Saturday, June 24, 2017

A hacker’s dream!
Heaps of Windows 10 internal builds, private source code leak online
The data – some 32TB of official and non-public installation images and software blueprints that compress down to 8TB – were uploaded to betaarchive.com, the latest load of files provided just earlier this week.  It is believed the confidential data in this dump was exfiltrated from Microsoft's in-house systems around March this year.
The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.
Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide.  The code runs at the heart of the operating system, at some of its most trusted levels.  It is supposed to be for Microsoft, hardware manufacturers, and select customers' eyes only. 


Selling rope to the hangman?  Is Russia that valuable a market? 
Under pressure, Western tech firms bow to Russian demands to share cyber secrets
Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found.
Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country.  The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems.
But those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code - instructions that control the basic operations of computer equipment - current and former U.S. officials and security experts said.


I’m working on a similar App for Mom and Dad, so they can spy on their teenage drivers. 
Textalyzer Device Will Allow Cops To Snoop Your Cell Phone To See If You’ve Been Texting While Driving
According to the National Safety Council, one-quarter of all accidents in the United States are caused by texting and driving.  Approximately 330,000 people a year are injured due to accidents involving texting and driving.  In order to combat the problem, some police departments in the US are currently testing the “Textalyzer”, a device that can reveal whether or not a person was on their mobile device while driving.
The Textalyzer is a tablet-like device and police officers will be able to connect the driver’s smartphone to it and download their activity data within a few seconds.  The device records every click, tap or swipe, as well as the apps the driver was using at the time.
The Textalyzer was developed by Cellebrite, the same company that supposedly unlocked the iPhone involved in the San Bernardino shooting.
   There is currently a measure in New York waiting to be passed that would allow police officers to suspend a suspect’s license if they refused to hand over their mobile device.  There is also similar legislation being considered in the city of Chicago and the states of New Jersey and Tennessee.  It is important to note that the Textalyzer is still being tested and it is currently unclear how much information would be downloaded in a routine stop and what data would be retained afterward.


What must a corporate Gmail account be worth to Google? 
Google will stop scanning your Gmail messages to sell targeted ads
Google will stop its long-standing practice of scanning the contents of individual Gmail users for advertising purposes, the company announced in a blog post today.  The practice, something Google has done nearly since the launch of its email service, allows the company to digest the contents of email messages and use them to deliver targeted ads within Gmail itself.
Users are allowed to opt out, and Google also reserves the practice only for personal Gmail users and not those of corporate accounts.  However, the practice has made it difficult for Google to find and retain corporate clients for its cloud services business, according to Diane Greene, Google’s cloud division head, who spoke with the Financial Times.  This is due to general confusion over Google’s business tactics and an overall apprehension to trust the company with sensitive data, the report says.  


Far from Superbowl prices, but not bad for a small(?) share of the market.
Amazon to charge advertisers $2.8 million for Thursday night NFL ad packages
Amazon is looking to charge advertisers $2.8 million for packages that include 30-second spots during the Thursday night National Football League games it will stream live to its Prime customers this coming season, two people familiar with the matter told Reuters.
   Amazon is paying $50 million to the NFL to stream this season’s 10 Thursday night games, sources told Reuters in April.
   For each game, Amazon can sell 10 30-second spots, one of the sources said.


Look past your customers to their customers…
Kansas farmers win $218 million payout in suit against Syngenta
A Kansas federal jury awarded nearly $218 million on Friday to farmers who sued Swiss agribusiness giant Syngenta over its introduction of a genetically engineered corn seed variety. 
Syngenta vowed to appeal the verdict favoring four Kansas farmers representing roughly 7,300 growers from that state in what served as the first test case of tens of thousands of U.S. lawsuits assailing Syngenta’s decision to introduce its Viptera seed strain to the U.S. market before China approved it for imports. 
   Most of the farmers suing didn’t grow Viptera, but China also rejected millions of metric tons of their grain because elevators and shippers typically mix grain from large numbers of suppliers, making it difficult to source corn that was free of the trait.  So they say all farmers were hurt by the resulting price drop.


Another one for the geek toolkit.  
CheerpJ converts Java apps into JavaScript for the web
Melding Java and web development, CheerpJ is being readied as compiler technology that takes Java bytecode and turns it into JavaScript, for execution in browsers.  Based on the LLVM/Clang compiler platform as well as Learning Technologies’ own Cheerp C++-to-JavaScript compiler, CheerpJ takes Java bytecode and turns it into JavaScript without needing the Java source.

Friday, June 23, 2017

Bob to DHS: They never left!
DHS to Congress: The Russians Are Coming Back
A Department of Homeland Security official on Wednesday told the Senate Intelligence Committee that Russian government-backed hackers targeted as many as 21 states during the 2016 presidential election.
   DHS failed to share critical information with states about specific threat information that needed to be acted upon, such as the Russian hackers' targeting of 21 states, said Kay Stimson, spokesperson for the NASS.
"The general feedback we received from today's hearing," she told the E-Commerce Times, "is that state officials are very interested in receiving documented threat intelligence information from DHS so they can use that to protect their systems."

(Related).  Do you think the Russians bought ads?
Facebook refuses to release political advertising data
   "Advertisers consider their ad creatives and their ad targeting strategy to be competitively sensitive and confidential," Rob Sherman, Facebook’s deputy chief privacy officer, said in an interview with Reuters.
"In many cases, they'll ask us, as a condition of running ads on Facebook, not to disclose those details about how they're running campaigns on our service.
   Political science researchers have been asking the company for information on political advertising, like how it’s targeted, how much money is spent and how many people are engaging with the messages.
According to Reuters, President Trump’s campaign spent $70 million on Facebook digital ads; he has credited the social media site for helping him win the election. 


Didn’t Tom Clancy write about this a few years ago?  Something to file under Ethical Hacking.
WikiLeaks Details CIA's Air-Gapped Network Hacking Tool
WikiLeaks published several documents on Thursday detailing a tool allegedly used by the U.S. Central Intelligence Agency (CIA) to hack air-gapped networks through USB drives.
Dubbed “Brutal Kangaroo,” it has been described by its developer as a tool suite designed for targeting closed networks. The infected systems will form a covert network, and the attacker will be able to obtain information and execute arbitrary files.


How should I take this?  Is TSA saying it can’t identify anything with these scanners they are so hot to install everywhere?  They never make clear why this is needed.
Uncle Sam Wants Your Deep Neural Networks
The Department of Homeland Security is turning to data scientists to improve screening techniques at airports.
On Thursday, the department, working with Google, will introduce a $1.5 million contest to build computer algorithms that can automatically identify concealed items in images captured by checkpoint body scanners.


Out of the goodness in their hearts or because their lawyers are worried about lawsuits?
Mark Bergen reports:
Alphabet Inc.’s Google has quietly decided to scrub an entire category of online content — personal medical records — from its search results, a departure from its typically hands-off approach to policing the web.
Google lists the information it removes from its search results on its policy page.  On Thursday, the website added the line: “confidential, personal medical records of private people.”  A Google spokeswoman confirmed the changes do not affect search advertising but declined to comment further.
Read more on Bloomberg Technology.
I’m glad to see this, of course, but if you find personal medical information on the web, remember that you need to/should do more than just Google to de-index it, as the material will still be accessible on the web to those who know where to or how to look for it.  Be sure to contact the site or webmaster to alert them that they are exposing confidential medical information.
And if that fails to get results, you can file a complaint with state or federal regulators – or just go to the media to see if any local news station might be interested in picking up the story and getting involved with it. 


Part of a trend to let users see only the content they are comfortable with. 
   Tumblr’s Safe Mode is an extension of the Safe Search function that’s been around for several years now.  As its name suggests Safe Search filters sensitive content from search results. Safe Mode also filters sensitive content from your Dashboard, meaning you won’t see it at all ever.
With Safe Mode enabled you won’t see any content Tumblr has deemed to be sensitive in nature.  Instead you’ll see a gray screen with a message informing you, “This post may contain sensitive media”.  If you click View Post you can bypass this screen and see the content hidden beneath.
Tumblr is likely to face the usual claims of censorship.  In practical terms it is censoring sensitive content, but only if the user opts in by choice.  The exception are users under the age of 18, who will be opted in to using Safe Mode by default whether they like it or not.  However, users can simply lie about their age when registering their account in order to circumvent this.


Law, in the age of Google?
Digital security and due process: A new legal framework for the cloud era
For as long as we’ve had legal systems, prosecutors and police have needed to gather evidence.  And for each new advance in communications, law enforcement has adapted.  With the advent of the post office, police got warrants to search letters and packages.  With the arrival of telephones, police served subpoenas for the call logs of suspects.  Digital communications have now gone well beyond the Postal Service and Ma Bell.  But the laws that govern evidence-gathering on the internet were written before the Information Revolution, and are now both hindering the flow of information to law enforcement and jeopardizing user privacy as a result.
These rules are due for a fundamental realignment in light of the rapid growth of technology that relies on the cloud, the very real security threats that face people and communities, and the expectations of privacy that internet users have in their communications.
Today, we’re proposing a new framework that allows countries that commit to baseline privacy, human rights, and due process principles to gather evidence more quickly and efficiently


For my students.
Ten years ago, Jeanne Harris and I published the book Competing on Analytics, and we’ve just finished updating it for publication in September.  One major reason for the update is that analytical technology has changed dramatically over the last decade; the sections we wrote on those topics have become woefully out of date.  So revising our book offered us a chance to take stock of 10 years of change in analytics.
   Since much of big data is relatively unstructured, data scientists created ways to make it structured and ready for statistical analysis, with new (and old) scripting languages like Pig, Hive, and Python.  More-specialized open source tools, such as Spark for streaming data and R for statistics, have also gained substantial popularity.  The process of acquiring and using open source software is a major change in itself for established businesses.


I think I want to try this…  (I can always use a few millions)
Civic sells $33 million in digital currency tokens in public sale
U.S. startup Civic has sold $33 million in digital currency tokens for its identity verification project in a public sale, the company's co-founder and Chief Executive Vinny Lingham told Reuters.
The sale is the latest so-called initial coin offering (ICO), in which creators of digital currencies sell tokens to the public in order to finance their projects, in a similar way that companies raise money with an initial public offering, except there is no regulatory oversight. 


A contradictory report allows you to argue both sides of the question.
Reuters Institute Digital News Report 2017
by Sabrina I. Pacifici on Jun 22, 2017
This year’s report reveals new insights about digital news consumption based on a YouGov survey of over 70,000 online news consumers in 36 countries including the US and UK.  The report focuses on the issues of trust in the era of fake news, changing business models and the role of platforms.  This year’s report comes amid intense soul-searching in the news industry about fake news, failing business models, and the power of platforms.  And yet our research casts new and surprising light on some of the prevailing narratives around these issues.
  • The internet and social media may have exacerbated low trust and ‘fake news’, but we find that in many countries the underlying drivers of mistrust are as much to do with deep-rooted political polarisation and perceived mainstream media bias.
  • Echo chambers and filter bubbles are undoubtedly real for some, but we also find that – on average – users of social media, aggregators, and search engines experience more diversity than non-users.
With data covering more than 30 countries and five continents, this research is a reminder that the digital revolution is full of contradictions and exceptions.  Countries started in different places, and are not moving at the same pace.  These differences are captured in individual country pages that can be found towards the end of this report.  They contain critical industry context written by experts – as well as key charts and data points…”


Perspective. 
   1.5 billion logged in viewers visit YouTube every single month.  That’s the equivalent of one in every five people around the world!  And how much do those people watch?  On average, our viewers spend over an hour a day watching YouTube on mobile devices alone.


You should read this article.

Thursday, June 22, 2017

Reports are still dribbling in. 
Honda Halts Production at Japan Plant After Cyber Attacks
Honda said Wednesday it had temporarily halted production at a plant in Japan after it suffered a cyberattack from the same ransomware that struck hundreds of thousands of computers worldwide last month.
The Japanese automaker said it had shut its plant in Sayama, near Tokyo, on Monday after discovering its computer system was infected with the so-called WannaCry virus.
The virus encrypts computer files, making them inaccessible until users pay a ransom.
"The malware affected the production of about 1,000 cars," a Honda spokeswoman told AFP, adding that production restarted on Tuesday.
   In May, French auto giant Renault was hit, forcing it to halt production at sites in France, Slovenia and Romania as part of measures to stop the spread of the virus.
Nissan's British unit in Sunderland was also hit in the attack.
   Japanese conglomerate Hitachi was also affected, saying its computer networks were "unstable", crippling its email systems.


I’m surprised it took so long.
Natasha Bertrand reports:
A data-analytics firm hired by the Republican National Committee last year to gather political information about US voters accidentally leaked the sensitive personal details of roughly 198 million citizens earlier this month.  And it’s now facing its first class-action lawsuit.
Deep Root Analytics, a data firm contracted by the RNC, stored details of about 61% of the US population on an Amazon cloud server without password protection for roughly two weeks before it was discovered by security researcher Chris Vickery on June 12.
The class-action lawsuit, filed by James and Linda McAleer of Florida and all others similarly situated, alleges Deep Root failed to “secure and safeguard the public’s personally identifiable information such as names, addresses, email addresses, telephone numbers, dates of birth, reddit.com browsing history, and voter ID number, which Deep Root collected from many sources, including the Republican National Committee.”
Read more on Business Insider.
So here’s the thing, again.  Where’s the demonstrate of injury?  Spoiler alert: there doesn’t seem to be any.  According to Bertrand, the complaint says that those exposed in the data breach may be vulnerable to identity theft and “a loss of privacy,” and argue that the “actual damages” exceed $5 million.
Well, a lot of courts have already held that increased probability of possible harm does not confer standing.  And “loss of privacy?”  Well, that should be a cognizable harm or injury, but is it?
As bad as this misconfiguration/exposure seems, is this a case of “what might have been” or a case of “what happened?”  And either way, is what happened anything much more than publicly available information being made more conveniently publicly available? 


Keeping up with the e-criminals?
IC3 Issues Internet Crime Report for 2016
by Sabrina I. Pacifici on Jun 21, 2017
“The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3.  Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world. US-CERT encourages users to review the 2016 Internet Crime Report for details and refer to the US-CERT Security Publication on Ransomware for information on defending against this particular threat.” [thanks Pete Weiss]


Another perspective.
Average Cost of Data Breach Drops Globally, Rises to $7.35 Million in U.S.
The 2017 IBM Security and Ponemon Institute annual report on the cost of a breach shows that the cost of stolen records and the total cost of a breach continues to rise -- at least in America.  The lost- or stolen-record cost rose from $221 to $225 each, while the average total cost of a breach increased from $7.01 million to $7.35 million for organizations in the United States.
In the European countries included in the study -- France, Germany Italy and the United Kingdom -- these costs actually fell.  For example, in the UK, the average per capita cost of a data breach decreased from £102 to £98 and the average total organizational cost decreased from £2.53 million in 2016 to £2.48 million in 2017.
The annual Cost of Data Breach Study (PDF) is one of security's yearly benchmark reports.


Some thoughts on propaganda.  Also useful for political campaigns? 
Computational Propaganda Worldwide: Executive Summary
by Sabrina I. Pacifici on Jun 21, 2017
Oxford Internet Institute, University of Oxford: “The Computational Propaganda Research Project at the Oxford Internet Institute, University of Oxford, has researched the use of social media for public opinion manipulation.  The team involved 12 researchers across nine countries who, altogether, interviewed 65 experts, analyzed tens of millions posts on seven different social media platforms during scores of elections, political crises, and national security incidents.  Each case study analyzes qualitative, quantitative, and computational evidence collected between 2015 and 2017 from Brazil, Canada, China, Germany, Poland, Taiwan, Russia, Ukraine, and the United States.”
The reports can be found at the following links:


The upside (downside) of the connected home? 
Joe Cadillic writes:
According to an article in the Telegraph, Houston County’s $46.5 million dollar 911 center allows police to spy inside homes and businesses:
“If the alarm goes off at your business, 911 operators will be able to view a live video stream from the security surveillance system and tell law enforcement what’s happening.”
“.. we’ll be able to have video streaming like if a burglar alarm goes off at a store … We can see inside of the store and see who’s in there,” Houston County sheriff’s Capt. Ricky Harlowe said.
FirstNet or Next Generation 911 allows police to spy inside people’s homes, and businesses without a warrant.
Police don’t need a warrant because citizens and business owners have given their alarm companies permission to spy on their homes.
Read more on MassPrivateI.


Simple surveillance tools marketed as friendly?
Snapchat acquires social map app Zenly for $250M to $350M
Snapchat’s newest feature, Snap Map, is based on its latest acquisition, social mapping startup Zenly.  TechCrunch has learned that Snapchat has bought Zenly for between $250 million and $350 million in mostly cash and some stock in a deal that closed in late May.  Snapchat will keep Zenly running independently, similar to how Facebook lets Instagram run independently.
Zenly’s app lets users see where their friends currently are on a map using constant GPS in the background.  People can then message these friends in the app to make plans to hang out.


Trying to get our heads around the future.
Regulation of Big Data: Perspectives on Strategy, Policy, Law and Privacy
by Sabrina I. Pacifici on Jun 21, 2017
Casanovas, Pompeu and de Koker, Louis and Mendelson, Danuta and Watts, David, Regulation of Big Data: Perspectives on Strategy, Policy, Law and Privacy (June 1, 2017).  Health and Technology (2017) DOI 10.1007/s12553-017-0190-6. Available at SSRN: https://ssrn.com/abstract=2989689
“This article encapsulates selected themes from the Australian Data to Decisions Cooperative Research Centre’s Law and Policy program.  It is the result of a discussion on the regulation of Big Data, especially focusing on privacy and data protection strategies.  It presents four complementary perspectives stemming from governance, law, ethics, and computer science.  Big, Linked, and Open Data constitute complex phenomena whose economic and political dimensions require a plurality of instruments to enhance and protect citizens’ rights.  Some conclusions are offered in the end to foster a more general discussion.  This article contends that the effective regulation of Big Data requires a combination of legal tools and other instruments of a semantic and algorithmic nature.  It commences with a brief discussion of the concept of Big Data and views expressed by Australian and UK participants in a study of Big Data use in a law enforcement and national security perspective.  The second part of the article highlights the UN’s Special Rapporteur on the Right to Privacy interest in the themes and the focus of their new program on Big Data.  UK law reforms regarding authorisation of warrants for the exercise of bulk data powers is discussed in the third part.  Reflecting on these developments, the paper closes with an exploration of the complex relationship between law and Big Data and the implications for regulation and governance of Big Data.”


I imagine there are many new things to consider when flying in places planes and helicopters don’t go.  Clothesline?  Dogs?  Sprinklers? 
Precise weather forecasting critical for product deliveries by drones
by Sabrina I. Pacifici on Jun 21, 2017

Wednesday, June 21, 2017

Picking a victim that can’t fight back?  I wouldn’t be so sure.  Definitely a place to watch. 
How An Entire Nation Became Russia's Test Lab for Cyberwar
   The Cyber-Cassandras said this would happen.  For decades they warned that hackers would soon make the leap beyond purely digital mayhem and start to cause real, physical damage to the world.  In 2009, when the NSA’s Stuxnet malware silently accelerated a few hundred Iranian nuclear centrifuges until they destroyed themselves, it seemed to offer a preview of this new era.  “This has a whiff of August 1945,” Michael Hayden, former director of the NSA and the CIA, said in a speech.  “Somebody just used a new weapon, and this weapon will not be put back in the box.”
Now, in Ukraine, the quintessential cyberwar scenario has come to life.  Twice.  On separate occasions, invisible saboteurs have turned off the electricity to hundreds of thousands of people.  Each blackout lasted a matter of hours, only as long as it took for scrambling engineers to manually switch the power on again.  But as proofs of concept, the attacks set a new precedent: In Russia’s shadow, the decades-old nightmare of hackers stopping the gears of modern society has become a reality.


Another attack against a state, but probably not state sponsored?  
Spear Phishing Campaign Targets Palestinian Law Enforcement
Palestinian law enforcement agencies and other targets within Palestine were targeted in a spear phishing campaign delivering malware to remotely control infected systems, Talos researchers reveal.
The actor behind this campaign “has appeared to have used genuine documents stolen from Palestinian sources as well as a controversial music video as part of the attack,” Talos says.  The attacker also referenced TV show characters and included German language words within the attack, researchers discovered.
Information on these attacks initially emerged in March from Chinese security firm Qihoo 360, and in early April, when researchers at Palo Alto Networks and ClearSky revealed four malware families being used in targeted campaigns in the Middle East: Windows-based Kasperagent and Micropsia, and Android-focused SecureUpdate and Vamp.
Last week, ThreatConnect shared some additional information on Kasperagent, sayung the threat was mainly used as a reconnaissance tool and downloader, but that newer samples can also steal passwords from browsers, take screenshots, log keystrokes, execute arbitrary commands, and exfiltrate files. 


A security heads-up!
Microsoft admits to disabling third-party antivirus code if Win 10 doesn't like it
Windows 10 does disable some third-party security software, Microsoft has admitted, but because of compatibility – not competitive – issues.
Redmond is currently being sued by security house Kaspersky Lab in the EU, Germany and Russia over alleged anti-competitive behavior because it bundles the Windows Defender security suite into its latest operating system.  Kaspersky (and others) claim Microsoft is up to its Internet Explorer shenanigans again, but that’s not so, said the operating system giant.


Be careful with your facts.
Deep Root Analytics Downplays Giant Voter Data 'Oops'
A data contractor working on behalf of the Republican National Committee earlier this month allowed the personal data of 198 million voters to be exposed online, marking the largest ever leak of voter data in history, according to the cybersecurity firm that discovered the incident.
Deep Root Analytics left 1.1 terabytes of sensitive information -- including names, home addresses, dates of birth, phone numbers and voter registration information -- on a publicly accessible Amazon Web Server, according to UpGuard.
   The previous record for a voter data leak was the exposure of 100 million records in Mexico, UpGuard reported.
Deep Root acknowledged that "a number of files" within its storage system had been accessed but claimed that the exposed database had not been built for any specific client.  Rather, it was the firm's "proprietary analysis" meant for television advertising purposes.
The information accessed consisted of voter data that already was publicly available and readily provided by state government offices, Deep Root maintained.
   Based on information made available about the leak, it appears that Amazon Web Services is not responsible for the incident, said Mark Nunnikhoven, vice president for cloud research at Trend Micro.
"From the little technical detail that is available, it appears as if the company managing the data left it exposed to the public," he told the E-Commerce Times.  "This is not the default setting for the service they used.  Making data publicly available is a feature of this service, but one that requires explicit configuration."


Good news. Bad news. 
Time to Detect Compromise Improves, While Detection to Containment Worsens: Report
Throughout 2016, Trustwave investigated hundreds of data breaches in 21 different countries, and conducted thousands of penetration tests across databases, networks and applications.  An analysis of key findings from this activity is presented in the 2017 Trustwave Global Security Report published Tuesday (PDF).
The result is a mixed bag.  Overall, security defenses have slightly improved, but attacks continue to evolve.  Detection is improving.  Trustwave says the median time to detect a compromise has decreased from 80.5 days in 2015 to 49 days in 2016.  The difference between self-detected and third-party detections is, however, dramatic: just 16 days for self-detected and 65 days for externally detected.


Golly gee willikers!  Could this be happening here too?
Jordan Pearson reports:
For over a year, Canadian military, intelligence, police, and border agencies have been meeting to develop and coordinate their biometric capabilities, which use biological markers like facial recognition and iris scanning to identify individuals.
This initiative—details of which were revealed to Motherboard in documents obtained through an access to information request—shows that the Canadian government is reigniting its focus on biometrics after a similar attempt a decade ago fizzled out.  According to these documents, which include emails, meeting agendas, and briefing reports, the meetings are an effort to coordinate the critical mass of biometrics programs that exist across many government agencies, particularly those relating to national security.
Read more on Motherboard.


For all me smartphone-packing students.


This could get nasty.
Walmart Gears Up Anti-Amazon Stance in Wake of Whole Foods Deal
Days after arch-rival Amazon announced plans to buy Whole Foods for $13.7 billion, Walmart is apparently ramping up its defense.
That acquisition takes square aim at Walmart's bread-and-butter grocery business by giving the online retailer 465 new retail locations—thus a much bigger brick-and-mortar presence.
Now, Walmart is telling some partners and suppliers that their software services should not run on Amazon Web Services cloud infrastructure, according to the Wall Street Journal.
   A Walmart spokesman told the Journal that some suppliers do use AWS services, but that in some cases, the retailer is wary of putting sensitive data on a competitor's servers.


Open is good.
Librarian highlights open access document discovery services
by Sabrina I. Pacifici on Jun 20, 2017
Getting serious about open access discovery — Is open access getting too big to ignore? – “…Still for whatever reason, suddenly services built around helping users find free full text began to emerge all at the same time..”
[From the article:
With all the intense interest Unpaywall is getting (See coverage in academic sites like Nature, Science, Chronicle of Higher education, as well as more mainstream tech sites like Techcruch, Gimzo), you might be surprised to know that Unpaywall isn’t in fact the first tool that promises to help users unlock paywalls by finding free versions.
Predecessors like Open Access button (3K users), Lazy Scholar button (7k Users), Google Scholar button (1.2 million users) all existed before Unpaywall (70k users) and are arguably every bit as capable as Unpaywall and yet remained a niche service for years.


I think some of my students are a bit over-prepared.
Want to Work for Jaguar Land Rover? Start Playing Phone Games
The carmaker announced on Monday that it would be recruiting 5,000 people this year, including 1,000 electronics and software engineers.  The catch?  It wants potential employees to download an app with a series of puzzles that it says will test for the engineering skills it hopes to bring in.
While traditional applicants will still be considered, people who successfully complete the app’s puzzles will “fast-track their way into employment,” said Jaguar Land Rover, which is owned by Tata Motors of India.

(Related).  Have I detected a trend?
Good at Texting? It Might Land You a Job
Your next job interview might happen via text message.  Srsly.
Claiming that prospective hires are too slow to pick up the phone or respond to emails, employers are trying out apps that allow them to screen candidates and conduct early-stage interviews with texts. 


Not sure I want to share this with my students.
Microsoft’s Dictate uses Cortana’s speech recognition to enable dictation in Office
Dictate, a new project from Microsoft’s experimental R&D group, Microsoft Garage, is launching today to offer a way to type using your voice in Office programs including Outlook, Word and PowerPoint.  Available as an add-in for Microsoft’s software, Dictate is powered by the same speech recognition technology that Cortana uses in order to convert your speech to text.
This is also same speech recognition and A.I. used in Microsoft Cognitive Services, including Microsoft Translator, the company says in an announcement about the new add-in.
   An introductory video posted this morning to YouTube offers a preview of how the software works in Word, PowerPoint, and Outlook.
   It also at launch supports more than 20 languages for dictation, and can translate in real-time into 60 languages.  This is perhaps its most clever trick, as that means you can speak in your language, while Dictate types it out in another.

(Related).  However, it is clear this is coming.
When AI Can Transcribe Everything
Two companies—Trint, a start-up in London, and SwiftScribe, a subsidiary of Baidu based out of its U.S. headquarters in Silicon Valley—have begun to offer browser-based tools that can convert recordings of up to an hour into text with a word-error rate of 5 percent or less.


Interesting.
Nextdoor, now in 160,000 neighborhoods globally, expands to Germany
Nextdoor, the social network that connects you with people in your neighborhood, is taking another step up in its global growth, after launching in the Netherlands and the UK last year.  Today, the company is opening for business in Germany, the largest internet market in Europe.
The move comes as Nextdoor says it is now used in 160,000 neighborhoods across the US, UK and Netherlands, with about 145,000 of those in its home market of the US, and the company continues to grow at a steady pace.
We are growing 100 percent year over year have done that since inception,” said co-founder and CEO Nirav Tolia in an interview.  This works out to adding around 100 new neighborhoods every day.


For the toolkit!
this simple one-page site holds 19 PDF tools and converters that can save you a lot of work.  Think of it as a Swiss Army knife for your PDF workflow.
  1. Convert PDF to any document format.
  2. Convert from Word, Excel, PowerPoint, or from popular image formats to PDF.
  3. A collection of free PDF utility tools to edit a PDF document.
The interface is neat and there are no annoying advertisements.  You don’t need to register and sign-in to use the site.


Another toolkit item.

Tuesday, June 20, 2017

An interesting case for my Computer Security students.  Why were unencrypted medical records attached to emails? 
City News Service reports:
Torrance Memorial Medical Center began notifying some patients Monday that email accounts containing “work-related reports” and personal data were breached at the hospital.  The so-called phishing attack occurred on April 18 and 19, according to medical center spokesman Ed Finn, who said facility personnel, working with third-party forensic investigators, launched an investigation “to determine the nature and scope of the incident.”  “The investigation determined that personal information for certain individuals was present in some impacted emails, but it remains unclear whether emails or attachments containing the information were accessed by an unauthorized person or persons,” Finn said.
Read more on Daily Breeze.


Toward a global ID card?  Will this become a default ID for everyone? 
Microsoft and Accenture Unveil Global ID System for Refugees
Americans can show all sorts of documents, such as Social Security cards and diplomas, to show who they are.  But for those from countries torn apart by war or political chaos, it's much harder to prove their identities.
That's why a new software tool, unveiled on Monday at the United Nations, is a big deal.  It will let millions of refugees and other without documents whip out a phone to quickly show who they are and where they came from.
The tool, developed in part by Microsoft and Accenture, combines biometric data (like a fingerprint or an iris scan) and a new form of record-keeping technology, known as the blockchain, to create a permanent identity.
In practice, this means someone arriving at a border crossing could prove he or she had come from a refugee camp and qualify for aid.  Or a displaced person in a new country could use the ID system to call up his or her school records.  The tool doesn't have a name yet since it's at the prototype stage but will get one soon.


A simple introduction for my students.
Facial recognition has been an important part of science fiction for the past 50 years.  In most of those works it is painted as a means of oppression — part of a surveillance state and a form of control.
A combination of circumstances — the low cost of computing, improvements in machine learning, proliferation of internet connected devices — has once again turned science fiction into reality.  With facial recognition starting to be used in the mainstream for security and safety purposes, will it eventually turn into the dystopian future many imagined?


Will this impact Facebook’s promise to remove “terrorist” posts?
Supreme Court strikes down state law barring sex offenders from Facebook
The Supreme Court struck down a North Carolina law Monday that bans registered sex offenders from accessing Facebook and other social media.
The court ruled 8-0 that the law impermissibly restricts lawful speech in violation of the First Amendment.
In delivering the opinion of the court, Justice Anthony Kennedy said a fundamental principle of the First Amendment is that all persons have access to places where they can speak and listen, and then, after reflection, respond.
“While in the past there may have been difficulty in identifying the most important places (in a spatial sense) for the exchange of views, today the answer is clear,” he said.  “It is cyberspace — the ‘vast democratic forums of the Internet’ in general and social media in particular.”

(Related).  Is Google also impacted?  Or, is this the social media equivalent of shouting “Fire” in a crowded theater? 
Google Steps Up Efforts to Block Extremism, Following Facebook
Google is stepping up its efforts to block "extremist and terrorism-related videos" over its platforms, using a combination of technology and human monitors.
The measures announced Sunday come on the heels of similar efforts unveiled by Facebook last week, and follow a call by the Group of Seven leaders last month for the online giants to do more to curb online extremist content.


Undue reliance?
Tesla found 'not guilty' in fatal May 2016 crash, says NTSB
Tesla was found not at fault in the May 2016 fatal crash in which former Navy SEAL Joshua Brown collided with a truck while driving the Model S in autopilot mode, according to a 538-page National Transportation Safety Board report issued Monday.  The cause of the crash hasn't been determined.  The luxury electric-car maker has advised drivers to "maintain control and responsibility" for their vehicles even when the autopilot feature is enabled.  The NTSB report found that Brown had kept his hands off the wheel "for the vast majority of the trip," despite repeated automated warnings in the vehicle to maintain control.


Where else could this technique be applied?
Goldman Set Out to Automate IPOs and It Has Come Far, Really Fast
A few years ago, Goldman Sachs Group Inc.’s leaders took a hard look at how the bank carries out initial public offerings.  They mapped 127 steps in every deal, then set out to see how many could be done by computers instead of people.
The answer so far: about half.
Just 21 months after the firm disclosed its plan to re-engineer one of Wall Street’s most lucrative businesses, the project has found ways to eliminate thousands of hours of work long performed by humans.


Or, we could go to “self-flying” planes.
CAE Says Pilot Training Must Grow To Meet Demand
The world’s airlines will need 255,000 new airline pilots over the next 10 years, according to Canadian company CAE, which bills itself as the industry’s leading training organization for commercial aviation with a market share of about 25%.
“Rapid fleet expansion and high pilot retirement rates create a further need to develop 180,000 first officers into new airline captains, more than in any previous decade,” it says in its first Airline Pilot Training Demand Outlook, released today.
These numbers mean that over 50% of the pilots who will fly the world’s commercial aircraft in 10 years have not yet started to train.


Too late for this Quarters class, but I’ll save it for the next one.


And for my Geeks.


Since all my students have smartpjones…


For my students.  (I hope they will hire thousands!)  Also, knowing how listings are structured should make job searches more effective. 
Google’s job listings search is now open to all job search sites & developers
It’s now official: Job listings are coming to Google’s search results in a much more prominent way.  And the company is now offering a formal path for outsiders to add job listings to the new feature in Google search.
Google announced this morning that they are now opening up job listings within Google search to all developers and site owners.  The new jobs display within Google search doesn’t have a formal name.  However, it’s part of the overall Google for Jobs initiative that Google previewed last month at the Google I/O conference.


For my students who had better be researching!
An academic search engine is a must for every student or researcher, and now there’s an alternative to Google Scholar: Semantic Scholar, a new academic search engine that caters to researchers.
While Google Scholar is best for deep web research, Semantic Scholar runs on a sophisticated technology that will only improve with every year it runs: artificial intelligence.


It’s how I stay current.  Perhaps my students could use it too.  (That’s a hint, people.)
The trick is to use RSS (no, the technology isn’t dead).  If you combine RSS outputs with a couple of third-party tools, you can create a single customized news feed which only contains legitimate stories you care about.
In this article, I’m going to briefly explain how RSS works, show you how to use Zapier to create a custom RSS feed, and finally introduce you to a few alternatives.