 2027.
6.      Global healthcare cybersecurity spending is predicted to exceed $65 billion cumulatively over the next five years, from 2017 to 2021.
7.      Ransomware attacks on healthcare organizations are predicted to quadruple by 2020.
8.      300 billion passwords will require cyber protection by 2021.
9.      Wi-Fi and mobile devices are predicted to account for nearly 80 percent of IP traffic by 2025.
10.  Zero-day exploits will rise from one-per-week in 2015 to one-per-day by 2021.
11.  111 billion lines of new software code will be created - and needs to be secured - in 2017.
12.  4 billion people are expected to be online - and need cyber protection - by 2020, up from 2 billion plus last year
13.  By the end of 2017, all DoD contractors — about 160,000 or so — will have to meet regulations (DFARS 252.204-7012) which require prime contractors and their subs to employ adequate security.
14.  Nearly half of all cyber-attacks are committed against small businesses
15.  65 percent of respondents to a poll say black-hat hackers are more experienced than white-hats.

Another view of threats.
U.S. Intelligence Community Highlights Cyber Risks in Worldwide Threat Assessment
   Cyber adversaries, warns the Worldwide Threat Assessment of the US Intelligence Community (PDF), "are becoming more adept at using cyberspace to threaten our interests and advance their own, and despite improving cyber defenses, nearly all information, communication networks, and systems will be at risk for years."

What predicts crime?  Would an AI do better?
Mick Dumke and Frank Main report:
As Chicago endured a devastating surge in gun violence last summer, scores of people with long rap sheets stood atop the Chicago Police Department’s secret watch list, newly obtained records show.
One of the men had been arrested 12 times for violent crimes, all before turning 20.  He’d also been charged with illegal gun possession.  Two others each had been arrested eight times for violent crimes and caught three times with guns.  Another man had been busted three times for illegal guns, racked up four arrests for violent offenses and been shot twice.
Read more on Chicago Sun-Times.

Another question: What should you specify in your warrant?
You had to know I’d do a follow-up on the story where a Minnesota judge issued a search warrant for anyone who Googled a victim’s name in an entire US town.
Did law enforcement’s strategy work?  We don’t yet know.
Miguel Ot├írola reports that once the search was narrowed, there was only one record produced by Google from the search.  That’s a far, far cry from the concerns at the time that the search would scoop up too many people’s records, but Google says the limited outcome was precisely because they fought to limit/narrow the search.
Neither Google nor Edina officials explained how the search was specified or what information was turned over to police.  As of Friday, no arrest had been made in the case, Edina spokeswoman Jennifer Bennerotte said, but she declined to comment on the investigation.
Read more on the Star Tribune.

Curiosity about a verdict?
Alyssa Rege reports:
A Washington couple filed a second lawsuit against Seattle-based Virginia Mason Medical Center, alleging the institution failed to provide information about multiple privacy breaches involving their medical and financial records, according to K-5 News.
Matthew and Sarah Hipps, MD, previously sued VMMC in 2013.

Perhaps too big to fail but not too big to flail. 
Wells Fargo bogus accounts balloon to 3.5 million: lawyers
   The new estimate was provided in a filing late Thursday night in the federal court in San Francisco, and is 1.4 million accounts higher than previously reported by federal regulators, in what became a national scandal.
Keller Rohrback, a law firm for the plaintiff customers, said the higher estimate reflects "public information, negotiations, and confirmatory discovery."
   Nonetheless, it could complicate Wells Fargo's ability to win approval for the settlement, which has drawn opposition from some customers and lawyers who consider it too small.
   Garrison's firm said in a filing the accord underestimated the potential maximum damages by at least 50 percent, and did not properly address whether Wells Fargo committed identity theft by using customers' personal data to open accounts.

This is such a major management failure that I suspect we’ll see it in a Dilbert cartoon.  Note: This is not just for Air Force One.  All aircraft need this procedure.  Why were untrained mechanics working on any plane?   
Boeing mechanics caused $4 million in damage to Air Force One's oxygen system
Mechanics from Boeing contaminated the oxygen system on a presidential Air Force One aircraft last April, according to an accident investigation board report released Tuesday.
The contamination to the VC-25A — one of two planes that is known as Air Force One when it carries the president — required $4 million in repairs, which Boeing paid for, the March 6 report said.  Had it not been corrected, such contamination could have increased the risk of a fire.
The report said that three Boeing mechanics at a plant in Port San Antonio, Texas, used a contaminated regulator and contaminated tools, parts and components while checking the oxygen system for leaks during regular depot maintenance between April 1 and 10, 2016.  They also used an unauthorized cleaning procedure while unsuccessfully trying to sanitize the parts, the report said.
To avoid the chances of a fire breaking out, only "oxygen-clean" tools and components — items that have been cleaned in a specific way to remove any residue that could react when coming into contact with oxygen — can be used on the plane's oxygen system, according to the report.

For my student entrepreneurs: Think of this as Khan Academy, but with stuff to sell.
NBCUniversal spent around $230 million to buy the video tutorial site Craftsy
It turns out content and commerce can be a valuable mix.
Earlier this week, NBCUniversal announced the acquisition of Craftsy, a Denver-based startup that sells videos of crafts classes, as well as craft supplies and kits.

God bless all who conduct such studies!  I may need to change my diet.  What is it called when you ONLY eat cheese and drink wine? 
Wine and cheese make you smart and healthy, according to new studies
A recent study challenges some of the health concerns around cheese and dairy: Mainly that they are fatty and lead to potential heart attacks or strokes.  The researchers, using previous studies and data found on these dairy products, found cheese doesn’t increase the risk of heart attacks and strokes.  It is important to note, however, that the study was funded in part by three dairy organizations, which obviously have a vested interest in positive results.  The Global Dairy Platform, Dairy Research Institute and the Dairy Australia (even though the paper says they had no role in study design or data collection and analysis).
And red wine, in moderation, can help your heart and your brain, according to a recent study published in the journal Frontiers in Nutrition.  Contrary to previous findings, such as one Swedish report from 2014, cheese, as well as other dairy products like milk and yogurt, may not be more dangerous to your health.

Dilbert suggests a new version of the Turing test!

Friday, May 12, 2017

An Executive order.  “Management” is accountable?  What a concept! 
Trump signs order on cybersecurity that holds agency heads accountable for network attacks
President Trump on Thursday signed an executive order on cybersecurity that makes clear that agency heads will be held accountable for protecting their networks, and calls on government and industry to reduce the threat from automated attacks on the Internet.
Picking up on themes advanced by the Obama administration, Trump’s order also requires agency heads to use Commerce Department guidelines to manage risk to their systems.  It commissions reports to assess the country’s ability to withstand an attack on the electric grid and to spell out the strategic options for deterring adversaries in cyberspace.

A government recommendation.
Vendors approve of NIST password draft security recommendations – emojis welcome
by Sabrina I. Pacifici on May 11, 2017
Via CSO – “Standards group recommends removing periodic password change requirements – A recently released draft of the National Institute of Standards and Technology’s (NIST’s) digital identity guidelines has met with approval by vendors.  The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies.  The new framework recommends, among other things:
  • Remove periodic password change requirements
There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing.  NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach.
  • Drop the algorithmic complexity song and dance
No more arbitrary password complexity requirements needing mixtures of upper case letters, symbols and numbers.  Like frequent password changes, it’s been shown repeatedly that these types of restrictions often result in worse passwords, Wilson adds.  NIST said If a user wants a password that is just emojis they should be allowed.  It’s important to note the storage requirements.  Salting, hashing, MAC such that if a password file is obtained by an adversary an offline attack is very difficult to complete.
  • Require screening of new passwords against lists of commonly used or compromised passwords
One of the best ways to ratchet up the strength of users’ passwords is to screen them against lists of dictionary passwords and known compromised passwords, he said.  NIST adds that dictionary words, user names, repetitive or sequential patterns all should be rejected…”

A risk to digital evidence.
Forensics Tool Flaw Allows Hackers to Manipulate Evidence
A vulnerability in Guidance Software’s EnCase Forensic Imager forensics tool can be exploited by hackers to take over an investigator’s computer and manipulate evidence, researchers warned.  The vendor has classified the attack as an “edge case” and it does not plan on patching the flaw any time soon.
Guidance Software’s forensics products are used by governments, law enforcement agencies and private companies worldwide, including the U.S. Department of Justice, the Department of Homeland Security, the London Metropolitan Police Service, Microsoft, IBM, Apple and Facebook.
The company’s EnCase Forensic Imager is a standalone tool designed for acquiring forensic images of local drives, and for viewing and browsing potential evidence files.

Management is not aware?  Sounds familiar.  
A third of virtual servers are zombies
New research finds that 25% of all physical servers -- and 30% of all virtual servers -- are comatose.  These are systems that have no activity in the last six months.
   this latest research looked at virtual servers as well, and they may represent a significant cost to IT departments.
That's because users may be paying licensing fees on their virtual servers, as well as on the software they support, said the researchers.
Comatose servers, both virtual and physical, may also represent "an unappreciated security risk" because they aren't patched and maintained, according to the research paper by Jonathan Koomey, a research fellow at Stanford University, and Jon Taylor, a partner at the Athensis Group, a consulting firm.
   The problem may be one of motivation: IT managers aren't necessarily measured on well they control costs. 

Does this make local law enforcement more “Federal?”  Will all states eventually have access? 
Joe Cadillic writes:
Letting police have access to everyone’s biomterics is asinine and the potential for abuse is astronomical.
Read more on MassPrivateI.

Facial recognition instead of door locks?  Open the doggie door for Fido, but not for racoons? 
Lighthouse is an Andy Rubin-backed smart security camera that identifies people and pets
The team at Lighthouse, a startup out of Android co-founder Andy Rubin’s Playground accelerator, doesn’t see its new hardware product as a home security camera.  Instead, they see it as an “interactive assistant.”  But Lighthouse, at least at first, will definitely be perceived as another new entrant in the smart camera market.
The device, unveiled for the first time today, sits in the home just like a Nest Cam to monitor what’s going on indoors.  That’s where the overlap with Nest ends, however. Lighthouse incorporates deep learning and 3D-sensing technology to determine who is in the home, where they are inside, and if that’s a normal occurrence or not.  The camera pairs with a companion iOS / Android app over Wi-Fi, so users can determine remotely whether an intruder is in their house.  More innocuously, Lighthouse can also determine whether a dog’s been walked and send alerts when kids get home.  

So much for Privacy.
If you own an HP laptop or tablet you may have had every single thing you’ve typed on it logged and stored on your hard drive.  This is because, according to a report by security researchers, a keylogger has inadvertently been installed on a number of HP devices.  And it’s still there now.
Keystroke logging is a generally nefarious activity whereby someone monitors everything being typed onto a keyboard.  Keyloggers can be hardware- or software-based, and are difficult to detect.  Which is why it’s so unsettling to discover that one is installed on a number of HP devices.

(Related).  HP says, “Oops!”  Oh I feel so much more secure now!
HP says it has a fix for flaw that caused some PCs to log every keystroke
   A fix for 2016 models was released today via Windows Update, while a fix for 2015 models will be released tomorrow on both Windows Update and HP's Web site, HP Vice President Mike Nash told Axios.
Why it matters: Although HP never accessed the data and the logs weren't sent anywhere, just having them created a security threat.  The fix not only deletes the key-logging code but also the files that stored keystrokes.  (However, in theory customers using PC backup software might have copies elsewhere.)

Just a thought: Will insurance companies require heart sensors like this (and others in future) for everyone they insure? 
Study uses Apple Watch heart rate sensor to detect serious heart condition with 97% accuracy
   As part of ongoing research, a deep neural network was trained and paired with Apple Watch's heart rate sensor to automatically distinguish atrial fibrillation from normal heart rhythm in a pool of test patients.  Findings were presented at the Heart Rhythm Society's Heart Rhythm 2017 conference on Thursday.
To train the DNN, researchers collected data — 139 million heart rate measurements and 6,338 mobile ECGs — from 6,158 Cardiogram app users enrolled with the UCSF Health eHeart Study.
   "Our results show that common wearable trackers like smartwatches present a novel opportunity to monitor, capture and prompt medical therapy for atrial fibrillation without any active effort from patients," said the report's senior author Gregory M. Marcus, MD, MAS Endowed Professor of Atrial Fibrillation Research and Director of Clinical Research for the Division of Cardiology at UCSF.

Sobering Thoughts When a Connected Medical Device Is Connected to You

An IoT application.
Nectar Labs brings smart liquor tracking to the bar business
When a bartender pours too much liquor in a drink, or someone slips away with a bottle, it can take a toll on a drinking establishment’s bottom line.  So Nectar Labs has come up with a solution: the connected pourer and stopper.
It uses ultrasound technology and a software platform to precisely measure how much alcohol is left in a given bottle for automating inventory, managing shrinkage (theft or loss) and self-replenishing.  
   The Distilled Spirits Council trade group estimates that the bar business is worth $200 billion a year worldwide, and shrinkage is as much as $50 billion a year.
   The Nectar cap transfers data wirelessly to an app via Bluetooth.  Nectar’s caps and associated platform are designed to seamlessly fit a bar’s current operation.  The pourer and stopper continuously communicates with the app, keeping track of inventory in real time.  When a bottle is finished and replaced, Nectar automatically depletes it from inventory, and when inventory is running low, orders can be placed directly with distributors.

From Silicon Valley to Davos, pundits have been warning that millions of individuals will be thrown out of work by the rapid advance of automation and artificial intelligence.  As economic forecasts go, this idea of a robot apocalypse is certainly chilling.  It’s also baffling and misguided.
Baffling because it’s starkly at odds with the evidence, and misguided because it completely misses the problem: robots aren’t destroying enough...

Executive decisions:
Trump Wants ‘Goddamned Steam,’ Not Digital Catapults on Aircraft Carriers
Navy officials were “blindsided” on Thursday, a spokesman told me, by President Donald Trump’s suggestion that he has convinced the Navy to abandon a long-planned digital launching system in favor of steam on its newest aircraft carrier.

Oh my!
North Korea Angered With New Sanctions
In rare move, North Korea sends letter to U.S. House of Representatives about the latest round of sanctions as tensions between the countries continue to rise.

No doubt my students will be using this to waste the time they should be using to study!   
   the newest application of ML from Google, worldwide leaders in machine learning, isn’t to build a new Mars rover or a chatbot that can replace your doctor.  Rather, its a tool that anyone can use to generate custom emoji stickers of themselves.
   Starting today, when you pull up the list of stickersyou can use to respond to someone, there’s a simple little option: “Turn a selfie into stickers.”  Tap, and it prompts you to take a selfie.  Then, Google’s image-recognition algorithms analyze your face, mapping each of your features to those in a kit illustrated by Lamar Abrams, a storyboard artist, writer, and designer for the critically acclaimed Cartoon Network series Steven Universe.

Thursday, May 11, 2017

Now something every candidate in every election must consider?  
Hackers Came, but the French Were Prepared
Everyone saw the hackers coming.
The National Security Agency in Washington picked up the signs.  So did Emmanuel Macron’s bare-bones technology team.  And mindful of what happened in the American presidential campaign, the team created dozens of false email accounts, complete with phony documents, to confuse the attackers.
The Russians, for their part, were rushed and a bit sloppy, leaving a trail of evidence that was not enough to prove for certain they were working for the government of President Vladimir V. Putin but which strongly suggested they were part of his broader “information warfare” campaign.
   The phishing mails were “high quality,” said Mr. Macron’s digital director, Mounir Mahjoubi: They included the actual names of members of the campaign staff, and at first glance appeared to come from them.  Typical was the very last one the campaign received, several days before the election on Sunday, which purported to have come from Mr. Mahjoubi himself.
“It was almost like a joke, like giving us all the finger,” Mr. Mahjoubi said in an interview on Tuesday.  The final email enjoined recipients to download several files “to protect yourself.”

Unfortunately, this is too common.  Read the entire article. 
Yesterday, reported on a misconfigured rsync backup that had been detected by Kromtech Security.  The security firm had contacted for notification assistance on May 3 after unsuccessfully trying to notify iHealth Innovations that patient data from Bronx-Lebanon Hospital Center could be accessed and downloaded without any login required.
One week later, we still do not have answers to some pretty basic questions – like why iHealth Innovations actually needs all those sensitive records and details, but Mary Emily O’Hara of NBC News estimates that at least 7,000 patients had their data exposed.
Last night, a spokesperson for iHealth Innovations contacted and asked that we report the following statement:
iHealth Innovations and Bronx-Lebanon Hospital Center recently became aware that a single individual gained unapproved access to certain Bronx-Lebanon Hospital data.
[ … ]
Note that on the one hand, iHealth does not blatantly “shoot the messenger” by claiming that Kromtech Security “hacked” them, but by the same token, iHealth does not actually admit that they made a mistake and left the data open to anyone who wished to download it.  For its part, the hospital, which had declined to give any kind of substantive statement, reportedly told NBC News via email that their vendor had been “hacked:”

Something my Computer Security students need to understand.  And an illustration that you need to be the best at everything you do. 
Amazon trounces rivals in battle of the shopping 'bots'
Earlier this year, engineers at Wal-Mart Stores Inc (WMT.N) who track rivals' prices online got a rude surprise: the technology they were using to check several million times a day suddenly stopped working.
Losing access to Inc's (AMZN.O) data was no small matter.  Like most big retailers, Wal-Mart relies on computer programs that scan prices on competitors' websites so it can adjust its listings accordingly.  A difference of even 50 cents can mean losing a sale.
But a new tactic by Amazon to block these programs - known commonly as robots or bots - thwarted the Bentonville, Arkansas-based retailer.
   Dexterity with bots allows Amazon not only to see what its rivals are doing, but increasingly to keep them in the dark when it undercuts them on price or is quietly charging more.
   According to one U.S. patent application, Amazon is working on encryption technology that would force bots, but not humans, to solve a complicated algorithm to gain access to its Web pages.  [For full patent record - click]

Data Centers are expensive.  Reno is giving 8-to-5 odds that it won’t be the last expansion. 
Apple Plans $1 Billion Expansion At Data Center in Nevada
Apple announced plans Wednesday for a $1 billion expansion of its massive data center east of Reno, doubling its investment and roughly tripling its workforce at the technology campus where company officials expect to hire 100 additional workers.
The announcement came as the Reno City Council approved Apple's plans to build a $4 million shipping and receiving warehouse on a vacant lot in downtown Reno that will make it eligible for millions of dollars in tax breaks. 

Another perspective.
McKinsey – What’s new with the Internet of Things?
by Sabrina I. Pacifici on May 10, 2017
“..Although some analysts are excited about the IoT’s potential, others have argued that it is overhyped.  We take a more balanced view, based on our extensive research as well as our direct work with IoT application developers and their customers.  Like the optimists, we believe that the IoT could have a significant, and possibly revolutionary, impact across society.  But we also think that the lead time to achieve these benefits, as well as the widespread adoption of IoT applications, may take longer than anticipated.  The uptake of IoT applications could be particularly slow in the industrial sector, since companies are often constrained by long capital cycles, organizational inertia, and a shortage of talented staff that can develop and deploy IoT solutions…”

Have we become so used to technology that we don’t notice the impact?  Is checking email on a smartphone easy compared to walking to your desktop computer and signing on? 
Gallup – Email Outside of Working Hours Not a Burden to US Workers
by Sabrina I. Pacifici on May 10, 2017
“Checking email outside of normal business hours does not appear to be a burden for U.S. workers.  About six in 10 workers say they check email outside of normal business hours.  Of these, few claim the amount of emails they have to respond to during off hours is unreasonable, or that it negatively affects their personal well-being or relationships with friends and family.”  So working all the time is the new normal.

Perception is everything.  Apparently, the world does not see what he sees. 
Edward Lampert: Sears' Troubles Are Everyone's Fault But Mine
In a somewhat hard-to-believe interview with the Chicago Tribune, Lampert gave many reasons for the company’s continued downward spiral.  His claim: he is going to “...[turn] Sears into a 21st-century merchant focused on catering to its best customers.”  It remains a mystery how that will be supported after selling off iconic brands, running the company without a seasoned merchant at the helm, and spinning off parts of the business that actually added value (Lands End).
Yet Lampert seems to think he’s made great progress.
   Fellow analyst Cathy Hotka has repeatedly called the Sears Holdings situation “the world’s longest liquidation sale.”  It’s very hard to disagree.

To help my students select the next programming language to learn. 
Introducing Stack Overflow Trends
On a typical day, developers ask over 8,000 questions on Stack Overflow about programming problems they run into in their work.  Which technologies are they asking about, and how has that changed over time?
Today, we’re introducing the Stack Overflow Trends tool to track interest in programming languages and technologies, based on the number of Stack Overflow questions asked per month.
   Don’t see your favorite language, technology, or framework in this post?  Use the Stack Overflow Trends tool to create your own graphs, and see what you can learn about how the developer ecosystem is changing and where it might be going in the future.

Anyone can be President, or anyone can keep Trump from a second term?
Dwayne 'The Rock' Johnson considering run for White House
After conquering Hollywood, Dwayne "The Rock" Johnson may have his sights set on the White House.
The actor and former pro wrestler tells GQ that he thinks a presidential run is "a real possibility."

Wednesday, May 10, 2017

It may be time to start a study of cyberwar.  Certainly a resource for my Ethical Hacking students – particularly the penetration testers.  
What Internet-Connected War Might Look Like
A technician hurriedly slings his backpack over his shoulders, straps on his M9 pistol, and bolts out of the transport with his squad of commandos in a hail of gunfire.  As soon as his team reaches the compound, he whips out a laptop and starts deploying a rootkit to the target server, bullets whizzing overhead all the while.
This might sound like the action movie of a hacker's dreams, but The Army Cyber Institute at West Point is training its recruits to do just that.  At Chicago's Thotcon hacker conference last week, attendees got a glimpse of what its elite units might look like.
   "A lot of it is us trying to figure out how, in a training environment, we can show [soldiers] the effect that ... the digital domain can have on tactical operations," Vanatta told LinuxInsider in an interview following the session.  Also present at the interview were Waage and their colleague, Brent Chapman, cyber operations officer at the Defense Innovation Unit Experimental, or DIUx.  

How an Online Grocery Platform Could Reshape Retail as We Know It
   Online grocery delivery requires dealing with irregularly shaped products with many different form factors, multiple storage temperature regimens, short shelf lives, and food technology constraints about what can be packed with what.  Then there are the many vulnerable products and the ways they can (negatively) interact with each other: if you load a six-pack of beer on top of a box of strawberries, you will most likely end up delivering a smoothie, which is probably not what the customer had in mind.
Then there’s the fact that an average online grocery order is typically fifty items and customers are sometimes ordering more than once a week, both of which have significant implications for how smart and low-friction the ordering process has to enable customers to complete their orders in just a few minutes.  Most customers don’t get up in the morning and say to themselves: “Hurray!  Today is my online grocery shopping day!”  Most people subliminally dream of the day when, thanks to the power of data-fueled machine learning, the right groceries will turn up at the right time, as if by magic, without the customer having to do anything — a broadband of grocery.
Finally, there’s the challenge of creating a profitable ecommerce business: you have grocery products with an average item price of around $3 and typically 30 percent gross margin, leaving only $0.90 to pay for all handling, selling, and delivery.  Brick-and-mortar stores are used to their customers doing this work for them; in the online space, that is obviously not an option.
   The great thing about having an online grocery delivery pipeline into customers’ homes is that, once it’s in place and being used regularly, all manner of other products and services can potentially flow up and down it. If you can do online grocery, then you can do some other forms of online retail; but the reverse definitely does not implicitly follow. The potential size of the worldwide online grocery market combined with these spin-off opportunities is why grocery really is the holy grail of online retail.

Disruption or disaster?  The end of telecom companies? 
Amazon enables free calls and messages on all Echo devices with Alexa Calling
Amazon may have flopped with the Fire Phone, but don’t count it out of the telephony game just yet.  Alongside Amazon unveiling its newest Echo device earlier today — the Echo Show with a seven-inch video screen — the company also announced Alexa Calling, free voice calls and messaging services that you use through all Echo devices (not just the Show), as well as for users of the Alexa app for smartphones.
   Meanwhile, users of that newest Echo, the Echo Show, which has the screen and video feature, will get added services, it seems.  The one that has jumped out at me first is called “Drop In” — which lets you make a call to someone without them even answering the phone first.  Think of it as the 21st century tech equivalent of someone coming to your house and either peeking through the front window as they’re knocking, or maybe just walking straight in, 1970s sitcom-style.
   Amazon emphasizes that it is opt-in, and a way to communicate with only the very closest members of your family.

With this, we could ‘print’ a Corvette body, aircraft wings or one of those Batman chest armor things. 
Start-up unveils 3D printer that can build carbon fiber, Kevlar, fiberglass parts
Start-up Impossible Objects on Tuesday unveiled its Model One 3D printer, which it claims is the first such printer that can build parts from composite materials including carbon fiber, Kevlar and fiberglass.

Give ‘em what they want!
Opera's new browser comes with WhatsApp and Messenger built in
Thanks to add-ons and extensions, modern browsers are capable of much more than just accessing websites.  However, unless you know what you're looking for, finding useful tools isn't necessarily easy.  Instead of relying solely on its extension marketplace, Opera hopes to claw back market share from Google Chrome by incorporating additional features into its eponymous software.  We've already seen it roll out low-power mode and a fully-featured VPN, but now it's making things a lot more social by integrating messaging apps like WhatsApp, Messenger and Telegram into its sidebar. 

Perspective.  And a lot of that is cash.  What would you buy with $200 Billion? 
Apple Becomes First Company Worth More Than $800 Billion

Tuesday, May 09, 2017

Trump tweets.  Oliver creates a domain.  Unknows launch a DDoS attack.  Protests (or outright attacks) follow triggering events almost instantly. 
FCC Says Website Downtime Caused by DDoS Attacks
The U.S. Federal Communications Commission (FCC) said its website was disrupted by distributed denial-of-service (DDoS) attacks on Sunday night, not due to a large number of attempts to submit comments on net neutrality.
“Last Week Tonight” host John Oliver revisited the subject of net neutrality on Sunday, urging people to leave comments on the FCC’s website.  Oliver has criticized FCC Chairman Ajit Pai over the proposal to roll back net neutrality rules, and he even set up a domain,, which redirects users to a page on the FCC website where they can submit comments on the proposal.  The FCC’s site became inaccessible shortly after.
   “Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos).  These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host,” the FCC stated.
“These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.  While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments.” it added.
Some people are still skeptical and believe the FCC may have mistaken the large volume of traffic for a DDoS attack.  Other theories are that someone launched a DDoS attack on the FCC just for fun, or that entities opposing net neutrality rules launched the attacks to prevent consumers from complaining.

Ryan Luby reports:
The Larimer County Clerk and Recorder’s office made sweeping changes to how it conducts business amid a Denver7 investigation, which revealed how officials had published sensitive information belonging to thousands of people online for months.
Among the records were child support liens, death certificates, and commercial lending filings.  Many of them contained a variation of social security numbers and dates of birth — the types of information that would be valuable to identity thieves.
Read more on The Denver Channel.

Something my Computer Security students should start considering.
A guide to business continuity planning in the face of natural disasters
   A recent study conducted by a leading insurance provider found that 48 percent of all small businesses do not have a business continuity plan.  The Federal Emergency Management Agency (FEMA) estimates that 40 percent of businesses do not reopen after a disaster, and another 25 percent fail within one year.  The factor underlying this failure rate is business’ fundamental under-preparedness.  Compounding the problem is the lack of understanding of the scope and breadth of insurance coverage or government provisions.

A whole new can of worms.  Any talk about North Korea would be viewed by Kim Jong Un as hate speech. 
Austrian court rules Facebook must delete 'hate postings'
   The case - brought by Austria's Green party over insults to its leader - has international ramifications as the court ruled the postings must be deleted across the platform and not just in Austria, a point that had been left open in an initial ruling.
   Strengthening the earlier ruling, the Viennese appeals court ruled on Friday that Facebook must remove the postings against Greens leader Eva Glawischnig as well as any verbatim repostings, and said merely blocking them in Austria without deleting them for users abroad was not sufficient.
The court added it was easy for Facebook to automate this process.  It said, however, that Facebook could not be expected to trawl through content to find posts that are similar, rather than identical, to ones already identified as hate speech.

Something to follow? 
The National Constitution Center has launched a new white paper series on a Twenty-First Century Framework for Digital Privacy, with some very interesting papers from none other than David Kris, Chris Slobogin, Jim Harper, and Neil Richards.  The launch event is set for this Wednesday at 6:30 p.m. in Philadelphia, with a keynote by Jeffrey Rosen.

How do I surveil thee?
Let me count the ways
The Independent reports:
An increasing number of Android applications are attempting to track users without their knowledge, according to a new report.
Over recent years, companies have started hiding “beacons”, ultrasonic audio signals inaudible to humans, in their adverts, in order to track devices and learn more about their owners.
Electronic devices equipped with microphones can register these sounds, allowing advertisers to uncover their location and work out what kind of ads their owners watch on TV and which other devices they own.
The technique can even be used to de-anonymise Tor users.
Read more on Independent.

I surveil thee from any camera
My AI can reach
Potentially, this would allow England to “watch” all 4 million TV cameras and catch all the events requiring intervention.  As automated surveillance becomes cheaper, can automated responses be far behind? 
Nvidia Metropolis video analytics paves the way for AI cities
In a city of the future, it would be nice to know quickly if there’s a fire burning out of control, a crime in progress at a certain location, or a traffic snarl at a particular corner.
Nvidia hopes to detect such problems in smart cities using Nvidia Metropolis, which the company said could pave the way for the creation of smart artificial intelligence cities.
   “Deep learning is enabling powerful intelligent video analytics that turn anonymized video [no details  Bob] into real-time valuable insights, enhancing safety and improving lives,” said Deepu Talla, vice president and general manager of the Tegra business at Nvidia, in a statement.  “The Nvidia Metropolis platform enables customers to put AI behind every video stream to create smarter cities.”
   By 2020, the cumulative number of cameras is expected to rise to approximately 1 billion.
But people can only monitor a fraction of that content

This is worth reading.
How Big Data Is Empowering AI and Machine Learning at Scale
Big Data is moving to a new stage of maturity — one that promises even greater business impact and industry disruption over the course of the coming decade.  As Big Data initiatives mature, organizations are now combining the agility of Big Data processes with the scale of artificial intelligence (AI) capabilities to accelerate the delivery of business value.

How valuable is good writing?  Something my students should ponder. 
VCs Put $110 Million Into Grammar-Checking Software
Venture capitalists want a piece of just about anything involving artificial intelligence, whether it’s computers learning to drive or helping people shop for clothing.  The latest to get a sizable investment is a startup looking to use AI to improve people’s grammar.
General Catalyst, a Silicon Valley venture firm, said Monday that it led a $110 million investment in Grammarly Inc.  The San Francisco startup makes software that underlines awkward words and phrases in the user’s writing and makes suggestions, similar to a feature in Microsoft Word.
   6.9 million people using the tool daily, many of whom interact with the service through a web browser extension for Google Chrome.

Another citation generator.  Even gives you the in-text citation.
Cite It In - A Free Tool for Creating Reference Citations
Cite It In is another in a long list of tools that are designed to help students properly format research citations.  Cite It In provides students with templates for creating inline and bibliography citations in APA, MLA, and Chicago style.  Cite It In works the same way regardless of the citation style that students choose.
To use Cite It In students simply go to the site, pick a style, and fill in the information requested in the template.  Once the template is completed, students click "generate citation" and a citation is created for them to copy and paste into their documents.

Something for my lawyer friends?
Center for Open Science Releases Another Branded Preprint Service With LawArXiv
by Sabrina I. Pacifici on May 8, 2017
“The Center for Open Science (COS) is pleased to announce that it has added another branded service to its open source preprints service, OSF Preprints.  The new service, called LawArXiv, provides free, open access, open source archives for legal research.  LawArXiv is an open access legal repository supported and maintained by members of the scholarly legal community.  The repository was developed by three non-profit membership organizations and an academic lead institution:

An interesting idea.  This website only allows articles by academics.
The Conversation
Academic rigor, journalistic flair