Saturday, June 17, 2017

Those who do not study the history of Privacy failures are doomed to repeat them?  I remind you of the Lower Merion School District debacle.  Look back in my archive to the second article:
Cory Doctorow reports:
A majority of the Rhode Island school districts with “1-1” programs where each student is issued a laptop have a blanket policy of spying on the students and everything they do on their laptops, during, before and after school hours, on or off school premises, without any evidence (or even suspicion ) of wrongdoing.
The schools analogize this to school locker searches, in which students are denied any Fourth Amendment protections.  But that (very dubious) principle is being stretched beyond the breaking point, as school lockers are in schools, whereas these laptop searches are being carried out remotely, everywhere, anywhere.
Read more on BoingBoing.

I have got to write a book.  “Why your Security Manger thinks you are stupid!” 
David Bisson writes:
Phishers are targeting PayPal users not only for their login credentials but also for selfies of them holding their ID cards.
This scam campaign starts off like so many others.  A user gets an attack email falsely warning them that PayPal has suspended their account “for security precaution.”
“Hi there,
“Our technical support and customer department has recently suspected activities in your account.
“Therefore we have decided to temporarly suspend your account until investigating your recent activiies.  Such things can happen if you clicked a suspecious link on social media or gave your password to someone else
“We’re always concerned about our customers security so please help us recover your account by following the link below.
The phishing email gives itself away by its spelling errors and strange grammatical usage. But it does get some things right.
Read more on GrahamCluley.

If North Korea ever partnered with a real master criminal, I’d be worried.  Those guys really know how to steal. 
North Korea’s Sloppy, Chaotic Cyberattacks Also Make Perfect Sense
   Analysts at security firms, including Symantec and Kaspersky, have tied the Lazarus group to bank breaches targeting Poland, Vietnam, and more than a dozen other countries.  One attack last year swiped $81 million from Bangladesh's account at the New York Federal Reserve.
The motive makes sense: North Korea needs the money.  As a result of its human rights abuses, nuclear brinksmanship, and sociopathic aggression toward its neighbors, the country faces crippling trade sanctions.  Before its hacking spree, it had already resorted to selling weapons to other rogue nations, and even run its own human trafficking and methamphetamine production operations.  Cybercrime represents just another lucrative income stream for a shameless, impoverished government.

What makes a monopoly?  Being big?  Being better?  Smarter? 
When Does Amazon Become a Monopoly?
The behemoth’s acquisition of Whole Foods is making some wonder whether the firm is just too big.
On Friday morning, Amazon announced it was buying Whole Foods Market for more than $13 billion.  About an hour later, Amazon’s stock had risen by about 3 percent, adding $14 billion to its value.
Amazon basically bought the country’s sixth-largest grocery store for free.
   As the country’s biggest online retailer of cleaning supplies and home goods, Amazon competes with Walmart, Target, and Bed, Bath & Beyond.  As a clothing and shoe retailer, it competes with DSW, Foot Locker, and Gap. As a distributor of music, books, and television, it competes with Apple, Netflix, and HBO.  In the past decade, Amazon has also purchased the web’s biggest independent online shoe store, its biggest independent online diaper store, and its biggest independent online comics store.
And it is successful on nearly all of those fronts.  Last year, Amazon sold six times as much online as Walmart, Target, Best Buy, Nordstrom, Home Depot, Macy’s, Kohl’s, and Costco did combined.  Amazon also generated 30 percent of all U.S. retail sales growth, online or offline.

Perspective.  I know a brand-new PhD in AI, perhaps it’s time for a startup?  
Intel and Microsoft’s latest investment binge shows AI land grab is intensifying
Intel and Microsoft have been on something of an artificial intelligence (AI) investment binge of late, with the chip and software giants announcing a slew of deals this week via their respective VC arms — Intel Capital and Microsoft Ventures.

“Soon, all lawyers will be automated.”  Or at least required to take a few technology classes? 
Justin Kan confirms $10.5 million in funding for his legal tech startup Atrium LTS
   “Why don’t law firms use project management software to track where they are in the process of completing a deal and let customers see that?” Kan asked.  But more important than the way in which law firms interact with customers, Kan sees an opportunity to streamline the work that is done in-house to make it more manageable for lawyers and those who work at law firms.
“If you think about corporate legal work that’s done today, some part of it is art and then some of it is repeatable processes,” Kan told me.  It’s those repeatable processes that the Atrium team believes it can innovate on to make things more efficient.

Extreme price increases lead to new entries in the market – always.
Lower-cost alternative to EpiPen OK’d by FDA
U.S. regulators have approved new competition for EpiPen, the emergency allergy medicine that made Mylan a poster child for pharmaceutical company greed.
   Currently, EpiPens cost about $630 to $700 without insurance, while the new generic version retails for about $225 to $425.

Isn’t this Munchausen by proxy?  Is that sufficient to put her in a mental institution rather than prison?  I’ll be curious to see the sentence.
Michelle Carter text suicide trial verdict: Guilty
A young Massachusetts woman accused of sending her boyfriend dozens of text messages urging him to kill himself when they were teenagers was found guilty of involuntary manslaughter Friday.

Friday, June 16, 2017

For my Ethical Hacking students.  We need to examine, secure, and hack every link in the chain.
WikiLeaks Reveals How the CIA Could Hack Your Router
Your Wi-Fi router, sitting in the corner of your home accumulating dust and unpatched security flaws, provides an attractive target for hackers.  Including, according to a new WikiLeaks release, the CIA.
On Thursday, WikiLeaks published a detailed a set of descriptions and documentation for the CIA's router-hacking toolkit.  It's the latest drip in the months-long trickle of secret CIA files it's called Vault7, and it hints at how the agency leverages vulnerabilities in common routers sold by companies including D-Link and Linksys.  The techniques range from hacking network passwords to rewriting device firmware to remotely monitor the traffic that flows across a target's network.  After reading up on them, you may find yourself itching to update your own long-neglected access point.

A Security heads-up.
Industrial Companies Targeted by Nigerian Cybercriminals
Industrial companies from around the world have been targeted in phishing attacks believed to have been launched by cybercriminals located in Nigeria, Kaspersky Lab reported on Thursday.
In October 2016, Kaspersky’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT) noticed a significant increase in malware infection attempts aimed at industrial organizations in the metallurgy, construction, electric power, engineering and other sectors.  The security firm had observed attacks against 500 organizations in more than 50 countries.
The attacks started with spear phishing emails carrying documents set up to exploit an Office vulnerability (CVE-2015-1641) patched by Microsoft in April 2015.  The phishing messages were well written and they purported to come from the victim’s suppliers, customers, or delivery services.

For my Software Assurance students.
EFF Tips, Tools and How-tos for Safer Online Communications
by Sabrina I. Pacifici on Jun 15, 2017
“Modern technology has given those in power new abilities to eavesdrop and collect data on innocent people.  Surveillance Self-Defense is EFF’s guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices.  Select an article from our index to learn about a tool or issue, or check out one of our playlists to take a guided tour through a new set of skills.”

The value of privacy? 
Jordan Parker reports:
Hundreds of Nova Scotian hospital patients may get to share a $1-million settlement in a case involving breaches of their privacy.
Halifax’s Wagners Law Firm has reached a proposed settlement with a former provincial health authority and if it’s approved will offer $1,000 each to nearly 700 plaintiffs they represent in a class-action lawsuit.
In 2012, the South West Nova District Health Authority sent letters to 700 people, telling them an employee had “inappropriately” accessed their health information, according to a Wagners news release.
Read more on The Chronicle Herald.

The cost of delay.  Much detail omitted…
There’s a follow-up to an incident reported by in January and February involving CoPilot Provider Services.  As I had reported in January, CoPilot took more than one year to notify individuals of a breach involving their web site, and would not answer any questions as to why it took so long.  As I subsequently reported in February, the incident may not have been as the firm first described it, and OCR was reportedly investigating.  Whether HHS/OCR had any authority, however, was unclear, as the firm disputed that it was a covered entity or business associate.
HIPAA aside, the company apparently violated NYS law in terms of protecting data and making prompt notification.  Today, NYS Attorney General announced a settlement with the firm:
CoPilot has agreed to pay $130,000 in penalties and to improve its notification and legal compliance program.
Note that the press release does not indicate that law enforcement ever found the suspect employee at fault.
Nor is the incident up on HHS’s breach tool. is attempting to get updated information on this case.

Even the big boys make mistakes.
Olivia Solon reports:
Facebook put the safety of its content moderators at risk after inadvertently exposing their personal details to suspected terrorist users of the social network, the Guardian has learned.
The security lapse affected more than 1,000 workers across 22 departments at Facebook who used the company’s moderation software to review and remove inappropriate content from the platform, including sexual material, hate speech and terrorist propaganda.
A bug in the software, discovered late last year, resulted in the personal profiles of content moderators automatically appearing as notifications in the activity log of the Facebook groups whose administrators were removed from the platform for breaching the terms of service.  The personal details of Facebook moderators were then viewable to the remaining admins of the group.
Read more on The Guardian.

Don’t push those money grubbing ‘features’ too hard.
Canada rules that all new cellphones must be unlocked
Canadians pay some of the highest wireless rates of any G7 nation, and to add insult to injury, they often have to shell out $50 or more to unlock cellphones when switching operators.  However, the nation's wireless regulator, the CRTC, has now ordered carriers to unlock devices for free and decreed that all new smartphones must be sold unlocked.  The move was prompted by excoriating public criticism on unlocking fees after the CRTC requested comment on new wireless rules.

Big companies, big fines.
REPORT: Europe plans to hit Google with a €1 billion-plus fine over its shopping tool
The European Commission may hit Google with a record fine of over €1 billion (£874 million) over antitrust issues, according to a report from The Financial Times.
The European institution has accused the Californian technology giant of promoting its own shopping service in its search results over those of its competitors, alongside two other antitrust investigations: One over Android, its mobile operating system, and another relating to its online search advertising business.

Unexpected?  Will they talk to us?
An Artificial Intelligence Developed Its Own Non-Human Language
A buried line in a new Facebook report about chatbots’ conversations with one another offers a remarkable glimpse at the future of language.
In the report, researchers at the Facebook Artificial Intelligence Research lab describe using machine learning to train their “dialog agents” to negotiate.  (And it turns out bots are actually quite good at dealmaking.)  At one point, the researchers write, they had to tweak one of their models because otherwise the bot-to-bot conversation “led to divergence from human language as the agents developed their own language for negotiating.”  

An extreme use of texting?  But manslaughter?  What if they had been in different states?  Or if the victim had been an adult and the girl a minor? 
Judge faces legal quagmire in teen texting suicide trial of Michelle Carter; verdict to be announced Friday
   A juvenile court judge now finds himself at the center of a legal quagmire: Should he set a legal precedent in Massachusetts by convicting Carter of manslaughter for encouraging Roy to take his own life through dozens of text messages?  Or should he acquit her and risk sending a message that Carter’s behavior was less than criminal?
   Carter is accused of involuntary manslaughter, a charge that can be brought in Massachusetts when someone causes the death of another person when engaging in reckless or wanton conduct that creates a high degree of likelihood of substantial harm.
   Daniel Medwed, a law professor at Northeastern University, said the judge has a difficult task in determining whether Carter’s actions rise to the level of manslaughter.  There is no Massachusetts law against encouraging someone to kill themselves.  Medwed said the judge could consider Carter “morally blameworthy,” but “moral blame doesn’t always equal legal accountability. ”
Martin Healy, chief legal counsel of the Massachusetts Bar Association, said the case also presents some novel issues of law on the use of cellphones and text messages.  Carter was not with Roy when he killed himself, but she was talking on the phone with him as his truck filled with carbon monoxide.

Amazon Is Buying Whole Foods For $13.7 Billion
   For Amazon, the acquisition suddenly gives them a sprawling brick-and-mortar presence and access to well-heeled consumers.  The company has been experimenting with groceries, primarily through its AmazonFresh delivery program, but this deal makes clear the size of its ambitions.

I find this hard to believe.  (correlation does not imply causation).  Does this also apply to non-coders? 
Developers Who Use Spaces Make More Money Than Those Who Use Tabs
Do you use tabs or spaces for code indentation?
This is a bit of a “holy war” among software developers; one that’s been the subject of many debates and in-jokes.  I use spaces, but I never thought it was particularly important.  But today we’re releasing the raw data behind the Stack Overflow 2017 Developer Survey, and some analysis suggests this choice matters more than I expected.

Perhaps a different “private” company?  The Godfather would never fail to pay.
Powerball, Mega Millions may be victims of Illinois budget impasse, lottery officials say
Lottery players will not be able to purchase Powerball or Mega Millions tickets in Illinois after the end of this month unless the ongoing state budget impasse is resolved, lottery officials said Thursday.
   It is the latest black eye for the beleaguered state lottery, which has garnered headlines in recent years for failing to pay its winners, and for the way it was run under the first private management agreement in the nation.

In a series of stories published over the past six months, the Tribune found the company tasked with running the lottery — Northstar Lottery Group — failed to award more than 40 percent of the grand prizes in its biggest instant ticket games, sometimes ending games before any top prizes were claimed.

Perspective.  Cable isn’t dead yet, but my students don’t subscribe.
Netflix Is Now Bigger Than Cable TV
Netflix has, for the first time, surpassed cable in total subscribers according to Leichtman Research.  US cable companies have 48.61 million subscribers while Netflix has just hit 50.85 million.  The numbers don't count minor cable networks, which could in themselves amount to 5% of total cable customers.

Perspective.  How important (valuable) are games?
Tencent Eyeing $3 Billion Bid for Angry Birds Maker Rovio, Reports The Information

No comment.
The surprising number of American adults who think chocolate milk comes from brown cows
Seven percent of all American adults believe that chocolate milk comes from brown cows, according to a nationally representative online survey commissioned by the Innovation Center of U.S. Dairy.

Add this to your toolbox when available!
Backup and Sync Will Automatically Save Your Desktop Files
Backup and Sync is a new service coming soon from Google.  On June 28th you will be able to install Backup and Sync on your Mac or Windows computer.  The service will let you have your desktop files or other folder files automatically backed up to your Google Drive account.  You've always been able to quickly move files from your desktop to Google Drive through Drive desktop clients, but Backup and Sync will let you streamline that process.

A tool for e-textbooks?
Owl Eyes - Guide Students Through Classic Literature
Owl Eyes is a free tool that provides teachers with a good way to provide students with guidance while they are reading classic literature.  Owl Eyes provides teachers with tools to insert annotations and questions into classic literature.  Students can see the annotations and questions that their teachers add to the digital text.  Teachers have the option to create online classrooms through which they can monitor their students' progress through a text and view their students' annotations and answers to questions.  The texts available through Owl Eyes are mostly classic works that are in the public domain.
[Also check their library:

Sic semper PowerPoint!

Thursday, June 15, 2017

What procedures were violated?  E.g. Accepting a change of banks without verification?
Graham Cluley writes:
Southern Oregon University has announced that it is the latest organization to fall victim to a business email compromise (BEC) attack after fraudsters tricked the educational establishment into transferring money into a bank account under their control.
According to media reports, the university fell for the scam in late April when it wired $1.9 million into a bank account.  They believed they were paying Andersen Construction, a contractor responsible for constructing a pavilion and student recreation center.
Read more on TripWire.

I’m not sure we will ever be satisfied with the answers we find.  However there have been suggestions that I think would make vote tampering easily detectable. 
Questions increase over determining extent of Russia election hacking
by Sabrina I. Pacifici on Jun 14, 2017
NPR – If Voting Machines Were Hacked, Would Anyone Know? – “As new reports emerge about Russian-backed attempts to hack state and local election systems [Link], U.S. officials are increasingly worried about how vulnerable American elections really are.  While the officials say they see no evidence that any votes were tampered with, no one knows for sure.  Voters were assured repeatedly last year that foreign hackers couldn’t manipulate votes because, with few exceptions, voting machines are not connected to the Internet.  “So how do you hack something in cyberspace, when it’s not in cyberspace?”  Louisiana Secretary of State Tom Schedler said shortly before the 2016 election.  But even if most voting machines aren’t connected to the Internet, says cybersecurity expert Jeremy Epstein, “they are connected to something that’s connected to something that’s connected to the Internet…”
Nextgov – “Congressional concern is climbing—not for the first time—about government agencies using an anti-virus tool made by the respected but Russia-based security firm Kaspersky Lab.  The dustup is a case study in why securing government systems is devilishly complicated…”

So, what can we do about it?
The Internet, a historically unparalleled source of information and expression, has also become a playground for censorship, punishment and propaganda.  Not a day goes by where an individual is not arrested, prosecuted or threatened for the content of a tweet or a post.  States are ordering internet shutdowns in times of public protest, elections, and even school exams.  Governments enjoy surveillance capabilities that drill deep into the lives of journalists, activists, political opposition, and regular citizens.
1.      Network shutdowns devastate individuals and their communities … and are spreading:
2.      Surveillance is more secretive and invasive than ever:
3.      States must back up their commitments with action:
4.      Companies are on the front line of the fight for users’ rights:
5.      Transparency needed across the board:
Read the full report, which also discusses the erosion of net neutrality, and the human rights impact of standards developing organizations like the Internet Engineering Task Force, and its supplementary materials, here.

IoT spending to surpass $800 billion in 2017, led by hardware: IDC
Research firm IDC has released updated spending estimates for the Internet of Things. Overall, IDC expects IoT spending to grow 16.7 percent year-over-year in 2017, reaching just over $800 billion.
By 2021, global IoT spending is expected to total nearly $1.4 trillion, led by enterprise investments IoT hardware, software, services, and connectivity.

Is this bad?  Should we stop the little earthquakes and just wait for the big one? 
Gigantic increase in fracking related earthquakes spikes insurance costs
by Sabrina I. Pacifici on Jun 14, 2017
GOOD: “…According to the U.S. Geological Survey, prior to 2009, when oil and gas fracking in Oklahoma and neighboring states really started to boom, Oklahoma experienced roughly two earthquakes a year.  Now, the state sees as many as two or three earthquakes each day, leaping from an annual average of 99 between 2009-2013 to 585 in 2014.  By 2015, the state endured 887 earthquakes, including 30 that topped 4.0 on the Richter scale…”

Because writing out a grocery list is so “last year!”  
Amazon’s New Dash Wand Will Now Take Your Grocery Order
Amazon's new Dash Wand is the company's latest connected device aims to make buying groceries from AmazonFresh delivery service or other items from even easier.
About the size of a remote control, Dash Wand incorporates Alexa, the virtual personal assistant persona that drives Amazon's Echo devices.  That means users can tell it what to order or they can scan in product codes. It can search for recipes but, unlike Echo, it will not play music. [Sounds like a project for my Ethical Hacking students!  Bob]

Research tools?  My students are not encouraged to use “old” articles, which I define as more than 12 months old.  Perhaps I should make an exception here?
Google releases collection of highly cited subject matter papers
by Sabrina I. Pacifici on Jun 14, 2017
Google Scholar Blog: “Classic Papers: Articles That Have Stood The Test of Time – “Scholarly research is often about the latest findings – the newest knowledge that our colleagues have gleaned from nature.  Some articles buck this pattern and have impact long after their publication.  Today, we are releasing Classic Papers, a collection of highly-cited papers in their area of research that have stood the test of time.  For each area, we list the ten most-cited articles that were published ten years earlier.  This release of classic papers consists of articles that were published in 2006 and is based on our index as it was in May 2017.  To browse classic papers, select one of the broad areas and then select the specific research field of your interest…  The list of classic papers includes articles that presented new research.  It specifically excludes review articles, introductory articles, editorials, guidelines, commentaries, etc.  It also excludes articles with fewer than 20 citations and, for now, is limited to articles written in English.”

Looks like I need to develop another class.
Science and Technology Resources on the Internet – Text Mining
by Sabrina I. Pacifici on Jun 14, 2017
Science and Technology Resources on the Internet – Text Mining, by Kristen Cooper, Plant Sciences Librarian, University of Minnesota Libraries, University of Minnesota.  Issues in Science and Technology Librarianship, Spring 2017. DOI:10.5062/F4K0729W.
“As defined by Bernard Reilly (2012), president of the Center for Research Libraries, text mining is “the automated processing of large amounts of digital data or textual content for the purpose of information retrieval, extraction, interpretation, and analysis.”  The first step is to find or build a corpus, or the collection of text that a researcher wishes to work with.  Most often researchers will need to download this corpus to either their computers or an alternative storage platform.  Once this has been done, different tools can be used to find patterns, biases, and other trends that are present in the text (Reilly 2012).  Within higher education, text mining is most often found among the digital humanities and linguistics studies.  However it is growing in popularity in the science and technology fields…”

VC firm Andreessen Horowitz explains why it led a $23 million round in a social network for data
Andreessen Horowitz, one of Silicon Valley's most prominent venture capital firms, has placed a bet on a start-up called Instabase that's quietly building a web service where data scientists and less technical users can work with data, CNBC has learned.
   So in 2014, Anant Bhardwaj and his colleagues at MIT's renowned Computer Science and Artificial Intelligence Laboratory (CSAIL), along with other academic researchers, detailed a new system for data called DataHub in a paper.  DataHub, now available on GitHub under an open-source license, forms the basis of Instabase.
But the start-up's web service is billed as being in preview and only lets a small number of people start using it every few days.
Once on the website, users can post data sets, which other users can explore, query, chart and contribute to them.  The service keeps track of changes to data just as GitHub stores updates to code files.

Perspective.  IBM wins at Chess and Go – this is the best Microsoft can do?
Microsoft AI plays a perfect game of Ms Pac-Man

Now that’s an attention-grabbing promotion!
Baseball Team Will Give Fans Pregnancy Tests at 'You Might Be the Father's Day' Game
When the marketing team of AA baseball team the Jacksonville Jumbo Shrimp steps up to the plate, they swing for the fences.
The theme of this coming Thirsty Thursday is “You Might Be the Father’s Day,” and the team will be distributing pregnancy tests to fans so that, according to the promotion, “you'll know if you need to return for Sunday's Father's Day game.”

Wednesday, June 14, 2017

Like most breaches, the full story seems to trickle out over time, a really long time.  What will the states do about this? 
Flow of information on hacking of US election escalates
by Sabrina I. Pacifici on Jun 13, 2017
Bloomberg: “Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.  In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data.  The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database.  Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter.  In all, the Russian hackers hit systems in a total of 39 states, one of them said…  The new details, buttressed by a classified National Security Agency document recently disclosed by the Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts.  But they also paint a worrisome picture for future elections…” 

You should revisit all those activities you thought were Okay.  Laws change.  Security techniques change.  And the ability to detect a problem should get better with time.
Dana Branham reports:
OU unintentionally exposed thousands of students’ educational records — including social security numbers, financial aid information and grades in records dating to at least 2002 — through lax privacy settings in a campus file-sharing network, violating federal law.
The university scrambled to safeguard the files late Tuesday after learning The Daily had discovered the breach last week.  
In just 30 of the hundreds of documents made publicly discoverable on Microsoft Office Delve, there were more than 29,000 instances in which students’ private information was made public to users within OU’s email system.  Each instance could constitute a violation of the Family Educational Rights and Privacy Act, which gives students control over who can access their educational records.
Read more on OUDaily.

For my Computer Security students, as I send (some of) them out into the world! 
DHS, FBI release details on North Korea cyberattacks
The FBI and Department of Homeland Security (DHS) on Tuesday released technical details about the methods behind North Korea’s cyberattacks.
The agencies identified IP addresses associated with a malware known as DeltaCharlie, which North Korea uses to launch distributed denial-of-service (DDoS) attacks.
The alert called for institutions to come forward with any information they might have about the nation’s cyber activity, which the U.S. government refers to as “Hidden Cobra.”

Apparently, it is important to be able to give money away without interruption.
First federal agency gets 'A' grade in IT report card
Federal agencies averaged a "B" grade in information technology procurement in their latest report cards, with one agency being the first to score an "A."
The fourth version of the Federal Information Technology Acquisition Reform Act (FITARA) scorecard dropped Tuesday morning, with the B average the same as in the last report, six months ago.
   In the latest report card, the United States Agency for International Development scored the first ever A-range grade — an A-plus.  Commerce, Homeland Security, Housing and Urban Development, Justice, Veterans Affairs, the Environmental Protection Agency and the General Services Administration all scored in the B range.  Defense received the only F. 

For our website students.

Why you need a good teacher, not just any old teacher.

Tuesday, June 13, 2017

They still think unencrypted communication is acceptable!!!  Yes, unencrypted communications and encrypted communications will be intercepted at exactly the same rate.  However, once intercepted, unencrypted emails can be read 100% of the time and encrypted emails 0% of the time.  Do you really want to tell your clients, “Your case/data/whatever is not important enough to protect?” 
New on LLRX – New ABA Email Guidelines: How Can Lawyers Comply?
by Sabrina I. Pacifici on Jun 12, 2017
Via LLRX.comNew ABA Email Guidelines: How Can Lawyers Comply?Nicole Black advises lawyers on a range of applications and technology from which they can choose to establish standardized secure, encrypted email communications for all but the most extreme case-related interaction.

How is it not already a “Presidential record?”
COVFEFE Act would make social media a presidential record

5 billion people now have a mobile phone connection, according to GSMA data
Planet Earth has hit a notable technological milestone, with five billion people globally now laying claim to owning a mobile phone connection, or two-third’s of the world’s population.
The announcement came from GSMA Intelligence, the research arm of the GSMA — the trade body that represents the interests of mobile networks around the world.

If you can’t be cheaper, differentiate another way.  Be the only source of good tasting winter cantaloupes. 
Wal-Mart Just Created a Designer Cantaloupe
Not even Wal-Mart likes the cantaloupes it sells in winter.
“They’re engineered to make a 3,000-mile trip, so they look good but taste like a piece of wood,’’ said Shawn Baldwin, Wal-Mart Stores Inc.’s senior vice president for produce and global food sourcing.
   Wal-Mart considered more than 100 varieties of seeds and tested 20.  Wal-Mart employees spent six months grading the cantaloupes on attributes like flavor, texture and aroma.
   The winner was dubbed the Sweet Spark, after the yellow sunburst in Wal-Mart’s logo.  The designer cantaloupes are available in 200 U.S. stores with a full roll-out planned for fall.  Sweet Spark is not genetically modified.
   Up next: tomatoes.  Wal-Mart’s Baldwin said he wants to replicate the blend of sweetness and acidity in the San Marzano variety of Naples, Italy.

New on LLRX – Competitive Intelligence – A Selective Resource Guide – Updated June 2017
by Sabrina I. Pacifici on Jun 12, 2017
Sabrina I. Pacifici has completely revised and updated her guide, which she first published in 2005 and has updated yearly since that time.  A wide range of free sites with expertly sourced content specific to researchers focused on business, finance, government data, analysis and news from the US and around the world, are included in this article.  The resources in this guide are the work of corporate, government, academic, advocacy and news sources and individuals or groups using Open Source applications.  This guide is pertinent to professionals who are actively engaged in maintaining a balanced yet diverse group of reliable, actionable free and low cost sources for their daily research.

So, I can grab my favorite quotes from videos! 

Monday, June 12, 2017

Ha  ha  ha!  This, people is one reason you need to think about how to handle security breaches before they happen – and they will! 
Some readers might appreciate an update as to what happened when Bronx-Lebanon Hospital Center and iHealth Solutions sent legal threat letters to this site after I notified them and reported that they were leaking protected health information.  As I previously noted, I was – and remain – very grateful to Covington & Burling for their representation of me and this site in the matter.  Their entrance into the matter produced an immediate shift in the law firms’ tones from strident demands to requests.
But the story doesn’t end there, and this might be categorized under your “payback’s a bitch” category.  Read on….
It seems that the hospital and vendor had also sent threat letters to Kromtech Security Research Center, who had discovered the leak.  For reasons that are not totally clear to me, Kromtech quickly agreed to the lawyers’ request that they destroy all the data they had downloaded in their research.
Any relief the vendor and hospital may have felt over Kromtech’s cooperation was likely short-lived, however.  Kromtech informed me that they were subsequently asked to tell the entities which patients’ data they had downloaded so the entities would know whom to notify.  But of course, Kromtech could not provide that information because they had deleted all the data in response to the entities’ first demand/request.  D’oh?
Now the entities could just notify everyone who had PHI/PII on the server, of course, but it seemed like they were trying to narrow the universe to only those whose data wound up in Kromtech’s hands – or this site’s – or NBC News’ hands.  And now Kromtech could not tell them which patients had data in the 500 mb of data they had downloaded and then destroyed.
But Kromtech had sent a subset of that data to, who had not destroyed the data it possessed.  If wanted to be helpful, it could go through all the data and let the entities know which patients had data in there, right?
Would this be a good time to remind everyone that the entities had threatened me and this site?
And would it be important to point out that they never directly apologized to me for their heavy-handed threats?
I might have been able to spare the vendor and hospital some notifications if I was willing to donate my time to going through files to compile information for them, but I’m not willing.
I’m not willing, in part, because I do not want to be going through PHI if it’s not for my reporting purposes.  And I’m not willing because why should I have to spend my valuable time compiling information for entities that tried to bully me and who now need my help to help them clean up their mess??
So what are the lessons that I wish entities and their lawyers would learn from all this?
1.      Don’t rush to send legal threat letters.  What your mother taught you about catching more flies with honey than vinegar appears true here, too; and
2.      If you wouldn’t send a legal threat to the New York Times over their reporting, don’t send one to me.  This site may be small, under-funded, under-staffed, and under-appreciated, but with the support of great law firms like Covington & Burling, this site will always fight back against attempts to erode press freedom or chill speech.

(Related).  A reasonable guide for the thoughtful organization.
Legal impact of Data Protection and Management in the Digital Age
With increasing access to mobile devices and the internet, the amount of data created annually worldwide is predicted to soar to 180 zettabytes (180 trillion gigabytes) in 2025, with approximately 80 billion devices connected to the Internet.
1. Have a clear understanding of how personal data is used and managed in your organisation.  Some questions that business leaders need to ask include what personal data has been collected, who has access to this data, whether the purposes of processing of such personal data are lawful, where and how it is kept and secured, and how long such personal data is kept on file.
2. Conduct regular audits and penetration testing.  The authorities do recognise the fact that cyber criminals often use sophisticated measures in their attacks.  However, as seen with the many data breaches around the world, it is most often the case that the organisation itself has failed to have sufficient security measures in place.  It is also a known fact that many organisations are not doing enough to protect customer data or their important data.  At the bare minimum, organisations need to meet the regulatory standards for data protection and compliance.
3. Be willing to seek external advice.  By working closely with professionals such as specialised lawyers with the relevant expertise, organisations will be able to have a better understanding of other factors that could affect their business decisions, such as a digital transformation initiative to move data to the cloud.

A New Jersey saying, “Sometimes it’s easier to hide bits and pieces than a whole body.”
Second Amendment right to meet people at the door with a machete by your side?
Yes, says the New Jersey (!) Supreme Court in yesterday’s unanimous State v. Montalvo opinion

The future?  Schools drop cursive, newspapers drop print?
The Washington Post to start experimenting with audio articles using Amazon Polly
The Washington Post today announced it has started experimenting with audio articles using Amazon Polly, a service that converts article text into lifelike speech.  For the next month, mobile users will be able to listen to an audio version of four articles daily across business, lifestyle, technology and entertainment news categories.

Who knew that beans and rice were worth a price war?
German Grocery Chain Aldi to Invest $3.4 Billion to Expand U.S. Stores
German grocery chain Aldi said on Sunday it would invest $3.4 billion to expand its U.S. store base to 2,500 by 2022, raising the stakes for rivals caught in a price war.
   German rival Lidl will open the first of its 100 U.S. stores on June 15.  In May, Lidl said it would price products up to 50% lower than rivals.
Wal-Mart Stores, the largest U.S. grocer, is testing lower prices in 11 U.S. states and pushing vendors to undercut rivals by 15%.  Wal-Mart, the world's biggest retailer, is expected to spend about $6 billion to regain its title as the low-price leader, analysts said.
   The furious pace of expansion by Aldi and Lidl is likely to further disrupt the U.S. grocery market, which has seen 18 bankruptcies since 2014.  The two chains are also upending established UK grocers like Tesco and Wal-Mart's UK arm, ASDA.

Sunday, June 11, 2017

Has reasonable caution become excessive paranoia? 
Terror threat on EasyJet UK-bound flight emergency landing was 'false alarm'
An Easyjet flight made an emergency landing in Germany after British passengers were overheard talking about a “bomb”, it has emerged.
   Police have given few details of the investigation, but according to unconfirmed German press reports its is now thought the emergency was a false alarm and the plane was never in danger.
Passengers were evacuated from the aircraft by emergency slides, and one of the three men’s bags was destroyed in a controlled explosion.
But a search of the destroyed bag and aircraft found no trace of an explosive device or other hazardous materials.
   German police have not commented on the content of the conversation beyond saying it had “terrorist content”, but according to details leaked to the German media the men were talking about “a bomb or explosives.”
Concerned passengers alerted the cabin crew.  They told the captain, who decided to divert to Cologne.
   “We searched the plane with sniffer dogs all night,” a police spokesman told Bild newspaper.  “There were no traces of explosives in the aircraft or in the suspects’ luggage.”

Why not just say, “We don’t want to?”
NSA backtracks on sharing number of Americans caught in warrant-less spying
For more than a year, U.S. intelligence officials reassured lawmakers they were working to calculate and reveal roughly how many Americans have their digital communications vacuumed up under a warrant-less surveillance law intended to target foreigners overseas.
This week, the Trump administration backtracked, catching lawmakers off guard and alarming civil liberties advocates who say it is critical to know as Congress weighs changes to a law expiring at the end of the year that permits some of the National Security Agency's most sweeping espionage.
   Coats said "it remains infeasible to generate an exact, accurate, meaningful, and responsive methodology that can count how often a U.S. person's communications may be collected" under the law known as Section 702 of the Foreign Intelligence Surveillance Act.
He told the Senate Intelligence Committee that even if he dedicated more resources the NSA would not be able to calculate an estimate, which privacy experts have said could be in the millions.
The statement ran counter to what senior intelligence officials had previously promised both publicly and in private briefings during the previous administration of President Barack Obama, a Democrat, lawmakers and congressional staffers working on drafting reforms to Section 702 said.

Computer Forensics and Ethical Hacking

Perspective.  I wonder if there is someone who can evaluate these programs objectively?
The Silicon Valley Billionaires Remaking America’s Schools
In San Francisco’s public schools, Marc Benioff, the chief executive of Salesforce, is giving middle school principals $100,000 “innovation grants” and encouraging them to behave more like start-up founders and less like bureaucrats.
In Maryland, Texas, Virginia and other states, Netflix’s chief, Reed Hastings, is championing a popular math-teaching program where Netflix-like algorithms determine which lessons students see.
And in more than 100 schools nationwide, Mark Zuckerberg, Facebook’s chief, is testing one of his latest big ideas: software that puts children in charge of their own learning, recasting their teachers as facilitators and mentors.
In the space of just a few years, technology giants have begun remaking the very nature of schooling on a vast scale, using some of the same techniques that have made their companies linchpins of the American economy.  Through their philanthropy, they are influencing the subjects that schools teach, the classroom tools that teachers choose and fundamental approaches to learning.