Saturday, June 03, 2017

This is blog post 4000.  I’ll keep practicing until I get it right.

Today it’s commissions, tomorrow the world!
Chinese Company Behind Adware That Infected Over 250 Million Computers
A Chinese digital marketing company named Rafotech is behind a wave of inter-connected adware families that found their way onto the computers of millions of users, says Israeli cyber-security firm Check Point.
According to an extensive investigation, Check Point claims Rafotech has designed a very intrusive adware that hijacks people's browsers with the primary purpose of redirecting traffic to fake search engines.
These fake search engines do nothing more than divert search queries through Google and Yahoo's affiliate programs, earning the Chinese company a commission.
   The adware's reach inside corporate networks is a big issue because adware, in general, has evolved in the past year.  As Bleeping Computer's malware expert Lawrence Abrams wrote numerous times in our adware removal guides, most of today's adware contains the same features found in banking or backdoor trojans.
Fireball is one of those adware families.  Check Point experts said yesterday in a report that Fireball contains features that allow the Chinese company to push and execute any file (malware) to the victim's computer.
Because the adware is so intrusive at the browser level, experts fear that its maintainers would have no technical impediment from switching from a revenue model that's based on traffic redirection and ad injection to something that involves stealing user credentials.


For my students.
'Tallinn Manual 2.0' - the Rulebook for Cyberwar
Tallinn - With ransomware like "WannaCry" sowing chaos worldwide and global powers accusing rivals of using cyberattacks to interfere in domestic politics, the latest edition of the world's only book laying down the law in cyberspace could not be more timely.
The Tallinn Manual 2.0 is a unique collection of law on cyber-conflict, says Professor Michael Schmitt from the UK's University of Exeter, who led work on the tome.
Published by Cambridge University Press and first compiled by a team of 19 experts in 2013, the latest updated edition aims to pin down the rules that governments should follow when doing battle in virtual reality.  


Toward WiFi as a right?
Digital Single Market: EU negotiators agree on the WiFi4EU initiative
   The political agreement includes a commitment by the three institutions to ensure that an overall amount of €120 million shall be assigned to fund equipment for public free Wi-Fi services in 6,000 to 8,000 municipalities in all Member States.  


…and then we’ll send our virtual auditors to review your books!
Massachusetts Tries Something New To Claim Taxes From Online Sales
   Massachusetts is one of the latest states to step up the fight for tax dollars, issuing a new directive for out-of-state online retailers to begin collecting the 6.25 percent state sales tax starting July 1.
As a trigger, the state is adopting a hyperliteral definition of physical presence — one that relies on any downloaded apps as well as "cookies," the little bits of data that websites store on users' computers or phones to track their visits.  Massachusetts is now considering them a physical in-state operation for a company.
"Massachusetts is arguing that these vendors with no property and no people and no offices in this state, they still have physical presence because of Internet cookies," Jones says.
   Steve DelBianco is on the shameless-tax-grab side.  He leads NetChoice, a national trade association representing e-commerce sites.  He says under this strange Massachusetts theory, "your business is subject to the taxation [and] regulation in any state where a user simply enters their website address.  That can't hold up to legal scrutiny, because it certainly doesn't hold up to common sense."


Perspective.
   Today tech is the new oil, and it’s changing the game for producers of major commodities such as oil, coal, iron ore, natural gas, and copper. In this new commodity landscape, incumbents and attackers will race to develop viable business models, and not everyone will win.
Consider how the dynamics of demand are changing.  The adoption of robotics, internet-of-things technology, and data analytics — along with macroeconomic trends and changing consumer behavior — are fundamentally transforming the way resources are consumed.  Technology is enabling people to use energy more efficiently in their homes, offices, and factories.  At the same time, technological innovation in transportation, the largest single user of oil, is helping to lower energy consumption as engines become more fuel efficient and the use of autonomous and electric vehicles grows.
As a result, demand for resources is flattening out.  (Copper, often used in consumer electronics, is the exception.)  At the McKinsey Global Institute, we modeled these trends and found that peak demand for major commodities like oil, thermal coal, and iron ore is in sight and may occur as soon as 2020 for coal and 2025 for oil.  At the same time, renewable energies including solar and wind will continue to become cheaper and will play a much larger role in the global economy’s energy mix.  We estimated that renewables could jump from 4% of global power generation today to as much as 36% by 2035 in our accelerated technology scenario.


For the toolkit.  (I use Notepad++ myself.)


Something my gamers might want.  Not free. 
Pixar veteran creates A.I. tool for automating 2D animations
Artificial intelligence is going to change just about everything — like animating video games, for example.
Animation-technology startup Midas Touch Interactive has a new tool called Midas Creature, which the company claims can automate the process of creating complicated animations for two-dimensional characters.


Something my gamers might want.  Cheap? 
Regardless of what storyline you’re into (or looking to try), it’s probably on sale right now.  Want to read about Wolverine as an old man struggling to get by (like the plot of the recent movie)?  You can get 224 pages of comics for $3 on just that!  That particular book normally sells for $15 in digital form, so it’s quite a steal.
Of course, that’s just one example of what’s on sale.  You’ll find deals on X-Men, Hulk, Guardians of the Galaxy, Spider-Man, Deadpool, Star Wars, and much more.  Have a look, and we’re sure you’ll find something that interests you!

Friday, June 02, 2017

This is not encouraging.  Also, it seems you need to do more than just change your password! 
Password manager OneLogin hacked, exposing sensitive customer data
In a brief blog post, the company's chief security officer Alvaro Hoyos said that it was aware of "unauthorized access to OneLogin data in our US data region," and that it had reached out to customers.
   "OneLogin believes that all customers served by our US data center are affected and customer data was potentially compromised," the email read.
Later in the day, the company said in an update: "Our review has shown that a threat actor obtained access to a set of [Amazon Web Services, or AWS] keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US."
   The company added that although it encrypts "certain sensitive data at rest," it could not rule out the possibility that the hacker "also obtained the ability to decrypt data".
But a spokesperson did not say what kind of data is and isn't encrypted.  We have asked for clarity, and will update when we hear back.
   "Am I the only 1 to find it disturbing OneLogin had a decryption method for customer data accessible enough to be grabbed via breach?" said one user on Twitter.
The company has advised customers to change their passwords, generate new API keys for their services, and create new OAuth tokens -- used for logging into accounts -- as well as to create new security certificates.  The company said that information stored in its Secure Notes feature, used by IT administrators to store sensitive network passwords, can be decrypted.


Ethical hacking: tools & Techniques.
CIA Tool 'Pandemic' Replaces Legitimate Files With Malware
Documents published by WikiLeaks on Thursday describe a tool allegedly used by the U.S. Central Intelligence Agency (CIA) to spread malware on a targeted organization’s network.
The tool, named “Pandemic,” installs a file system filter driver designed to replace legitimate files with a malicious payload when they are accessed remotely via the Server Message Block (SMB) protocol.
What makes Pandemic interesting is the fact that it replaces files on-the-fly, instead of actually modifying them on the device the malware is running on.  By leaving the legitimate file unchanged, attackers make it more difficult for defenders to identify infected systems.


How does this change anything? 
Putin: Patriotic Russians Could Be Behind Election Hacks
Russian President Vladimir Putin says patriotic citizens may have launched politically motivated cyberattacks against foreign countries, but denied any government involvement in such operations.
   Thomas Rid, a professor in the department of War Studies at King's College London, believes the comments made by Putin are strategic.
Putin is a professional.  He knows his intel history.  He likely knows that sooner or later operators will talk, write memoirs; may take years  


Ethical waivers are easier than ethical behavior. 
POGO – White House Releases Ethics Waivers After Battle with OGE
by Sabrina I. Pacifici on Jun 1, 2017
Scott H. Amey, J.D. – General Counsel, POGO: “Late {May 31, 2017], the White House updated its ethics waiver page with a list of 11 named White House staffers, all Executive Office of the President Appointees, White House Office Commissioned Officers, and “Former Jones Day employees” (the law firm that employed Donald F. McGahn II, Counsel to the President, and handled legal matters for the Trump campaign).  The waivers allow the staffers to work on certain matters and policy issues despite conflicts of interest covered by President Trump’s ethics pledge and other laws and regulations.  Until yesterday, the ethics waiver page stated that the “information on this page is being updated. Ethics pledge waivers will be published as they become available.”


Will everyone need a social media account to enter the US?
Trump administration approves tougher visa vetting, including social media checks
The Trump administration has rolled out a new questionnaire for U.S. visa applicants worldwide that asks for social media handles for the last five years and biographical information going back 15 years.


Overtime, increased liability, longer workers comp coverage…  Is this really cheaper? 
Walmart is asking employees to deliver packages on their way home from work
The idea, Walmart executives said Thursday, is to cut costs on the so-called last-mile of deliveries, when packages are driven to customers’ homes, often the most expensive part of the fulfillment process.
   Employees will be paid extra for the voluntary program, and offered overtime pay as necessary to make the deliveries, Walmart spokesman Ravi Jariwala said Thursday.
“Walmart is uniquely qualified, uniquely positioned, to be able to offer this,” he said, adding that 90 percent of Americans live within 10 miles of a Walmart store.
   The company is billing the program as a way for employees to earn extra money, although there were few details on how they would be paid.  Jariwala declined to clarify whether employees would be paid based on distance, time, number of deliveries or a combination of those things.
Labor experts say the arrangement, a mash-up of sorts between an Uber-style gig economy and traditional employment arrangements, raises a number of questions related to employees having to shoulder much of the risk, cost and liability associated with deliveries.
“The practice seems ripe for abuse if the company does not compensate workers for the full cost of their journey, the expenses related to gas, car depreciation, and potential problems like accidents, tickets or parking expenses,” said Stephanie Luce, a labor professor at the City University of New York.


Helping my students understand how analytics can be used.
The NBA’s Adam Silver: How Analytics Is Transforming Basketball
   “Analytics have become front and center with precisely when players are rested, how many minutes they get, who they’re matched up against,” said Silver.
He talked about biometrics and wearables.  “[Analytics] are tracking every movement of those players….  It’s not just that they’re moving on the court during games, but during practice.”  At night, most players wear sleep monitors.  Information about their diets is quantified and recorded.  “Sometimes there are very sophisticated markers, even in terms of saliva and other things,” that indicate a player is fatigued, Silver said.  And because there is a proven correlation between fatigue and injuries, a red flag goes up.
   He contrasted hiring for the NBA with hiring for the average large firm: When a Fortune 500 company makes a hiring decision, the worst-case scenario is the individual needs to be terminated and the company hires someone else.  But in a draft system like the NBA’s, “you live with those mistakes for years.”  Consequently, scouts will take any edge they can get.  “The number of analytics fields they’re looking at now, for example when they’re doing college scouting or drafting internationally, is incredible.”


For the toolkit.
Adobe Rolls Out Free Scanning App For Android And iOS: Adobe Scan Transforms Documents Into Editable PDFs
Software developer Adobe has rolled out Adobe Scan, a new scanning app for iOS and Android devices that transforms documents into searchable and editable PDF files.
Adobe Scan is free

(Related).  And once you have all those PDFs…
Try Kami for Annotating PDFs
Kami is a tool that you can use to draw, type, and highlight on PDFs.  You can import PDFs into Kami from your Google Drive or you can import them from your desktop.  Kami can be integrated with Google Classroom to make it easy to share annotated PDFs with your students and for them to share with you.

Thursday, June 01, 2017

How vulnerable are these card processing systems? 
Kmart Payment Systems Infected With Malware
Big box department store chain Kmart informed customers on Wednesday that cybercriminals may have stolen their credit or debit card data after installing malware on the company’s payment processing systems.
Kmart, a subsidiary of Sears Holdings, has not provided any information on which stores are affected and for how long hackers had access to its systems.  The retailer operates more than 700 stores, but blogger Brian Krebs learned from his sources in the financial industry that the breach does not appear to impact all locations.
It’s unclear what point-of-sale (PoS) malware has been used in the attack, but the retailer has described it as “a new form of malware” and “undetectable by current antivirus systems.”
The company’s investigation showed that names, addresses, social security numbers, dates of birth, email addresses and other personally identifiable information (PII) have not been compromised.  Kmart believes the attackers may have only accessed payment card numbers.
   This is not the first time Kmart discloses a data breach.  In October 2014, the company told customers that their credit and debit cards may have been stolen after hackers installed malware on payment systems.


Don’t knock Social Security.  At least they did something!  Maybe in a few years they will catch up to NIST.
Social Security Administration Adopts What NIST is Deprecating
As of June 10 2017, users of the Social Security Administration (SSA) website will be required to use two-factor (2FA) authentication to gain access.  Potentially, this could affect a vast number of American adults, who will be required to enter both their password and a separate code sent to them either by SMS or email text.
What is surprising is that in July 2016, NIST deprecated SMS-based 2FA in special publication 800-63B: Draft Digital Identity Guidelines.  It should be noted this is still a draft, and not yet a formal standard that government agencies are required to meet; but nevertheless, it specifically says, "OOB [2FA] using SMS is deprecated, and may no longer be allowed in future releases of this guidance."  It seems strange, then, that the SSA should introduce precisely what NIST deprecates.


Silicon Valley jumps on this every year, so it is probably worth a look.
Annual Internet Trends Presentation from Mary Meeker – 2017
by Sabrina I. Pacifici on May 31, 2017
“Here are a few initial takeaways via TechCrunch:
  • Smartphone sales and Internet penetration growth are both slowing
  • It’s not really a “shift to mobile” as much as “the addition of mobile”, since desktop usage hasn’t declined much while mobile usage has skyrocketed to over three hours per day per person in the US
  • There’s still more time spent on mobile than ad spend, indicating forthcoming windfalls for mobile ad platforms
  • Google and Facebook control 85% of online ad growth
  • Internet ad spend will surpass TV spend within six months
  • Streaming music led by Spotify surpassed physical music sales, giving recorded music its first revenue growth in 16 years
  • eSports are exploding, with viewing time up 40% year over year, and an equal number of millennials strongly preferring eSports vs traditional sports
  • Email spam with malicious attachments is exploding as cloud usage increases, so be careful what you click
  • Tech companies drive wealth creation in China, where people pay for livestreaming, and bike sharing usage is skyrocketing
  • Falling data costs are driving increasing Internet adoption in India, but smartphone prices remain too high
  • 60% of the most-highly valued tech companies in America were founded by first or second generation Americans while 50% of the top private startups were founded by first-gen immigrants…”


The start of a trend?
Rebecca Yergin writes:
On May 16, 2017, Governor Jay Inslee signed into law H.B. 1493—Washington’s first statute governing how individuals and non-government entities collect, use, and retain “biometric identifiers,” as defined in the statute.  The law prohibits any “person” from “enroll[ing] a biometric identifier in a database for a commercial purpose, without first providing notice, obtaining consent, or providing a mechanism to prevent the subsequent use of a biometric identifier for a commercial purpose.”  It also places restrictions on the sale, lease, and other disclosure of enrolled biometric identifiers.  With the new law, Washington has become only the third state after Illinois and Texas to enact legislation that regulates business activities related to biometric information.  Although the three laws seek to provide similar consumer protections around the collection, use, and retention of biometric data, the Washington law defines the content and activity it regulates in different terms, and, similar to Texas, but unlike Illinois, the Washington law does not provide a private right of action.
Read more on Covington & Burling Inside Privacy.


Not intended to be amusing.
China’s New Cybersecurity Law Leaves Foreign Firms Guessing
As China moves to start enforcing a new cybersecurity law, foreign companies face a major problem: They know very little about it.
   The law would require that companies store their data within China, and would impose security checks on companies in sectors like finance and communications.  Individual users, meanwhile, would have to register with their real names to use messaging services.
But Mr. Chang said that officials had conveyed “less than half” of the specifics of how the law would be implemented.
“A wide range of companies are doing data transfers — it’s the lifeblood of their business,” he said.
Executives have complained that the wording of the law is ambiguous, fearing that it gives China’s ruling Communist Party substantial leeway to target them.

(Related).  Perhaps this will eventually help.
The Global Law Search Engine
by Sabrina I. Pacifici on May 31, 2017
“Global-Regulation Inc. Vision: To make all of the world’s laws accessible to users in a way that’s as easy as a Google search.  The Global Law Search Engine – Search 1,610,446 laws from 90 countries, in English.  Find, compare and analyse more than 825,000 laws translated into English from 26 languages.  If our database was a book it would be approximately 7.67 million pages (2,108,193,898 words).” 


Perspective.  I had not considered the impact on organ donation.  A good article to start the debate.
How Robo Cars Will Impact Everything Else
• Programmers will be forced to make life-and-death decisions in advance, until regulators create guidelines.  For example, if a pedestrian darts out in front of a passenger-carrying robo-car, should the computer prioritize the life of the passenger or the pedestrian?  Does it matter if there are two pedestrians and one passenger?  Will consumers embrace self-driving cars that don’t give their lives, and their lives of their families, top priority in all cases?
• Waiting lists for organ donations will grow longer, as car accidents, especially fatal ones, become rarer.


Okay, Blockchain has arrived.
$35 Million in 30 Seconds: Token Sale for Internet Browser Brave Sells Out
Brave, the upstart web browser founded by Mozilla co-founder Brendan Eich, completed an initial coin offering (ICO) today that is likely to be distinguished for its speed and earnings.
Overall, the sale for Brave's ethereum-based Basic Attention Token (BAT) generated about $35m and was sold out within blocks, or under 30 seconds.


Somehow, I have little sympathy for anyone who could not out poll Donald Trump.  This seems far more like “sour grapes” than I would have expected.  How long will we need to listen to this whining?
Hillary Clinton Was the First Casualty in the New Information Wars
The former presidential nominee made her case that a Russian-backed “conspiracy” to “weaponize” social media took down her campaign.
   “I take responsibility for every decision I made,” Clinton said, “but that is not why I lost.”

Wednesday, May 31, 2017

It certainly appeals to my love of “conspiracy theories.”  
Latest WannaCry Theory: Currency Manipulation
The recent WannaCry outbreak is still a mystery.  We know what (ransomware), and how (a Windows vulnerability on unsupported or unpatched systems); but we don't know who or why.  We're not short of theories: Lazarus, North Korea, some other nation-state actor, Chinese or Russian actors -- but none of these has gained general acceptance.
The basic problem is that elements of Wannacry just don't make sense.  The scale and rapidity of its spread, although not unprecedented, points to expertise and resources.  This together with some code similarities has led to suggestions that it was a nation-state attack emanating from North Korea.
But inefficiencies in collecting the ransom is not likely from a group as experienced as Lazarus; and the absence of any visible political motive throws doubt on the idea that any nation-state actor was involved.
Thycotic's cyber security and digital forensics expert, Joseph Carson, has an alternative theory: the motive behind Wannacry was effectively insider trading following currency manipulation. Bitcoin was the real target.
If he is right, it explains the efficiency of the attack (the primary motive) and the inefficiency of the ransom collection (which was neither part of nor important to the plan).


About time! 
DNC advertises for new chief technology officer
The Democratic National Committee is searching for an executive to lead its IT modernization, cybersecurity and technology efforts.


Why not, everything else can.
   It turns out that picking the wrong emoji might land you a date in court, at least if we take a recent case in Israel as an example.


Now this is interesting!
US Supreme Court Protects Consumers' Right To Refill Ink Cartridges In Precedent-Setting Lexmark vs Impression Case
Score one for the little guys.  In a precedent-setting decision handed down this morning, the U.S. Supreme Court ruled that a company’s patent rights are forfeited once they sell an item to a consumer under the “first sale” doctrine.  This idea was central to Impression Products, Inc. v Lexmark Int’l, Inc. and is a major blow to companies that sell their printers for (relatively) low prices and then recoup any losses on the sale of expensive ink and toner cartridges.
   "Extending the patent rights beyond the first sale would clog the channels of commerce, with little benefit from the extra control that the patentees retain," wrote Chief Justice John Roberts.  In his opinion, Chief Justice Roberts contended that Lexmark’s heavy-handed approach to discouraging cartridge remanufacturers only emboldened them to find new and innovative ways to circumvent the company’s defenses.
“Many kept acquiring empty Return Program cartridges and developed methods to counteract the effect of the microchips.  With that technological obstacle out of the way, there was little to prevent the remanufacturers from using the Return Program cartridges in their resale business,” said Chief Justice Roberts.  After all, Lexmark’s contractual single-use/no-resale agreements were with the initial customers, not with downstream purchasers like the remanufacturers.


Will this flourish in a Trump world?
CrowdJustice, the crowdfunding platform for public interest litigation, raises $2M and heads to U.S.
CrowdJustice, a startup that brings crowdfunding to “public interest” litigation, has raised $2 million in seed funding for U.S. expansion.
   High profile cases that have utilised the platform to date include the “People’s Challenge” to Brexit that won in the Supreme Court, which said that Parliament had a say in triggering Article 50, and the first federal case challenging the Trump immigration ban.
To coincide with today’s U.S. seed funding announcement, a new campaign is launching on CrowdJustice.  It’s seeing Mike Hallatt (“Pirate Joe”) attempt to raise money to defend a lawsuit being brought by corporate giant Trader Joe’s against Hallatt’s small Canadian startup Pirate Joe’s.


You might as well start practicing.  The Chatbots will soon be everywhere!
   The official Alexa Skill Testing Tool, intended for people who are building skills that you can use with the Echo, can be used by anyone.  You don’t have to be a developer working on an app.  All you need is an Amazon account.
After logging into the site using your Amazon credentials and granting the site access to your account (and to your computer mic), you can start asking all the questions you would of Alexa.  Use Spacebar or click on the microphone button and be sure to keep holding down until you’ve finished asking your question.


Something for my geeks to try.  SE specializing in 3D printing, source code, etc.

Tuesday, May 30, 2017

Interesting implications.  Suggests governments are relying on ‘computer reading’ of intercepted communication rather than human reading of the website. 
Wikipedia’s Switch to HTTPS Has Successfully Fought Government Censorship
   Determining how to prevent these acts of censorship has long been a priority for the non-profit Wikimedia Foundation, and thanks to new research from the Harvard Center for Internet and Society, the foundation seems to have found a solution: encryption.
   when you try to connect to a website using HTTPS, your browser will first ask the web server to identify itself.  Then the server will send its unique public key which is used by the browser to create and encrypt a session key.  This session key is then sent back to the server which it decrypts with its private key.  Now all data sent between the browser and server is encrypted for the remainder of the session.
In short, HTTPS prevents governments and others from seeing the specific page users are visiting.


Did they think hackers would not notice? 
Synaptics warns that fingerprint spoofing makes laptops vulnerable
   Synaptics, which makes fingerprint identification sensors and touchpad technology, earlier this month issued a warning that some computer makers, seeking to save about 25 cents per machine, have chosen to use insecure smartphone fingerprint sensors instead of more secure laptop sensors, said Godfrey Cheng, vice president of product for the Santa Clara, Calif.-based company, in an interview with VentureBeat.
“Fingerprint identification has taken off because it is secure and convenient when it’s done right,” he said. “When it’s not secure all of the way through, then that’s an exposure that an attacker can exploit.”
The smartphone fingerprint sensors typically use unencrypted methods to store and send the fingerprint to a central processing unit (CPU) for processing.  That makes the data vulnerable to snooping software and other hacks.  Synaptics sensors, by contrast, use encryption and a secondary host processor to do the recognition work.


This sounds like a consulting service waiting to be organized and monetized.  
India's Ethical Hackers Rewarded Abroad, Ignored at Home
Kanishk Sajnani did not receive so much as a thank you from a major Indian airline when he contacted them with alarming news -- he had hacked their website and could book flights anywhere in the world for free.
It was a familiar tale for India's army of "ethical hackers", who earn millions protecting foreign corporations and global tech giants from cyber attacks but are largely ignored at home, their skills and altruism misunderstood or distrusted.
India produces more ethical hackers -- those who break into computer networks to expose, rather than exploit, weaknesses -- than anywhere else in the world.
The latest data from BugCrowd, a global hacking network, showed Indians raked in the most "bug bounties" -- rewards for red-flagging security loopholes.
Facebook, which has long tapped hacker talent, paid more to Indian researchers in the first half of 2016 than any other researchers.
Indians outnumbered all other bug hunters on HackerOne, another registry of around 100,000 hackers.


I hope so.  As I get older, I find myself saying “I forget” more and more.  At least I think I do, I can’t remember.
David Kravets reports:
On May 30, two suspects accused of extorting the so-called “Queen of Snapchat” as part of a sex-tape scandal are scheduled to appear in a Florida court.  But as wild as the premise sounds, primarily the accused need only to answer a simple question on this visit.  Miami-Dade Circuit Judge Charles Johnson wants an explanation as to why Hencha Voigt and her then boyfriend, Wesley Victor, can’t remember the passcodes to their mobile phones.
If he doesn’t believe them or if they remain silent, the two suspects face possible contempt charges and indefinite jail time for refusing a court order to unlock their phones so prosecutors can examine text messages.  Their defense to that order, however, rests on an unsettled area of law.  Voigt and Victor maintain that a court order requiring them to unlock an encrypted device is a breach of the Fifth Amendment right to be free from compelled self-incrimination.
If things don’t go their way in court Tuesday, the duo certainly wouldn’t be the first ones ordered to prison for failing to abide by a judge’s decryption order.  They likely won’t be the last ones, either.
Read more on Ars Technica.


A simple tool Mr. Anonymous never considered, because it didn’t exist 32+ years ago. 
As the debate about re-identification of “anonymized” data rages on, this story may be of interest:
A Dutch woman has managed to trace her donor father using commercial dna banks in the US, the Volkskrant reports on Tuesday.  Emi Stikkelman, 32, sent three dna samples to dna banks, where a match was found with an Australian woman.  Together with family history researcher Els Leijs, she was able to put together a family tree and finally identify her biological father.  Normal dna banks use 20 key markers but commercial agencies can use thousands, allowing them to cast a much wider net of potential relatives, the paper said.  Leijs uses commercial data banks such as Family Tree, Ancestry and 23andMe which are particularly popular in the US and have been set up to allow people to trace their heritage.  ‘Almost all Americans have roots outside the US, in Europe and Africa,’ she said. 
Read more on DutchNews.nl.


Perspective.
Think back to 2007. A young U.S. senator named Barack Obama announced his candidacy for president.  The housing bubble started to burst.  Apple released the first iPhone.
It wasn’t long ago and, yet, in technology terms, it’s almost an eternity — ride- or hotel-sharing companies didn’t exist yet and the first generation of social media platforms were just hitting the mainstream.  So much has changed since then.  We’ve seen it here at PwC, as well.  During the past decade, we surveyed the leaders at the world’s largest companies annually through our Global Digital IQ Survey, tracking their evolving sentiments, priorities, and challenges of how they’re using technology to transform their own businesses.
   So one would expect that today’s companies have a much better Digital IQ than they did way back in 2007, right?  The answer, surprisingly, is no.
Our latest survey, which polled 2,216 executives at companies with annual revenue of more than $500 million, found executives’ confidence in their organization’s digital abilities is actually at the lowest it has been since we started tracking.  Just 52% of executives rated their Digital IQ as strong, down 15% from the year before.


Job search tools.


For the Computer Security toolkit.  Detect phishing links.


For the research toolkit?


Is there a ‘classroom’ version?  I think that’s what my students have…

Monday, May 29, 2017

We just finished talking about disaster recovery in my Computer Security class.  Perhaps BA should hire a few of my students? 
British Airways flight chaos lessens after weekend of disruption
The airline is "closer to full operational capacity" after an IT power cut resulted in mass flight cancellations at Heathrow and Gatwick.
Thousands of passengers remain displaced, with large numbers sleeping overnight in terminals.
BA has not explained the cause of the power problem.
   no-one from the airline has been made available to answer questions about the system crash, and it has not explained why there was no back-up system in place.
   BA blames a power cut, but a corporate IT expert said it should not have caused "even a flicker of the lights" in the data-centre.
Even if the power could not be restored, the airline's Disaster Recovery Plan should have whirred into action.  But that will have depended in part on veteran staff with knowledge of the complex patchwork of systems built up over the years.
Many of those people may have left when much of the IT operation was outsourced to India.
One theory of the IT expert, who does not wish to be named, is that when the power came back on the systems were unusable because the data was unsynchronised.
In other words the airline was suddenly faced with a mass of conflicting records of passengers, aircraft and baggage movements - all the complex logistics of modern air travel.  
   Former Virgin Airlines spokesman Paul Charles said: "What seems remarkable is there was no back-up system kicking in within a few minutes system failing.
"Businesses of this type need systems backing up all the time, and this is what passengers expect."
   The airline said there was no evidence the computer failure was the result of a cyber-attack.  It denied claims by the GMB union that the problem could be linked to the company outsourcing its IT work.

(Related).
Commentary: British Airways has no excuse for the chaos at Heathrow airport
   On the scant information available so far, there appears to be no good excuse for the crippling IT failure.  Mr Cruz said there was no evidence of a cyberattack and that the root cause seemed to be a power supply issue - the same reason given by Delta, the US airline, when IT problems forced it to ground planes around the world last year.
This is an entirely inadequate explanation.  Whatever back-up systems British Airways had in place, they are woefully deficient if they cannot withstand a power cut.  No chief executive today can afford to underestimate the threat posed by either cyberattack or more mundane IT glitches.


A few more details and a list of Colorado stores hit.
Most Chipotle restaurants hacked with credit card stealing malware
The company first acknowledged the breach on April 25.  But a blog post on Friday revealed the kind of malware used in the attack and the restaurants that were affected.
The list of attacked locations is extensive and includes many major U.S. cities.  When CNNMoney asked the company Sunday about the scale of the attack, spokesman Chris Arnold said that "most, but not all restaurants may have been involved."
Chipotle (CMG) said in its blog post that it worked with law enforcement officials and cybersecurity firms on an investigation.  
   A list of the restaurants and times they were affected can be found on Chipotle's website.


Where there is money to be made, legally or illegally, malware waits for you.
'Judy' Malware Potentially Hits Up to 36.5M Android Users
As outlined by security firm Check Point, 41 apps developed by Korea-based Kiniwini and published under the moniker ENISTUDIO Corp., "infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it."
It's "possibly the largest malware campaign found on Google Play," according to Check Point.
Google "swiftly" removed the apps from Google Play after being alerted to their existence, Check Point says, but not before they "reached an astonishing spread between 4.5 million and 18.5 million downloads."  Some were available on the store for several years and all were recently updated.


Of course not, they were making it (the entire campaign) up on the fly!
Trump campaign likely didn’t save documents: report
The Trump campaign likely did not preserve documents and communications key to the law enforcement investigation into possible collusion between President Trump's associates and the Kremlin, Politico reported Saturday.
Political campaigns, Politico noted, are typically not required to preserve emails on their private server for long windows of time, and most messages are deleted within 30 to 90 days, unless steps are taken to preserve them. 
What's more, the Trump campaign did not do much to establish a plan to maintain those communications, according to a former campaign aide.
"You’d be giving us too much credit,” the former aide told Politico.  "The idea of document retention did not come up.  The idea of some formal structure did not come up."


Now PowerPoint has an AI, and I still won’t use it!


Anything to help my students get jobs! 
LinkedIn's Top 50 Companies and the Skills Needed to Work There

Sunday, May 28, 2017

It’s fun to follow his logic.  See if you agree.
Who Are the Shadow Brokers?
In 2013, a mysterious group of hackers that calls itself the Shadow Brokers stole a few disks full of National Security Agency secrets.  Since last summer, they’ve been dumping these secrets on the internet.  They have publicly embarrassed the NSA and damaged its intelligence-gathering capabilities, while at the same time have put sophisticated cyberweapons in the hands of anyone who wants them.  They have exposed major vulnerabilities in Cisco routers, Microsoft Windows, and Linux mail servers, forcing those companies and their customers to scramble.  And they gave the authors of the WannaCry ransomware the exploit they needed to infect hundreds of thousands of computer worldwide this month.
After the WannaCry outbreak, the Shadow Brokers threatened to release more NSA secrets every month, giving cybercriminals and other governments worldwide even more exploits and hacking tools.
Who are these guys?  And how did they steal this information?  The short answer is: We don’t know.  But we can make some educated guesses based on the material they’ve published.
   As I’ve written previously, the obvious list of countries who fit my two criteria is small: Russia, China, and—I’m out of ideas.  And China is currently trying to make nice with the U.S.
   By publishing the tools, the Shadow Brokers are signaling that they don’t care if the U.S. knows the tools were stolen.


Perspective.  China reacts faster than the US government (mostly) but individual companies still beat governments.
Is China Outsmarting America in A.I.?

(Related).  Is the FDA going to lead the charge into an AI future?
Medicine Is Going Digital. The FDA Is Racing to Catch Up
   For most regulators, an ever-changing algorithm is their worst nightmare.  But Patel is one of those rare Washington bureaucrats who’s also a fervently optimistic futurist.  And he’s got big plans to get federal regulators off Washington time and up to Silicon Valley speeds.
To do that, the FDA is creating a new unit dedicated strictly to digital health.  Patel will be hiring 13 engineers—software developers, AI experts, cloud computing whizzes—to prepare his agency to regulate a future in which health care is increasingly mediated by machines.


“We don’t need no stinking Stock Market!” 
This was a big week for blockchain
   There was a unspoken sense that this thing we call Bitcoin or “Decentralization” is pretty much going to happen in a big way.
   In this market of people putting their Ethereum tokens into ICOs for decentralized startups, the funding sources are not your typical suited-up investors.  Sure, some VCs are in there now, but this is truly crowdsourced (except that, by owning a token, you are member of the network versus just entitled to a product or whatever as on Kickstarter).
Here’s what surprised me about that: Based on some rough, back-of-the-envelope calculations, there are nearly 1,500 computer science students in North America at top-tier schools like MIT, CMU, and Berkeley who are likely sitting on $30-40 million worth of crypto-currency.
And, 75 percent of it is in Ether versus 25 percent Bitcoin.
These guys (18-25 ish and 98 percent male) were too late for Bitcoin but got in on the Ethereum ground floor.
There are probably another 1,000 people globally fitting this profile.
Either way, tell me: When else in human history have people in that age group had that type of investable capital available to them?


You get a press release (electronic) which is supposed to contain the facts.  Your AI pulls the facts and plugs them into a pre-formatted “news article.”  You can create more content than could fit into a Sunday New York Times, but then you send subscribers only what they want to read. 
The Marriage of Artificial Intelligence (AI) In Sports is Revolutionizing the Sector; Sports Media, Sports Wearables, Fantasy Sports, Sports Trading Fund all Integrating AI
   In sports media AI is changing how content is created.  Should sports writers be fearful hearing news last year that Associated Press was using AI to write Minor League Baseball articles?  Robo- journalism is a reality according to a report in Wired.com. "Fox (FOX) auto-generates some sports recaps that appear on its Big Ten Network site, while Yahoo (YHOO) uses similar technology to create fantasy sports reports custom-made for each of its users.
From a case study report from the Wordsmith platform from Automated Insights, it shows how it creates personalized narratives for millions of Yahoo fantasy football users.


Something for my geeks.
Zillow Prize
Announcing Zillow Prize, a contest designed to inspire the brightest scientific minds to compete to improve the Zestimate® home valuation algorithm.
Data scientists everywhere have a unique opportunity to work on the algorithm that changed the world of real estate – and win $1 million for improving it.


I use a very similar technique when writing.  I call this the “Major Smith” review based on a story about U.S. Grant learning how to write clear orders.