Saturday, October 28, 2017

For your consideration.
… When we hear the term propaganda, it often conjures images of manipulative politicians aiming to control us. However, the origin of the term comes from the Catholic church, when in 1622 they created the Congregatio de Propaganda Fide (or Congregation for Propagating the Faith). Propaganda is a means of spreading a message, but by its very nature it is trying to influence you and is biased towards a particular viewpoint.
… The internet ... removed the prohibitive cost barriers to entry that many would have faced when hoping to spread their ideas. In effect, the internet gave everyone a mouthpiece. Almost overnight, anyone could set up a Geocities page and put their thoughts in writing for people across the world to read instantaneously.
… In a world where the President of the United States conducts his affairs via Twitter, it’s easy to see that the digital has a real world impact. The last few Presidential elections have been won not on front lawns but online — through social media, and advertising alongside traditional media. Grassroots campaigns and online activism have also contributed to the politicisation of the internet. In 2010, the Arab Spring demonstrated just how much impact the digital world could have on politics.

(Related). A TED talk.
We're building an artificial intelligence-powered dystopia, one click at a time, says technosociologist Zeynep Tufecki. In an eye-opening talk, she details how the same algorithms companies like Facebook, Google and Amazon use to get you to click on ads are also used to organize your access to political and social information. And the machines aren't even the real threat. What we need to understand is how the powerful might use AI to control us -- and what we can do in response.

I’ve been recommending this for years!
San Francisco, Seattle Planning To Launch Citywide Fiber Networks To Bury Telecom Monopolies
When you think of the availability of high-speed internet access in the United States, not many people have a wide range of options to choose from. You might have one large cable provider (i.e. Comcast, Charter) to choose from, and if you're lucky (if you can call it that) a second-tier option like AT&T DSL. Customers would like choice when it comes to internet service providers, but big telecoms coupled with local and state governments often get in the way of those aspirations.
Seattle mayoral candidate Cary Moon is pushing hard for municipal internet as part of her campaign platform, and she wants equal access for residents (treating it as another public utility like power or water).
… “Municipal broadband is one of those issues where we know the right thing to do and we keep not doing it because of power and money,” Moon added
… Not surprisingly, telecom companies are not thrilled about the potential for a kumbaya moment with respect to municipal internet. In fact, telecom companies including Comcast and CenturyLink have funneled $50,000 in campaign contributions to Moon's opponent, Jenny Durkan, for the mayoral seat.

Any dynamic field could use this technique. Is there also a way to automatically pull new information into an online repository?
Surgeons Are Using Social Media to Share and Learn New Skills

Government is becoming opaque. You don’t have to explain, defend, discuss, or even pretend to know about things that are not published?
The First FBI Crime Report Issued Under Trump Is Missing A Ton Of Info
… according to an analysis by FiveThirtyEight, the 2016 Crime in the United States report — the first released under President Trump’s administration — contains close to 70 percent fewer data tables1 than the 2015 version did, a removal that could affect analysts’ understanding of crime trends in the country.

The Verge Tech Survey
… This survey, conducted from September 28th to October 10th, included 1,520 people nationally representative of the US, based on 2016 US Census estimates. The margin of error is ±3 percent, with a confidence level of 95 percent.
The findings are fascinating: respondents trusted Facebook less than Google, and “trust” was a primary factor for individuals who abstained from using Facebook overall. Respondents trusted Amazon almost as much as their own bank. Of all the companies named in our survey, respondents were most likely to recommend services from Amazon to their family and friends. Twitter sits on the opposite side of the spectrum: a quarter of respondents said they are probably, or not at all likely, to recommend the service.

Perspective. Some interesting quotes…
What’s Behind the Hype About Artificial Intelligence?
… now computers are able to transcribe human speech better than humans.
… It is natural for people to project the recent successes in specific domains into the future. Some are even projecting the present into domains where deep learning has not been very effective, and that creates a lot of misconception and also hype. AI is still pretty bad in how it learns new concepts and extending that learning to new contexts.

Suspicions confirmed.
Does Investing in Cutting-edge Tech Attract Better Workers?
… One of the findings in that paper is that firms on the frontier that are trying to attract developers who are really interested in learning the newest technologies tend to compete not just on wages but also on the kinds of technologies they offer and allow these workers to work with. We know that workers come in, work with these new technologies and learn something. That’s valuable because they can go to their next job and take those skills with them. So, firms that want to attract workers who really are on the frontier of new technologies have to offer an environment and not just a good job in the traditional sense in terms of benefits and wages, but also a work context in which they can really learn about new technologies and ramp up their skills.

An Infographic.
What happens online in 60 seconds

Friday, October 27, 2017

I keep repeating this to my Computer Security students: Most breaches are due to a simple failure.
Equifax Was Warned
Months before its catastrophic data breach, a security researcher warned Equifax that it was vulnerable to the kind of attack that later compromised the personal data of more than 145 million Americans, Motherboard has learned. Six months after the researcher first notified the company about the vulnerability, Equifax patched it—but only after the massive breach that made headlines had already taken place, according to Equifax's own timeline.

As an Auditor, these reports always catch my eye.
Investigation: WannaCry cyber attack and the NHS
The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”
Amyas Morse, head of the National Audit Office, 27 October 2017

Gee, It’s not always the Russians?
Technology Firms Shape Political Communication: The Work of Microsoft, Facebook, Twitter, and Google With Campaigns During the 2016 U.S. Presidential Cycle
by Sabrina I. Pacifici on Oct 26, 2017
Technology Firms Shape Political Communication: The Work of Microsoft, Facebook, Twitter, and Google With Campaigns During the 2016 U.S. Presidential Cycle. Daniel Kreiss & SHANNON C. MCGREGOR. Journal of Political Communication. Pages 1-23 | Published online: 26 Oct 2017.
“This article offers the first analysis of the role that technology companies, specifically Facebook, Twitter, Microsoft, and Google, play in shaping the political communication of electoral campaigns in the United States. We offer an empirical analysis of the work technology firms do around electoral politics through interviews with staffers at these firms and digital and social media directors of 2016 U.S. presidential primary and general election campaigns, in addition to field observations at the 2016 Democratic National Convention. We find that technology firms are motivated to work in the political space for marketing, advertising revenue, and relationship-building in the service of lobbying efforts. To facilitate this, these firms have developed organizational structures and staffing patterns that accord with the partisan nature of American politics. Furthermore, Facebook, Twitter, and Google go beyond promoting their services and facilitating digital advertising buys, actively shaping campaign communication through their close collaboration with political staffers. We show how representatives at these firms serve as quasi-digital consultants to campaigns, shaping digital strategy, content, and execution. Given this, we argue that political communication scholars need to consider social media firms as more active agents in political processes than previously appreciated in the literature.”

India overtakes the US to become the world’s second largest smartphone market
Move over America, India is now the world’s second largest smartphone market.
That’s according to a new report from Canalys which claims smartphone shipments in India crossed the 40 million mark for the first time in Q3 2017 courtesy of 23 percent annual growth. That means that India has overtaken the U.S. on sales with only China ahead of it.

Perspective. Soon, everyone will work for Jeff Bezos.
Amazon tops 540K employees after swallowing Whole Foods in $13.7B deal
I wish I could spell chutzpah.
Catalin Cimpanu reports:
Extortion can also be funny when it happens to the bad guys, and there’s one extortion attempt going on right now that will put a big smile on your face.
The victim is, an underground hacking forum that allows users to trade stolen credit card information, profile data, and spamming tools. The site boasts to have over 150,000 users and over 20,000 tools listed in its forums.
Read more on BleepingComputer.

Reality Check Multiplatform newspaper readership in the United States, 2007–2015
by Sabrina I. Pacifici on Oct 26, 2017
Reality Check – Multiplatform newspaper readership in the United States, 2007–2015. Hsiang Iris Chyiirischyi & Ori Tenenboim. Journal of Journalism Practice, Volume 11, 2017 – Issue 7. Pages 798-819 | Published online: 27 Jul 2016 /17512786.2016.1208056
Abstract – “Twenty years into US newspapers’ online ventures, many are stuck between a shrinking market for their print product and an unsuccessful experiment with digital offerings. Since readership is the foundation for subscription and advertising revenue, this study, through a longitudinal analysis of readership data (2007, 2011, and 2015) of 51 US newspapers, provides an up-to-date review on these newspapers’ online and print readership. Results indicated that the (supposedly dying) print product still reaches far more readers than the (supposedly promising) digital product in these newspapers’ home markets, and this holds true across all age groups. In addition, these major newspapers’ online readership has shown little or no growth since 2007, and more than a half of them have seen a decline since 2011. The online edition contributes a relatively small number of online-only users to the combined readership in these newspapers’ home markets. These findings raise questions about US newspapers’ technology-driven strategy and call for a critical re-examination of unchecked assumptions about the future of newspapers.”

Not quite the ten commandments, but obey them anyway.

Useful for the stuff I grab with the Windows Snipping tool!
Believe it or not, some people still print documents on physical pieces of paper. Optical Character Recognition (OCR) software takes those printed documents and converts them right back into machine-readable text. We’ve found some of the best free OCR tools and compared them for you here.

Thursday, October 26, 2017

Hacker Economics: As the ratio of Supply to Demand increases, prices fall.
Danny Palmer reports:
Dark Web marketplaces are selling remote access to desktop PCs for as little as $3, allowing criminals to spy on firms without resorting to malware.
One of the most popular underground stores selling access is ‘Ultimate Anonymity Services’. Founded in early 2016, UAS offers over 35,000 RDP credentials for sale in a variety of countries and for a variety of Windows operating systems, from Windows XP to Windows 10.
Read more on ZDNet.

Do I really need Facebook at work?
Facebook's enterprise chat tool, Workplace, is exploding in popularity
Facebook has quietly become a sizeable force in the competitive enterprise software market currently dominated by incumbents like Microsoft and newer upstarts like Slack.
The social network's communication tool for businesses, Workplace is now used by more than 30,000 organizations after one year, up from 14,000 in April. Facebook also announced on Thursday a desktop chat app for Workplace and plans to add support for group video calling "in the coming weeks."
… Workplace is now used in 79 languages and by people on every continent.
… Workplace functions like a private version of Facebook, with familiar features like groups, live video, and more business-focused tools like integrations with Salesforce and Google's suite of apps.

Think of this as a method for passing the liability for food borne illnesses back to the source. Of course companies will love it.
Latest Use for a Bitcoin Technology: Tracing Turkeys From Farm to Table
Agricultural conglomerate Cargill Inc. aims to harness the technology underlying bitcoin to let shoppers trace their turkeys from the store to the farm that raised them.

I would have said this was unlikely. Guess I was wrong.
Why the TSA -- Yes, the One at the Airport -- Is Actually Amazing at Instagram
… how do you account for the fact that the Transportation Security Administration’s Instagram account has 800,000 followers and counting? Not only that, but Rolling Stone ranked it fourth on its list of 100 Instagram accounts to follow – coming in between Rihanna and Beyonce.
Bob Burns, the lead social media specialist for TSA Public Affairs and mastermind behind the account, attributes the agency’s social media success to a combination of outlandish photos of confiscated items, useful travel tips and introductions to the adorable four-legged members of the K9 units.
… So what can entrepreneurs learn from the success of a government agency on social media? Quite a lot, when it comes to changing the conversation about your reputation, using the resources you have at your disposal and approaching everything with a sense of fun.

Is there a cure for ‘fake news?’
News you don’t believe”: Audience perspectives on fake news
by Sabrina I. Pacifici on Oct 25, 2017
“In this Reuters Institute for the Study of Journalism (RISJ) Factsheet by Rasmus Kleis Nielsen and Lucas Graves, we analyse data from 8 focus groups and a survey of online news users to understand audience perspectives on fake news. On the basis of focus group discussions and survey data from the first half of 2017 from the United States, the United Kingdom, Spain, and Finland, we find that:
  • People see the difference between fake news and news as one of degree rather than a clear distinction
  • When asked to provide examples of fake news, people identify poor journalism, propaganda (including both lying politicians and hyperpartisan content), and some kinds of advertising more frequently than false information designed to masquerade as news reports
  • Fake news is experienced as a problem driven by a combination of some news media who publish it, some politicians who contribute to it, and some platforms that help distribute it
  • People are aware of the fake news discussion and see “fake news” in part as a politicized buzzword used by politicians and others to criticize news media and platform companies
  • The fake news discussion plays out against a backdrop of low trust in news media, politicians, and platforms alike—a generalized scepticism toward most of the actors that dominate the contemporary information environment
  • Most people identify individual news media that they consider consistently reliable sources and would turn to for verified information, but they disagree as to which and very few sources are seen as reliable by all
Our findings suggest that, from an audience perspective, fake news is only in part about fabricated news reports narrowly defined, and much more about a wider discontent with the information landscape—including news media and politicians as well as platform companies. Tackling false news narrowly speaking is important, but it will not address the broader issue that people feel much of the information they come across, especially online, consists of poor journalism, political propaganda, or misleading forms of advertising and sponsored content.”

(Related). Must be a ‘hot topic!’
New report: Local audiences consuming news on social platforms are hungry for transparency
As more and more people get at least some of their news from social platforms, this study showcases perspectives on what the increasingly distributed environment looks like in day-to-day media lives. Drawing from thirteen focus groups conducted in four cities across the United States, we sample voices of residents who reflect on their news habits, the influence of algorithms, local news, brands, privacy concerns, and what all this means for journalistic business models.

Keeping my Spreadsheet students entertained.

Wednesday, October 25, 2017

Here we go again.
Cyber attack using malware 'BadRabbit' hit Russia, Ukraine, Bulgaria, Turkey and Japan
Cyber attacks using malware called “BadRabbit” hit Russia and other nations on Tuesday, affecting Russian Interfax news agency and causing flight delays at Ukraine’s Odessa airport.
… The attacks are disturbing because attackers quickly infected critical infrastructure, including transportation operators, indicating it was a “well-coordinated” campaign, said Robert Lipovsky, a researcher with cyber firm ESET.
More than half the victims were in Russia, followed by Ukraine, Bulgaria, Turkey and Japan, according to ESET.
The FBI’s 2 page Ransomware Brochure:

Bad Rabbit Ransomware Sweeps Across Europe And Russia Infecting Media Outlets, Airports
… Kaspersky's Alex Perekalin writes, "According to our findings, the attack doesn’t use exploits. It is a drive-by attack: Victims download a fake Adobe Flash installer from infected websites and manually launch the .exe file, thus infecting themselves.

Protecting corporate secrets: perhaps you should not tell the CEO what R&D is working on?
Thirty Percent of CEO Email Accounts Exposed in Breaches: Study
Thirty percent of CEOs from the world's largest organizations have had their company email address and password stolen from a breached service. Given the continuing tendency for users to employ simple passwords and reuse the same passwords across multiple accounts, the implication is that at least some of these CEOs are at risk of losing their email accounts to cyber criminals or foreign nation state hacking groups.
The statistic comes from a report (PDF) published today by F-Secure, whose researchers checked the email addresses of 200 CEOs from the world's largest organizations against a database of leaked credentials. It notes that the 30% figure increases to 63% for tech companies.

Didn’t we recently have another breach on lawyers in a tax haven? You don’t suppose the IRS has a team of hackers, do you? We’ll know if they offer an ‘amnesty.’
Ryan Wilkinson reports:
A leading offshore law firm with clients including the super-rich and international corporations has revealed it suffered a “data security incident” that may result in customers’ private information being leaked.
Bermuda-based Appleby, which has offices in a number of British overseas territories, said some of its data had been “compromised” in the 2016 cyber incident.
The firm issued a statement after it was contacted by a group of investigative journalists probing allegations concerning its “business and the business conducted by some of our clients”.
Read more on The Independent.

Attention Ethical Hackers! (The unethical already know) What will this do to home insurance rates? Note that the customer does not grant permission and only gets notified after the delivery.
Amazon Key is a new service that lets couriers unlock your front door
Prime customers can get same-day delivery, and drop off with an hour or two on some items. Of course, customers aren’t always home to receive their packages. So Amazon started putting lockers in nearby convenience stores and building lobbies. It even showed off drones that could drop the package right into your backyard. Today it’s taking the obvious next step and introducing a service that will allow Amazon couriers to open your front door and put your package safely inside your home.
The service is called Amazon Key, and it relies on a Amazon’s new Cloud Cam and compatible smart lock. The camera is the hub, connected to the internet via your home Wi-Fi. The camera talks to the lock over Zigbee, a wireless protocol utilized by many smart home devices.
When a courier arrives with a package for in-home delivery, they scan the barcode, sending a request to Amazon’s cloud. If everything checks out, the cloud grants permission by sending a message back to the camera, which starts recording. The courier then gets a prompt on their app, swipes the screen, and voilĂ , your door unlocks. They drop off the package, relock the door with another swipe, and are on their way. The customer will get a notification that their delivery has arrived, along with a short video showing the drop-off to confirm everything was done properly.

Don’t irritate the FBI? A long but interesting story of a bit of back and forth.
DOJ Subpoenas Twitter About Popehat, Dissent Doe And Others Over A Smiley Emoji Tweet

(Related) The story from Dissent’s perspective.

How do we tell if this is a good thing or merely a “Here kid, now go away and stop bothering me” thing?
New Research Finds Major Spike in Mobile Media Use and Device Ownership by Children Age 0 to 8
by Sabrina I. Pacifici on Oct 24, 2017
I will being this post by saying, What!, and move quickly to the report: “Common Sense today announced the release of The Common Sense Census: Media Use by Kids Age Zero to Eight, the third installment in an ongoing series of national surveys tracking the use of media and technology among U.S. children from birth to age 8. Among the key findings is the spike in the number of young children who have their own tablet device (now 42 percent, up from 1 percent in 2011) and the amount of time children age 0 to 8 are spending with mobile devices (48 minutes, up from just five minutes in 2011). The Common Sense Census: Media Use by Kids Age Zero to Eight is based on a large, nationally representative sample of respondents and replicates methods from 2011 and 2013 to gauge how media environments and behaviors have changed over the years. At a time of revolutionary change in the media landscape, the study is the only one of its kind, tracking young children’s use of new mobile media devices and apps along with older media platforms such as television, computers, and books.

(Related). A law for people who act like children?
Looking at your phone while crossing the street could now cost you up to $99 in Honolulu
… Specifically, the bill (viewable here) states that “No pedestrian shall cross a street or highway while viewing a mobile electronic device.” They note that “viewing” here means “looking in the direction of the screen” — so walking with your phone up to your ear still seems to be okay.

Now that is an interesting question!
How Do You Regulate a Self-Improving Algorithm?

Consider this as a list of “What could go wrong!”
Information Technology Industry Council – principles for developing ethical artificial intelligence systems
by Sabrina I. Pacifici on Oct 24, 2017
“Artificial Intelligence (AI) is a suite of technologies capable of learning, reasoning, adapting, and performing tasks in ways inspired by the human mind. With access to data and the computational power and human ingenuity required to extract increasing value from it, researchers are building intelligent software and machines to enhance human productivity and empower people everywhere. Startups, medium-sized companies, and larger technology companies have all developed AI systems to help solve some of society’s most pressing problems, from medical diagnosis to education to economic productivity and empowerment. While it is impossible to predict the full transformational nature of AI, like technological evolutions before it, we expect the potential implications to be vast. To ensure that AI can deliver its greatest positive potential, the Information Technology Industry Council (ITI) — the global voice of the tech sector — takes industry’s responsibility seriously to be a catalyst for preparing for an AI world. In our Policy Principles, we outline specific areas where industry, governments, and others can collaborate, as well as specific opportunities for public-private partnership…”

Not earth shattering, but probably accurate.
We’re seeing three trends emerging around AI in legal tech.
  • Law firms are investing in AI directly: Some law firms are bypassing the third-party vendor and partnering directly with providers like IBM Watson and Ross Intelligence. Law firms are also hiring their own data scientists to build their own analytics around areas such as billing and contracts.
  • Legal tech startups are emerging: A plethora of legal tech startups have come to the fore in recent years, leveraging AI tools to perform specific tasks such as research, prediction, document review and eDiscovery. Companies such as these have identified core tasks that law firms of all types and sizes can leverage.
  • Large, traditional publishers are investing in AI: We are seeing traditional publishers make significant moves to invest in AI, from Thomson Reuters’s agreement with IBM Watson, to Bloomberg BNA’s development of its own litigation analytics, to our own partnerships with several legal tech startups at Wolters Kluwer.

We don’t want anyone to know these ads are political. In fact, we don’t want them to know they are ads!
GOP, industry skeptical of new rules for online political ads
… “The idea that we’re going to allow regulators, a group of bureaucrats, to determine what we will be able to see in terms of social media or other formats offends me, and I will certainly oppose that in whatever way I can,” he said. [How dare Congress make laws? Bob]

(Related). Why President Trump’s Tweets define the debate?

Tuesday, October 24, 2017

Fishing matches the fly to what the fish are biting. Phishing matches the lure the same way.
Russian Spies Lure Targets With NATO Cybersecurity Conference
A cyber espionage group linked to Russia has been trying to deliver malware to targeted individuals using documents referencing a NATO cybersecurity conference, Cisco’s Talos research team reported on Monday.
The campaign was apparently aimed at individuals interested in the CyCon U.S. conference organized by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in collaboration with the Army Cyber Institute at West Point on November 7-8 in Washington, D.C. The hackers created malicious documents with information that was copied from the official CyCon U.S. website.
The topic used as bait in this attack suggests that the threat actor targeted individuals with an interest in cyber security.

Tales of future greed?
Facebook's News Feed experiment panics publishers
So, an experiment under way in a few countries, where the social media giant appears to be making it harder for users to see news stories, has caused something akin to panic.
The new feature Facebook is trying out is called Explore. It offers all sorts of stories it thinks might interest you, a separate news feed encouraging you to look further afield than just at what your friends are sharing.
Meanwhile, for most people, the standard News Feed remains the usual mixture of baby photos and posts from companies or media organisations whose pages you have liked.
Sounds fine, doesn't it? Except that in six countries - Sri Lanka, Bolivia, Slovakia, Serbia, Guatemala, and Cambodia - the experiment went further.
For users there, the main News Feed was cleared of everything but the usual stuff from your friends and sponsored posts – in other words, if you wanted to have your material seen in the place most users spend their time you had to pay for the privilege.
In a Medium post entitled "Biggest drop in organic reach we've ever seen", a Slovakian journalist Filip Struharik documented the impact. Publishers in his country had seen four times fewer interactions since the change, he said – what had become a vital and vibrant platform for them was emptying out fast.

How to analyze a Tweet?
The Worst Tweeter In Politics Isn’t Trump

So we should be learning more about government data requests?
Microsoft drops lawsuit after U.S. government revises data request transparency rules
Microsoft said it will drop a lawsuit against the U.S. government after the Department of Justice (DoJ) changed data request rules on alerting internet users about agencies accessing their information.
The new policy limits the use of secrecy orders and calls for such orders to be issued for defined periods, Microsoft Chief Legal Officer Brad Smith said in a blog post on Monday.
… The suit argued that the government’s actions were in violation of the Fourth Amendment, which establishes the right for people and businesses to know if the government searches or seizes their property, and the company’s First Amendment right to free speech.

Interesting tool.
Primer uses AI to understand and summarize mountains of text
A startup emerging out of stealth today wants to help companies understand massive stores of text data using AI. The company is called Primer, and it uses machine learning techniques to help parse and collate a large number of documents across several languages in order to facilitate further investigation.
Here’s how it works: Users feed Primer’s software a stream of documents, and it automatically summarizes what it determines to be the most important information out of that haystack of data. Users are then able to filter by topic, event, and other categories to drill down into the information Primer collected so they can go beyond the automatically generated headlines.
The idea is that Primer will augment work done by the human analysts who would ordinarily be tasked with the job of wading through many sources and collating them into a report.
… Primer has a contract with In-Q-Tel, an organization that helps connect the U.S. intelligence community with new technology through investment and contracting.

Some of these Apps might be fun projects for my students.
The future of grocery shopping is all about data
… Working from a small host of research facilities beyond the sleek downtown headquarters and a lab tucked away in a suburban strip mall, Kroger’s app developers and data scientists are mining consumer information to devise the grocery store of the future. They are testing apps for shoppers’ mobile devices that will highlight sales based on whether the customer eats meat or needs help finding recipes for chicken, for example. Want to make fish tacos tonight? Another app will populate a user’s digital shopping list with the necessary ingredients available at the store.
For store managers, meanwhile, a program is in the works to allow them to literally see how products are selling in a given aisle, using augmented-reality apps on their phones that show the prices and sales figures for the products found there.
… Kroger has invested billions over the past decade and a half to hire engineers out of leading universities and away from companies recruiting talent with the same kinds of specialized skills—including data analytics, logistics and app-development. Recent innovations developed in Kroger’s labs include infrared sensors that monitor the number of customers in a store and automatically deploy checkout clerks as the number grows. This tool alone, Kroger says, has reduced wait times by several minutes across its stores.

For my students.
Tech Giants Are Paying Huge Salaries for Scarce A.I. Talent
… Tech’s biggest companies are placing huge bets on artificial intelligence, banking on things ranging from face-scanning smartphones and conversational coffee-table gadgets to computerized health care and autonomous vehicles. As they chase this future, they are doling out salaries that are startling even in an industry that has never been shy about lavishing a fortune on its top talent.
Typical A.I. specialists, including both Ph.D.s fresh out of school and people with less education and just a few years of experience, can be paid from $300,000 to $500,000 a year or more in salary and company stock, according to nine people who work for major tech companies or have entertained job offers from them.

More popular than Steven King? Certainly less well understood.
University website crashes as readers rush to read Stephen Hawking's 1966 thesis
When an unknown physics student submitted his completed PhD thesis in 1966 he had no idea thousands would still be clamouring to read it more than 50 years later.
But when Stephen Hawking’s Properties of Expanding Universes was published yesterday (October 23) as part of Open Access Week 2017 – an annual event which aims to open up academic resources to the masses.
Cambridge University’s Open Access system reportedly kept crashing throughout the day as servers struggled to cope with demand from readers.
And the problems appear to be persisting today.
… Professor Hawking’s 1966 doctoral thesis ‘Properties of expanding universes’ is available in Apollo at or in high resolution on Cambridge Digital Library at

Monday, October 23, 2017

Nearly 100 Whole Foods Locations Affected by Card Breach
Amazon-owned Whole Foods Market informed customers last week that a recent hacker attack aimed at its payment systems affected nearly 100 locations across the United States.
Whole Foods has set up a webpage where customers are being provided some details about the breach. The page allows users to check if the store they made purchases in has been hit.
According to the company, cybercriminals may have stolen payment cards used at taprooms and full table-service restaurants in various cities in Alabama, Arizona, Arkansas, California, Colorado, District of Columbia, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Kansas, Maine, Michigan, Minnesota, Missouri, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, Ohio, Oregon, Pennsylvania, Tennessee, Texas, Virginia, Washington and Wisconsin. The largest number of affected locations is in California.
Whole Foods said it had learned of unauthorized access to some payment systems on September 23 and replaced affected point-of-sale (PoS) devices by September 28. However, the investigation conducted by the firm in collaboration with cybersecurity forensics experts revealed that hackers had gained access to some stores in as early as March 10.
The supermarket chain pointed out that the incident only impacted payment systems at taprooms and restaurants within stores

A different approach, but possibly not the best one.
Not the most technical/legal explanation of the new EU regs, but this Daily Mail piece by Ben Ellery does convey some of what is concerning businesses:
Computer hacking victims will be able to claim thousands of pounds in compensation under new laws – even if they do not lose any money.
The ‘distress’ they suffer will be enough to qualify for a payout regardless of whether their accounts have actually been raided.
And with the potential damages as high as £6,000 per person, companies with millions of customers could be left crippled by a cyber-attack.
Read more on The Daily Mail.
Now it would be great if businesses were so concerned that they: (1) collected and stored less data, and (2) provided better security for the data they do collect and store, but as Ellery notes, what happens if companies just decide to take a risk and not report breaches for fear of penalties? Hmmm…

A ‘toss away’ comment without context. How many of these were critical to the prosecution? How many cases involved terrorists?
Michael Balsamo reports:
The FBI hasn’t been able to retrieve data from more than half of the mobile devices it tried to access in less than a year, FBI Director Christopher Wray said Sunday, turning up the heat on a debate between technology companies and law enforcement officials trying to recover encrypted communications.
In the first 11 months of the fiscal year, federal agents were unable to access the content of more than 6,900 mobile devices, Wray said in a speech at the International Association of Chiefs of Police conference in Philadelphia.
Read more on Philly Voice.

How would you regain trust after the DHS claims you were spying?
Kaspersky Really Wants People and Governments to Trust It Again
The U.S. Department of Homeland Security has banned federal agencies from using its products, due to its alleged ties with Russian intelligence, and even the electronic retailer Best Buy has pulled Kaspersky’s antivirus.
… On Monday morning, the firm said it would allow an independent review of its source code by “an internationally recognized authority” in the first quarter of 2018, along with an independent review of its internal processes to determine their integrity.
The company also promised three “transparency centers” in the U.S., Europe and Asia, to allow clients and governments to review its code and the rules it uses to detect threats. The centers will open between 2018 and 2020, it said.
… It is not uncommon for major software firms with government contracts to allow those governments to inspect their code—Microsoft does it, for example, in order to assure agencies around the world that Windows and other products do not contain backdoors.

An article for my Computer Security students.
How I Socially Engineer Myself Into High Security Facilities

Continuing our “We don’t know what is happening in our own business” discussion.
Bank of America's Merrill Lynch fined £35m by UK watchdog
The US bank failed to report nearly 69 million transactions over two years, the Financial Conduct Authority said.
… The bank said it had reported the issue as soon as it was discovered and was "wholly committed" to following financial regulations.
… The types of trades involved, known as derivatives, can create a "complex web of interdependence" that then make it difficult to identify risks, according to the watchdog.
Merrill Lynch said it had alerted authorities that it had failed to report the financial trades between February 2014 and February 2016.
Mark Steward, the FCA's head of enforcement, said firms needed to ensure their reporting systems worked properly.

For my lawyer friends and the geeks who support them.
Stay Up To Date With These Legal Technology Blogs
The majority of jurisdictions (28) now require lawyers to stay on top of legal technology changes. This means that the majority of lawyers have an ethical obligation to learn about and understand technology in order to make informed decisions about whether to use technology in their practices.
… Aside from attending on-point CLEs, one of the easiest ways to learn about legal technology is to use an RSS feed reader such as feedly (my feed reader of choice), subscribe to number of legal technology blogs, and spend a few minutes each day reading them and learning about the latest legal technology trends.

(Related) Here are some of the best legal blogs in the US.
The Expert Institute's Best Legal Blog Contest
Every one of these blogs has earned its spot as a leader in its category, but now it's time for our readers to select the best of the best - creating the most definitive list of the Internet's top legal blogs.

MasterCard Says Signatures No Longer Required at the Checkout Counter
Checks are basically extinct. Cash is almost gone. Credit cards are being replaced by phones. And even the cards are changing — though that’s going slower than originally planned.
… MasterCard just announced it’s doing away with a policy where merchants must require signatures from customers at checkout counters. The action concerns all transactions in the U.S. and Canada.
The phase-out will be complete by April 2018

Marcus is a bit obsessive, but that just means he lists EVERYTHING. You have to pick and choose.
New on LLRX – Open Educational Resources (OER) Sources 2018
by Sabrina I. Pacifici on Oct 22, 2017
Via LLRX – Open Educational Resources (OER) Sources 2018 – Costs continue to rise for students who are pursing college and post graduate degree programs. By leveraging best practice sites, services and non-traditional options to expand knowledge, skills and abilities in many disciplines, students can choose from a wide range of options to complete their respective goals. This guide by Marcus Zillman is a comprehensive listing of useful open source educational resources, sites, e-books and courses on the Internet that can assist you in optimizing your learning opportunities.

For the toolkit, and my Computer Security students. (Think of it as backup)

I’ll ask my students which is best.
At the start of 2012, the number of cable TV subscriptions in the United States peaked at 103 million. The figure has now dropped to 96 million, and by the end of 2018, experts believe it will be down to about 92 million.
But all those people haven’t suddenly stopped watching television. Instead, they’re increasingly finding ways to watch TV online for free.
Clearly, there are lots of illegal ways to watch your favorite shows, but there are also plenty of perfectly legal (and free) ways. Here are some of the best…

Beware of passionate people!

Sunday, October 22, 2017

New technology, same security learning curve.
IoT_reaper Botnet Looms Ready To Strike With Millions Of Zombie Devices At Its Disposal
A security firm is warning of a new botnet targeting IoT (Internet of Things) devices that is on the move. Dubbed IoT_reaper, the new botnet borrows some of the source code from Mirai, which took down the popular security blog KrebsOnSecurity with a massive DDoS attack, ultimately forcing Brian Krebs, the security expert in charge of the blog, to find a new hosting company and seek shelter behind Google Shield for DDoS protection. Unfortunately, it is believed that this new strain called Reaper could be even more virulent than Mirai.
Whereas Mirai was able to spread by cracking weak passwords on IoT devices that oftentimes were never changed from their defaults, Reaper looks for multiple vulnerabilities to exploit, making it potentially capable of spreading to even more devices. Reaper is far more aggressive in this manner—it is actively hacking devices based on multiple security holes, versus simply inputting default or easy-to-guess passwords
… Reaper is quickly evolving to exploit an increasing number of vulnerabilities in IoT devices, including wireless IP cameras by companies such as GoAhead, D-Link, AVTech, Netgear, MikroTik, Linksys, Synology, and others. There are patches available for many of the affected devices, but when its comes to IoT devices, consumers are not in the same habit as applying security updates as they are for PCs. As such, Check Point has found Reaper doling out attacks from 60 percent of the corporate networks it tracks.

Interesting that piggybacking on widely used tools is being presented as a new idea…
Kaspersky Lab has come under intense scrutiny after its antivirus software was linked to the breach of an NSA employee’s home computer in 2015 by Russian government hackers; U.S. government sources, quoted in news reports, suggested the Moscow-based company colluded with the hackers to steal classified documents or tools from the worker’s machine, or at least turned a blind eye to this activity. The Department of Homeland Security banned Kaspersky products from civilian government systems, and Best Buy has removed the software from computers it sells based on concerns that the software can be used to spy on customers.
But a closer look at the allegations and technical details of how Kaspersky’s products operate raises questions about the accuracy of the narrative being woven in news reports and suggests that U.S. officials could be technically correct in their statements about what occurred, while also being incorrect about collusion on the part of Kaspersky.

Hackers exist on every side of any political question. So, anything and everything can trigger a reaction like this.
Hacktivism is alive and well in Spain. Joshua Taylor reports:
Spain’s most senior court fell victim to a massive cyber attack as hackers launched an “Operation Free Catalonia” campaign.
The country’s constitutional court said unknown hackers had accessed its computer systems on Friday.
The Spanish National Security Department said the hack was part of a recent campaign to flood government websites with slogans in support of independence for the Spanish region of Catalonia.
Read more on The Mirror.

Don’t all hockey fans wear goalie masks?
Joe Cadillic writes:
It’s official, big brother has invaded sports arenas, stadiums and parks.
According to an article in TSN, The National Hockey League (NHL) plans to install facial recognition cameras in their arenas.
The above video, is a perfect example of how law enforcement uses our fears of terror to justify losing our privacy.
Retired, Secret Service agent Mike Verden, claims the NHL’s facial recognition cameras are for everyone’s safety. Near the end of the video, he reveals that unnamed sports teams are secretly using facial recognition cameras to spy on fans.
Read more on MassPrivateI.

Perhaps this would make a good question for the midterm Computer Security exam: Name six techniques not listed in this article.

Cool! Now we can re-write it to be perfect. Right?
Federal Judge Unseals New York Crime Lab’s Software for Analyzing DNA Evidence
A federal judge this week unsealed the source code for a software program developed by New York City’s crime lab, exposing to public scrutiny a disputed technique for analyzing complex DNA evidence.
Judge Valerie Caproni of the Southern District of New York lifted a protective order in response to a motion by ProPublica, which argued that there was a public interest in disclosing the code. ProPublica has obtained the source code, known as the Forensic Statistical Tool, or FST, and published it on GitHub; two newly unredacted defense expert affidavits are also available.

I’m guessing that my students might find some of these interesting too.
Free PD for Teachers
All teachers love learning and there is nothing better than when we can learn for free! This is a collection of resources that will help quench you thirst for learning. Whether you prefer to read online, watch webinars, or listen to podcasts you are sure to find something on here that will fit your needs.
  • Classroom2.0 Live- This hour long show takes place each Saturday at 12pm EST. Every week a different educator shares their ideas or how they use different tools in their classrooms. The archives for all of the previous episodes are available and there are hundreds of them!
  • ISTE- While there is a fee to join ISTE, many of their resources are available free on their website. One of the most useful and important resources available on the site are their technology standards.
  • Collection of Podcasts- Edutopia compiled this list of podcasts for educators a couple of years ago. Another podcast that is popular with educators that was not included on the list is The Cult of Pedagogy.
  • ASCD Webinars- ASCD is another professional organization that shares lots of resources free of charge.
  • Edcamp- Edcamps happen all over the world and they are completely free! This is also a great way to meet amazing educators face to face.
  • Google Training Center- This free training center has all of the resources you need to learn about all things Google and get your Level I and Level 2 Google certification.