June 30, 2017
Saturday, July 15, 2017
That’s (11.2MM – the lawyer’s cut) / 37MM users. Too cheap?
Jonathan Stempel reports:
The owner of the Ashley Madison adultery website said on Friday it will pay $11.2 million to settle U.S. litigation brought on behalf of roughly 37 million users whose personal details were exposed in a July 2015 data breach.
Ruby Corp, formerly known as Avid Life Media Inc, denied wrongdoing in agreeing to the preliminary class-action settlement, which requires approval by a federal judge in St. Louis.
Read more on Reuters. Ruby Corp issued the following press release:
Ruby Corp. and Ruby Life Inc. (ruby), and a proposed class of plaintiffs, co-led by Dowd & Dowd, P.C., The Driscoll Firm, P.C., and Heninger Garrison Davis, LLC, have reached a proposed settlement agreement resolving the class action lawsuits that were filed beginning July 2015 following a data breach of ruby’s computer network and subsequent release of certain personal information of customers of Ashley Madison, an online dating website owned and operated by Ruby Life Inc. (formerly Avid Dating Life Inc.) The lawsuits, alleging inadequate data security practices and misrepresentations regarding Ashley Madison, have been consolidated in a multi-district litigation pending in the United States District Court for the Eastern District of Missouri.
If the proposed settlement agreement is approved by the Court, ruby will contribute a total of $11.2 million USD to a settlement fund, which will provide, among other things, payments to settlement class members who submit valid claims for alleged losses resulting from the data breach and alleged misrepresentations as described further in the proposed settlement agreement. Since July 2015, ruby also has implemented numerous remedial measures to enhance the security of its customers’ data.
… In 2015, hackers gained access to ruby’s computer networks and published certain personal information contained in Ashley Madison accounts. Account credentials were not verified for accuracy during this timeframe and accounts may have been created using other individuals’ information. Therefore, ruby wishes to clarify that merely because a person’s name or other information appears to have been released in the data breach does not mean that person actually was a member of Ashley Madison.
A question I ask in almost every class. Turns out, my students are rather bloodthirsty…
There is an old debate (at least, counting in internet years) that tends to crop up after major cybersecurity breaches such as the widespread WannaCry ransomware attack in May. In the aftermath of such incidents, some decry the sorry state of cybersecurity and insist that if only tech firms, with their wealth of resources and technical expertise, were allowed to go after the perpetrators of these attacks, they would do a much better job of stopping the damage and deterring other perpetrators than the slow, plodding, over-worked, under-resourced, jurisdiction-bound law-enforcement agencies.
Which raises a question: Beyond the standard set of protective tools—encryption, firewalls, anti-virus software, intrusion-detection systems, two-factor authentication—should companies be allowed to go outside the boundaries of their own networks and crash the servers that are attacking them, or delete data that has been stolen from them off their adversaries’ machines? The answer of most companies and cybersecurity experts is no. But that doesn’t stop a vocal minority—usually researchers at libertarian think tanks and lawyers concerned by how restrictive anti-hacking regulations have become—from suggesting otherwise.
For my Software Assurance students.
The Future of Artificial Intelligence: Why the Hype Has Outrun Reality
… In that world, as with other robot applications, progress comes by moving from “data to information to knowledge.” A fundamental problem is that most observers do not realize just how vast an amount of data is needed to operate in the physical world — ever-increasing amounts, or, as Kumar calls it — “exponential” amounts. While it’s understood today that “big data” is important, the amounts required for many physical operations are far larger than “big data” implies. The limitations on acquiring such vast amounts of data severely throttle back the speed of advancement for many kinds of projects, he suggested.
I can see a Tech Support app that no matter the problem, always says, “Restart your computer!”
Metaverse - Program Your Own Augmented Reality Apps
Metaverse is a free platform that lets anyone create an augmented reality app. I had the opportunity to have a guided tutorial through the Metaverse platform last week and I was so impressed that I'm now planning to include it along with the MIT App Inventor during the Practical Ed Tech BYOD Camp at the end of the month.
Metaverse's programming platform is based on the premise of using a storyboard to outline the actions that you want your app to perform. You then connect each frame of the storyboard with action commands that you pick from a menu of action commands. The more scenes you add to your storyboard, the more options you can add to your app. Essentially, creating an augmented reality app through Metaverse is the same process as designed a good choose-your-own-adventure story. The video embedded below provides an overview of the Metaverse design tool.
Metaverse could be used by students to bring the characters from a favorite story to life in augmented reality like in this example. Or you could create an educational augmented reality scavenger hunt as this person shared.
Here’s a round-up of developments in California, New Hampshire, and Vermont this week.
Let’s start with California. Mike Maharrey writes:
Earlier this week, a second California Assembly committee passed a bill that would require all law enforcement agencies in the state to get local government approval before acquiring or using surveillance technology.
… Sen. Jerry Hill (D-San Mateo) and Sen. Steven Bradford (D-Inglewood) introduced Senate Bill 21 (SB21) earlier this year. The legislation would require law enforcement agencies to propose a Surveillance Use Policy for each type of surveillance technology it operates and the information collected.
Read more on Tenth Amendment Center.
And up in New Hampshire:
Earlier this week, a bill that bans the use of “stingrays” to track the location of phones and sweep up electronic communications without a warrant in most situations became law without the governor’s signature. The new statute not only protects privacy in New Hampshire, but will also hinder one aspect of the federal surveillance state.
A bipartisan coalition of representatives introduced House Bill 474 (HB474) earlier this year. The legislation will help block the use of cell site simulators, known as “stingrays.” Read more on Tenth Amendment Center.
But some of the biggest state news comes out of Vermont. Pam Dixon of World Privacy Forum sends notice this along. Note that you can provide your comments and/or attend:
CONTACT: My-Lanh Graves, Administrative Secretary, 802-828-5479
June 30, 2017
June 30, 2017
On Tuesday, July 25 and Wednesday, July 26, 2017, meetings will be held at which any interested person may provide comments on data broker regulatory legislation. Broadly speaking, a data broker collects information, including citizens’ personal information, from a variety of sources and then sells that information to advertisers and others for various purposes.
The Vermont Legislature tasked the Attorney General and the Department of Financial Regulation (DFR) to propose legislation or make a recommendation about whether, or how, to regulate the data broker industry. The working group will consult with consumer and industry stakeholders, and receive comments from the public. The working group’s recommendation or draft legislation is due by December 15, 2017.
The meetings will be held between 10:00 AM and 3:00 PM at the Department of Financial Regulation’s office, located at 29 Church Street, 3rd Floor in Burlington, Vermont. These meetings are open to the public. If you wish to comment or attend, please contact: My-Lanh Graves at 802-828-5479 or MyLanh.Graves@Vermont.gov. An agenda will be posted on the Attorney General’s and DFR’s websites prior to the meetings.
The Legislature passed S.72 in June 2017; it requires the Attorney General and DFR to provide a recommendation or draft legislation reflecting:
1. An appropriate definition of the term “data broker”;
2. Whether and, if so, to what extent the data broker industry should be regulated by the Commissioner of Financial Regulation or the Attorney General;
3. Additional consumer protections that data broker legislation should seek to include that are not addressed within the framework of existing federal and State consumer protection laws; and
4. Proposed courses of action that balance the benefits to society that the data broker industry brings with actual and potential harms the industry may pose to consumers. The full text of S.72 can be found here.
The public meetings are intended to provide an opportunity for industry, consumer advocates, and the public to comment on the above-listed specific topics and on potential legislation regarding data brokers generally. Written comments will also be accepted through Friday, August 11, 2017 and will become part of the public record in this matter. Please send any written comments to My-Lanh Graves at MyLanh.Graves@Vermont.govor by mail to the Attorney General’s Office at 109 State St., Montpelier, VT 05609.
Published: Jun 30, 2017
Keeping up on a changing field?
… as important new developments arise during the coming year, we will continue to document them by posting edited new materials on the websites for the two casebooks — supplements to this Supplement — from which they may be downloaded by teachers and shared with students. The website for National Security Law (6th ed.) may be found at http://www.aspenlawschool.com/books/Dycus_NatSec/default.asp; the website for Counterterrorism Law (3d ed.) may be found at http://www.aspenlawschool.com/books/Dycus_CounterTerror/default.asp. We encourage you to return to those portals regularly to keep abreast of major developments during the year — and to alert us if and when you come across new materials that deserve to be included.
Something to amuse my students.
Airline CEO predicts a future where 'we will pay you to fly'
In January, WOW launched a sale for $69 one way tickets from the US to Europe. In June, the airline followed up with a sale for $55 trans-Atlantic tickets. These sales have helped bring awareness to the airline that's expected to double in size over the next two years.
… However, the question must be asked. How low can they go?
"I can see a day when we pay you to fly," WOW Air founder and CEO Skúli Mogensen told Business Insider in an interview.
For years now, airlines have worked to diversify their revenues streams and to reduce their reliance on ticket sales for income. Fees for things such as seat selection, early boarding, and in-flight meals have become the norm. In addition, they have developed lucrative partnerships with hotels, restaurants, rental car agencies, and other travel industry players to ensure their ability to derive revenue from all facets of a passenger's travel needs.
… "Our goal, and we're working hard towards it, is for our ancillary revenue to actually surpass our passenger revenue," Mogensen said. "What ever airline becomes the first to achieve this will be a game changer."
As a big SciFi fan, I could not agree more. Perhaps IBM should ask Watson to read SciFi?
At the end of the 19th century, New York City stank. One hundred fifty thousand horses ferried people and goods through the streets of Manhattan, producing 45,000 tons — tons! — of manure a month. It piled up on streets and in vacant lots, and in 1898 urban planners convened from around the world to brainstorm solutions to the impending crisis. They failed to come up with any, unable to imagine horseless transportation.
Fourteen years later, cars outnumbered horses in New York, and visions of manure dystopia were forgotten.
If 19th-century urban planners had had access to big data, machine learning techniques, and modern management theory, these tools would not have helped them. They simply would have confirmed their existing concerns. Extrapolating from past trends is useful but limiting in a world of accelerating technological change.
Science fiction can help. Maybe you associate it with spaceships and aliens, but science fiction offers more than escapism. By presenting plausible alternative realities, science fiction stories empower us to confront not just what we think but also how we think and why we think it. They reveal how fragile the status quo is, and how malleable the future can be.
… Science fiction isn’t useful because it’s predictive. It’s useful because it reframes our perspective on the world. Like international travel or meditation, it creates space for us to question our assumptions.
Friday, July 14, 2017
What is on your phone; what is in the cloud?
Border Patrol Says It’s Barred From Searching Cloud Data on Phones
U.S. border officers aren't allowed to look at any data stored only in the "cloud" — including social media data — when they search U.S. travelers' phones, Customs and Border Protection acknowledged in a letter obtained Wednesday by NBC News.
The letter (PDF), sent in response to inquiries by Sen. Ron Wyden, D-Ore., and verified by Wyden's office, not only states that CBP doesn't search data stored only with remote cloud services, but also — apparently for the first time — declares that it doesn't have that authority in the first place.
… Travelers don't even have to unlock their devices or hand over their passwords when asked — but if they refuse, officers can "detain" the phone, McAleenan wrote.
Homeland Security has published numerous documents (PDF) detailing what it touts as its progress in decoding password and PIN protection on most devices.
Because they ain’t like us?
Exclusive: U.S. asks nations to provide more traveler data or face sanctions
The U.S. State Department will require all nations to provide extensive data to help it vet visa applicants and determine whether a traveler poses a terrorist threat, according to a cable obtained by Reuters.
Countries that fail to comply with the new protocols or take steps to do so within 50 days could face travel sanctions.
… The memo lays out a series of standards the United States will require of other countries, including that they issue, or have active plans to issue, electronic passports and regularly report lost and stolen passports to INTERPOL.
It also directs nations to provide "any other identity information" requested by Washington for U.S. visa applicants, including biometric or biographic details.
The cable sets out requirements for countries to provide data on individuals it knows or has grounds to believe are terrorists as well as criminal record information.
Further, countries are asked not to block the transfer of information about U.S.-bound travelers to the U.S. government and not to designate people for travel watchlists based solely on their political or religious beliefs.
… The cable can be read here: (reut.rs/2untHTl).
Clearly, the legal profession is doomed!
Free robot lawyer helps low-income people tackle more than 1,000 legal issues
Noted legal aid chatbot DoNotPay just announced a massive expansion, which will help users tackle issues in 1,000 legal areas entirely for free. The new features, which launched on Wednesday, cover consumer and workplace rights, and will be available in all 50 states and the UK.
While the bot will still help drivers contest parking tickets and refugees apply for asylum, the service will now also help those who want to report harassment in the workplace or who simply want a refund on a busted toaster.
Through DoNotPay, a user has a simple, instant message-like conversation with a bot by typing their issue in their own words. Even colorful complaints like, "My airline screwed me" will be registered by the system.
Then, a virtual lawyer decides how to best help a user based on their answers to a series of questions.
… DoNotPay can also connect users to outside aid, like a nonprofit that provides pro bono representation or avenues for action in more serious cases.
More Than 40 Examples of Classroom & School Blogs
One of the best ways to learn about using blogs in school is to see how others are doing it. That's why a few years ago I put together a survey and asked for teachers to share examples from their own blogs. The slides below feature more than 40 examples of classroom blogs.
This may allow me to put all my handouts into a single book! Chrome only, so far.
Try Book Creator In Chrome to Create Multimedia Books
Book Creator is a one of the most popular iPad apps in schools. It's a fantastic app for creating multimedia stories. Now that platform is available in a web version too.
The Book Creator web version is currently in beta and open for teachers to use. Book Creator's web version supports creating multimedia books containing videos, images, drawings, and text. To create a book on Book Creator's web app just sign and choose a layout for your book. There are comic book layouts as well as traditional book layouts. After you have selected a layout for your book's pages you can add pictures and videos by either uploading them or by using your webcam. You can add text and drawings by using the drawing and typing tools built into Book Creator. Your completed book can be saved as a ePub or published online with a private Book Creator link.
Learn more about Book Creator's web app in the video below.
Speeding up research for my students. Chrome only for now, Firefox soon.
Browser extension locates books and ebooks from your local library
Library Extension – “The #1 Browser Extension that lets you instantly see book and e-book availability from your local library. Easily see what titles are available at your local library as you browse for books! As you browse books and e-books, the Library Extension can check your library’s online catalog and display the availability of that item on the same page. If the book is available at your library, you’ll know instantly – and have a quick, convenient link to reserve the title.”
A slight misunderstanding.
Thursday, July 13, 2017
I gave my students this breach to research. It will be interesting to see what they conclude.
In a major relief to Reliance JIO customers, an initial police probe has found there was no theft of data by a computer engineer arrested from Rajasthan, a top investigating official said here on Thursday.
“According to our probe so far, no data has been leaked or stolen. But investigations are still in the initial stage and we will learn more after the accused is brought here late on Thursday night,” Navi Mumbai Deputy Commissioner of Police (Crime) Tushar Doshi told IANS.
Read more on Business Standard.
Reliance Jio admits to systems breach in police complaint
… The complaint is the telecom company’s first official acknowledgement of a systems breach. Jio has so far denied media reports and user accounts of a leak.
… Several local news sites reported late on Sunday that names, telephone numbers and email addresses of Jio users were visible on a site called ‘Magicapk,’ which was subsequently taken down.
… Experts say India has inadequate data protection laws that do not mandate companies or agencies to notify clients if their personal data has been breached. Advocates for stronger data protection laws say this results in data leaks often going unreported.
“There is a clear stigma attached to being hacked, or data being stolen,” said Akash Mahajan, a web security consultant in Bengaluru, adding this is why companies in India often do not admit to data breaches.
Deny, deny, deny.
Verizon Downplays Leak of Millions of Customer Records
Cyber resilience firm UpGuard reported on Wednesday that its researchers discovered an unprotected AWS S3 bucket containing information on as many as 14 million Verizon customers, including names, addresses, phone numbers, PINs used for identity verification purposes, customer satisfaction data, and service purchases.
The data, which appears to represent daily logs collected over the first six months of 2017, was not exposed by Verizon itself, but by NICE Systems, an Israel-based partner that provides call center services. UpGuard reported the leak to Verizon on June 13, but the exposed database was only protected on June 22.
… In a statement published on its corporate website, Verizon downplayed the incident, claiming that the details of only 6 million unique customers were exposed. The company blamed the leak on human error, and pointed out that no one other than UpGuard had accessed the unprotected cloud storage area.
… Willy Leichter, vice president of marketing at Virsec, believes “this will be a heated board-level issue for a $1 billion company like Nice, and a $125 billion-plus company like Verizon.”
“If the European General Data Protection Regulation (GDPR) was in effect (it is starting in May 2018) there could be a fine as large at $5 billion (4% of annual revenue) for this single incident,” Leichter said.
Backups are good! Easy backups are better!
Google launches a new Backup & Sync desktop app for uploading files and photos to the cloud
As promised last month, Google has today launched its new “Backup and Sync from Google” tool, which aims to help users more easily back up the files and photos on their computer.
… The new tool offers a simple user interface, where you’ll first sign into your Google account, then select the folders you want Google to continually back up to Google Drive.… Both products‘ websites are currently hosting the updated software, which is a free download for consumers.
If there is even a hint of something to do with AI, companies are snapping up start=ups.
Google acquires India’s Halli Labs, which was building AI tools to fix ‘old problems’
Some more M&A news in the world of artificial intelligence. Today it was made public that Google has acquired Halli Labs, a very young (its first public appearance was on May 22 of this year) startup based out of Bengaluru, India, that was focused on building deep learning and machine learning systems to address what it describes as “old problems.”
… It’s not clear whether or not Halli Labs was funded.
… It’s also not clear how many more people were working at Halli Labs. We’re trying to find that out too.
The world, she is a changing…
It is barely 20 years since Sergey Brin and Larry Page registered the domain name google.com, and only 10 years since Steve Jobs walked onto a stage in San Francisco and introduced the iPhone. Yet in this short period, digital technologies have upended our world. We introduced the Digital Evolution Index in HBR in 2015 to trace the emergence of a “digital planet,” how physical interactions — in communications, social and political exchange, commerce, media and entertainment — are being displaced by digitally mediated ones. We identified many hotspots around the world where these changes are happening rapidly and other spots where momentum has slowed. Two years on, depending on where we live, we continue to move at different speeds toward the digital planet.
Honesty? That’s a concept?
Minnesota attorney general sues CenturyLink over billing
Minnesota Attorney General Lori Swanson sued CenturyLink on Wednesday as she alleged that the internet, phone and cable television provider frequently billed Minnesota customers at higher rates than its sales agents quoted.
Flanked by Minnesotans who have filed some of the “hundreds” of complaints about charges they say they didn’t agree to, Swanson said she’s asking a judge to impose civil penalties, order the company to change its sales practices and require that CenturyLink pay restitution to customers who were misled about their purchases.
… The lawsuit, filed in Anoka County District Court, accuses Louisiana-based CenturyLink of committing consumer fraud and engaging in deceptive trade practices. It cites 37 specific cases in which people were overbilled by the company and denied the opportunity to reduce those charges — even when they had the original offer in writing.
No doubt Google googled “tax breaks.”
Why Europe can’t beat Google on corporate taxes
Google isn’t liable for 1.1 billion euros ($1.25 billion) of back-taxes after all, a French court has decided. That won’t be the last battle the U.S. search engine faces over how it arranges its profits. Giant technology companies will always have an advantage over local tax authorities, though. Unlike competing European countries, they can put their global interest first.
… A big company might argue, as Google has, that its UK business merely offers marketing services to an Irish-based sales company, which means that profit from actual sales is rightly taxed in Ireland. In some cases, it might be possible to argue that certain staff members in Britain were effectively engaging in sales. Even then, though, the principle that tax is payable where profit is booked – not where the customer is based – is still intact.
For my students. Remember, there’s a downside to every new technology. Think of this article when the doomsayers predict that robots mean the end of all jobs.
What Every Entrepreneur Can Learn From the Bicycle
In 1896, the bicycle was a thrilling and newfangled invention. But not everyone was impressed. A writer named Joseph Bishop went around interviewing angry business owners, who claimed their sales fell as a result of the two-wheeler. “Before the bicycle craze struck us,” one barber said, “the men used to come in on Saturday afternoons and get a shave, and a haircut, and maybe a shampoo, in order to take their lady friends to the theater, or go out somewhere else in the evening. Now they go off on a bicycle and do not care whether they are shaved or not.”
Booksellers said people weren't reading as much, because they were cycling. Saloon owners complained that they weren't selling as much beer, because bicyclists drank more refreshing beverages. The cigar trade was in a panic, claiming that it was shrinking at the rate of one million fewer cigars sold a day. Shoe-makers raised the alarm, because nobody was walking anymore. And hatters, Bishop reported, “say they are injured because bicyclists wear cheap caps and thus either save their more expensive ones or else get on without them. One irate member of the trade proposes that Congress be asked to pass a law compelling each bicycle-rider to purchase at least two felt hats a year.”
Making “cut & paste” easier?
Internet tool that removes everything from a web page except for its text
“The text-only internet tool Textise is a new way of looking at the Web. It’s an internet tool that removes everything from a web page except for its text. In practice, this means that images, forms, scripts, pretty fonts, they all go, leaving plain text.
How to use this page:
1) Type or paste the URL of a web page into the box below and click “Textise”. A text only version of the web page will be displayed.
2) Type a search term into the box, select a search engine from the drop-down list, and click “Search”. You will be taken to a text only version of the search results.
Textise will also display search forms on selected sites (for example bbc.co.uk, amazon.com) if enabled on the Options page.
3) Read more
2) Type a search term into the box, select a search engine from the drop-down list, and click “Search”. You will be taken to a text only version of the search results.
Textise will also display search forms on selected sites (for example bbc.co.uk, amazon.com) if enabled on the Options page.
3) Read more
Could help me map my students.
See all your Google Contacts on a Google Map
Another set of tools for my students.
Resources for my students…
It’s not always easy to find podcasts you want to listen to, especially ones about technology. It seems comedy and crime are the two vogue genres of the podcast world at the moment.
So when a fresh podcast comes along, it’s certain to grab our attention — and the new .future podcast from Microsoft has done exactly that. If you love tech talk, it won’t disappoint you. I promise.
… The new .future podcast marks a second official venture, but this time Microsoft products are not the focus.
… If you want to subscribe, you can find it in the iTunes Directory or by using the RSS link. The first episode aired on June 28, so make sure you download the old episodes first.
An important correction! (Fortune got it wrong!) You must buy a dozen at regular price before getting a dozen for 80 cents.
7/14 get an 80 cent Original Glazed dozen when you buy any dozen
Wednesday, July 12, 2017
Amazing! Someone got it right!
I must admit that I am pleasantly surprised to read how this non-profit had a great response to a ransomware attack.
Community Care of St. Catharines and Thorold is still reeling from a cyberattack that shut its computers down for more than a week.
The local food bank’s CEO, Betty-Lou Souter, said Community Care’s systems are back up and running, but the ransomware attack has reinforced the need for cyber-vigilance.
“It is easy to open the door, but once it’s open it can be very hard to close,” Souter said.
She said Community Care’s servers were attacked by the NW4 ransomware virus at 11:26 p.m. on June 28.
No one is sure how the virus got into the server, but when Community Care’s staff arrived for work on June 29, they couldn’t use their computers.
Souter said every computer screen displayed a message that said all the computer’s files were encrypted. To get access to them, Community Care would have to buy an encryption key for the price of $3,000 in Bitcoin, a unit of currency frequently used by cybercriminals.
“We didn’t pay that, obviously,” Souter said. “I immediately called our technical support guy, and he told us not to touch anything.”
But it wasn’t just their immediate response that impressed me. It was their preparation:
She said Community Care backs up its computer files on a regular basis. The technician wiped the computers and restored them using those backed up files.
Souter said Community Care’s client information files were unaffected because they are not stored on the physical server, but on a cloud.
Nevertheless, it took nearly a week for Community Care to have full access to its computers. The only data lost was information that hadn’t been captured in the most recent backup.
I wonder what their budget is for infosecurity and whether they would be willing to share their plan with others of comparable size and means.
Read more on St. Catherines Standard.
A can of worms?
PSD2 and Open Banking Bring Problems and Opportunities for Global Banks
Payment Services Directive 2 (PSD2) is a new EU banking/finance regulation coming into force in January 2018. It is designed to shake up the finance sector -- perhaps even designed to weaken the overall strength of the banks following the 2008 crash,
… The banks are considered to be too powerful and monolithic with sole and complete ownership of their customers financial data. The European bureaucrats want to introduce some competition. Their chosen route is to force the banks to provide APIs that will allow third-party apps to access customer data and provide new services not currently offered by the banks. The bureaucrats then believe third-parties will re-invigorate the payments and finance markets for end users.
There are enormous difficulties for the banks -- for while they are required to give third-party access to customer data, they will remain liable for the security of that data under the General Data Protection Regulation (GDPR).
Consider if this is done via a social media organization. That organization will build an app that provides access to, and uses, its customers' financial data. The banks can authenticate the social media organization; but the social media app authenticates the user. It is possible, then, that access to customer financial data will be controlled only by social media logon; and that will almost certainly be less secure than the multi-factor and behavioral security measures that many banks currently use.
Is President Trump hoist on an e-petard? And what is an e-petard? My definition would be: Anything you craft yourself that you hope won’t come back to bite you.
Critics Blocked from President’s Twitter Account File Suit
Knight First Amendment Institute: “Joined by seven individuals from across the country, the Knight First Amendment Institute filed suit in the Southern District of New York today contending that President Trump and his communications team are violating the First Amendment by blocking individuals from the @realDonaldTrump Twitter account because they criticized the president or his policies.
The Knight Institute sent a letter to the White House last month suggesting that it would file suit if the president and his aides did not unblock individuals who had been blocked because of their views. The White House did not respond to that letter. “President Trump’s Twitter account has become an important source of news and information about the government, and an important forum for speech by, to, or about the president,” said Jameel Jaffer, the Knight Institute’s executive director. “The First Amendment applies to this digital forum in the same way it applies to town halls and open school board meetings. The White House acts unlawfully when it excludes people from this forum simply because they’ve disagreed with the president.” The president and his aides have aggressively promoted the @realDonaldTrump account as a key channel for communication between the president and the public. The White House uses the account to make formal announcements, defend the president’s official decisions and actions, report on meetings with foreign leaders, and promote the administration’s positions on health care, immigration, foreign affairs, and other matters. The president’s advisors have stated that tweets from @realDonaldTrump are “official statements.” Today’s lawsuit was filed on behalf of seven people from across the country who have been blocked from the account by the president or his aides. The blocking prevents or impedes these people from reading the president’s tweets, responding directly, or participating in the discussions that take place in the comment threads generated by the president’s tweets. The complaint argues that the @realDonaldTrump account is a “public forum” under the First Amendment, meaning that the government cannot exclude people from it simply because of their views. It also contends that the White House is violating the seven individual plaintiffs’ First Amendment right to petition their government for redress of grievances…”
This could enable anyone to create fake news that is very difficult to detect.
With these techniques, it’s difficult to discern between videos of real people and computerized impostors that can be programmed to say anything.
Can Pepsi be far behind?
Coca-Cola reveals AI-powered vending machine app
As a powerhouse in the beverage industry, Coca-Cola has made AI a central part of their technology landscape. Now, they have a new addition.
At MB 2017, Greg Chambers, the global director of digital innovation at Coca-Cola, took the stage to reveal some AI news.
Some of my students are ready for this.
Free Webinar: How to Build a Customer Experience-Led Business
To find out how to improve customer experience on your branded channels, you’ll want to attend our webinar, How to Build a Customer Experience-Led Business, presented by Comcast Business and Entrepreneur.
This may be too simple for my niece, but I’ll forward it anyway.
… Fender Play is a video subscription service [30 day free trial. Bob] designed to make learning the guitar online a more painless, digestible process. Using bite-sized, multi-angle video lessons, Fender Play puts the focus on learning popular songs, rather than bogging students down with arcane music theory up front.
This actually happened to me.
For my “starving students.”
Krispy Kreme Is Giving Out a Dozen Doughnuts For 80 Cents. Here’s How to Get Them
As Krispy Kreme prepares to celebrates its 80th anniversary, the doughnut chain will be selling a dozen doughnuts for 80 cents this week.
Considering that a single doughnut normally sells at Krispy Kreme for 99 cents, the offer makes for a pretty good bargain. The deal runs only on Friday, July 14, and lasts all day,
… Customers won't need to present a coupon or certificate to get the deal. All they need to do is show up to a participating Krispy Kreme in the United States or Canada. Some locations may not have the deal — to find out if a local Krispy Kreme will be offering the sale, customers can use the company's store locator.
Tuesday, July 11, 2017
If you are a criminal, you use the Dark Web. If you want to become a “Master Criminal,” you steal tools and techniques from lesser criminals. (Or if you are professional hackers with the backing of your country.)
Catalin Cimpanu reports:
Deep Hosting — a Dark Web hosting service — admitted yesterday to suffering a major security incident during which “some sites have been exported.”
The hack took place on Saturday afternoon and was carried out by a hacker calling himself Dhostpwned, the name he used when he spoke with Bleeping Computer earlier today.
Hacker used PHP shell to take over hosting provider
According to a wiki page published by the Deep Hosting team, the hack took place after the hacker registered a shared hosting account on their service, and used it to upload two shells on their servers, one written in PHP and one in Perl.
Read more on BleepingComputer. DataBreaches.net was also contacted by the hacker yesterday, but unfortunately, was not online at the time. I hope to connect with him/them soon, though.
If you are developing a Cyber War strategy, one of your first tasks is reconnaissance. Where is security strong, where is it weak? What can you do when your probe is not even detected?
Mark Hosenball reports:
Cyber attackers are regularly trying to attack data networks connected to critical national infrastructure systems around Europe, according to current and former European government sources with knowledge of the issue.
The sources acknowledged that European infrastructure data networks face regular attacks similar to those which the Washington Post newspaper said on Sunday had been launched by Russian government hackers against business systems of U.S. nuclear power and other companies involved in energy production.
Read more on Reuters.
Or perhaps they don’t want to face thousands of lawsuits?
Google wants to make sure AI advances don’t leave anyone behind
We hope that AI will allow us to make smarter decisions, but what if it ends up reinforcing the prejudices of society? We dream that technology might free us from work, but what if only the rich benefit, while the poor are dispossessed?
It’s issues like these that keep artificial intelligence researchers up at night, and they’re also the reason that Google is launching an AI initiative today to tackle some of these same problems. The new project is named PAIR (it stands for “People + AI Research”) and its aim is to “study and redesign the ways people interact with AI systems” and try to ensure that the technology “benefits and empowers everyone.”
… The tech giant says it wants to make AI user-friendly, and that means not only making the technology easy to understand (getting AI to explain itself is a known and challenging problem) but also ensuring that it treats its users equally.
It’s been noted time and time again that the prejudices and inequalities of society often become hard-coded in AI. This might mean facial recognition software that doesn’t recognize dark-skinned users, or a language processing program which assume that doctors are always male and nurses are always female.
Usually this sort of issue is caused by the data that artificial intelligence is trained on. Either the information it has it incomplete, or it’s prejudiced in some way. That’s why PAIR’s first real news is the announcement of two new open-source tools — called Facets Overview and Facets Dive — which make it easier for programmers to examine datasets.
A quick overview.
EFF – Major Teleco Providers Fail to Protect User Privacy From Government Overreach
by Sabrina I. Pacifici on Jul 10, 2017
EFF News Release: “Amazon Fails To Follow, Much Less Lead in Privacy Best Practices, Facebook, Google, and Microsoft Fail to Promise They Will Stand Up to FBI Gag Orders… While many technology companies continue to step up their privacy game by adopting best practices to protect sensitive customer information when the government demands user data, telecommunications companies are failing to prioritize user privacy when the government comes knocking, an EFF annual survey shows. Even tech giants such as Apple, Facebook, and Google can do more to fully stand behind their users. EFF’s seventh annual “Who Has Your Back” report, released today, digs into the ways many technology companies are getting the message about user privacy in this era of unprecedented digital surveillance. The data stored on our mobile phones, laptops, and especially our online services can, when aggregated, paint a detailed picture of our lives—where we go, who we see, what we say, our political affiliations, our religion, and more….”
Trying to catch up with Amazon?
Microsoft Is Making Major Moves in the Cloud
Last week, Microsoft Corp. announced a major restructuring meant to put its sales and marketing efforts on better footing for an era where cloud software and services sales take top priority, at least in the corporate realm.
Making life easier for our students.
Ubuntu is now available for download on the Windows Store
Microsoft announced at its Build 2017 developer conference earlier this year that Ubuntu would be heading to the Windows Store, and now the popular Linux distro is available to download.
Ubuntu — like SUSE Linux and Fedora, the other two forthcoming Linux distros heading to the store — runs in a sandbox alongside Windows 10, and offers regular command-line utilities as a standalone installation, with shared access to files and hardware with Windows 10.
Hire my students, please!
The Biggest Mistakes Job Seekers Make Today
For my geeks…
Not beer? Dang, I’ve been drinking the wrong stuff?
Association of Coffee Consumption With Total and Cause-Specific Mortality Among Nonwhite Populations
Coffee consumption has been associated with reduced risk for death in prospective cohort studies; however, data in nonwhites are sparse.
Monday, July 10, 2017
To have really big breaches, it helps to have really big populations. I expect really big things from India, unfortunately.
India telecom operator Reliance Jio investigating claims of data breach
India's Reliance Jio is investigating whether personal data of over 100 million of its customers had leaked onto a website, in what analysts said could be the first ever large-scale breach at an Indian telecom operator.
Jio, India's newest telecoms entrant, said that the data on the website, "Magicapk.com", appeared to be "unauthentic" and that its subscriber data was safe and maintained with the highest security.
But people complained on Twitter about personal information of Jio users being publicly available on Magicapk.com, and some Indian media said that their checks had led them to believe the leak was real.
Campaigns will need to be faster in their identification of “fake news” and ready with a factual counter-message. Do we need a “fact checking” service for all political messages? How would that work?
Study: Bots have turned Twitter into a powerful political disinformation platform
As if Twitter’s reputation hasn’t been battered enough, a new study sheds light on how the social media platform can be hijacked by bots to spread political disinformation during election campaigns.
A researcher at the University of Southern California found that almost 20 percent of Twitter bots that were engaged in spreading propaganda against Emmanuel Macron during the recent French presidential election had been used to spread misinformation in favor of Donald Trump last year during the U.S. elections.
… Bottom line, according to the study by Dr. Emilio Ferrara, a research assistant professor at USC Computer Science Department: “Account usage patterns suggest the possible existence of a black-market for reusable political disinformation bots.”
… Ferrara’s study is called: “Disinformation and Social Bot Operations in the Run Up to the 2017 French Presidential Election.” The study was published as an open source document, and the full version is here.
I expect more managers to eventually wake up, but this is rather typical.
75 Percent of U.S. Companies Think GDPR Doesn't Apply to Them
A new report focusing on Europe's General Data Protection Regulation (GDPR) preparedness shows a worrying disconnect between Business and Security. GDPR will come into effect in May 2018, and perhaps more than any other security regulation will require close cooperation between Business, IT and Security to enable and ensure regulatory compliance across the whole organization. The penalty for failure is severe: up to €20 million or 4% of global turnover -- and the reach of the regulation is effectively global.
NTT Security interviewed 1,350 non-IT decision-makers across the globe. It sought to understand GDPR awareness across the business, and measure how well information security policies are being communicated across the business. The results (PDF), it suggests, are mixed. While there is some improvement in general security policies, there is poor understanding of security-related regulations in general, and GDPR in particular.
This was an accident but as AI improves, this might become common. Big Brother indeed?
We’re gradually learning that smart home devices can be quite valuable for police. Following a recent case in which Amazon handed over data from its Echo device to police investigating a murder, a Google Home called the police when a couple was allegedly involved in a violent domestic dispute.
According to ABC News, officers were called to a home outside Albuquerque, New Mexico this week when a Google Home called 911 and the operator heard a confrontation in the background. Police say that Eduardo Barros was house-sitting at the residence with his girlfriend and their daughter. Barros allegedly pulled a gun on his girlfriend when they got into an argument and asked her: “Did you call the sheriffs?” Google Home apparently heard “call the sheriffs,” and proceeded to call the sheriffs.
… In a different incident in January, a local TV news broadcast involving a dollhouse reportedly triggered multiple Amazon Echo devices in the area to start ordering dollhouses. It’s easy to imagine police getting tired of being called to citizen’s homes every time they watch the latest episode of Law and Order.
For my Computer Security students.
Cybersecurity: The cold war online
by Sabrina I. Pacifici on Jul 9, 2017
Cybersecurity: The cold war online, Steven Aftergood. Nature 547, 30–31 (06 July 2017) doi:10.1038/547030a. Published online 05 July 2017.
“The Internet is under attack, and not just by hackers, thieves and spies. As Alexander Klimburg reports in The Darkening Web, governments that insist on their own primacy are increasingly assaulting the idea of this digitized landscape as a transnational commons. Cyberspace is becoming a war zone in a new era of ideological combat. Klimburg — director of cyber policy at the Hague Centre for Strategic Studies in the Netherlands — sees the combatants as belonging to two groups. The forces of the ‘free Internet’ favour the unconstrained flow of information, independent of national borders or cultural barriers. The ‘cybersovereignty’ camp, led by Russia and China, demands greater government control of the Internet and of information. To sustain its massive censorship operation, China’s ‘Great Firewall’ employs more people than serve in the country’s armed forces… [Estimated 1.6 to 2.3 million. Bob]
For my Systems students. Was this system designed to be unmanageable?
Wells Fargo says closer to reaching $142 mln phony accounts settlement
A California judge has granted a preliminary approval for Wells Fargo & Co's agreement to pay $142 million, and perhaps more, to customers whose credit scores were harmed by its employees creating fake accounts in their names, the bank said on Sunday.
… Wells Fargo has previously said thousands of branch employees created as many as 2.1 million bank and credit card accounts in individuals' names without their permission to artificially hit sales goals.
(Ditto). Is any system failure proof?
India's biggest stock exchange grapples with system fault ahead of IPO
A technical glitch shut down India's National Stock Exchange (NSE) for five hours on Monday, dealing the country's biggest stock exchange an embarrassing blow ahead of its plans to list and leading to a surge in volumes on a rival bourse.
… In a statement late in the day, the NSE attributed the disruption to an unidentified "technical problem". [“We don’t know what happened?” OR “We’re not going to tell you what happened?” Not the best way to inspire confidence. Bob]
Interesting, if a bit vague.
… While war is still conducted with fighter jets, assault rifles, and roadside bombs, the world’s governments and armed forces are increasingly bringing new kinds of weapons and information systems to bear. And these software-based systems may soon eclipse most others in the effect they have on the battlefield. At the very least, a shift is under way that will see software come to have a deeper and deeper impact on almost every aspect of conflict.
I think WolframAlpha is a great teaching tool. Perhaps some people are using it incorrectly or not at all?
AI Is Making It Extremely Easy for Students to Cheat