Saturday, August 26, 2017

Other than those few bugs, how do you like the technology?
PoS Flaws Allow Hackers to Steal Card Data, Change Prices
Researchers at ERPScan discovered that SAP’s POS product, which is part of the company’s SAP for Retail offering, was affected by several flaws.  Specifically, the system’s server component, Xpress Server, lacked important authorization checks for critical functionality.
This allows an attacker with access to the system to send malicious configuration files to Xpress Server and gain complete control of both the frontend and backend of the PoS system.
A hacker can abuse tens of commands, allowing them to steal data from all the credit and debit cards used at the targeted store, and apply special prices and discounts to specified items.  These discounts can be applied for specified times so that an item has a small price only when fraudsters go to purchase it.  Fraudsters can also set up the system so that their purchases are charged to the previous customer’s card.
   the connections between POS workstation and the store server turn out to be the weakest link. They lack the basics of cybersecurity - authorization procedures and encryption, and nobody cares about it. So, once an attacker is in the Network, he or she gains full control of the system.”

Probably not the best way to convince the judge that you are not part of a vast criminal conspiracy.  Should the lawyer have made this public?  
Fraud Forces WannaCry Hero's Legal Fund To Refund All Donations
The vast majority of money raised to pay for the legal defense of beloved [? Bob] British cybersecurity researcher Marcus Hutchins was donated with stolen or fake credit card numbers, and all donations, including legitimate ones, will be returned, the manager of the defense fund says.
Lawyer Tor Ekeland, who managed the fund, said at least $150,000 of the money collected came from fraudulent sources, and that the prevalence of fraudulent donations effectively voided the entire fundraiser.  He said he'd been able to identify only about $4,900 in legitimate donations, but that he couldn't be certain even of those.

If this is easy for Facebook, imagine what Intelligence Agencies can do.
Rebecca Porter and I were strangers, as far as I knew.  Facebook, however, thought we might be connected.  Her name popped up this summer on my list of “People You May Know,” the social network’s roster of potential new online friends for me.
The People You May Know feature is notorious for its uncanny ability to recognize who you associate with in real life.  It has mystified and disconcerted Facebook users by showing them an old boss, a one-night-stand, or someone they just ran into on the street.
   On any given day, it tended to recommend about 160 people, some of them over and over again; over the course of the summer, it suggested more than 1,400 different people to me.  About 200, or 15 percent of them, were, in fact, people I knew, but the rest appeared to be strangers.
And then there was Rebecca Porter.  She showed up on the list after about a month: an older woman, living in Ohio, with whom I had no Facebook friends in common.  I did not recognize her, but her last name was familiar.  My biological grandfather is a man I’ve never met, with the last name Porter, who abandoned my father when he was a baby.  My father was adopted by a man whose last name was Hill, and he didn’t find out about his biological father until adulthood.
   I sent the woman a Facebook message explaining the situation and asking if she was related to my biological grandfather.
“Yes,” she wrote back.
Rebecca Porter, we discovered, is my great aunt, by marriage.  She is married to my biological grandfather’s brother; she met him 35 years ago, the year after I was born.  Facebook knew my family tree better than I did
“I didn’t know about you,” she told me, when we talked by phone.  “I don’t understand how Facebook made the connection.”  
   Facebook is known to buy information from data brokers, and a person who previously worked for the company and who is familiar with how the tool works suggested the familial connection may have been discerned that way.  But when asked about that scenario, a Facebook spokesperson said, “Facebook does not use information from data brokers for People You May Know.”
What information had Facebook used, then?  The company would not tell me what triggered this recommendation, citing privacy reasons.  A Facebook spokesperson said that if the company helped me figure out how it made the connection between me and my great aunt, then every other user who got an unexpected friend suggestion would come around asking for an explanation, too.  
   Now, when I look at my friend recommendations, I’m unnerved not just by seeing the names of the people I know offline, but by all the seeming strangers on the list.  How many of them are truly strangers, I wonder—and how many are connected to me in ways I’m unaware of.  They are not people I know, but are they people I should know?

Probably not soon, but eventually.
The Next Big Thing: Energy-Saving Graphene Computers with 1,000x Speed and Efficiency
Today, researchers from Northwestern University, University of Texas at Dallas, University of Illinois at Urbana-Champaign, and University of Central Florida have joined minds together in the development of a graphene-based transistor.
   Transistors function as on and off switches, forming logic gates in computers when placed in various arrangements.  These logic gates enable microprocessors to solve complex logic and arithmetic problems.  But, since 2005, the speed of computer microprocessors which utilize silicon transistors have clock speeds mostly in the 3 to 4 gigahertz range only.
   According to the team, with a cascading series of graphene transistor-based logic gates, a computer could have clock speeds near the terahertz range, thus making it a thousand times faster and more efficient than today’s computers.
Graphene computers also use lesser energy, only a hundredth of the power consumed by silicon-based ones.  Moreover, computers could be designed smaller in size


Friday, August 25, 2017

Ties in tightly to my Data Management class.  The US tries to do this one company (one application) at a time. 
Standard Business Reporting: Open Data to Cut Compliance Costs
by on
“Imagine if U.S. companies’ compliance costs could be reduced, by billions of dollars.  Imagine if this could happen without sacrificing any transparency to investors and governments.  Open data can make that possible.  
This first-ever research report, co-published by the Data Foundation and PwC, explains how Standard Business Reporting (SBR), in which multiple regulatory agencies adopt a common open data structure for the information they collect, reduces costs for both companies and agencies.  SBR programs are in place in the Netherlands, Australia, and elsewhere – but the concept is unknown in the United States. [Unknown to government… Bob]  Our report is intended to introduce SBR to U.S. policymakers and lay the groundwork for future change…  Around the world, governments are choosing to transform their information from disconnected documents into open data.
For our purposes, the term open data refers to information that is made interoperable using standardized definitions and digital formats, and digitally published and freely available for use and reuse by its users…  The key, of course, is interoperability, which allows diverse systems and organizations to exchange and use one another’s data without having to translate it.  For companies as well as agencies, open data offers significant efficiencies by reducing processing time and costs.  
First, if government agencies standardize data fields and formats for the information they collect, rather than expressing that information as unstructured documents, reporting companies’ software can automatically compile and report it, reducing manual labor.  Quality improves; human ‘fat fingering’ is eliminated.  Second, if multiple agencies align their fields and formats with one another by adopting universal standards for overlapping information, companies can submit the same information once, rather than multiple times to each agency.  Meanwhile, open data promises to cut regulatory agencies’ costs and reduce their risks by allowing them to get and use regulatory information more quickly, shortening the processing required for data analysis.  In the United States, for example, simple data matching could have revealed Bernie Madoff’s fraudulent activities before his financial firm collapsed, allowed agencies to quickly gauge the financial industry’s exposure to Lehman Brothers while deciding whether to initiate a bailout, and indicated that the fuel cell manufacturer Solyndra was the riskiest recipient of a federal loan guarantee well before its 2011 bankruptcy – if the relevant information had been available in a consumable format and in a timely manner.  But because Madoff’s securities reports, Lehman’s financial filings, and Solyndra’s energy and securities disclosures were available only as disconnected documents, not open data, these insights would have required expensive, time-consuming, and purpose-built analytics projects.  

Clearly, a well written law is inspirational!  (If they have your permission they can violate your privacy?)  
Hannah M. Arenstam, Frederic T. Knape, Joshua J. Orewiler, and Joseph A. Strubbe of
Vedder Price write:
In the past few weeks, five putative class action lawsuits have been filed under the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS 14/1 et seq., targeting defendants in the health care, senior living, commercial baking, meat processing and security industries.  These recent suits join previously filed BIPA class actions against day care operators, tanning salons, video game manufacturers, hotel groups and supermarkets as well as much larger entities, including Facebook, Google, Shutterfly, Six Flags and Snapchat.  All of these suits have similar allegations at their core; that defendants utilized employees’, customers’, or other persons’ biometric identifiers, such as fingerprints, voiceprints, retina scans or facial recognition technology, in violation of BIPA’s disclosure and consent requirements.  All seek recovery of BIPA’s statutory liquidated damages of $1,000 for each negligent violation, or $5,000 for each intentional or reckless violation, injunctive relief, and recovery of attorneys’ fees and costs.
Read more on National Law Review.

Sort of a “Kill them all and let God sort them out” kind of warrant. 
Government Prevails in Bid for Anti-Trump Website’s Subscriber Data
   A judge in District of Columbia Superior Court on Thursday ordered DreamHost LLC, the host of the website, to comply with a government warrant seeking information about the site’s subscribers.  The government says the site was used to recruit and organize hundreds of people who rioted in the city on Jan. 20, the day President Donald Trump was sworn in, causing hundreds of thousands of dollars in damage over nearly two dozen city blocks.
Chief Judge Robert Morin ruled that DreamHost was obligated to turn over subscriber data, but that prosecutors would have to tell the judge which data it intended to seize. [Couldn’t they specify that in the warrant?  Or do they get to look at everyone and everything and then specify?  Bob]  The judge said he would oversee the use of the data to make sure the government’s seizure was limited to individuals linked to the riots and not people who merely posted messages or communicated with others through the site. 
   Morin denied DreamHost’s request to put his ruling on hold until they could appeal his decision.

(Related).  “We’ll look through all of this data but only use the stuff we need, pinky promise!” 
Verizon reports spike in government requests for cell 'tower dumps'
Government requests for the mass disclosure of every caller who connected to a particular cellphone tower have spiked during the first half of 2017, according to Verizon’s latest transparency report.
Law enforcement seek so-called tower dumps to try to identify a suspect in a crime, compelling tower operators to provide the phone numbers of all devices that connected to a specific tower during a given period of time.
   Verizon has received approximately 8,870 warrants or court orders for cell tower dumps in the first half of this year — a huge increase over 2013, when the government sought only 3,200 dumps across the whole of that year.  In 2016, the total figure was 14,630.  

Probably.  Just like TV harmed my generation.  (Too much talk for me.) 
Radio Atlantic: Are Smartphones Harming Kids?
It's been ten years since the iPhone came out, and now the first generation to grow up with smartphones is coming of age.  Jean Twenge, a psychologist who has studied generational behaviors, has found troubling signals that these devices seem to be taking a visible toll on the mental health of post-Millennials.  In the September 2017 issue of The Atlantic, Twenge shares her findings in a story adapted from her new book, iGen: Why Today’s Super-Connected Kids Are Growing Up Less Rebellious, More Tolerant, Less Happy—and Completely Unprepared for Adulthood—and What That Means for the Rest of Us.

Data Center economics.  Why would any company build a data center without massive tax incentives?  Governments are trading tax credits (no cash outlay) for future tax income.  Does the math work? 
Why Iowa is giving Apple $208 million for a project that will create 50 full-time jobs
In exchange for nearly $208 million in state and local tax breaks, the technology giant Apple has agreed to build two new data centers on 2,000 acres of Iowa land — a project that would create just 50 permanent jobs. 
   Construction is expected to start this spring in Waukee, and city officials anticipate the process will spark hundreds of construction jobs.  But the buildings, slated to open by 2020, will house more computer servers than humans. 
   Apple, meanwhile, will pour $1.3 billion into building the new properties, which will neighbor corn fields, a cattle farm and chicken pens.  The 50 permanent workers at the data centers will make a minimum of $29.12 per hour, state officials said.
The company will also fork up $100 million to a fund that bolsters Waukee’s economic development.
   Construction on a new center employs an average of 1,688 local workers and generates $9.9 million in revenue for cities and states, the study found.  After that, a typical operation supports 157 local jobs.

Did they not realize that Amazon would try to win?  They had to wait for a specific announcement?  This is what Amazon does, people!
Amazon to cut Whole Foods prices, escalating grocery turf war Inc said it will cut prices on a range of popular goods as it completes its acquisition of Whole Foods Market Inc, sending shares of rival grocers tumbling on fears that brutal market share battles will intensify.
  Shares of Kroger Co, the biggest U.S. supermarket operator, closed down 8 percent, while Wal-Mart Stores Inc, the biggest U.S. food seller, closed down 2 percent.
Amazon also said it will start selling Whole Foods brand products on its website, a move that sent down shares of packaged food sellers including Kellogg Co.
The S&P 500 Food Retail index closed down almost 5 percent as more than $10 billion was wiped off the market value of big food sellers.
   “It does not look like they will go kamikaze on pricing,” said Roger Davidson, president of consulting firm Oakton Advisory Group and a former retail executive.  “They will lower prices on consequential items to drive traffic and sales but not do a whole store price reduction which could really damage gross margin and potentially wipe out operating margin.”
   The planned price cuts would have been a tough sell to Whole Foods’ investors, who had grown used to fat profits from the upscale chain, but are more in line with Amazon’s broader strategy of sacrificing short-term profit for long-term market dominance. 

We can see where this is heading, so why don’t libraries take over journal publication? 
German library consortium advancing dynamic open access plan for scholarly journal articles
by on
“…Over the past 2 years, more than 150 German libraries, universities, and research institutes have formed a united front trying to force academic publishers into a new way of doing business.  Instead of buying subscriptions to specific journals, consortium members want to pay publishers an annual lump sum that covers publication costs of all papers whose first authors are at German institutions.  Those papers would be freely available around the world; [and easy to access with tools like Google Translate.  Bob] meanwhile, German institutions would receive access to all the publishers’ online content.  Consortia of libraries and universities in the Netherlands, Finland, Austria, and the United Kingdom have all pushed for similar agreements, but have had to settle for less than they wanted.  In the Netherlands, for example, Elsevier—the world’s biggest academic publisher—has agreed to make only 30% of Dutch-authored papers freely available by 2018, and only after a significant increase in the annual sum libraries pay…” 

Trying to make sense of Social Media. 
Fresh data shows millennials' favorite apps — and it's bad news for Snapchat
Younger millennials may be spending as much as 40 minutes a day on Snapchat, but fresh data shows the scale of the challenge it faces as it looks to grow its user base amid stiff competition from Facebook. 
Snapchat, despite being high on the cool quotient, features nowhere on the most essential apps for 18- to 34-year-olds, according to comScore's 2017 US Mobile App Report.  Amazon ranks number one, while Facebook (29%) and Instragram (11%) both rank inside the top 10. 

A Big task.  You must automate this process to have any chance of keeping up. 
Facebook shuts down 1 million accounts per day but can't stop all 'threat actors,' security chief says
   Still, the sheer number of interactions among its 2 billion global users means it can't catch all "threat actors," and it sometimes removes text posts and videos that it later finds didn't break Facebook rules, says Alex Stamos.
"When you're dealing with millions and millions of interactions, you can't create these rules and enforce them without (getting some) false positives," Stamos said during an onstage discussion at an event in San Francisco on Wednesday evening.
Stamos blames the pure technical challenges in enforcing the company's rules — rather than the rules themselves — for the threatening and unsafe behavior that sometimes finds its way on to the site.

(Related).  Crackdown does not mean takedown?  “Well just flag the really nasty stuff so you don’t miss it?” 
Google Begins Biggest Crackdown on Extremist YouTube Videos
Starting on Thursday, Google will police YouTube like it never has before, adding warnings and disabling advertising on videos that the company determines crosses its new threshold for offensive content.
YouTube isn’t removing the selected videos, but is instead setting new restrictions on viewing, sharing and making money on them.
   YouTube says it uploads over 400 hours of video a minute.
Videos tagged by its new policy won’t be able to run ads or have comments posted, and won’t appear in any recommended lists on the video site.  A warning screen will also appear before the videos, which will not be able to play when embedded on external websites.  YouTube will let video creators contest the restrictions through an appeals process, a spokeswoman said. 

The best laid schemes o' mice an' men.  Gang aft a-gley.”
The Sinking Of America’s First Combat Sub Was A Mystery For 150 Years — Until Now

My students are having a hard time conceptualizing self-driving cars.  This should freak them out!  (I can’t wait!)
What would happen if we upload our brains to computers?
Meet the "ems" -- machines that emulate human brains and can think, feel and work just like the brains they're copied from.  Futurist and social scientist Robin Hanson describes a possible future when ems take over the global economy, running on superfast computers and copying themselves to multitask, leaving humans with only one choice: to retire, forever.  Glimpse a strange future as Hanson describes what could happen if robots ruled the earth.

I’m encouraging my students to go the other way. 

Might be fun to give my students a project to track how concepts evolve.  
Timeline JS Easy-to-make, beautiful timelines
by on
KnightLab: “TimelineJS is an open-source tool that enables anyone to build visually rich, interactive timelines.  Beginners can create a timeline using nothing more than a Google spreadsheet, like the one we used for the Timeline above.  Experts can use their JSON skills to create custom installations, while keeping TimelineJS’s core functionality.”

Thursday, August 24, 2017

Unhealthy security.
Protenus has released its July Breach Barometer, with data supplied by  Here’s a snippet from their report:
July is the first month in 2017 to have hacking incidents outweigh insider breaches to patient data in both frequency and number of affected patient records.  While hacking accounted for almost half of total breach incidents this month, the severity and potential damage of insider threats to patient data should not be overlooked, with one incident going undetected for 14 years.

I’ll be very curious to see how my Indian students react.  (and if all my other students are jealous!)
India’s Supreme Court says privacy is a fundamental right in blow to government
In a blow to the Indian government’s efforts to roll out the world’s biggest biometric database on its billion citizens, India’s Supreme Court ruled Thursday that privacy was a fundamental right for people.
Over the past few years, the government has aggressively pushed to compile the database, known as Aadhar, by sending officials out to remote villages to take iris scans and fingerprints.  To ensure complete enrollment, the government this year put out several notices restricting access to essential government services for those not part of the system.  
The unanimous ruling by the nine-judge bench will have huge implications in a number of ongoing cases involving Aadhar, which means base or foundation in Hindi.
It could put an end to the government’s efforts of making enrollment mandatory.  It also guarantees privacy for Indian citizens as an intrinsic right — removing it could have had far reaching implications beyond biometric IDs for the daily lives of Indians such as the possible decriminalization of homosexuality.
    In court, government lawyers argued that the right of all citizens to a dignified life was more important than the elitist preoccupation with privacy.

(On the other hand).  
Joe Cadillic writes:
The TSA is winning the war on Americans minds as commuters are being tricked into giving away their rights without a fight.
The above video warns that facial recognition body scanners are coming to a train station near you…
Last week, the TSA Los Angeles Metropolitan Transportation Authority ‘voluntarily’ asked commuters to walk through facial recognition body scanners before being allowed to board a train.
Read more on MassPrivateI.

This technology is evolving and improving.  How long before a smartphone App can identify anyone you video? 
Wherever you go, your face exposes you. Facial recognition in combination with surveillance cameras is a powerful tool that can track your every step.
Search engines are becoming ever smarter in managing massive amounts of data.  Face search and facial recognition are just a few of many tools that target individuals.  All public data combined, they can quickly unravel what an individual has been up to.

Compare and contrast. 
Li, Tiffany and Bronfman, Jill and Zhou, Zhou, Saving Face: Unfolding the Screen of Chinese Privacy Law (August 2017). Journal of Law, Information, and Science (Forthcoming). Available at SSRN:
Privacy is often a subjective value, taking on meaning from specific social, historical, and cultural contexts.  Western privacy scholars have so far generally limited academic study to focus on Western ideals of privacy.  However, privacy – or some notion of it – can be found in almost every culture and every nation, including the growing economic powerhouse that is the People’s Republic of China.  Focusing on China as a case study of non-Western privacy norms is important today, given the rapid rise of the Chinese economy and its corresponding impact on worldwide cultural norms and law.  Simply put, it is na├»ve to believe that privacy law will develop in the near future without the influence of China.
   Given the long-arm reach of many nations’ privacy laws (particularly the EU’s current and proposed regulations), several signs indicate that China may follow the EU’s example in enforcing its privacy laws worldwide.  
   This paper will attempt to illuminate the state of privacy law in China, by evaluating current legal developments, exploring cultural and historical perceptions of privacy, and analyzing how China’s unique perceptions of privacy may influence the future development of new norms in China’s growing privacy regime.

What command turns it off? 
Margi Murphy reports:
If you own an Android phone, it’s likely that you’ve used Google’s Assistant, which is similar to Apple’s Siri.
Google says it only turns on and begins recording when you utter the words “OK Google”.
But a Sun investigation has found that the virtual assistant is a little hard of hearing.
In some cases, just saying “OK” in conversation prompted it to switch on your phone and record around 20 seconds of audio.
Read more on The Sun.
[From the article:
Once Google is done recording, it uploads the audio files to its computer servers - often dubbed "the cloud".
These files are accessible from absolutely anywhere in the world - as long as you have an internet connection.
That means any device that is signed into your personal Gmail or Google account can access the library of your deepest, darkest secrets.
So if you're on a laptop right now and signed into Gmail - you could have a listen.
[Step by step instructions follow.  Bob]

Lawyers 1, victims 0?  (Google victorious for a mere $8.5 million?)
Helen Christophi reports:
The Ninth Circuit agreed Tuesday that Google can settle privacy claims by giving $8.5 million to six nonprofit privacy organizations instead of class members, despite ties between the organizations, Google and class counsel.
The three-judge appeals panel found that U.S. District Judge Edward Davila did not abuse his discretion by approving the cy pres settlement, almost half of which went to the alma maters of class counsel, and another chunk to organizations to which Google regularly donates or which received Google settlement funds in the past.
Read more on Courthouse News.  EPIC’s comments on the opinion are not surprising:
A divided federal appeals court has upheld a decision that allows Google to continue consumer privacy violations by means of a collusive settlement.  Though the case concerns Google’s illegal disclosure of personal data from 129 million consumers, the settlement fails to compensate those consumers, does nothing to change Google’s business practices, and diverts funds to organizations that don’t protect consumer privacy.  The dissenting judge wrote that the settlement “raises a red flag” because “47% of the settlement fund is being donated to the alma maters of class counsel.”  EPIC twice urged the lower court to reject the settlement, arguing that it did nothing for class members and would allow Google to “continue to engage in the privacy-invading practice.”  EPIC has long urged courts to reject collusive settlements and has proposed objective criteria for courts to follow in class action cases.

The swing of the pendulum.  Again.
Eversheds Sutherland reports:
In a decision surely welcomed by the plaintiffs’ bar, the US Court of Appeals for the Ninth Circuit held, on August 15, 2017, that a putative class action plaintiff has Article III standing as long as the plaintiff alleges just slightly more than a mere statutory violation.  The case, Robins v. Spokeo, was on remand from the United States Supreme Court following that Court’s well-known May 2016 Spokeo v. Robins decision, which held that allegations of a statutory violation of the Fair Credit Reporting Act (FCRA), without more, did not confer standing.  A three-judge panel of the Ninth Circuit has now ruled that, as a matter of statutory interpretation, the FCRA procedures at issue were crafted to protect consumers’ “concrete” interest in accurate credit reporting about themselves, and that the plaintiff’s allegations of inaccurate credit reports could be deemed “a real harm” sufficient to confer standing.
Read more on JD Supra.

The bad news keeps coming for Wells Fargo.  A nearly $150 million settlement is pending for the fake-account scandal that roiled the bank last year, and a new scandal has emerged: Recently it has been alleged that thousands of customers were signed up for insurance without their knowledge.  A bevy of lawsuits is in the pipeline, and regulatory scrutiny is intensifying. Meanwhile, one of Well Fargo’s chief competitors, Bank of America, has been relatively scandal free, with impressive revenue and profit results for the first half of 2017.  What explains the divergence in the fortunes of two of the U.S.’s largest banks?
One possibility is the tone at the top.  For the past several years, Wells Fargo has been run by MBAs, while Bank of America’s CEO since 2010, Brian Moynihan, has a law degree from Notre Dame.  Might this difference in education influence how CEOs behave when it comes to setting a course and trimming corporate sails?  After all, there’s a subtle difference in how these two disciplines train people to understand and manage risks: Legal training focuses on the downside of particular actions, while business training may emphasize the upsides for shareholder value from risk taking.
   The most obvious impact a lawyer CEO might be expected to have is on the amount of litigation their company is involved in.  We looked at over 70,000 lawsuits filed against our sample of firms in federal courts during those 10 years.  We focused on nine common types of corporate litigation: antitrust, employment civil rights, contract, environmental, intellectual property, labor, personal injury, product liability, and securities.
The result was clear: Firms run by CEOs with legal expertise were associated with much less corporate litigation.  Compared with the average company, lawyer-run firms experienced 16% to 74% less litigation, depending on the litigation type.  Employment civil rights, antitrust, and securities lawsuits were reduced the most, while contract saw the smallest (but still significant) reduction with a lawyer CEO.  The results were economically meaningful, since the reduction was several fewer suits per year in some cases.

Dr. Google? 
Google search uses a medical quiz to help diagnose depression
Only half of Americans who face depression get help for it, and Google is determined to increase that percentage.  As of today, it's offering a medically validated, anonymous screening questionnaire for clinical depression if you search for information on the condition.  This won't definitively indicate that you're clinically depressed, to be clear, but it will give you useful information you can take to a doctor.

For my Digital Forensics students.  Possible project? 

Search tools & Techniques.

You mean Grammar is useful?  My students will be astonished!
Elementary English Grammar for Lawyers
by on
Campbell, Joseph Charles, Elementary English Grammar for Lawyers (July 30, 2017). Sydney Law School Research Paper No. 17/62. Available at SSRN:
“A lawyer interpreting a text whose meaning is disputed – whether a statute or some other document that has effect in public law, or a document like a contract or a will that has effect in private law – must be able to articulate why it is possible that the text has more than one meaning, and why one of those meanings is preferable to another.  An important aid for performing those tasks is the conceptual apparatus of English grammar.  This paper, written as an aid for students of legal interpretation, outlines some fundamentals of English grammar, and shows, via numerous examples, how the courts have used the language of grammar in solving problems of interpretation.”

Wednesday, August 23, 2017

Highly unlikely, but worth thinking about.  At least, in my Security class. 
US Warship Collisions Raise Cyberattack Fears
While some experts believe that being able to engineer such a collision would be unlikely, given the security systems of the US Navy and the logistics of having two ships converge, others say putting the recent incidents down to human error and coincidence is an equally unsatisfactory explanation.
   Analysts are divided on the issue, with some believing US Navy crews may simply be overstretched as they try to tackle myriad threats in the region, and pointing to the difficulties of sailing through waterways crowded with merchant shipping.
But others believe something more sinister may be going on.
Itar Glick, head of Israeli-based international cybersecurity firm Votiro, said the spate of incidents suggested that US Navy ships' GPS systems could have been tampered with by hackers, causing them to miscalculate their positions.
"I think that hackers could try to do this, and if they are state sponsored they might have the right resources to facilitate this kind of attack," he told AFP.

For my Digital Forensics class.

Impacting politics and stock markets with “Fake News.”
Fake Polls Are A Real Problem
Is Kid Rock leading the U.S. Senate race in Michigan?  A story like that is essentially designed to go viral, and that’s exactly what happened when Delphi Analytica released a poll fielded from July 14 to July 18.  Republican Kid Rock earned 30 percent to Sen. Debbie Stabenow’s 26 percent.  A sitting U.S. senator was losing to a man who sang the lyric, “If I was president of the good ol’ USA, you know I’d turn our churches into strip clubs and watch the whole world pray.”
The result was so amazing that the poll was quickly spread around the political sections of the internet.  Websites like Daily Caller, Political Wire and Twitchy all wrote about it.  Texas Gov. Greg Abbott tweeted it out.  And finally, Kid Rock himself shared an article from Gateway Pundit about the poll.
There was just one problem: Nobody knew if the poll was real.  Delphi Analytica’s website came online July 6, mere weeks before the Kid Rock poll was supposedly conducted.  The pollster had basically no fingerprint on the web.

Every “new” technology must go through the same learning curve every “older” technology has mapped out.  Why?  Take my class. 
Robot makers slow to fix vulnerabilities that could allow hackers to spy and disable safety features
Researchers who warned half a dozen robot manufacturers in January about nearly 50 vulnerabilities in their home, business and industrial robots, say only a few of the problems have been addressed.
The researchers, Cesar Cerrudo and Lucas Apa of cybersecurity firm IOActive, said the vulnerabilities would allow hackers to spy on users, disable safety features and make robots lurch and move violently, putting users and bystanders in danger.
While they say there are no signs that hackers have exploited the vulnerabilities, [Yet.  Bob] they say the fact that the robots were hacked so easily and the manufacturers’ lack of response raise questions about allowing robots in homes, offices and factories.

Sony fails again?  How hard did they test these phones?
Xperia Owners Could Fetch Up To $300 For Sony's False Waterproofing Claims
Sony made a number of smartphones and tablets that it claimed were water resistant and could survive rain and spills without damage.  There was only one problem though; Sony didn't do a great job making the devices water resistant.  When customers initiated warranty claims citing water damage, Sony didn't do much to help them, which resulted in a class action lawsuit against the electronics maker.
That class action suit is now wrapping up and owners of certain affected devices can get up to 50 percent refund on the purchase price of the smartphone.  There are 24 Sony smartphone models in the suit, all advertised with having water resistant IP ratings.

For my students to debate.  A TED video.
What moral decisions should driverless cars make?
Should your driverless car kill you if it means saving five pedestrians?  In this primer on the social dilemmas of driverless cars, Iyad Rahwan explores how the technology will challenge our morality and explains his work collecting data from real people on the ethical trade-offs we're willing (and not willing) to make.

No harm in asking for the moon and settling for Mt. Everest? 
Federal prosecutors scale back request for info on visitors to anti-Trump website
Federal prosecutors Tuesday tried to quell concern from privacy advocates by amending the government’s demand for millions of IP addresses from a Los Angeles-based tech company as part of an investigation into rioters in Washington during the Jan. 20 inauguration.
   DreamHost and other privacy rights advocates such as the nonprofit group Public Citizen argued the warrant violated the users’ constitutional rights.  A hearing is scheduled for Thursday in D.C. Superior Court before Judge Robert E. Morin, the court’s chief judge.  Attorneys for DreamHost and the government are expected to argue over the legal authority of such a warrant.
In a filing late Tuesday, prosecutors from the U.S. attorney’s office in the District amended the original warrant by saying they plan to focus only on the 200 or so individuals who have already been charged with rioting.
   “The government has no interest in records relating to the 1.3 million IP addresses that are mentioned in DreamHost’s numerous press releases and opposition briefs,” prosecutors wrote in their filing.  Prosecutors also said that they would “set aside” and seal any information obtained from DreamHost that is not originally sought after and specifically in the warrant.  Prosecutors, however, did say they could revisit such information obtained but would only do so with a court order.
   Prosecutors are seeking membership discussion lists associated with the website, as well as more than 2,000 photographs associated with the site.  Prosecutors are also asking for unpublished material such as “draft blog posts” and “hundreds” of other images.

Did Walmart need Google to make this happen? 
Walmart, Google Partner to Make Shopping Even Easier – Here’s How
Today, we’re announcing an exciting partnership with Google Starting in late September, we’ll be working with Google to offer hundreds of thousands of items for voice shopping via Google Assistant – the largest number of items currently offered by a retailer through the platform.
   This will enable us to deliver highly personalized shopping recommendations based on customers’ previous purchases, including those made in Walmart stores and on  To take advantage of this personalization, customers only need to link their Walmart account to Google Express.

Perspective.  Could this eventually replace Estonia’s paper currency and become as solid as the US Dollar? 
Estonia wants to launch its own cryptocurrency
Estonia is considering taking advantage of the cryptocurrency hype to do an initial coin offering (ICO) for its own country.
Kaspar Korjus, a representative for the Baltic country, wrote that if investors showed enough interest, Estonia would issue its own cryptocurrency to raise funds.
Estonia already has an “e-residency” program where anyone in the world can become a digital resident of the country, allowing them to open a business there.  It sees issuing a coin as the next step in advancing its economy and expanding its global presence.
   It’s unclear how an "estcoin" would differ from other cryptocurrencies that already exist, though.
“By using our APIs, companies and even other countries could accept these same tokens as payment,” Korjus wrote.  “It will also be possible to build more functions on top of the estcoins and use them for more purposes, such as smart contracts and notary services.”

An App I wish I had created. 
Kids not texting you back? There’s an app to stop all that
ReplyASAP, an app currently available only on Android devices, allows you to send messages to any phone connected through the app.  According to its website, a message appears on the recipient’s phone – no matter if they’re playing a game, sending messages or streaming entertainment – and makes noises (even if the phone is on silent) until the message is read, upon which the sender is notified.

Searching a big chunk of the web.
Amazon Web Services (AWS) is the blue whale of cloud computing.  You may not realize it, but most websites and web services run on this platform.  And in fact, AWS’s public cloud is bigger than Microsoft, Google, and IBM combined.
Just like any other massive cloud platform, AWS hosts a variety of publicly accessible data.  For instance, you can find huge 100 million strong datasets of Creative Commons images and videos from Flickr.  Access it with the help of the YFCC100m Browser.
Try a search with Google.  You will be surprised by the massive amount of public documents you can find on AWS.  One of the quickest ways to search AWS for PDF files is to use good old Google and one of its advanced search operators.
[Keyword] filetype:PDF

Could this improve student writing?  Worth a try! 

Tuesday, August 22, 2017

A ‘technology free” hack.  The phone companies will do it for you! 
Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency
Hackers have discovered that one of the most central elements of online security — the mobile phone number — is also one of the easiest to steal.
In a growing number of online attacks, hackers have been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim’s phone number to a device under the control of the hackers.
Once they get control of the phone number, they can reset the passwords on every account that uses the phone number as a security backup — as services like Google, Twitter and Facebook suggest.
   But a particularly concentrated wave of attacks has hit those with the most obviously valuable online accounts: virtual currency fanatics like Mr. Burniske.
Within minutes of getting control of Mr. Burniske’s phone, his attackers had changed the password on his virtual currency wallet and drained the contents — some $150,000 at today’s values.
Most victims of these attacks in the virtual currency community have not wanted to acknowledge it publicly for fear of provoking their adversaries.  But in interviews, dozens of prominent people in the industry acknowledged that they had been victimized in recent months. 

Another Hack that is so simple you wonder why more people don’t try it.
Francisco Memoria reports:
Last month, CCN reported on CoinDash’s ICO being hacked.  Hackers managed to change the address on its website and made over $9 million.  Now, despite not making as much money, a hacker managed to compromise Enigma before its ICO in a similar way, and has netted over 1,500 Ether (over $500,000) from the community.
Enigma, a project started by MIT graduates whose ICO was scheduled for September, didn’t lose any money itself, as the hacker only managed to get his hands on the company’s website, mailing list, and Slack group.
Read more on CryptoCoins News.

I’m sure my students need this, but it too may be too much to read.
Unfortunately, with most fine print being exceedingly wordy, it can be a challenge to wade through all the legalese and understand what it all means.  That’s where TOSDR comes in.
TOSDR (Terms of Service Didn’t Read) is a site that breaks down and rates the terms and conditions on numerous sites.  Sites are rated from Class A (very good) to Class E (very bad).  In addition, TOSDR points out the good and bad things about each site, giving you insight into how they are rated.

Perspective.  Middle of the road is boring!  But do Facebook followers translate into votes?
Highly ideological members of Congress have more Facebook followers than moderates do
by on
Pew – “The most liberal and conservative members of the 115th Congress have attracted more Facebook followers than moderates, according to a new Pew Research Center analysis.  In both legislative chambers, members’ ideology is a strong predictor of the number of people who follow them on Facebook.  The most liberal and most conservative House members had a median of 14,361 followers as of July 25, compared with 9,017 followers for those in the middle of the ideological spectrum.  The median number of followers for the Senate’s most liberal and conservative lawmakers was 78,360, while moderates had 32,626.  (These figures reflect each member’s total number of followers since the creation of their official Facebook page, not the number gained since the 115th Congress began.)  The Center’s analysis determines each lawmaker’s ideology based on a score calculated through their congressional roll call votes.  This widely employed measure, created by two political scientists in the 1980s, assigns each member a score that falls between -1 (most liberal) and +1 (most conservative)…”

Perspective.  Facebook: The Social Network for old people?
Instagram, Snapchat Adoption Still Surging in US and UK
   eMarketer has reduced its usage estimates for US monthly Facebook users ages 12 to 17 and 18 to 24.  Yet for the same age groups, we have kept unchanged or adjusted higher our usage estimates for Snapchat and Instagram, suggesting younger social network users are turning away from Facebook in favor of other platforms.
Facebook’s community of monthly users in the US will grow 2.4% this year to 172.9 million people, a figure slightly higher than previously forecast due to increased adoption by older internet users.
But the social network’s monthly user base among the marketer-coveted 12 to 17 age group will fall 3.4% vs. 2016 to 14.5 million people—the second consecutive year of expected usage declines by this group and one that will have accelerated from the 1.2% slip seen in 2016.
   “We see teens and tweens migrating to Snapchat and Instagram.  Both platforms have found success with this demographic since they are more aligned with how they communicate—that is, using visual content.

The Promise of Artificial Intelligence
by on
Center for Data Innovation: “Artificial intelligence (AI) has the potential to dramatically transform huge swathes of the economy and society for the better, and as the technology continues to make headlines many countries are developing plans to ensure they can take full advantage of these benefits.  Below is a high-level overview of a number of national-level policies some countries have undertaken to take advantage on the technology.  While it is not intended to be an exhaustive list of every policy initiative countries have launched around AI, it is meant to show the most significant ones.  Canada, China, Japan, the United Kingdom, and the United States have all taken high-profile steps towards advancing AI over the past two years.  These range from prospective research about the potential impacts of AI to large amounts of funding and ambitious strategic plans to bolster national capacity to take advantage of the technology.  While it appears the United States is the early leader in developing and adopting AI, many other countries are working diligently to surpass it as they recognize the importance that this technology will have on economic competitiveness…”

But of course, Mark is not running for office…  Will Trump start bad-mouthing Facebook? 
Trump reportedly eyeing Zuckerberg as a 2020 threat
President Trump apparently sees Facebook CEO Mark Zuckerberg as a threat to his reelection campaign in 2020.
Zuckerberg is a part of a list of potential 2020 Democratic challengers whom Trump is watching, Politico reported Monday.  The list includes dozens of individuals who could throw their hat in the ring for the presidential race, including Sen. Elizabeth Warren (D-Mass.).
On the Republican side, Trump allies are reportedly keeping an eye on a possible primary challenge from Ohio Gov. John Kasich.